Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Settings

Settings

Go to System > Settings to access system configuration that you can update after installing FortiPAM.

To update System Settings:
  1. Go to System > Settings.

    The System Settings window opens.

  2. In System Settings, enter the following information:

    Host name

    The identifying name assigned to this FortiPAM unit.

    System time pane

    System time

    Current system time

    The current date and time on the FortiPAM internal clock or NTP servers.

    Time Zone

    From the dropdown, select a timezone.

    Set Time

    Select from the following options:

    • NTP: The NTP (Network Time Protocol) server (default).

    • Manual Settings

    Select Server

    Select a server from the following two options:

    • FortiGuard (default)

    • Custom

    Note: The option is only available when Set Time is NTP.

    Custom Server IP Address

    The custom server IP address.

    Custom NTP server details must be configured via the CLI.

    Note: The option is only available when Set Time is NTP and the Select Server is Custom.

    Sync internal

    Enter how often, in minutes, that the device synchronizes its time with the NTP server (default = 60, 1 - 1440).

    Note: The option is only available when Set Time is NTP.

    Date

    Enter the date or select the calendar icon, and from the dropdown, select a date.

    Note: The option is only available when Set Time is Manual Settings.

    Time

    Enter the time or select the clock icon, and from the dropdown, select a time.

    Note: The option is only available when Set Time is Manual Settings.

    Setup device as local NTP server

    Select True to configure the FortiPAM as a local NTP server (default = False).

    Listen on Interfaces

    Set the interface or interfaces that the FortiPAM will listen for NTP requests on.

    Note: The option is only available when Setup device on local NTP server is set as True.

    User Password Policy pane

    User Password Policy

    Password scope

    Enable/disable password scope (default = disable).

    Note: This applies to local user passwords.

    Minimum length

    The minimum length of the password (default = 8, 1 - 128).

    Minimum number of new characters

    Enter the minimum number of new characters required in the password (default = 0, maximum = 200).

    Character requirements

    Enable/disable character requirements (default = disable).

    When enabled, enter the number of upper case, lower case, numbers, and special (non-alphanumeric) characters required in the password.

    Note: Special characters are non-alphanumeric.

    Allow password reuse

    Enable/disable password reuse (default = enable).

    Password expiration

    Enable and enter the number of days after which the password expires (default = 90, 0 - 999).

    View Settings pane

    View Settings

    Language

    From the dropdown, select a language.

    Date/Time display

    Select from the following two options:

    • System Timezone: Use the FortiPAM unit's configured timezone.

    • Browser Timezone: Use the web browser timezone.

    Email Service pane

    Email Service

    Use custom settings

    Enable to edit options in the Email Service pane.

    SMTP Server

    The SMTP server IP address or the hostname, e.g., smtp.example.com.

    Port

    The recipient port number.

    The default port value depends on the chosen Security Mode.

    For None and STARTTLS, the default value is 25.

    For SMTPS, the default value is 465.

    Authentication

    If required by the email server, enable authentication.

    If enabled, enter the Username and Password.

    Security Mode

    Set the connection security mode used by the email server:

    • None

    • SMTPS (default)

    • STARTTLS

    Default Reply To

    Optionally, enter the reply to email address, such as noreply@example.com.

    This address will override the Email from email address that is configured for an alert email. See Email alert settings.

    Debug Logs pane

    Debug Logs

    Debug Logs

    Select Download to export the debug logs to your computer as a text file.

    PAM Settings pane

    PAM Settings

    Enforce recording on glass breaking

    In glass breaking mode, the administrator has permission to launch all secrets. This setting is to enforce video recording on all launching sessions.

    (default = enable).

    Video Storage Limit

    The maximum percentage of the video disk partition size that can be used for storing FortiPAM session video recordings (default = 95, 10 - 100).

    Video Storage Mode

    From the dropdown, select a PAM session video recording storage mode (default = Rolling):

    • Rolling: Evict the oldest PAM video recording within the Video Storage Time when the video storage limit is reached.

    • Stop: Stop storing new PAM video recordings when the disk quota is full.

    Video Storage Time

    The number of days for which a video is stored. Video files are removed from FortiPAM once the time has elapsed (default = 365, 0 - 36500).

    Enable the toggle or enter 0 for no time limit.

    Note: The option is only available when the Video Storage Mode is Rolling.

    Recording Resolution

    From the dropdown, select a resolution for the PAM video recordings:

    • 480p

    • 720p (default)

    • 1080p

    Recording FPS

    Enter the PAM video recording frame rate (default = 2, 1- 15).

    Recording Color Depth

    From the dropdown, select a color depth (default = 16 Bit Color Depth):

    • 16 Bit Color Depth

    • 24 Bit Color Depth

    • 64 Bit Color Depth

    Recording Key FPM

    Enter the PAM video recording key frame rate per minute (default = 1, 1 - 60).

    Session Max Duration

    Enter the maximum duration for a PAM session, in minutes (default = 120, 1 - 10000)

    Client Port

    Enter the port number that FortiPAM uses to connect to FortiClient (default = 9191, 1 - 65536).

