Fortinet black logo

CLI reference

Home FortiNDR 7.0.3 CLI reference
7.0.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

config system admin

config system admin

Use this command to configure FortiAI administrator accounts.

By default, FortiAI units have a single administrator account named admin. For more granular control over administrative access, you can create additional administrator accounts with more restricted permissions such as being able to configure a specific domain.

Syntax

config system admin
    edit <name_str>
        set access-profile <profile_name>
        set auth-strategy {local | local-plus-radius | ldap | radius}
        set name <name>
        set password <password_str>
        set radius-permission-check {enable | disable}
        set radius-subtype-id <subtype_int>]
        set radius-vendor-id <vendor_int>
        set sshkey <key_str>
        set status {enable | disable}
        set theme {Neutrino| Jade | Mariner | Graphite | Melongene | Onyx | Dark_Matter | Eclipse | Cloud_App_Light | Cloud_App_Dark}
        set trust-hosts <host_ipv4mask>
    end

Variable

Description

Default

<name_str>

Name of the administrator account.

access-profile <profile_name>

Name of an access profile that determines which functional areas the administrator account may view or affect.

auth-strategy {local | local-plus-radius | ldap | radius}

Select the local or remote type of authentication that the administrator can use.

local

name <name>

Name of user.

english

password <password_str>

If auth-strategy is local or local-plus-radius, enter the password for the administrator account.

Do not use an administrator password shorter than six characters. For better security, use a longer password with a complex combination of characters and numbers. Change the password regularly. A weak password might compromise the security of your FortiAI unit.

radius-permission-check {enable | disable}

If auth-strategy is local or local-plus-radius, enable this option to query the RADIUS server for the permissions attribute.

disable

radius-subtype-id <subtype_int>]

If auth-strategy is local or local-plus-radius, and radius-permission-check is enabled, enter the RADIUS subtype identifier.

0

radius-vendor-id <vendor_int>

If auth-strategy is local or local-plus-radius, and radius-permission-check is enabled, enter the RADIUS vendor identifier.

0

sshkey <key_str>

Enter the SSH key string inside single straight quote marks (').

When connecting from an SSH client that presents this key, administrators do not need to enter the account name and password to log in to the CLI.

status

Enable or disable admin users.

theme {Neutrino| Jade | Mariner | Graphite | Melongene | Onyx | Dark_Matter | Eclipse | Cloud_App_Light | Cloud_App_Dark}

Theme of the GUI for this admin.

Neutrino

trust-hosts <host_ipv4mask>

Enter one to three IP addresses and netmasks from which the administrator can log into FortiAI. Separate each pair of IP address and netmask with a comma (,).

To allow the administrator to authenticate from any IP address, enter 0.0.0.0/0.0.0.0.

0.0.0.0/0.0.0.0

Previous
Next

config system admin

Use this command to configure FortiAI administrator accounts.

By default, FortiAI units have a single administrator account named admin. For more granular control over administrative access, you can create additional administrator accounts with more restricted permissions such as being able to configure a specific domain.

Syntax

config system admin
    edit <name_str>
        set access-profile <profile_name>
        set auth-strategy {local | local-plus-radius | ldap | radius}
        set name <name>
        set password <password_str>
        set radius-permission-check {enable | disable}
        set radius-subtype-id <subtype_int>]
        set radius-vendor-id <vendor_int>
        set sshkey <key_str>
        set status {enable | disable}
        set theme {Neutrino| Jade | Mariner | Graphite | Melongene | Onyx | Dark_Matter | Eclipse | Cloud_App_Light | Cloud_App_Dark}
        set trust-hosts <host_ipv4mask>
    end

Variable

Description

Default

<name_str>

Name of the administrator account.

access-profile <profile_name>

Name of an access profile that determines which functional areas the administrator account may view or affect.

auth-strategy {local | local-plus-radius | ldap | radius}

Select the local or remote type of authentication that the administrator can use.

local

name <name>

Name of user.

english

password <password_str>

If auth-strategy is local or local-plus-radius, enter the password for the administrator account.

Do not use an administrator password shorter than six characters. For better security, use a longer password with a complex combination of characters and numbers. Change the password regularly. A weak password might compromise the security of your FortiAI unit.

radius-permission-check {enable | disable}

If auth-strategy is local or local-plus-radius, enable this option to query the RADIUS server for the permissions attribute.

disable

radius-subtype-id <subtype_int>]

If auth-strategy is local or local-plus-radius, and radius-permission-check is enabled, enter the RADIUS subtype identifier.

0

radius-vendor-id <vendor_int>

If auth-strategy is local or local-plus-radius, and radius-permission-check is enabled, enter the RADIUS vendor identifier.

0

sshkey <key_str>

Enter the SSH key string inside single straight quote marks (').

When connecting from an SSH client that presents this key, administrators do not need to enter the account name and password to log in to the CLI.

status

Enable or disable admin users.

theme {Neutrino| Jade | Mariner | Graphite | Melongene | Onyx | Dark_Matter | Eclipse | Cloud_App_Light | Cloud_App_Dark}

Theme of the GUI for this admin.

Neutrino

trust-hosts <host_ipv4mask>

Enter one to three IP addresses and netmasks from which the administrator can log into FortiAI. Separate each pair of IP address and netmask with a comma (,).

To allow the administrator to authenticate from any IP address, enter 0.0.0.0/0.0.0.0.

0.0.0.0/0.0.0.0

Previous
Next