NCM Config Backups With ReadOnly on Fortigate

willNetwork

We have been unable to use a read-only account to pull configurations from a Fortigate firewall into NCM.   Session traces seem to suggest that NCM is looking for a "#" prompt.  As far as we know, this can only be done by associating the account with the "super-admin" profile/role.   All other account profiles on a Fortigate result in a "$" prompt, which has not worked, regardless of the privileges granted.  Is there a way to change this behavior in NCM?

I tried the below Device Template, but have been unsuccessful.

<!--SolarWinds Network Management Tools-->
<!--Copyright 2007 SolarWinds.Net. All rights reserved-->
<Configuration-Management Device="Fortigate ReadOnly" SystemOID="1.3.6.1.4.1.12356" CommandPromptRegex="(?i)^.*\\$\\s*$">
<Commands>
<!-- Prompt handling for read-only CLI -->
<Command Name="MenuBased" Value="false"/>
<Command Name="VirtualPrompt" Value="\$"/>

<!-- Ensure standard output mode -->
<Command Name="RESET" Value="config global${CRLF}config system console${CRLF}set output standard${CRLF}end${CRLF}end"/>

<!-- Not used but included for structure -->
<Command Name="EnterConfigMode" Value="config "/>
<Command Name="ExitConfigMode" Value="end"/>

<!-- Run config global, then show full-configuration, then exit -->
<Command Name="DownloadConfig" Value="config global${CRLF}show full-configuration${CRLF}end${CRLF}end"/>

<!-- Startup config and running config (running is unused) -->
<Command Name="Startup" Value="full-configuration"/>
<Command Name="Running" Value=""/>

<!-- Version command -->
<Command Name="Version" Value="get system status"/>

<!-- SSH compatibility -->
<Command Name="KeySignatureList" Value="ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"/>
<Command Name="EncryptionList" Value="aes256-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se"/>
</Commands>
</Configuration-Management>

willNetwork

With the assistance of SolarWinds support, we were able to successfully use the device template below to pull configuration backups from our FortiGate firewalls using a read-only privilege level account (which returns a $ prompt instead of the typical #).

Please ensure you perform your own due diligence to validate that this template functions correctly in your environment before promoting it to production.

<Configuration-Management Device="Fortigate V2.1" SystemOID="1.3.6.1.4.1.12356" SystemDescriptionRegex="" AutoDetectType="BySystemOid">  <Commands>    <Command Name="FreezeLoginForPreCommand" Value="True" />    <Command Name="PreCommand" Value="${CRLF}" RegEx="$" />    <Command Name="UseExactPromptMatch" Value="true" />    <Command Name="UseVirtualPromptForCommands" Value="false"/>    <Command Name="MenuBased" Value="false"/>    <Command Name="VirtualPrompt" Value="$"/>    <Command Name="RESET" Value="" RegEx="$"/>    <Command Name="Startup" Value="show full-configuration" />    <Command Name="Running" Value="show" />    <Command Name="DownloadConfig" Value="${ConfigType}" />    <Command Name="Version" Value="get system status" />    <Command Name="KeySignatureList" Value="ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss" />    <Command Name="EncryptionList" Value="aes256-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se" />  </Commands></Configuration-Management>

Good luck & Cheers!