Fortinet Understanding Config System Accprofile for FortiBridge Access Control
Page 57

 

 

config CLI commands

system accprofile

system accprofile

Use this command to add access profiles that control administrator access to FortiBridge features. Each administrator account must include an access profile. You can create access profiles that deny access to or allow read only, write only, or both read and write access to FortiBridge features.

Command syntax pattern

config system accprofile edit <profile-name_str>

set <keyword> <variable>

end

config system accprofile edit <profile-name_str>

unset <keyword>

end

config system accprofile delete <profile-name_str>

end

get system accprofile [<profile-name_str>]

show system accprofile [<profile-name_str>]

Keywords and variables

Description

Default

 

 

 

admingrp {none r rw w}

Control administrator access to FortiBridge administrator

none

 

accounts and access profiles.

 

 

none deny access.

 

 

r read only access.

 

 

rw read write access.

 

 

w write only access.

 

loggrp {none r rw w}

Control administrator access to log and alert email settings.

none

 

none deny access.

 

 

r read only access.

 

 

rw read write access.

 

 

w write only access.

 

sysgrp {none r rw w}

Control administrator access to system configuration settings.

none

 

none deny access.

 

 

r read only access.

 

 

rw read write access.

 

 

w write only access.

 

sysshutdowngrp {none r

Control administrator access to system shutdown, system,

none

rw w}

reboot, and firmware upgrade functions.

 

 

none deny access.

 

 

r read only access.

 

 

rw read write access.

 

 

w write only access.

 

FortiBridge Version 3.0 Administration Guide

57

09-30000-0163-20061109

Page 56 Page 58
Image 57
Page 56 Page 58
Contents M i n i s t r a t i o n G u i d e Regulatory compliance TrademarksContents Configuration and operating procedures Using the CLIConfig CLI commands Index Execute CLI commandsPage About this document About FortiBridgeFortinet documentation Customer service and technical supportFortinet tools and documentation CD Fortinet Knowledge CenterExample FortiBridge application FortiBridge operating principlesConnecting the FortiBridge-1000 copper gigabit ethernet Connecting the FortiBridge unitNormal mode operation Connecting the FortiBridge-1000F fiber gigabit ethernetHow the FortiBridge unit monitors the FortiGate unit Probes and FortiGate firewall policies Normal mode operationEnabling probes to detect FortiGate hardware failure Enabling probes to detect FortiGate software failureProbe interval and probe threshold FortiBridge power failure Bypass mode operationExample FortiGate HA cluster FortiBridge application Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces Example configuration with other FortiGate interfaces FortiBridge unit basic information FortiBridge-1000 Package contentsMounting instructions FortiBridge-1000F Package contentsLED indicators Technical specificationsFactory default configuration ConnectorsConnecting and turning on the FortiBridge-1000 unit Connecting and turning on the FortiBridge unitConnecting and turning on the FortiBridge-1000F unit To connect and turn on the FortiBridge-1000 unitTo connect and turn on the FortiBridge-1000F unit Connecting to the FortiBridge console Connecting to the command line interface CLIFortiBridge-1000 login To connect to the FortiBridge console for the first timeConnecting to the FortiBridge CLI using Telnet Completing the basic FortiBridge configurationTo connect to the CLI using Telnet Welcome FortiBridge-1000 #To add an administrator password Adding an administrator passwordChanging the management IP address To change the management IP addressAdding static routes Changing DNS server IP addressesTo change DNS server IP addresses To add static routesAllowing management access to the EXT 1 interface Adding administrator accountsChanging the system time and date Resetting to the factory default configuration Installing FortiBridge unit firmwareTo reset to factory defaults from the FortiBridge CLI Execute restore image namestr tftpip To upgrade to a new firmware versionExecute restore image FBG1000-v10-build010-FORTINET.out Upgrading to a new firmware versionTo revert to a previous firmware version Reverting to a previous firmware versionTo install firmware from a system reboot Installing firmware from a system rebootHit any key to stop autoboot Enter Tftp server addressGet system status Enter firmware image file image.outExample network settings Configuration and operating proceduresConfiguring FortiBridge probes Configuring FortiBridge probesTo configure probe settings Probe settingsTo enable and configure FortiBridge probes Config probe probelist ping set status enable EndEnabling probes Verifying that probes are functioning Config probe probelist Imap set status enable EndTo verify that probes are functioning Go to System Status SessionTuning the failure threshold and probe interval Configuring FortiBridge alertsConfig alertemail setting set server mail.myorg.com End To configure alert emailFortiBridge alert email FortiBridge syslogTo configure FortiBridge syslog Config log syslogd setting set server EndFortiBridge Snmp To add and enable an Snmp community Recovering from a FortiGate failureConfig system snmp community edit Set name snmp1 End To resume normal operation from bypass modeBacking up and restoring the FortiBridge configuration Manually switching between FortiBridge operating modesExecute switch-mode To back up the FortiBridge configurationBacking up and restoring the FortiBridge configuration Backing up and restoring the FortiBridge configuration Setting administrative access for SSH or Telnet Connecting to the FortiBridge CLI using SSH or TelnetTo use the CLI to configure SSH or Telnet access CLI basicsConnecting to the FortiBridge CLI using SSH Other access methodsSet allowaccess ping telnet ssh Get system interface namestrTo connect to the CLI using SSH Connecting to the FortiBridge CLI using SSH or Telnet Config CLI commands Alertemail setting Command syntax patternExamples Related Commands Example Log syslogd settingGet probe probelist Probe probelist ping http ftp pop3 smtp imapGet probe probelist http Show probe probelistSyslog Probe settingRw w System accprofileGet system accprofile Get system accprofile policyprofileShow system accprofile Password passwordstr System adminGet system admin Get system admin newadminShow system admin System console Config system console set EndGet system console Show system consoleSystem dns Get system dnsShow system dns Get system status Failbypass System failcloseSystem failclose Minutesinteger System globalShow system global Get system globalSystem interface internal external Get system interface internalShow system interface internal System manageip Config system manageip Set ip 192.168.2.80 255.255.255.0 endDistanceinteger System routeSystem snmp community Config hostsShow system snmp community Get system snmp communityExecute CLI commands Command syntax BackupExecute backup config filenamestr tftp-serveripv4 Execute backup config fbdg.cfgDate Execute date datestr datestr has the form mm/dd/yyyy, whereExecute date 09/17/2004 Execute factoryreset FactoryresetExecute ping addressipv4 host-namestr PingExecute reboot RebootExecute restore config backupconfig RestoreSwitch-mode Execute time timestr TimeTime Index 09-30000-0163-20061109 Snmp SSH
Top Page Image Contents