  3. Click Apply.
Previous
Next

Settings

Go to System > Settings to access system configuration that you can update after installing FortiPAM.

To update System Settings:
  1. Go to System > Settings.

    The System Settings window opens.

  2. In System Settings, enter the following information:

    Host name

    The identifying name assigned to this FortiPAM unit.

    System time pane

    System time

    Current system time

    The current date and time on the FortiPAM internal clock or NTP servers.

    Time Zone

    From the dropdown, select a timezone.

    Set Time

    Select from the following options:

    • NTP: The NTP (Network Time Protocol) server (default).

    • Manual Settings

    Select Server

    Select a server from the following two options:

    • FortiGuard (default)

    • Custom

    Note: The option is only available when Set Time is NTP.

    Custom Server IP Address

    The custom server IP address.

    Custom NTP server details must be configured via the CLI.

    Note: The option is only available when Set Time is NTP and the Select Server is Custom.

    Sync internal

    Enter how often, in minutes, that the device synchronizes its time with the NTP server (default = 60, 1 - 1440).

    Note: The option is only available when Set Time is NTP.

    Date

    Enter the date or select the calendar icon, and from the dropdown, select a date.

    Note: The option is only available when Set Time is Manual Settings.

    Time

    Enter the time or select the clock icon, and from the dropdown, select a time.

    Note: The option is only available when Set Time is Manual Settings.

    Setup device as local NTP server

    Select True to configure the FortiPAM as a local NTP server (default = False).

    Listen on Interfaces

    Set the interface or interfaces that the FortiPAM will listen for NTP requests on.

    Note: The option is only available when Setup device on local NTP server is set as True.

    User Password Policy pane

    User Password Policy

    Password scope

    Enable/disable password scope (default = disable).

    Note: This applies to local user passwords.

    Minimum length

    The minimum length of the password (default = 8, 1 - 128).

    Minimum number of new characters

    Enter the minimum number of new characters required in the password (default = 0, maximum = 200).

    Character requirements

    Enable/disable character requirements (default = disable).

    When enabled, enter the number of upper case, lower case, numbers, and special (non-alphanumeric) characters required in the password.

    Note: Special characters are non-alphanumeric.

    Allow password reuse

    Enable/disable password reuse (default = enable).

    Password expiration

    Enable and enter the number of days after which the password expires (default = 90, 0 - 999).

    View Settings pane

    View Settings

    Language

    From the dropdown, select a language.

    Date/Time display

    Select from the following two options:

    • System Timezone: Use the FortiPAM unit's configured timezone.

    • Browser Timezone: Use the web browser timezone.

    Email Service pane

    Email Service

    Use custom settings

    Enable to edit options in the Email Service pane.

    SMTP Server

    The SMTP server IP address or the hostname, e.g., smtp.example.com.

    Port

    The recipient port number.

    The default port value depends on the chosen Security Mode.

    For None and STARTTLS, the default value is 25.

    For SMTPS, the default value is 465.

    Authentication

    If required by the email server, enable authentication.

    If enabled, enter the Username and Password.

    Security Mode

    Set the connection security mode used by the email server:

    • None

    • SMTPS (default)

    • STARTTLS

    Default Reply To

    Optionally, enter the reply to email address, such as noreply@example.com.

    This address will override the Email from email address that is configured for an alert email. See Email alert settings.

    Debug Logs pane

    Debug Logs

    Debug Logs

    Select Download to export the debug logs to your computer as a text file.

    PAM Settings pane

    PAM Settings

    Enforce recording on glass breaking

    In glass breaking mode, the administrator has permission to launch all secrets. This setting is to enforce video recording on all launching sessions.

    (default = enable).

    Video Storage Limit

    The maximum percentage of the video disk partition size that can be used for storing FortiPAM session video recordings (default = 95, 10 - 100).

    Video Storage Mode

    From the dropdown, select a PAM session video recording storage mode (default = Rolling):

    • Rolling: Evict the oldest PAM video recording within the Video Storage Time when the video storage limit is reached.

    • Stop: Stop storing new PAM video recordings when the disk quota is full.

    Video Storage Time

    The number of days for which a video is stored. Video files are removed from FortiPAM once the time has elapsed (default = 365, 0 - 36500).

    Enable the toggle or enter 0 for no time limit.

    Note: The option is only available when the Video Storage Mode is Rolling.

    Recording Resolution

    From the dropdown, select a resolution for the PAM video recordings:

    • 480p

    • 720p (default)

    • 1080p

    Recording FPS

    Enter the PAM video recording frame rate (default = 2, 1- 15).

    Recording Color Depth

    From the dropdown, select a color depth (default = 16 Bit Color Depth):

    • 16 Bit Color Depth

    • 24 Bit Color Depth

    • 64 Bit Color Depth

    Recording Key FPM

    Enter the PAM video recording key frame rate per minute (default = 1, 1 - 60).

    Session Max Duration

    Enter the maximum duration for a PAM session, in minutes (default = 120, 1 - 10000)

    Client Port

    Enter the port number that FortiPAM uses to connect to FortiClient (default = 9191, 1 - 65536).

  3. Click Apply.
Previous
Next