Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.3.0 Administration Guide
    6.3.0
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    System access

    System access

    To adjust system access settings:
    1. Go to System > Administration > System Access. The Edit System Access Settings page will open.

    2. The following settings are available:
      Administrative Access
      Require strong cryptography Enable this option to restrict administrative access using stronger cryptographic algorithms, such as TLS 1.2, DHE, AES, and SHA256.
      Enable pre-authentication warning message Pre-authentication warning messages can be found under Authentication > Portals > Replacement Messages.
      CLI Access
      CLI idle timeout Enter the amount of time before the CLI times out due to inactivity, from 0 to 480 minutes (maximum of eight hours).
      GUI Access

      Site title

      Specify the string to display as the page title in web browsers. The following variables are available for the construction of the string:

      • {{:hostname}}: Host name

      • {{:fqdn}}: Device FQDN

      The default is set to FortiAuthenticator.
      GUI idle timeout Enter the amount of time before the GUI times out due to inactivity, from 1 to 480 minutes (maximum of eight hours).
      Maximum HTTP header length Enter the maximum HTTP header length, from 4 to 16 KB.
      HTTPS Certificate Select an HTTPS certificate from the dropdown menu.
      HTTP Strict Transport Security (HSTS) Expiry Enable or disable HSTS enforcement, to avoid SSL sniffing attacks, and set an expiry from 0 to 730 days (where 0 means no expiry, maximum of two years). The default is set to 180.
      Certificate authority type Select the selected certificate’s authority type, either Local CA or Trusted CA.
      CA certificate that issued the server certificate Select the issuing server certificate from the dropdown menu.

      Allow all hosts/domain names

      Enable to allow all the hosts/domain names.

      Additional allowed hosts/domain names

      Specify any additional hosts that this site can serve, separated by commas or line breaks.

      This option is only available when Allow all hosts/domain names is disabled.
      Public IP/FQDN for FortiToken Mobile

      Enter the IP, or FQDN, of the FortiAuthenticator for external access.

      The mobile device running the FortiToken Mobile app requires access to the FortiAuthenticator interface for push to operate.

      Enter the IPs/FQDNs in the following format:
      ip_addr[:port] or FQDN[:port]

      Self-Service Portal Access Control Settings

      Username input format

      Select one of the following three username input formats:

      • username@realm

      • realm\username

      • realm/username

      Note: When authenticating against the default realm, the realm name is optional.

      Use default realm when user-provided realm is different from all configured realms

      When enabled, FortiAuthenticator selects the default realm for authentication when the user-specified realm is different from all configured realms.

      Realms

      Add realms to which the client will be associated.

      • Select a realm from the dropdown menu in the Realm column.

      • Select whether or not to allow local users to override remote users for the selected realm.

      • Edit the group filter as needed to filter users based on the groups they are in.

      • If necessary, add more realms to the list.

      • Select the realm that will be the default realm for this client.

      REST API

      Restrict number of requests to

      Enter the maximum number of REST API requests sent, from 1 to 2880 requests. The default is set to 360.

      For duration

      Enter the amount of time for which the maximum number of requests is restricted, from 1 to 480 minutes. The default is set to 60.
    3. Select OK to apply any changes. See Certificate management for more information about certificates.
    Previous
    Next

    System access

    System access

    To adjust system access settings:
    1. Go to System > Administration > System Access. The Edit System Access Settings page will open.

    2. The following settings are available:
      Administrative Access
      Require strong cryptography Enable this option to restrict administrative access using stronger cryptographic algorithms, such as TLS 1.2, DHE, AES, and SHA256.
      Enable pre-authentication warning message Pre-authentication warning messages can be found under Authentication > Portals > Replacement Messages.
      CLI Access
      CLI idle timeout Enter the amount of time before the CLI times out due to inactivity, from 0 to 480 minutes (maximum of eight hours).
      GUI Access

      Site title

      Specify the string to display as the page title in web browsers. The following variables are available for the construction of the string:

      • {{:hostname}}: Host name

      • {{:fqdn}}: Device FQDN

      The default is set to FortiAuthenticator.
      GUI idle timeout Enter the amount of time before the GUI times out due to inactivity, from 1 to 480 minutes (maximum of eight hours).
      Maximum HTTP header length Enter the maximum HTTP header length, from 4 to 16 KB.
      HTTPS Certificate Select an HTTPS certificate from the dropdown menu.
      HTTP Strict Transport Security (HSTS) Expiry Enable or disable HSTS enforcement, to avoid SSL sniffing attacks, and set an expiry from 0 to 730 days (where 0 means no expiry, maximum of two years). The default is set to 180.
      Certificate authority type Select the selected certificate’s authority type, either Local CA or Trusted CA.
      CA certificate that issued the server certificate Select the issuing server certificate from the dropdown menu.

      Allow all hosts/domain names

      Enable to allow all the hosts/domain names.

      Additional allowed hosts/domain names

      Specify any additional hosts that this site can serve, separated by commas or line breaks.

      This option is only available when Allow all hosts/domain names is disabled.
      Public IP/FQDN for FortiToken Mobile

      Enter the IP, or FQDN, of the FortiAuthenticator for external access.

      The mobile device running the FortiToken Mobile app requires access to the FortiAuthenticator interface for push to operate.

      Enter the IPs/FQDNs in the following format:
      ip_addr[:port] or FQDN[:port]

      Self-Service Portal Access Control Settings

      Username input format

      Select one of the following three username input formats:

      • username@realm

      • realm\username

      • realm/username

      Note: When authenticating against the default realm, the realm name is optional.

      Use default realm when user-provided realm is different from all configured realms

      When enabled, FortiAuthenticator selects the default realm for authentication when the user-specified realm is different from all configured realms.

      Realms

      Add realms to which the client will be associated.

      • Select a realm from the dropdown menu in the Realm column.

      • Select whether or not to allow local users to override remote users for the selected realm.

      • Edit the group filter as needed to filter users based on the groups they are in.

      • If necessary, add more realms to the list.

      • Select the realm that will be the default realm for this client.

      REST API

      Restrict number of requests to

      Enter the maximum number of REST API requests sent, from 1 to 2880 requests. The default is set to 360.

      For duration

      Enter the amount of time for which the maximum number of requests is restricted, from 1 to 480 minutes. The default is set to 60.
    3. Select OK to apply any changes. See Certificate management for more information about certificates.
    Previous
    Next