Network
The Network tree menu allows you to configure device interfaces, DNS configuration, static routing, and packet capturing.
Interfaces
To view the interface list, go to System > Network > Interfaces.
The following information is shown:
| Edit | Select to edit the selected interface. |
| Search | Enter a search term in the search text box then select Search to search the interface list. |
| Interface | The names of the physical interfaces on your FortiAuthenticator unit. The name, including number, of a physical interface depends on the model. |
| IPv4 | The IPv4 address of the interface. |
| IPv6 | The IPv6 address of the interface, if applicable. |
| Link status | The link status of the interface. |
To edit an interface:
- In the interfaces list, select the interface you need to edit and select the Edit button, or select the interface name. The Edit Network Interface window opens.
- Edit the following settings as required.
- Select OK to apply the edits to the network interface.
| Interface | The interface name is displayed. | |
|
Status |
The interface's current link status is displayed. |
|
| IP Address / Netmask | ||
| IPv4 | Enter the IPv4 address and netmask associated with this interface. | |
| IPv6 | Enter the IPv6 address associated with this interface. | |
| Access Rights | ||
| Admin access |
Select the allowed administrative service protocols from: Telnet, SSH, HTTPS, HTTP (GUI), and SNMP. When HTTPS is enabled, you can also specify GUI (/login), REST API (/api), and/or Fabric (/api/vi/fabric) access. |
|
| Services |
Select the allowed services from: HTTPS, HTTP, RADIUS Auth, LDAP, LDAPS, FortiGate FSSO, OCSP, FortiClient FSSO, Hierarchical FSSO, DC/TS Agent FSSO, Syslog, RADIUS Accounting SSO, and/or RADIUS Accounting Monitor. When HTTPS is enabled, you can also specify Self-service Portal (/login), Guest Portals (/guests), SAML IdP (/saml-idp), SAML SP SSO (/saml-sp, /login/saml-auth), Kerberos SSO (/login/kerb-auth), SCEP (/cert/scep), CRL Downloads (/cert/crl), FortiToken Mobile API (/api/v1/pushauthresp, /api/v1/transfertoken), and/or OAuth Service API (/api/v1/oauth) access. When HTTP is enabled, you can also specify SCEP (/cert/scep) and/or CRL Downloads (/cert/crl/) access. Note that Syslog is only available if Syslog SSO has been enabled. See General settings for more information. |
|
DNS
To configure DNS settings, go to System > Network > DNS.
The following settings can be configured:
| Primary DNS server | The IP address of the primary DNS server. |
| Secondary DNS server | The IP address of the secondary DNS server. |
| Enable DNS cache | Enable to cache the responses to DNS queries. |
| DNS cache maximum TTL | When DNS cache is enabled, configure the length of time in seconds responses to DNS queries are cached. If the configured value is larger than the time to live (TTL) value specified in the DNS record, the DNS TTL value is used. The default is set to 0, which uses the TTL value specified in the DNS record. |
To apply changes, select OK.
Static routing
To view the list of static routes, go to System > Network > Static Routing. Routes can be created, edited, and deleted as required. Use the checkboxes to select the static route entries you want to either Delete or Edit.
The following information is shown:
| Create New | Select to create a new static route. |
| Delete | Select to delete the selected static route. |
| Edit | Select to edit the selected static route. |
| IP/Mask | The destination IP address and netmask for this route. |
| Gateway | The IP address of the next hop router to which this route directs traffic. |
| Device | The device or interface associated with this route. |
To create a new static route:
- In the static route list, select Create New. The Create New Static Route window opens.
- Edit the following settings as required.
- Select OK to create the new static route.
| Destination IP/Mask | Enter the destination IP address and netmask for this route. |
| Network interface | Select the network interface that connects to the gateway. |
| Gateway | Enter the IP address of the next hop router to which this route directs traffic. |
| Comment | Optionally, enter a comment about the route. |
Packet capture
Packets can be captured on configured interfaces by going to System > Network > Packet Capture.
The following information is available:
| Edit | Select to edit the packet sniffer on the selected interface. |
| interface | The name of the configured interface for which packets can be captured. For information on configuring an interface, see Interfaces. |
| Maximum packets to capture | The maximum number of packets that can be captured on a sniffer. |
| Status | The status of the packet capture process. Allows you to start and stop the capturing process, and download the most recently captured packets. |
To start capturing packets on an interface, select the Start capturing button in the Status column for that interface. The Status changes to Capturing, and the Stop capturing and download buttons become available.
To download captured packets:
- Select the download button for the interface whose captured packets you are downloading.
- When prompted, save the packet file (sniffer_[interface].pcap) to your management computer.
If no packets have been captured for that interface, select the Start capturing button.
The file can then be opened using packet analyzer software.
To edit a packet sniffer:
- Select the interface whose packet capture settings you need to configure by either selecting the configured interface name from the interface list, or selecting the checkbox in the interface row and selecting Edit from the toolbar.
- Configure the following options:
- Select OK to apply your changes.
The Edit Packet Sniffer page opens.