Settings
Go to System > Settings to access system configuration that you can update after installing FortiPAM.
To update System Settings:
-
Go to System > Settings.
The General tab in the System Settings window opens.
- To switch to the Advanced tab, select Advanced.
- In System Settings, enter the following information:
General tab
Host name
The identifying name assigned to this FortiPAM unit.
System time pane
System time
Current system time
The current date and time on the FortiPAM internal clock or NTP servers.
Time Zone
From the dropdown, select a timezone.
Set Time
Select from the following options:
NTP: The NTP (Network Time Protocol) server (default).
Manual Settings
Select Server
Select a server from the following two options:
FortiGuard (default)
Custom
Note: The option is only available when Set Time is NTP.
Custom Server IP Address
The custom server IP address.
Custom NTP server details must be configured via the CLI.
Note: The option is only available when Set Time is NTP and the Select Server is Custom.
Sync internal
Enter how often, in minutes, that the device synchronizes its time with the NTP server (default = 60, 1 - 1440).
Note: The option is only available when Set Time is NTP.
Date
Enter the date or select the calendar icon, and from the dropdown, select a date.
Note: The option is only available when Set Time is Manual Settings.
Time
Enter the time or select the clock icon, and from the dropdown, select a time.
Note: The option is only available when Set Time is Manual Settings.
Setup device as local NTP server
Select True to configure the FortiPAM as a local NTP server (default = False).
Listen on Interfaces
Set the interface or interfaces that the FortiPAM will listen for NTP requests on.
Note: The option is only available when Setup device on local NTP server is set as True.
User Password Policy pane
User Password Policy
Password scope
Enable/disable password scope (default = disable).
Note: This applies to local user passwords.
Minimum length
The minimum length of the password (default = 8, 1 - 128).
Minimum number of new characters
Enter the minimum number of new characters required in the password (default = 0, maximum = 200).
Character requirements
Enable/disable character requirements (default = disable).
When enabled, enter the number of upper case, lower case, numbers, and special (non-alphanumeric) characters required in the password.
Note: Special characters are non-alphanumeric.
Allow password reuse
Enable/disable password reuse (default = enable).
Password expiration
Enable and enter the number of days after which the password expires (default = 90, 0 - 999).
Max Retry
Enter the maximum number of allowed failed login attempts (default = 3, 1 - 10).
Lockout Duration
Specify the length of the lockout period, in seconds (default = 60, 1 - 2147483647).
Note: After the lockout duration expires, the Max Retry number applies again.
View Settings pane
View Settings
Language
From the dropdown, select a language.
Email Service pane
Email Service
Use custom settings
Enable to edit options in the Email Service pane.
SMTP Server
The SMTP server IP address or the hostname, e.g.,
smtp.example.com
andnotification.fortinet.net
.Port
The recipient port number.
The default port value depends on the chosen Security Mode.
For None and STARTTLS, the default value is 25.
For SMTPS, the default value is 465.
Authentication
If required by the email server, enable authentication.
If enabled, enter the Username and Password.
Security Mode
Set the connection security mode used by the email server:
None
SMTPS (default)
STARTTLS
Sender
Enter the email address used to send emails.
For the email to be sent, depending on the SMTP Server used and Authentication being enabled, the Sender email address may be required to be a specific email address.
If the Sender email address is incorrect, the email is not sent.
Default Reply To
Optionally, enter the reply to email address, such as
noreply@example.com
.This address will override the Email from email address that is configured for an alert email. See Email alert settings.
Other General Settings pane
Login Disclaimer
Enable/disable displaying a disclaimer message once a user successfully logs in.
Once enabled, enter a disclaimer in the text box. Alternatively, you can use the default login disclaimer.
Last Successful Login displays when the last successful login has occurred.
Last Failed Login displays when the last failed login has occured.
Click the eye icon to preview the login disclaimer.
Note: The option is disabled by default.
GUI Session Timeout
Select from the following two options:
Idle: Enforce timeout after the entered time in Idle in has elapsed, in minutes (default = 5, 1 - 480).
Always: Enforce user logout after the entered time in Force logout in has elapsed, in minutes (default = 480, 5 - 480).
A shorter GUI Session Timeout duration is more secure.
Concurrent Log-on
A concurrent session occurs when multiple users access FortiPAM using the same account from different locations or web browsers.
Select from the following two options:
Enable: Enable user concurrent login.
Disable: Disable user concurrent login.
Note: The option is disabled by default.
Once disabled, concurrent logins are disallowed.
Advanced tab
PAM Settings pane
PAM Settings
Enforce recording on glass breaking
In glass breaking mode, the administrator has permission to launch all secrets. This setting is to enforce video recording on all launching sessions (default = enable).
Live Recording
Enable/disable live recording (default = disable).
Before downgrading from FortiPAM version 1.2.x to 1.1.x, disable Live Recording. Otherwise, you cannot replay videos on FortiPAM 1.1.x.
Video Storage Limit
The maximum percentage of the video disk partition size that can be used for storing FortiPAM session video recordings (default = 90, 10 - 90).
Video Storage Mode
From the dropdown, select a PAM session video recording storage mode (default = Rolling):
Rolling: Evict the oldest PAM video recording within the Video Storage Time when the video storage limit is reached.
Stop: Stop storing new PAM video recordings when the disk quota is full.
Video Storage Time
The number of days for which a video is stored. Video files are removed from FortiPAM once the time has elapsed (default = 365, 0 - 36500).
Enable the toggle or enter
0
for no time limit.Note: The option is only available when the Video Storage Mode is Rolling.
Recording Resolution
From the dropdown, select a resolution for the PAM video recordings:
480p
720p (default)
1080p
Recording FPS
Enter the PAM video recording frame rate (default = 2, 1 - 15).
Recording Color Depth
From the dropdown, select a color depth:
24 Bit Color Depth (default)
32 Bit Color Depth
Recording Key FPM
Enter the PAM video recording key frame rate per minute (default = 1, 1 - 60).
Max Launching Duration
Enter the maximum duration for all the secret launching sessions, in minutes (default = 120, 1 - 10000).
Client Port
Enter the port number that FortiPAM uses to connect to FortiClient (default = 9191, 1 - 65536).
Send Multiple Secret Requests in
When sending multiple secret request notifications to a reviewer:
Separate Emails: Send the secret request notifications as separate emails (default).
Single Email: Send the secret request notifications as a single email.
Period
Enter the time interval at which multiple secret request notifications are sent, in seconds (default = 60, 60 - 600).
Note: The option is only available when Send Multiple Secret Requests in is set to Single Email.
- Click Apply.