Fortinet black logo

Administration Guide

Global administration settings

Global administration settings

The administration settings page provides options for configuring global settings for administrator access to the FortiAnalyzer device. Settings include:

  • Ports for HTTPS and HTTP administrative access

    To improve security, you can change the default port configurations for administrative connections to the FortiAnalyzer. When connecting to the FortiAnalyzer unit when the port has changed, the port must be included, such as https://<ip_address>:<port>. For example, if you are connecting to the FortiAnalyzer unit using port 8080, the URL would be https://192.168.1.99:8080. When you change to the default port number for HTTP, HTTPS, or SSH, ensure that the port number is unique.

  • Idle timeout settings

    By default, the GUI disconnects administrative sessions if no activity occurs for five minutes. This prevents someone from using the GUI if the management computer is left unattended.

  • GUI language

    The language the GUI uses. For best results, you should select the language used by the management computer.

  • GUI theme

    The default color theme of the GUI is Blueberry. You can choose another color or an image.

  • Password policy

    Enforce password policies for administrators.

Only super user administrators can access and configure the administration settings. The settings are global and apply to all administrators of the FortiAnalyzer unit.

To configure the administration settings:
  1. Go to System Settings > Admin > Admin Settings.

  2. Configure the following settings as needed, then click Apply to save your changes to all administrator accounts:

    Administration Settings

    HTTP Port

    Enter the TCP port to be used for administrative HTTP access. Default: 80.

    Select Redirect to HTTPS to redirect HTTP traffic to HTTPS.

    HTTPS Port

    Enter the TCP port to be used for administrative HTTPS access. Default: 443.

    HTTPS & Web Service Server Certificate

    Select a certificate from the dropdown list.

    Idle Timeout

    Enter the number of seconds an administrative connection can be idle before the administrator must log in again, from 60 to 28800 (eight hours). See Idle timeout for more information.

    Idle Timeout (API)

    Enter the number of seconds an administrative connection to the API can be idle before the administrator must log in again, from 1 to 28800 (eight hours). Default: 900.

    Idle Timeout (GUI)

    Enter the number of seconds an administrative connection to the GUI can be idle before the administrator must log in again, from 60 to 28800 (eight hours). Default: 900.

    View Settings

    Language

    Select a language from the dropdown list. See GUI language for more information.

    High Contrast Theme

    Toggle ON to enable a high contrast dark theme in order to make the FortiAnalyzer GUI more accessible, and to aid people with visual disability in using the FortiAnalyzer GUI.

    Other Themes

    Select a theme for the GUI. The selected theme is not applied until you click Apply, allowing to you to sample different themes. Default: Blueberry.

    Password Policy

    Click to enable administrator password policies. See Password policy and Password lockout and retry attempts for more information.

    Minimum Length

    Select the minimum length for a password, from 8 to 32 characters. Default: 8.

    Must Contain

    Select the types of characters a password must contain.

    Admin Password Expires after

    Select the number of days a password is valid for, after which it must be changed.

    Fabric Authorization

    Specifies the accessible management IP of FortiAnalyzer for FortiOS to retrieve and use for authorization of a Security Fabric connection to FortiAnalyzer.

    When you are using FortiOS to create a Security Fabric connection to FortiAnalyzer, a browser pop window is displayed and connects to FortiAnalyzer as part of the authorization process. FortiOS retrieves the information specified in FortiAnalyzer and provides it to the browser popup window to successfully connect to FortiAnalyzer.

    Without this information, the browser popup window cannot connect to FortiAnalyzer in certain topologies, such as when NAT is used.

    See also Security Fabric authorization information for FortiOS.

    Authorization Address

    Type the accessible management IP for FortiAnalyzer.

    Authorization Port

    If a non-default port is used for the management port of FortiAnalyzer, specify the custom port.

Global administration settings

The administration settings page provides options for configuring global settings for administrator access to the FortiAnalyzer device. Settings include:

  • Ports for HTTPS and HTTP administrative access

    To improve security, you can change the default port configurations for administrative connections to the FortiAnalyzer. When connecting to the FortiAnalyzer unit when the port has changed, the port must be included, such as https://<ip_address>:<port>. For example, if you are connecting to the FortiAnalyzer unit using port 8080, the URL would be https://192.168.1.99:8080. When you change to the default port number for HTTP, HTTPS, or SSH, ensure that the port number is unique.

  • Idle timeout settings

    By default, the GUI disconnects administrative sessions if no activity occurs for five minutes. This prevents someone from using the GUI if the management computer is left unattended.

  • GUI language

    The language the GUI uses. For best results, you should select the language used by the management computer.

  • GUI theme

    The default color theme of the GUI is Blueberry. You can choose another color or an image.

  • Password policy

    Enforce password policies for administrators.

Only super user administrators can access and configure the administration settings. The settings are global and apply to all administrators of the FortiAnalyzer unit.

To configure the administration settings:
  1. Go to System Settings > Admin > Admin Settings.

  2. Configure the following settings as needed, then click Apply to save your changes to all administrator accounts:

    Administration Settings

    HTTP Port

    Enter the TCP port to be used for administrative HTTP access. Default: 80.

    Select Redirect to HTTPS to redirect HTTP traffic to HTTPS.

    HTTPS Port

    Enter the TCP port to be used for administrative HTTPS access. Default: 443.

    HTTPS & Web Service Server Certificate

    Select a certificate from the dropdown list.

    Idle Timeout

    Enter the number of seconds an administrative connection can be idle before the administrator must log in again, from 60 to 28800 (eight hours). See Idle timeout for more information.

    Idle Timeout (API)

    Enter the number of seconds an administrative connection to the API can be idle before the administrator must log in again, from 1 to 28800 (eight hours). Default: 900.

    Idle Timeout (GUI)

    Enter the number of seconds an administrative connection to the GUI can be idle before the administrator must log in again, from 60 to 28800 (eight hours). Default: 900.

    View Settings

    Language

    Select a language from the dropdown list. See GUI language for more information.

    High Contrast Theme

    Toggle ON to enable a high contrast dark theme in order to make the FortiAnalyzer GUI more accessible, and to aid people with visual disability in using the FortiAnalyzer GUI.

    Other Themes

    Select a theme for the GUI. The selected theme is not applied until you click Apply, allowing to you to sample different themes. Default: Blueberry.

    Password Policy

    Click to enable administrator password policies. See Password policy and Password lockout and retry attempts for more information.

    Minimum Length

    Select the minimum length for a password, from 8 to 32 characters. Default: 8.

    Must Contain

    Select the types of characters a password must contain.

    Admin Password Expires after

    Select the number of days a password is valid for, after which it must be changed.

    Fabric Authorization

    Specifies the accessible management IP of FortiAnalyzer for FortiOS to retrieve and use for authorization of a Security Fabric connection to FortiAnalyzer.

    When you are using FortiOS to create a Security Fabric connection to FortiAnalyzer, a browser pop window is displayed and connects to FortiAnalyzer as part of the authorization process. FortiOS retrieves the information specified in FortiAnalyzer and provides it to the browser popup window to successfully connect to FortiAnalyzer.

    Without this information, the browser popup window cannot connect to FortiAnalyzer in certain topologies, such as when NAT is used.

    See also Security Fabric authorization information for FortiOS.

    Authorization Address

    Type the accessible management IP for FortiAnalyzer.

    Authorization Port

    If a non-default port is used for the management port of FortiAnalyzer, specify the custom port.