DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
|
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
|
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
|
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Application Delivery
FortiADC
|
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
|
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
|
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
|
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
FortiTIP Cloud
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
All Products
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
FortiGate / FortiOS
FortiManager
FortiAnalyzer
Examples
Introduction
FortiToken and FortiToken Mobile
2FA with FortiToken Mobile
Adding a FortiToken to FortiPAM
Configuring a local user with FortiToken as the authentication type
Enabling FortiToken Mobile push notification
Results
Setting up FortiToken Mobile
RADIUS authentication
2FA on FortiPAM for RADIUS users using FortiAuthenticator
Configuring a RADIUS server on FortiPAM
Creating remote user group on FortiPAM
Enabling 2FA on FortiAuthenticator
Creating a RADIUS user on FortiPAM
Results
SAML authentication
2FA on FortiPAM for SAML users using FortiAuthenticator
Importing FortiAuthenticator certificate to FortiPAM
Configuring FortiAuthenticator as a SAML IdP
Configuring FortiPAM as an SP
Creating a remote user group on FortiPAM
Creating a SAML user on FortiPAM
Results
JWT
JWT (JSON Web Token) integration with DevOps
Integrating FortiPAM and GitLab- GUI
Integrating FortiPAM and GitLab- CLI
Integrating FortiPAM and Jenkins- CLI
ZTNA
ZTNA endpoint control on FortiPAM
Configuring EMS on FortiPAM
Registering the endpoint PC to EMS server
Configuring a ZTNA server on FortiPAM
Configuring proxy rule on FortiPAM
Adding a ZTNA tag to a secret for launching control
Secret configurations
Accessing a Linux server using PuTTY
Creating a secret with Unix template
Launching a secret for the Linux server
Accessing a Cisco router using PuTTY
Creating an associated secret
Creating a secret with Cisco User (SSH Secret) template
Launching a secret for the Cisco router
Accessing a FortiGate using PuTTY, Web SSH, or the Web launcher
Creating a secret with Unix template
Launching a secret for the FortiGate
Accessing a Windows server using the Remote Desktop- Windows launcher
Creating a secret with Windows Machine template
Launching a secret for the Windows server
Visiting a web application/platform using web launchers
Installing Fortinet Privileged Access Agent web extension on Chrome/Edge
Creating a secret for general web application/platform
Creating a secret for AWS root/IAM account
Visiting web application/platform using web launcher
Reviewing video recording for the web launching session
Reviewing secret log for the web launching session
Accessing a generic machine using Web VNC, VNC Viewer, or the TightVNC launcher
Creating a secret with Machine template
Launching a secret for the machine
Accessing a target server using locally installed WinSCP client
Installing WinSCP on a local machine
Creating a secret with Unix Account (SSH Password) template
Launching a secret for the target server using the WinSCP launcher
Accessing an SFTP server using the Web SFTP secret launcher
Creating a secret with Unix Account (SSH Password) template
Launching a secret for the SFTP server using the Web SFTP launcher
Accessing an SMB server using Web SMB launcher
Creating a secret with Windows Domain Account (Samba) template
Verifying the password
Launching a secret for the SMB server using the Web SMB launcher
Checking out and checking in a secret
Creating a secret with check out enabled
Checking out a secret
Checking in a secret
Using a secret requiring approval
Creating an approval profile
Creating a secret with mandatory approval requirement
Sending a request to access a secret
Approving a secret request
Launching a secret that requires approval
Running a script on a target server using jobs
Creating a job approval profile
Creating a secret with mandatory approval requirement for launching a job
Creating an ssh script type job
Sending a request to access the job
Approving a job request
Results
Configuring a secret that supports TOTP
Configuring a secret template with TOTP
Creating a secret with TOTP enabled
Accessing a MySQL server using MySQL CLI launcher
Creating a secret using the database server template
Launching a secret for the MySQL server
Configuring integrity check for the PuTTY launcher
Creating an entry for the PuTTY launcher
Enabling integrity check in the launcher and secret template
Creating a secret with integrity check
Launching the secret
Block uploading a JavaScript file via the Web SFTP launcher
Configuring the DLP file pattern
Configuring a DLP sensor profile
Creating a secret with a DLP sensor profile
Results
Block transferring .exe files and log file downloads of size larger than 500KB
Configuring the DLP file pattern
Configuring a DLP sensor profile
Creating a secret with a DLP sensor profile
Results
Updating a service account credential
