This article describes how to resolve a scenario where an administrator account can edit Virtual IPs, but cannot create them.
Scope
FortiOS 7.x.x, FortiOS 6.4.x.
Solution
Sometimes it is needed to allow an administrator account to create and edit Virtual IPs.
If allowing access to ‘address’ objects via the CLI, it will be possible to create and edit all address objects but for the Virtual IPs only the edit will be possible.
To create Virtual IPs, it is necessary to allow access to the ‘others’ permission seen here:
Once this change is made, it is possible to create a new Virtual IP:
