Fortinet white logo
Fortinet white logo

Administration Guide

Global administration settings

Global administration settings

The administration settings page provides options for configuring global settings for administrator access to the FortiManager device. Settings include:

  • Ports for HTTPS and HTTP administrative access

    To improve security, you can change the default port configurations for administrative connections to the FortiManager. When connecting to the FortiManager unit when the port has changed, the port must be included, such as https://<ip_address>:<port>. For example, if you are connecting to the FortiManager unit using port 8080, the URL would be https://192.168.1.99:8080. When you change to the default port number for HTTP, HTTPS, or SSH, ensure that the port number is unique.

  • Idle timeout settings

    By default, the GUI disconnects administrative sessions if no activity occurs for five minutes. This prevents someone from using the GUI if the management computer is left unattended.

  • GUI language

    The language the GUI uses. For best results, you should select the language used by the management computer.

  • GUI theme

    The default color theme of the GUI is Blueberry. You can choose another color or an image.

  • Password policy

    Enforce password policies for administrators.

  • Display options on GUI

    Display or hide advanced configuration options in the GUI. Only the admin administrator can configure these options.

Only super user administrators can access and configure the administration settings. The settings are global and apply to all administrators of the FortiManager unit.

To configure the administration settings:
  1. Go to System Settings > Settings.

  2. Configure the following settings as needed, then click Apply to save your changes to all administrator accounts:

    Administration Settings

    HTTP Port

    Enter the TCP port to be used for administrative HTTP access. Default: 80.

    Select Redirect to HTTPS to redirect HTTP traffic to HTTPS.

    HTTPS Port

    Enter the TCP port to be used for administrative HTTPS access. Default: 443.

    HTTPS & Web Service Server Certificate

    Select a certificate from the dropdown list.

    Idle Timeout

    Enter the number of seconds an administrative connection can be idle before the administrator must log in again, from 60 to 28800 (eight hours). See Idle timeout for more information.

    Idle Timeout (API)

    Enter the number of seconds an administrative connection to the API can be idle before the administrator must log in again, from 1 to 28800 (eight hours). Default: 900.

    Idle Timeout (GUI)

    Enter the number of seconds an administrative connection to the GUI can be idle before the administrator must log in again, from 60 to 28800 (eight hours). Default: 900.

    Access Remote GUI via Port

    Enter the port used to remotely connect to managed FortiGate devices. The default port used is 8082.

    See Remotely access a managed FortiGate.

    View Settings

    Language

    Select a language from the dropdown list. See GUI language for more information.

    High Contrast Theme

    Toggle ON to enable a high contrast dark theme in order to make the FortiManager GUI more accessible, and to aid people with visual disability in using the FortiManager GUI.

    Other Themes

    Select a theme for the GUI. The selected theme is not applied until you click Apply, allowing to you to sample different themes. Default: Jade.

    Password Policy

    Click to enable administrator password policies. See Password policy and Password lockout and retry attempts for more information.

    Minimum Length

    Select the minimum length for a password, from 8 to 32 characters. Default: 8.

    Must Contain

    Select the types of characters a password must contain.

    Admin Password Expires after

    Select the number of days a password is valid for, after which it must be changed.

    Display Options on GUI

    Click to expand the display options.

    Show Script

    Display the Script menu item.

    This menu is located on the Device Manager pane. This is an advanced FortiManager feature.

    Show Add Multiple Button

    Display the Add Multiple Devices option.

    This option is located on the Device Manager > Devices & Groups pane, under the More option in the toolbar. This is an advanced FortiManager feature.

    Show Device List Import/Export

    Select to display the Import Device List and Export Device List buttons. This option is located on the Device Manager > Devices & Groups pane, under the More option in the toolbar. This is an advanced FortiManager feature.

    Fabric Authorization

    Specifies the accessible management IP of FortiManager for FortiOS to retrieve and use for authorization of a Security Fabric connection to FortiManager.

    When you are using FortiOS to create a Security Fabric connection to FortiManager, a browser pop window is displayed and connects to FortiManager as part of the authorization process. FortiOS retrieves the information specified in FortiManager and provides it to the browser popup window to successfully connect to FortiManager.

    Without this information, the browser popup window cannot connect to FortiManager in certain topologies, such as when NAT is used.

    See also Security Fabric authorization information for FortiOS.

    Authorization Address

    Type the accessible management IP for FortiManager.

    Authorization Port

    If a non-default port is used for the management port of FortiManager, specify the custom port.

Global administration settings

Global administration settings

The administration settings page provides options for configuring global settings for administrator access to the FortiManager device. Settings include:

  • Ports for HTTPS and HTTP administrative access

    To improve security, you can change the default port configurations for administrative connections to the FortiManager. When connecting to the FortiManager unit when the port has changed, the port must be included, such as https://<ip_address>:<port>. For example, if you are connecting to the FortiManager unit using port 8080, the URL would be https://192.168.1.99:8080. When you change to the default port number for HTTP, HTTPS, or SSH, ensure that the port number is unique.

  • Idle timeout settings

    By default, the GUI disconnects administrative sessions if no activity occurs for five minutes. This prevents someone from using the GUI if the management computer is left unattended.

  • GUI language

    The language the GUI uses. For best results, you should select the language used by the management computer.

  • GUI theme

    The default color theme of the GUI is Blueberry. You can choose another color or an image.

  • Password policy

    Enforce password policies for administrators.

  • Display options on GUI

    Display or hide advanced configuration options in the GUI. Only the admin administrator can configure these options.

Only super user administrators can access and configure the administration settings. The settings are global and apply to all administrators of the FortiManager unit.

To configure the administration settings:
  1. Go to System Settings > Settings.

  2. Configure the following settings as needed, then click Apply to save your changes to all administrator accounts:

    Administration Settings

    HTTP Port

    Enter the TCP port to be used for administrative HTTP access. Default: 80.

    Select Redirect to HTTPS to redirect HTTP traffic to HTTPS.

    HTTPS Port

    Enter the TCP port to be used for administrative HTTPS access. Default: 443.

    HTTPS & Web Service Server Certificate

    Select a certificate from the dropdown list.

    Idle Timeout

    Enter the number of seconds an administrative connection can be idle before the administrator must log in again, from 60 to 28800 (eight hours). See Idle timeout for more information.

    Idle Timeout (API)

    Enter the number of seconds an administrative connection to the API can be idle before the administrator must log in again, from 1 to 28800 (eight hours). Default: 900.

    Idle Timeout (GUI)

    Enter the number of seconds an administrative connection to the GUI can be idle before the administrator must log in again, from 60 to 28800 (eight hours). Default: 900.

    Access Remote GUI via Port

    Enter the port used to remotely connect to managed FortiGate devices. The default port used is 8082.

    See Remotely access a managed FortiGate.

    View Settings

    Language

    Select a language from the dropdown list. See GUI language for more information.

    High Contrast Theme

    Toggle ON to enable a high contrast dark theme in order to make the FortiManager GUI more accessible, and to aid people with visual disability in using the FortiManager GUI.

    Other Themes

    Select a theme for the GUI. The selected theme is not applied until you click Apply, allowing to you to sample different themes. Default: Jade.

    Password Policy

    Click to enable administrator password policies. See Password policy and Password lockout and retry attempts for more information.

    Minimum Length

    Select the minimum length for a password, from 8 to 32 characters. Default: 8.

    Must Contain

    Select the types of characters a password must contain.

    Admin Password Expires after

    Select the number of days a password is valid for, after which it must be changed.

    Display Options on GUI

    Click to expand the display options.

    Show Script

    Display the Script menu item.

    This menu is located on the Device Manager pane. This is an advanced FortiManager feature.

    Show Add Multiple Button

    Display the Add Multiple Devices option.

    This option is located on the Device Manager > Devices & Groups pane, under the More option in the toolbar. This is an advanced FortiManager feature.

    Show Device List Import/Export

    Select to display the Import Device List and Export Device List buttons. This option is located on the Device Manager > Devices & Groups pane, under the More option in the toolbar. This is an advanced FortiManager feature.

    Fabric Authorization

    Specifies the accessible management IP of FortiManager for FortiOS to retrieve and use for authorization of a Security Fabric connection to FortiManager.

    When you are using FortiOS to create a Security Fabric connection to FortiManager, a browser pop window is displayed and connects to FortiManager as part of the authorization process. FortiOS retrieves the information specified in FortiManager and provides it to the browser popup window to successfully connect to FortiManager.

    Without this information, the browser popup window cannot connect to FortiManager in certain topologies, such as when NAT is used.

    See also Security Fabric authorization information for FortiOS.

    Authorization Address

    Type the accessible management IP for FortiManager.

    Authorization Port

    If a non-default port is used for the management port of FortiManager, specify the custom port.