Administration Guide

Introduction
- FortiPAM concepts
- Organization of the guide
- Using the GUI
  - Banner
  - Tables
- Modes of operation
- FortiPAM deployment options
- Feature availability
FortiPAM installation
- Installing FortiClient with the FortiPAM feature
- FortiPAM appliance setup
- FortiPAM with TPM
- Connecting to target remote systems
Licensing
Dashboard
- Adding a custom dashboard
- System information widget
- Licenses widget
- VM license
Folders
- Creating a folder
Secrets
- Secret list
- Secret launchers
  - Creating a launcher
    - Example secret configurations with launchers example
- Secret templates
  - Creating secret templates
- Policies
  - Creating a policy
    - Applying a policy to a folder
- SSH filter profiles
  - Creating an SSH filter
    - Adding SSH filter to secret
    - Example SSH filter profiles example
- Job list
  - Creating a job
Monitoring
- User monitor
- Active sessions
User management
- User definition
  - Creating a user
- User groups
- Role
  - Access control options
- LDAP servers
- SAML Single Sign-On (SSO)
- RADIUS servers
- Schedule
- FortiTokens
Approval request
- My requests
  - Make a request
- Request review
  - Approve a request
- Approval flow
  - Approval profile
    - Enabling approval profiles for a secret
    - Create an approval profile
Password changing
- Character sets
  - Creating a character set
- Password policies
  - Creating a password policy
    - Applying a password policy to a secret template
- Password changers
  - Creating a password changer
    - Automatic password changing
    - Automatic password verification
Authentication
- Addresses
  - Creating an address
  - Creating an address group
- Scheme & Rules
  - Creating an authentication scheme
  - Creating an authentication rule
System
- Firmware
- Settings
- SNMP
- High availability
- Certificates
- ZTNA
- Backup
  - Sending backup file to a server Example
Network
- Interfaces
  - Creating an interface
  - Creating a zone
- DNS settings
- Packet capture
  - Creating a packet capture filter
- Static routes
  - Creating an IPv4 static route
Security profile
- AntiVirus
  - Creating an antivirus profile
    - Enabling antivirus scan in a secret
- Data loss prevention (DLP) protection for secrets
  - Supported file types
Security fabric
- Fabric Connectors
  - FortiAnalyzer logging
Log & report
- Events
- Secret
- ZTNA
- SSH
- Reports
- Log settings
- Email alert settings
  - Email alert when the glass breaking mode is activated example
Troubleshooting
- Troubleshoot using trace files
  - Example troubleshooting example
- FortiPAM HTTP filter
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM
Appendix D: vTPM for FortiPAM on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Change Log

Home FortiPAM 1.0.0 Administration Guide

1.0.0

Creating an IPv4 static route

To create an IPv4 static route:

Go to Network > Static Routes.
Select Create New to create a new IPv4 static route.
The New Static Route window opens.

Enter the following information:

Destination

The destination IP addresses and network masks of packets that the FortiPAM unit intercepts.

Enter the IPv4 address and netmask of the new static route.

Gateway Address

The IP addresses of the next-hop routers to which intercepted packets are forwarded.

Enter the gateway IP address for those packets that you intend to intercept.

Note: Gateway Address is unavailable when the Interface is Blackhole.

Interface

The interface the static route is configured to.

Select + and in Select Entries, select the interface or create a new interface.

A blackhole route is a route that drops all traffic sent to it. Blackhole routes are used to dispose of packets instead of responding to suspicious inquiries. This provides added security since the originator will not discover any information from the target network. Blackhole routes can also limit traffic on a subnet. If some subnet addresses are not in use, traffic to those addresses, which may be valid or malicious, can be directed to a blackhole for added security and to reduce traffic on the subnet.

Use the search bar to look for an interface.

Use the pen icon next to an interface to edit the interface.

Administrative Distance

The number of hops the static route has to the configured gateway.

The administrative distance is used to determine the cost of the route. Smaller distances are considered "better" route that should be used when multiple paths exist to the same destination (default = 10, 1 - 255).

The route with same distance are considered as equal-cost multi-path (ECMP).

Comments

Optionally, enter a description about the static route.

Status

Enable/disable the static route.

Advanced Options

Priority

A number for the priority of the static route. Routes with a larger number will have a lower priority. Routes with the same priority are considered as ECMP (default = 1 when creating an IPv4 static route, 1 - 65535).

Priority can only be customized for statically configured routes. The priority of routes dynamically learned from the routing protocols is always 1.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview.

The feature is not available if the user is logged in as an administrator that has read-only GUI permissions.

Click OK.

To use API preview:

Click API Preview.
The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.
Enable Show modified changes only (enabled by default) to show the modified changes instead of the full configuration in the preview.
Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.
Click Close to leave the preview.