This article describes the configuration to verify if the administrator could not run debug commands in FortiGate CLI.
In some environments, administrators can be restricted to perform debug/diagnostic but still allowed to perform configuration.
If the ‘Unknown action 0’ error appears when running the debug command as below:
# diagnose debug application sslvpn -1 Unknown action 0
Check the user admin profile using the following command:
# show full system accprofile
Administrator will not be allowed to run the diagnostic commands if ‘system-diagnostics’ is set to disable.
To allow the administrator to have right to perform diagnostic:
(Only super admin can change this setting).
# config system accprofile set system-diagnostics enable end