Document
Library

Administration Guide

Introduction
- FortiPAM concepts
- Organization of the guide
- Using the GUI
  - Banner
  - Tables
- Modes of operation
- FortiPAM deployment options
- Feature availability
FortiPAM installation
- Installing FortiClient with the FortiPAM feature
- FortiPAM appliance setup
- FortiPAM with TPM
- Connecting to target remote systems
Licensing
Dashboard
- Adding a custom dashboard
- System information widget
- Licenses widget
- VM license
Folders
- Creating a folder
Secrets
- Secret list
- Secret launchers
  - Creating a launcher
    - Example secret configurations with launchers example
- Secret templates
  - Creating secret templates
- Policies
  - Creating a policy
    - Applying a policy to a folder
- SSH filter profiles
  - Creating an SSH filter
    - Adding SSH filter to secret
    - Example SSH filter profiles example
- Job list
  - Creating a job
Monitoring
- User monitor
- Active sessions
User management
- User definition
  - Creating a user
- User groups
- Role
  - Access control options
- LDAP servers
- SAML Single Sign-On (SSO)
- RADIUS servers
- Schedule
- FortiTokens
Approval request
- My requests
  - Make a request
- Request review
  - Approve a request
- Approval flow
  - Approval profile
    - Enabling approval profiles for a secret
    - Create an approval profile
Password changing
- Character sets
  - Creating a character set
- Password policies
  - Creating a password policy
    - Applying a password policy to a secret template
- Password changers
  - Creating a password changer
    - Automatic password changing
    - Automatic password verification
Authentication
- Addresses
  - Creating an address
  - Creating an address group
- Scheme & Rules
  - Creating an authentication scheme
  - Creating an authentication rule
System
- Firmware
- Settings
- SNMP
- High availability
- Certificates
- ZTNA
- Backup
  - Sending backup file to a server Example
Network
- Interfaces
  - Creating an interface
  - Creating a zone
- DNS settings
- Packet capture
  - Creating a packet capture filter
- Static routes
  - Creating an IPv4 static route
Security profile
- AntiVirus
  - Creating an antivirus profile
    - Enabling antivirus scan in a secret
- Data loss prevention (DLP) protection for secrets
  - Supported file types
Security fabric
- Fabric Connectors
  - FortiAnalyzer logging
Log & report
- Events
- Secret
- ZTNA
- SSH
- Reports
- Log settings
- Email alert settings
  - Email alert when the glass breaking mode is activated example
Troubleshooting
- Troubleshoot using trace files
  - Example troubleshooting example
- FortiPAM HTTP filter
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM
Appendix D: vTPM for FortiPAM on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Change Log

Home FortiPAM 1.0.0 Administration Guide

1.0.0

Troubleshooting

Troubleshooting

FortiPAM operation requires multiple components to work together. Generally, a browser and FortiClient are necessary on the client side to connect to the FortiPAM GUI. Secrets on FortiPAM can then be used to connect to the target host.

If the FortiPAM system runs abnormally, pinpointing the failed component can be challenging. This chapter presents the usage of built-in debug tools to speed up finding errors.

You must have system administrator and CLI permissions to use the debug features including debug trace files. See Role.

To use FortiPAM debug feature, debug category and level must be set.

In the CLI console, enter the following commands to set debug category and level:

diagnose wad debug enable category <category>

diagnose wad debug enable level <level>

For example:

diagnose wad debug enable category session #The category is session

diagnose wad debug enable level info #The level is set to info

For debug level settings, all the higher level traces are included, e.g., when the debug level is set to info, error and warn levels are displayed too, but verbose is hidden.

Once the category and level variables are set up in the CLI, traces are displayed in the CLI.

For more troubleshooting information and a Q&A section, check out the FortiPAM Community page: https://community.fortinet.com/t5/FortiPAM/tkb-p/TKB52.

Previous

Next

Troubleshooting

FortiPAM operation requires multiple components to work together. Generally, a browser and FortiClient are necessary on the client side to connect to the FortiPAM GUI. Secrets on FortiPAM can then be used to connect to the target host.

If the FortiPAM system runs abnormally, pinpointing the failed component can be challenging. This chapter presents the usage of built-in debug tools to speed up finding errors.

You must have system administrator and CLI permissions to use the debug features including debug trace files. See Role.

To use FortiPAM debug feature, debug category and level must be set.

In the CLI console, enter the following commands to set debug category and level:

diagnose wad debug enable category <category>

diagnose wad debug enable level <level>

For example:

diagnose wad debug enable category session #The category is session

diagnose wad debug enable level info #The level is set to info

For debug level settings, all the higher level traces are included, e.g., when the debug level is set to info, error and warn levels are displayed too, but verbose is hidden.

Once the category and level variables are set up in the CLI, traces are displayed in the CLI.

For more troubleshooting information and a Q&A section, check out the FortiPAM Community page: https://community.fortinet.com/t5/FortiPAM/tkb-p/TKB52.

Previous

Next