System access
To adjust system access settings:
- Go to System > Administration > System Access. The Edit System Access Settings page will open.
- The following settings are available:
Administrative Access Require strong cryptography Enable this option to restrict administrative access using stronger cryptographic algorithms, such as TLS 1.2, DHE, AES, and SHA256. Enable pre-authentication warning message Pre-authentication warning messages can be found under Authentication > Self-service Portal > Replacement Messages. CLI Access CLI idle timeout Enter the amount of time before the CLI times out due to inactivity, from 0 to 480 minutes (maximum of eight hours). GUI Access GUI idle timeout Enter the amount of time before the GUI times out due to inactivity, from 1 to 480 minutes (maximum of eight hours). Maximum HTTP header length Enter the maximum HTTP header length, from 4 to 16 KB. HTTPS Certificate Select an HTTPS certificate from the dropdown menu. HTTP Strict Transport Security (HSTS) Expiry Enable or disable HSTS enforcement, to avoid SSL sniffing attacks, and set an expiry from 0 to 730 days (where 0 means no expiry, maximum of two years). The default is set to 180. Certificate authority type Select the selected certificate’s authority type, either Local CA or Trusted CA. CA certificate that issued the server certificate Select the issuing server certificate from the dropdown menu. Additional allowed hosts/domain names Specify any additional hosts that this site can serve, separated by commas or line breaks. Public IP/FQDN for FortiToken Mobile Enter the IP, or FQDN, of the FortiAuthenticator for external access.
The mobile device running the FortiToken Mobile app requires access to the FortiAuthenticator interface for push to operate.
Enter the IPs/FQDNs in the following format:
ip_addr[:port]
orFQDN[:port]
- Select OK to apply any changes. See Certificate management for more information about certificates.