System Settings FortiManager 5.2

To create a custom system administrator profile:
1. Go to System Settings > Admin > Profile and select Create New in the toolbar. The Create Profile dialog box appears.
Create new administrator profile

2. Configure the following settings:
Profile Name Type a name for this profile.
Description Type a description for this profile. While not a requirement, a description can help to know what the profiles is for or the levels it is set to.
Type Select System Admin. This is the default setting.
System Settings Select None, Read Only, or Read/Write access.
Administrator Domain Select None, Read Only, or Read/Write access.
FortiGuard Center Select None, Read Only, or Read/Write access.
Device Manager Select None, Read Only, or Read/Write access/
Add/Delete Devices/Groups Select None, Read Only, or Read/Write access.
Install to Devices Select None, Read Only, or Read/Write access.
Retrieve Configuration from Devices Select None, Read Only, or Read/Write access.
Terminal Access Select None, Read Only, or Read/Write access.
Manage Device Con-
figuration Select None, Read Only, or Read/Write access.
System Templates Select None, Read Only, or Read/Write access.
Policy & Objects Select None, Read Only, or Read/Write access.
Global Policy Packages & Objects Select None, Read Only, or Read/Write access.
Assignment Select None, Read Only, or Read/Write access.
Policy Packages & Objects Select None, Read Only, or Read/Write access.
Policy Check Select None, Read Only, or Read/Write access.
VPN Manager Select None, Read Only, or Read/Write access.
Workflow Approve Select None, Read Only, or Read/Write access.
Read/Write: Administrator can approve or reject sessions. Read-Only/None: Administrator can only view diff.
FortiView Select None, Read Only, or Read/Write access.
Event Management Select None, Read Only, or Read/Write access.
Reports Select None, Read Only, or Read/Write access.
3. Select OK to save the new profile.
To modify an existing profile:
1. Go to System Settings > Admin > Profile.
2. In the Profile column, double-click on the name of the profile you want to change. The Edit Profile dialog box appears, containing the same information as when creating a new profile.
3. Configure the appropriate changes and then select OK to save the settings.
To delete a profile:
1. Go to System Settings > Admin > Profile.
2. Select the check box of the custom profile you want to delete and then select the Delete icon in the toolbar. You can only delete custom profiles when they are not applied to any administrators.
3. In the confirmation dialog box that appears, select OK to delete the profile.
Workflow Approval
The System Settings > Admin > Workflow Approval menu enables you to create or edit approval matrices for workflow mode. You can configure one approval matrix per ADOM. The approval matrix defines the relationship of approvers and requestors and allows you to configure who receives notifications.

Create a new approval matrix:
1. Go to System Settings > Admin > Workflow Approval.
2. Select Create New in the toolbar. The New Approval Matrix page is displayed.
New approval matrix

3. Configure the following settings:
ADOM Select the ADOM from the drop-down list.
Approval Group Select to add approvers to the approval group. Select the add icon to create a new approval group. Select the delete icon to remove an approval group.
Send an Email Notifcation to Select to add admistrators to send email notifications to. Select the remove icon to remove an administrator from the field.
Mail Server Select the mail server from the drop-down list.
4. Select OK to create the approval matrix.
Remote authentication server
The FortiManager system supports remote authentication of administrators using LDAP, RADIUS, and TACACS+ servers. To use this feature, you must configure the appropriate server entries in the FortiManager unit for each authentication server in your network. New LDAP remote authentication servers can be added and linked to all ADOMs or specific ADOMs. Existing servers can be modified and deleted as required; see Manage remote authentication servers.
Remote authentication server list

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.