Fortinet black logo

Administration Guide

System access

System access

To adjust system access settings:
  1. Go to System > Administration > System Access. The Edit System Access Settings page will open.

  2. The following settings are available:
    Administrative Access
    Require strong cryptography

    Enable this option to restrict administrative access using stronger cryptographic algorithms.

    FortiAuthenticator supports the following cryptographic protocols:

    • TLS 1.2: AES128/256 GCM/CBC, SHA256/384, DHE2048, and ECDHx25519.

    • TLS 1.3: AES128/256 GCM, SHA256/384, and ECDHx25519.

    Enable pre-authentication warning messagePre-authentication warning messages can be found under Authentication > Self-service Portal > Replacement Messages.
    CLI Access
    CLI idle timeoutEnter the amount of time before the CLI times out due to inactivity, from 0 to 480 minutes (maximum of eight hours).
    GUI Access
    GUI idle timeoutEnter the amount of time before the GUI times out due to inactivity, from 1 to 480 minutes (maximum of eight hours).
    Maximum HTTP header lengthEnter the maximum HTTP header length, from 4 to 16 KB.
    HTTPS CertificateSelect an HTTPS certificate from the dropdown menu.
    HTTP Strict Transport Security (HSTS) ExpiryEnable or disable HSTS enforcement, to avoid SSL sniffing attacks, and set an expiry from 0 to 730 days (where 0 means no expiry, maximum of two years). The default is set to 180.
    Certificate authority typeSelect the selected certificate’s authority type, either Local CA or Trusted CA.
    CA certificate that issued the server certificateSelect the issuing server certificate from the dropdown menu.
    Additional allowed hosts/domain namesSpecify any additional hosts that this site can serve, separated by commas or line breaks.
    Public IP/FQDN for FortiToken Mobile

    Enter the IP, or FQDN, of the FortiAuthenticator for external access.

    The mobile device running the FortiToken Mobile app requires access to the FortiAuthenticator interface for push to operate.

    Enter the IPs/FQDNs in the following format:
    ip_addr[:port] or FQDN[:port]

  3. Select OK to apply any changes. See Certificate management for more information about certificates.

System access

To adjust system access settings:
  1. Go to System > Administration > System Access. The Edit System Access Settings page will open.

  2. The following settings are available:
    Administrative Access
    Require strong cryptography

    Enable this option to restrict administrative access using stronger cryptographic algorithms.

    FortiAuthenticator supports the following cryptographic protocols:

    • TLS 1.2: AES128/256 GCM/CBC, SHA256/384, DHE2048, and ECDHx25519.

    • TLS 1.3: AES128/256 GCM, SHA256/384, and ECDHx25519.

    Enable pre-authentication warning messagePre-authentication warning messages can be found under Authentication > Self-service Portal > Replacement Messages.
    CLI Access
    CLI idle timeoutEnter the amount of time before the CLI times out due to inactivity, from 0 to 480 minutes (maximum of eight hours).
    GUI Access
    GUI idle timeoutEnter the amount of time before the GUI times out due to inactivity, from 1 to 480 minutes (maximum of eight hours).
    Maximum HTTP header lengthEnter the maximum HTTP header length, from 4 to 16 KB.
    HTTPS CertificateSelect an HTTPS certificate from the dropdown menu.
    HTTP Strict Transport Security (HSTS) ExpiryEnable or disable HSTS enforcement, to avoid SSL sniffing attacks, and set an expiry from 0 to 730 days (where 0 means no expiry, maximum of two years). The default is set to 180.
    Certificate authority typeSelect the selected certificate’s authority type, either Local CA or Trusted CA.
    CA certificate that issued the server certificateSelect the issuing server certificate from the dropdown menu.
    Additional allowed hosts/domain namesSpecify any additional hosts that this site can serve, separated by commas or line breaks.
    Public IP/FQDN for FortiToken Mobile

    Enter the IP, or FQDN, of the FortiAuthenticator for external access.

    The mobile device running the FortiToken Mobile app requires access to the FortiAuthenticator interface for push to operate.

    Enter the IPs/FQDNs in the following format:
    ip_addr[:port] or FQDN[:port]

  3. Select OK to apply any changes. See Certificate management for more information about certificates.