Fortinet 50 FortiWeb 5.0 Patch 6 Administration Guide
Unlike other administrator accounts, the administrator account named admin exists by default
and cannot be deleted. The admin administrator account is similar to a root administrator
account. This administrator account always has full permission to view and change all FortiWeb
configuration options, including viewing and changing all other administrator accounts. Its
name and permissions cannot be changed. It is the only administrator account that can reset
another administrator’s password without being required to enter that administrator’s existing
password.
For complete access to all commands and abilities, you must log in with the administrator
account named admin.
Web Protection
Configuration
Policy > Web Protection ...
Web Protection ...
DoS Protection ...
Web UI
wafgrp config system dos-prevention
config waf except:
config waf file-compress-rule
config waf file-uncompress-rule
config waf http-authen ...
config waf url-rewrite ...
config waf web-custom-robot
config waf web-protection-profile
autolearning-profile
config waf web-robot
config waf x-forwarded-for
CLI
Web Vulnerability
Scan Configuration
Web Vulnerability Scan ... Web UI
wvsgrp config wvs ... CLI
* For each config command, there is an equivalent get/show command, unless
otherwise noted.
config access requires write permission.
get/show access requires read permission.
Tabl e 4 : Areas of control in access profiles
Access profile
setting
Grants access to*
Set a strong pas sword for the admin administrator acco unt, and change the password
regularly. By default, this administrator account has no password. Failure to maintain the
password of the admin administrator account could compromise the security of your FortiWeb
appliance.