Settings

Settings

Go to System > Settings to access system configuration that you can update after installing FortiPAM.

To update System Settings:

Go to System > Settings.
The General tab in the System Settings window opens.
To switch to the Advanced tab, select Advanced.

In System Settings, enter the following information:

General tab

Host name

The identifying name assigned to this FortiPAM unit.

System time pane

System time

Current system time

The current date and time on the FortiPAM internal clock or NTP servers.

Time Zone

From the dropdown, select a timezone.

Set Time

Select from the following options:

NTP: The NTP (Network Time Protocol) server (default).
Manual Settings

Select Server

Select a server from the following two options:

FortiGuard (default)
Custom

Note: The option is only available when Set Time is NTP.

Custom Server IP Address

The custom server IP address.

Custom NTP server details must be configured via the CLI.

Note: The option is only available when Set Time is NTP and the Select Server is Custom.

Sync internal

Enter how often, in minutes, that the device synchronizes its time with the NTP server (default = 60, 1 - 1440).

Note: The option is only available when Set Time is NTP.

Date

Enter the date or select the calendar icon, and from the dropdown, select a date.

Note: The option is only available when Set Time is Manual Settings.

Time

Enter the time or select the clock icon, and from the dropdown, select a time.

Note: The option is only available when Set Time is Manual Settings.

Setup device as local NTP server

Select True to configure the FortiPAM as a local NTP server (default = False).

Listen on Interfaces

Set the interface or interfaces that the FortiPAM will listen for NTP requests on.

Note: The option is only available when Setup device on local NTP server is set as True.

PAM Settings pane

PAM Settings

Enforce recording on glass breaking

In glass breaking mode, the administrator has permission to launch all secrets. This setting is to enforce video recording on all launching sessions.

(default = enable).

Video Storage Limit

The maximum percentage of the video disk partition size that can be used for storing FortiPAM session video recordings (default = 90, 10 - 90).

Video Storage Mode

From the dropdown, select a PAM session video recording storage mode (default = Rolling):

Rolling: Evict the oldest PAM video recording within the Video Storage Time when the video storage limit is reached.
Stop: Stop storing new PAM video recordings when the disk quota is full.

Video Storage Time

The number of days for which a video is stored. Video files are removed from FortiPAM once the time has elapsed (default = 365, 0 - 36500).

Enable the toggle or enter 0 for no time limit.

Note: The option is only available when the Video Storage Mode is Rolling.

Recording Resolution

From the dropdown, select a resolution for the PAM video recordings:

480p
720p (default)
1080p

Recording FPS

Enter the PAM video recording frame rate (default = 2, 1- 15).

Recording Color Depth

From the dropdown, select a color depth:

24 Bit Color Depth (default)
32 Bit Color Depth

Recording Key FPM

Enter the PAM video recording key frame rate per minute (default = 1, 1 - 60).

Session Max Duration

Enter the maximum duration for a PAM session, in minutes (default = 120, 1 - 10000).

User Session Timeout

Enter the duration elapsed after which an idle user is logged out, in minutes (default = 5, 1 - 480).

A shorter duration for User Session Timeout is more secure.

Client Port

Enter the port number that FortiPAM uses to connect to FortiClient (default = 9191, 1 - 65536).

Login Disclaimer

Enable/disable displaying a disclaimer message once a user successfully logs in.

Once enabled, enter a disclaimer in the text box. Alternatively, you can use the default login disclaimer.

%%LAST_SUCCESSFUL_LOGIN%% displays when the last successful login occurred.

Click the eye icon to preview the login disclaimer.

Note: The option is disabled by default.

Send Multiple Secret Requests in

When sending multiple secret request notifications to a reviewer:

Separate Emails: Send the secret request notifications as separate emails (default).
Single Email: Send the secret request notifications as a single email.

Period

Enter the time interval at which multiple secret request notifications are sent, in seconds (default = 60, 60 - 600).

Note: The option is only available when Send Multiple Secret Requests in is set to Single Email.

