FortiPAM appliance setup
Before using FortiPAM-VM, you need to install the KVM or the VMware application to host the FortiPAM-VM device. The installation instructions for FortiPAM-VM assume you are familiar with KVM or the VMware products and terminology.
FortiPAM-VM image installation and initial setup
See Appendix A: Installation on KVM.
See Appendix B: Installation on VMware.
See Appendix F: Installation on Hyper-V.
See Appendix G: Installation on Azure.
See Appendix J: Installation on AWS.
See Appendix K: Installation on GCP.
Once FortiPAM-VM is powered on:
-
At the login prompt, enter
admin
and hit Enter.By default, there is no password, however, a password must be set before you can proceed. Enter and confirm the new administrator password.
- At the CLI prompt, enter
show system storage
to verify the disk usage type for the two added hard disks. The output looks like the following:Administrators need to configure a dedicated FortiPAM video disk for video recording.
Two hard disks and two virtual network interface cards need to be added to the VM in VM manager before FortiPAM image installation.
config system storage
edit "HD1"
set status enable
set media-status enable
set order 1
set partition "LOGUSEDXDE8326F6"
set device "/dev/vda1"
set size 20023
set usage log
next
edit "HD2"
set status enable
set media-status enable
set order 2
set partition "PAMVIDEOB471724F"
set device "/dev/vdb1"
set size 20029
set usage video
next
end
-
Enter the following CLI commands to set up FortiPAM:
config system interface
edit "port1"
set ip 172.16.x.x/x #Depending on your network setting
set type physical
set snmp-index 1
next
edit "port2"
set ip x.x.x.x/x
set type physical
set snmp-index 2
next
end
config router static
edit 1
set gateway x.x.x.x
set device "port1"
next
end
The IP address set here is automatically copied to VIP.
- FortiPAM requires license. To upload a license. See Licensing.
If the network layout is unable to resolve the correct external FortiGuard server after an external DNS server is set, enter the following commands:
config system fortiguard
set fortiguard-anycast disable
unset update-server-location
unset sdns-server-ip
end
Optionally, enter the following commands to use the external FortiGuard server in case the FortiGuard server cannot be correctly resolved:
config system central-management
config server-list
edit 1
set server-type update rating
set server-address <addr>
next
end
set include-default-servers disable
end
-
On a web browser, go to
https://172.16.xxx.xxx
to access FortiPAM GUI.
To update a firmware image:
- Enter maintenance mode. See Maintenance mode.
- In the user dropdown on the top-right, go to System > Firmware.
The Firmware Management window opens.
- Go to File Upload:
- Select Browse, then locate the
image.out
FortiPAM firmware image on your local computer. - Click Open.
- Select Browse, then locate the
- Click Confirm and Backup Config.
FortiPAM then reboots and the firmware has been updated.
FortiPAM may take few minutes to reboot.