Network Security Topics
One of the critical aspects of managing a FortiGate device is understanding the default admin profiles and permissions. This article will provide a detailed overview of these profiles and how they impact the security and functionality of your network.
Understanding FortiGate Admin Profiles
FortiGate devices come with several predefined admin profiles, each with specific permissions. These profiles determine what actions an administrator can perform on the device. By default on firmware 6.0.13, FortiGate provides the following admin profiles:
- Super_Admin: This profile has full access to all features and settings on the FortiGate device. Users with this profile can configure system settings, manage network policies, and perform any task without restrictions.
- Prof_Admin: On my Firewall by default have same settings like Super_Admin.
Defining Custom Admin Profiles Based on Your Requirements
In addition to the default admin profiles, FortiGate allows administrators to create custom profiles tailored to their organization’s specific needs. This flexibility provides granular control over what actions users can perform, ensuring that each administrator has the appropriate level of access.
How to Define Custom Admin Profiles
- Assess Your Needs: Start by evaluating the specific tasks and responsibilities of each admin user in your organization. Determine what permissions they require to perform their duties effectively.
- Create Custom Profiles: Using FortiGate’s management interface, you can create new admin profiles and specify the exact permissions each profile should have. This includes permissions for configuration changes, policy management, user management, log access, and system maintenance.
- Test and Adjust: After creating custom profiles, test them to ensure that they meet the requirements without providing unnecessary access. Make adjustments as needed to balance security and functionality.
- Document Profiles: Maintain clear documentation of all custom admin profiles, including the permissions assigned and the rationale behind each configuration. This helps with future audits and adjustments.
Possible profile customization
Fortinet FortiGate devices allow customization of admin profiles, so while Prof_Admin comes with a standard set of permissions, organizations can modify this profile or create new custom profiles to meet specific operational requirements.
