We use Unix authentication for scanning hardware devices that use the FortiOS operating system. The account you provide for authentication must have permission to run certain commands.
This help will describe how to set up an administrator profile with the network group configuration set to read or read/write permission and then assign that profile to the scan user account.
Commands required for scanning
get system status
show full-configuration system accprofile
show full-configuration system admin
show full-configuration system auto-install
show full-configuration system global
show full-configuration system interface
show full-configuration system ntp
show full-configuration system password-policy
show full-configuration system replacemsg admin pre_admin-disclaimer-text
Scan user account requirements
The user account you provide for authentication must have access to run the commands mentioned above.
You can provide any Administrator user with the network group configuration set to read or read/write permissions.
Steps using CLI:
1) Create a new profile or edit an existing profile with the following configuration or higher:
Fortinet
# config system accprofile
Fortinet (accprofile) # edit <Profile Name>
Fortinet (<Profile Name>) # set netgrp custom
Fortinet (<Profile Name>) # config netgrp-permission
Fortinet (netgrp-permission) # set cfg read
Fortinet (<Profile Name>) # config sysgrp-permission
Fortinet (netgrp-permission) # set admin read-write
Fortinet (netgrp-permission) # set cfg read
edit
"<Profile Name>"
config netgrp-permission
set cfg read
end
config sysgrp-permission
set admin read-write
set cfg read
end
2) Add the above created profile to the scan user account.
Fortinet
# config system admin
Fortinet (admin) # edit <Scan User>
Fortinet (scanuser) # set accprofile <Profile Name>
config
system admin
edit "<User Name>"
set accprofile "<Profile
Name>"
next
end
Steps using web UI:
1) Create a new profile or edit an existing profile with the following permissions:
Network > Configuration section to Read
System > Administrator Users to Read/Write
System > Configuration to Read
2) Go to System > Administrators. Add a new user or update an existing user for the scan user account and add the profile you created in the previous step.
