Solved: Read only user account to access FTD device using FDM

h.dam · ‎02-24-2022

Hello,

I'd like to know if it is possible to create a read only user account to access FTD 2130 using FDM (I don't use FMC)

I have tried to create a user by CLI: config user add xxx basic

This user account can only access the device via SSH but came out with error via HTTP/HTTPS.

For me, HTTP/HTTPS access is more pratical and comfortable than SSH, especially for the Policies.

If it is feasible, please show me the steps to do.

Thank you.

Rob Ingram · ‎02-24-2022

@h.dam FDM doesn't allow creation of additional local admin accounts.

View solution in original post

Rob Ingram · ‎02-24-2022

@h.dam you can use radius to assign user roles, example

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217234-configure-fdm-external-authentication-an.html

h.dam · ‎02-24-2022

Yes, I know Radius is a solution

But I'd like to use local user because it is more simple and doesn't need additional config.

What I want is using this local user account (with basic rights without enable access) to view the policies but has no rights to modify them.on FDM GUI.

Rob Ingram · ‎02-24-2022

@h.dam FDM doesn't allow creation of additional local admin accounts.

h.dam · ‎02-28-2022

OK.

Thank you Rob.

Aref Alsouqi · ‎02-28-2022

Yes, FDM doesn't support creating multiple admin accounts for the UI, if you should decide to implement this with ISE then please check out this post of mine that shows you all the steps you need to implement it:

Creating Multiple Admin Accounts for FDM GUI Accesses (bluenetsec.com)