An Intrusion Prevention System (IPS) can be used to detect and block network-based attacks. In FortiManager, a restricted administrator profile can be created to allow an administrator to configure IPS settings without interfering with FortiManager's networking capabilities and functions.
Restricted administrators can create new profiles, filters, and signatures, add signatures and filters to a profile, and define the action (Allow, Monitor, Block, Reset, Default, Quarantine) that will occur for detected signatures. Restricted administrator profiles can be used when migrating from a standalone IPS system to give the IPS administrator granular control over what IPS profiles and signatures to deploy.
Optionally, restricted administrator profiles can be configured with permissions to install changes to managed FortiGate devices. Restricted administrators with install permissions can perform a Quick Install to install all modified profiles or choose to install modified profiles to specified devices, such as in a test environment. See Installing profiles as a restricted administrator.
- Go to System Settings > Admin > Profile, and create an administrator profile with the Type set to Restricted Admin and the permissions set as Intrusion Prevention. See Creating administrator profiles.
- Optionally, toggle Allow to Install if you want this administrator to be able to install changes to FortiGate devices.
- Go to System Settings > Admin > Administrators, and create a new administrator.
- Select the restricted IPS profile for the Admin Profile, then select the ADOM and Intrusion Prevention profiles that the administrator can manage. See Creating administrators.
Restricted administrators can only view and install changes to devices included in the specified ADOM.
For more information about restricted administrator profiles, see Restricted administrators.
To configure IPS settings as a restricted administrator, see: