Document
Library

Administration Guide

Introduction
- FortiPAM concepts
- Organization of the guide
- Using the GUI
  - Banner
  - Tables
- Modes of operation
- FortiPAM deployment options
- Feature availability
FortiPAM installation
- Installing FortiClient with the FortiPAM feature
- FortiPAM appliance setup
- FortiPAM with TPM
- Connecting to target remote systems
Licensing
Dashboard
- Adding a custom dashboard
- System information widget
- Licenses widget
- VM license
Folders
- Creating a folder
Secrets
- Secret list
- Secret launchers
  - Creating a launcher
    - Example secret configurations with launchers example
- Secret templates
  - Creating secret templates
- Policies
  - Creating a policy
    - Applying a policy to a folder
- SSH filter profiles
  - Creating an SSH filter
    - Adding SSH filter to secret
    - Example SSH filter profiles example
- Job list
  - Creating a job
Monitoring
- User monitor
- Active sessions
User management
- User definition
  - Creating a user
- User groups
- Role
  - Access control options
- LDAP servers
- SAML Single Sign-On (SSO)
- RADIUS servers
- Schedule
- FortiTokens
Approval request
- My requests
  - Make a request
- Request review
  - Approve a request
- Approval flow
  - Approval profile
    - Enabling approval profiles for a secret
    - Create an approval profile
Password changing
- Character sets
  - Creating a character set
- Password policies
  - Creating a password policy
    - Applying a password policy to a secret template
- Password changers
  - Creating a password changer
    - Automatic password changing
    - Automatic password verification
Authentication
- Addresses
  - Creating an address
  - Creating an address group
- Scheme & Rules
  - Creating an authentication scheme
  - Creating an authentication rule
System
- Firmware
- Settings
- SNMP
- High availability
- Certificates
- ZTNA
- Backup
  - Sending backup file to a server Example
Network
- Interfaces
  - Creating an interface
  - Creating a zone
- DNS settings
- Packet capture
  - Creating a packet capture filter
- Static routes
  - Creating an IPv4 static route
Security profile
- AntiVirus
  - Creating an antivirus profile
    - Enabling antivirus scan in a secret
- Data loss prevention (DLP) protection for secrets
  - Supported file types
Security fabric
- Fabric Connectors
  - FortiAnalyzer logging
Log & report
- Events
- Secret
- ZTNA
- SSH
- Reports
- Log settings
- Email alert settings
  - Email alert when the glass breaking mode is activated example
Troubleshooting
- Troubleshoot using trace files
  - Example troubleshooting example
- FortiPAM HTTP filter
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM
Appendix D: vTPM for FortiPAM on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Change Log

Home FortiPAM 1.0.0 Administration Guide

1.0.0

Appendix D: vTPM for FortiPAM on VMware

Appendix D: vTPM for FortiPAM on VMware

To successfully enable vTPM, you must configure a key provider on the VMware vSphere client.

Caution

Ensure that vTPM is set up as part of the initial configuration (before powering on the FortiPAM-VM for the first time.)

To configure a key provider:

Select the virtual appliance in the VMware vSphere client and go to Configure > Security > Key Providers.
In Key Providers, from the Add dropdown, select Add Native Key Provider.
In the Add Native Key Provider window:
1. Enter a name for the native key provider.
2. Deselect Use key provider only with TPM protected ESXi hosts.
3. Select ADD KEY PROVIDER.
Select the new key provider from the key providers list and then select BACK UP.
The Back up Native Key Provider window opens.
Select BACK UP KEY PROVIDER.
The key provider is saved on your computer.

To enable vTPM for FortiPAM:

Right-click the virtual appliance in the VMware vSphere client and select Edit Settings.
Ensure that the Guest OS Version in VM Options tab is set to Other 4.x or later Linux (64-bit) or higher.
In Edit Settings, click Add New Device and select Trusted Platform Module.
Click OK.

Previous

Next

Appendix D: vTPM for FortiPAM on VMware

To successfully enable vTPM, you must configure a key provider on the VMware vSphere client.

Caution

Ensure that vTPM is set up as part of the initial configuration (before powering on the FortiPAM-VM for the first time.)

To configure a key provider:

Select the virtual appliance in the VMware vSphere client and go to Configure > Security > Key Providers.
In Key Providers, from the Add dropdown, select Add Native Key Provider.
In the Add Native Key Provider window:
1. Enter a name for the native key provider.
2. Deselect Use key provider only with TPM protected ESXi hosts.
3. Select ADD KEY PROVIDER.
Select the new key provider from the key providers list and then select BACK UP.
The Back up Native Key Provider window opens.
Select BACK UP KEY PROVIDER.
The key provider is saved on your computer.

To enable vTPM for FortiPAM:

Right-click the virtual appliance in the VMware vSphere client and select Edit Settings.
Ensure that the Guest OS Version in VM Options tab is set to Other 4.x or later Linux (64-bit) or higher.
In Edit Settings, click Add New Device and select Trusted Platform Module.
Click OK.

Previous

Next