Fortinet black logo

Security Fabric Access Deployment Guide

Home FortiPAM 1.3.0 Security Fabric Access Deployment Guide
1.3.0
1.3.0
1.2.0
1.1.0

Configuring an SSH/Web secret for the Branch_Office_01 FortiGate

Configuring an SSH/Web secret for the Branch_Office_01 FortiGate

To configure a secret:
  1. Go to Secrets > Secret List.

    Alternatively, go to Public Folder in Secrets, select Open Tree, locate the Fabric-Devices folder created in Configuring a folder, and click Open Folder.

    From the Create dropdown, select Secret, and skip to step 5.

    The General tab opens.

  2. In Secrets List, select Create.

    The Create New Secret in: dialog appears.

  3. Select the folder where you intend to add the secret.

    In this case, the Fabric-Devices folder created in Configuring a folder

  4. Select Create Secret.

    The General tab opens.

  5. In Name, enter SSH_Branch_Office_01 for the SSH secret.

    When creating a web secret, enter Web_Branch_Office_01.

    As a convention, we define the web secrets with a prefix Web_ and SSH secrets with a prefix SSH_.

  6. In Folder, ensure that the Fabric-Devices folder created in Configuring secret policy and folder is selected.
  7. In the Template dropdown, select FortiProduct (SSH Password) when creating the SSH secret.

    FortiProduct (SSH Password) is a basic template for any Fortinet device SSH password account.

    For the web secret, select Web Account from the Template dropdown.

    Web Account is a basic template for any Fortinet device web-based account.

  8. In the Fields pane:
    1. For the SSH secret, in Host, enter the IP address of the Branch_Office_01 FortiGate , i.e., 10.1.0.1.
    2. For the web secret, in URL, enter the URL for the Branch_Office_01 FortiGate, i.e., https://10.1.0.1.
    3. In Username, enter the username for the Branch_Office_01 FortiGate.
    4. In Password, enter a password for the Branch_Office_01 FortiGate.
    5. In the Confirm Password field that appears after the password is filled in, enter the password again.
  9. In the Secret Setting pane, note that the Session Recording option is enabled but grayed out. This is because the secret inherits settings from the IT-profile policy that applies to the Fabric Devices folder. See Configuring secret policy and folder.
  10. Switch to the Secret Permission tab.

    Check that the Forti-Admin user group created in Configuring a user group has Edit permission.

  11. Click Submit.

Previous
Next

Configuring an SSH/Web secret for the Branch_Office_01 FortiGate

To configure a secret:
  1. Go to Secrets > Secret List.

    Alternatively, go to Public Folder in Secrets, select Open Tree, locate the Fabric-Devices folder created in Configuring a folder, and click Open Folder.

    From the Create dropdown, select Secret, and skip to step 5.

    The General tab opens.

  2. In Secrets List, select Create.

    The Create New Secret in: dialog appears.

  3. Select the folder where you intend to add the secret.

    In this case, the Fabric-Devices folder created in Configuring a folder

  4. Select Create Secret.

    The General tab opens.

  5. In Name, enter SSH_Branch_Office_01 for the SSH secret.

    When creating a web secret, enter Web_Branch_Office_01.

    As a convention, we define the web secrets with a prefix Web_ and SSH secrets with a prefix SSH_.

  6. In Folder, ensure that the Fabric-Devices folder created in Configuring secret policy and folder is selected.
  7. In the Template dropdown, select FortiProduct (SSH Password) when creating the SSH secret.

    FortiProduct (SSH Password) is a basic template for any Fortinet device SSH password account.

    For the web secret, select Web Account from the Template dropdown.

    Web Account is a basic template for any Fortinet device web-based account.

  8. In the Fields pane:
    1. For the SSH secret, in Host, enter the IP address of the Branch_Office_01 FortiGate , i.e., 10.1.0.1.
    2. For the web secret, in URL, enter the URL for the Branch_Office_01 FortiGate, i.e., https://10.1.0.1.
    3. In Username, enter the username for the Branch_Office_01 FortiGate.
    4. In Password, enter a password for the Branch_Office_01 FortiGate.
    5. In the Confirm Password field that appears after the password is filled in, enter the password again.
  9. In the Secret Setting pane, note that the Session Recording option is enabled but grayed out. This is because the secret inherits settings from the IT-profile policy that applies to the Fabric Devices folder. See Configuring secret policy and folder.
  10. Switch to the Secret Permission tab.

    Check that the Forti-Admin user group created in Configuring a user group has Edit permission.

  11. Click Submit.

Previous
Next