Advanced tab

User Password Policy pane

User Password Policy

Password scope

Enable/disable password scope (default = disable).

Note: This applies to local user passwords.

Minimum length

The minimum length of the password (default = 8, 1 - 128).

Minimum number of new characters

Enter the minimum number of new characters required in the password (default = 0, maximum = 200).

Character requirements

Enable/disable character requirements (default = disable).

When enabled, enter the number of upper case, lower case, numbers, and special (non-alphanumeric) characters required in the password.

Note: Special characters are non-alphanumeric.

Allow password reuse

Enable/disable password reuse (default = enable).

Password expiration

Enable and enter the number of days after which the password expires (default = 90, 0 - 999).

View Settings pane

View Settings

Language

From the dropdown, select a language.

Date/Time display

Select from the following two options:

System Timezone: Use the FortiPAM unit's configured timezone.
Browser Timezone: Use the web browser timezone.

Email Service pane

Email Service

Use custom settings

Enable to edit options in the Email Service pane.

SMTP Server

The SMTP server IP address or the hostname, e.g., smtp.example.com and notification.fortinet.net.

Port

The recipient port number.

The default port value depends on the chosen Security Mode.

For None and STARTTLS, the default value is 25.

For SMTPS, the default value is 465.

Authentication

If required by the email server, enable authentication.

If enabled, enter the Username and Password.

Security Mode

Set the connection security mode used by the email server:

None
SMTPS (default)
STARTTLS

Default Reply To

Optionally, enter the reply to email address, such as noreply@example.com.

This address will override the Email from email address that is configured for an alert email. See Email alert settings.

Test email service connection

Once the email service settings have been set up, click Test Connection from the top-right.
The Test Email Service Connectivity dialog opens.
In Email To, enter an email address where the test email is sent to.
Click Send
Once the email is successfully sent, you see the following message on the bottom-right:

The test email looks like the following:

Click Apply.

Settings

Go to System > Settings to access system configuration that you can update after installing FortiPAM.

To update System Settings:

Go to System > Settings.

The General tab in the System Settings window opens.

To switch to the Advanced tab, select Advanced.

In System Settings, enter the following information:

General tab

Host name

The identifying name assigned to this FortiPAM unit.

System time pane

System time

Current system time

The current date and time on the FortiPAM internal clock or NTP servers.

Time Zone

From the dropdown, select a timezone.

Set Time

Select from the following options:

NTP: The NTP (Network Time Protocol) server (default).
Manual Settings

Select Server

Select a server from the following two options:

FortiGuard (default)
Custom

Note: The option is only available when Set Time is NTP.

Custom Server IP Address

The custom server IP address.

Custom NTP server details must be configured via the CLI.

Note: The option is only available when Set Time is NTP and the Select Server is Custom.

Sync internal

Enter how often, in minutes, that the device synchronizes its time with the NTP server (default = 60, 1 - 1440).

Note: The option is only available when Set Time is NTP.

Date

Enter the date or select the calendar icon, and from the dropdown, select a date.

Note: The option is only available when Set Time is Manual Settings.

Time

Enter the time or select the clock icon, and from the dropdown, select a time.

Note: The option is only available when Set Time is Manual Settings.

Setup device as local NTP server

Select True to configure the FortiPAM as a local NTP server (default = False).

Listen on Interfaces

Set the interface or interfaces that the FortiPAM will listen for NTP requests on.

Note: The option is only available when Setup device on local NTP server is set as True.

PAM Settings pane

PAM Settings

Enforce recording on glass breaking

In glass breaking mode, the administrator has permission to launch all secrets. This setting is to enforce video recording on all launching sessions.

(default = enable).

Video Storage Limit

The maximum percentage of the video disk partition size that can be used for storing FortiPAM session video recordings (default = 90, 10 - 90).

Video Storage Mode

From the dropdown, select a PAM session video recording storage mode (default = Rolling):

Rolling: Evict the oldest PAM video recording within the Video Storage Time when the video storage limit is reached.
Stop: Stop storing new PAM video recordings when the disk quota is full.

Video Storage Time

The number of days for which a video is stored. Video files are removed from FortiPAM once the time has elapsed (default = 365, 0 - 36500).

Enable the toggle or enter 0 for no time limit.

Note: The option is only available when the Video Storage Mode is Rolling.

Recording Resolution

From the dropdown, select a resolution for the PAM video recordings:

480p
720p (default)
1080p

Recording FPS

Enter the PAM video recording frame rate (default = 2, 1- 15).

Recording Color Depth

From the dropdown, select a color depth:

24 Bit Color Depth (default)
32 Bit Color Depth

Recording Key FPM

Enter the PAM video recording key frame rate per minute (default = 1, 1 - 60).

Session Max Duration

Enter the maximum duration for a PAM session, in minutes (default = 120, 1 - 10000).

User Session Timeout

Enter the duration elapsed after which an idle user is logged out, in minutes (default = 5, 1 - 480).

A shorter duration for User Session Timeout is more secure.

Client Port

Enter the port number that FortiPAM uses to connect to FortiClient (default = 9191, 1 - 65536).

Login Disclaimer

Enable/disable displaying a disclaimer message once a user successfully logs in.

Once enabled, enter a disclaimer in the text box. Alternatively, you can use the default login disclaimer.

%%LAST_SUCCESSFUL_LOGIN%% displays when the last successful login occurred.

Click the eye icon to preview the login disclaimer.

Note: The option is disabled by default.

Send Multiple Secret Requests in

When sending multiple secret request notifications to a reviewer:

Separate Emails: Send the secret request notifications as separate emails (default).
Single Email: Send the secret request notifications as a single email.

Period

Enter the time interval at which multiple secret request notifications are sent, in seconds (default = 60, 60 - 600).

Note: The option is only available when Send Multiple Secret Requests in is set to Single Email.

Advanced tab

User Password Policy pane

User Password Policy

Password scope

Enable/disable password scope (default = disable).

Note: This applies to local user passwords.

Minimum length

The minimum length of the password (default = 8, 1 - 128).

Minimum number of new characters

Enter the minimum number of new characters required in the password (default = 0, maximum = 200).

Character requirements

Enable/disable character requirements (default = disable).

When enabled, enter the number of upper case, lower case, numbers, and special (non-alphanumeric) characters required in the password.

Note: Special characters are non-alphanumeric.

Allow password reuse

Enable/disable password reuse (default = enable).

Password expiration

Enable and enter the number of days after which the password expires (default = 90, 0 - 999).

View Settings pane

View Settings

Language

From the dropdown, select a language.

Date/Time display

Select from the following two options:

System Timezone: Use the FortiPAM unit's configured timezone.
Browser Timezone: Use the web browser timezone.

Email Service pane

Email Service

Use custom settings

Enable to edit options in the Email Service pane.

SMTP Server

The SMTP server IP address or the hostname, e.g., smtp.example.com and notification.fortinet.net.

Port

The recipient port number.

The default port value depends on the chosen Security Mode.

For None and STARTTLS, the default value is 25.

For SMTPS, the default value is 465.

Authentication

If required by the email server, enable authentication.

If enabled, enter the Username and Password.

Security Mode

Set the connection security mode used by the email server:

None
SMTPS (default)
STARTTLS

Default Reply To

Optionally, enter the reply to email address, such as noreply@example.com.

This address will override the Email from email address that is configured for an alert email. See Email alert settings.

Test email service connection

Once the email service settings have been set up, click Test Connection from the top-right.
The Test Email Service Connectivity dialog opens.
In Email To, enter an email address where the test email is sent to.
Click Send
Once the email is successfully sent, you see the following message on the bottom-right:

The test email looks like the following:

Click Apply.

Administration Guide

Settings

To update System Settings:

General tab

Advanced tab

Test email service connection

Settings

To update System Settings:

General tab

Advanced tab

Test email service connection