Updating a service account credential
Creating a secret with the Certificate Vault template
Creating a certificate secret
Setting up email alert for certificate expiry
Configuring a secret using the Target Only secret template
Example 1: Creating a secret using the Target Only template
Example 1: Launching the secret
Example 2: Creating a secret using the Target Only template
Example 2: Launching the secret
Smart association for Windows AD server as the target
Creating a secret with Windows Domain Account as the secret template
Creating a remote user
Results
Access multiple Windows servers on the same domain
Creating targets
Creating a secret for the domain user
Creating a secret for the Windows PC- 10.59.112.201 and Windows PC- 10.59.112.208
Sharing secrets to a contractor
Result
Azure AD password changer
Configuring the Azure portal
Configuring FortiPAM
Results
Troubleshooting
Audit
Sponsored administrator audits secret activities
Creating a sponsored group
Creating a sponsor admin
Creating a secret with view permission for the sponsored group
Creating sponsored group members
Auditing
Web proxy
Configuring the web proxy feature to prevent web credentials from leaking
Enabling the web proxy feature
Creating a secret target with web proxy
Creating a secret with web proxy
FortiPAM behind a FortiGate device
RDP log retrieval
RDP log retrieving on FortiPAM
Creating an event filter profile
Creating a secret policy
Creating a secret target
Creating secret with an RDP event filter profile
Launching the secret
Checking the RDP logs
Gateway
FortiPAM connects to a target through a FortiProxy acting as the gateway
Creating the FortiProxy gateway
Creating the secret target on FortiPAM
FortiProxy related configurations
Configuring FortiPAM/FortiGate as the reverse gateway
Configuring the reverse service on FortiPAM (control plane)
Configuring reverse service on the gateway (control plane)
Configuring traffic proxy on the gateway for forwarding secret launch (traffic plane)
Configuring a gateway entry on FortiPAM server for secret launch (traffic plane)
Configuring a target using reverse gateway on the FortiPAM server
Creating a secret for the target that uses the FortiPAM reverse gateway
Launching the FortiPAM secret
Creating a secret for the target that uses the FortiGate reverse gateway
Launching the FortiGate secret
Troubleshooting
Configuring FortiGate forwarding access request from FortiPAM to the private target
Configuring forward gateway on FortiGate
Configuring a gateway on the FortiPAM server
Configuring a target using the forward gateway on FortiPAM server
Creating a secret for the target
Launching the secret from the FortiPAM server
Monitoring the secret
Troubleshooting
SSH filter profiles
Configuring an SSH filter profile on FortiPAM to restrict SSH access to secret servers
Configuring SSH filter profiles in the CLI
Configuring SSH filter profiles using the GUI
Automation
Using default automation stitch- Secret Credential View
Using the Secret Credential View automation stitch
Results
Customizing an automation stitch
Creating an automation trigger
Create an action
Creating a stitch
Results
Windows application filter
Creating a Windows application filter to prevent running executables
Setting up WinRM on the remote server
Creating a target with server information as Windows
Creating a Windows application filter profile
Creating a privileged account secret
Creating a non-privileged account
Launching the secret
Creating a non-Windows application filter to prevent running executables
Creating a target with server information as non-Windows
Creating a non-privilged secret
Web launcher
Using web launcher to auto fill credentials on a website
Creating a secret template
Creating a secret to connect to FortiAuthenticator
Launching the secret
Log and video disks
Back up and restore your log and video files
Enabling maintenance mode on FortiPAM
Backing up videos to the FTP server
Backing up logs to the FTP server
Shutting down the FortiPAM-VM and change log and video disks
Restoring videos from the FTP server
Restoring logs from the FTP server
Certificate management
Configuring certificate using the ACME protocol to access a FortiPAM instance
Creating a certificate
Configuring the FortiPAM SSL certificate
How to deploy FortiPAM CA to Windows host using EMS and FortiClient
Deploying FortiPAM CA using EMS
Avoiding the web browser warning on the FortiPAM GUI
Downloading FortiPAM CA from the FortiPAM GUI
Logging servers
FortiAnalyzer Cloud as a logging server
Registering FortiAnalyzer Cloud
Deploying a FortiAnalyzer Cloud instance
Add FortiPAM to FortiAnalyzer Cloud instance
Enabling FortiAnalyzer Cloud in FortiPAM
Launching a secret
FortiGate
FortiPAM behind FortiGate
Configuring a VIP on FortiGate for FortiPAM access
Configuring ZTNA on FortiGate for FortiPAM access
Results
Change Log
Home
FortiPAM 1.8.0
Examples
1.8.0
1.8.0
1.7.0
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
RADIUS authentication
RADIUS authentication
This section describes configuring RADIUS authentication.
Previous
Next
RADIUS authentication
RADIUS authentication
This section describes configuring RADIUS authentication.
Previous
Next
Home
Products
Summary
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By Solution
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By 4D Pillars
Secure SD-WAN
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Application Delivery
FortiADC
FortiGSLB
Secure Access Service Edge(SASE)
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
ZTNA
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
LAN Edge
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity and Access Management
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application Firewall
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
By Cloud
Public Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
Private Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
FortiCloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Best Practices
4D Resources
Define, Design, Deploy, Demo
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Solution Hubs
Curated Links by Solution
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
Hardware Guides
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Products A-Z
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Introduction
FortiToken and FortiToken Mobile
2FA with FortiToken Mobile
Adding a FortiToken to FortiPAM
Configuring a local user with FortiToken as the authentication type
Enabling FortiToken Mobile push notification
Results
Setting up FortiToken Mobile
RADIUS authentication
2FA on FortiPAM for RADIUS users using FortiAuthenticator
Configuring a RADIUS server on FortiPAM
Creating remote user group on FortiPAM
Enabling 2FA on FortiAuthenticator
Creating a RADIUS user on FortiPAM
Results
SAML authentication
2FA on FortiPAM for SAML users using FortiAuthenticator
Importing FortiAuthenticator certificate to FortiPAM
Configuring FortiAuthenticator as a SAML IdP
Configuring FortiPAM as an SP
Creating a remote user group on FortiPAM
Creating a SAML user on FortiPAM
Results
JWT
JWT (JSON Web Token) integration with DevOps
Integrating FortiPAM and GitLab- GUI
Integrating FortiPAM and GitLab- CLI
Integrating FortiPAM and Jenkins- CLI
ZTNA
ZTNA endpoint control on FortiPAM
Configuring EMS on FortiPAM
Registering the endpoint PC to EMS server
Configuring a ZTNA server on FortiPAM
Configuring proxy rule on FortiPAM
Adding a ZTNA tag to a secret for launching control
Secret configurations
Accessing a Linux server using PuTTY
Creating a secret with Unix template
Launching a secret for the Linux server
Accessing a Cisco router using PuTTY
Creating an associated secret
Creating a secret with Cisco User (SSH Secret) template
Launching a secret for the Cisco router
Accessing a FortiGate using PuTTY, Web SSH, or the Web launcher
Creating a secret with Unix template
Launching a secret for the FortiGate
Accessing a Windows server using the Remote Desktop- Windows launcher
Creating a secret with Windows Machine template
Launching a secret for the Windows server
Visiting a web application/platform using web launchers
Installing Fortinet Privileged Access Agent web extension on Chrome/Edge
Creating a secret for general web application/platform
Creating a secret for AWS root/IAM account
Visiting web application/platform using web launcher
Reviewing video recording for the web launching session
Reviewing secret log for the web launching session
Accessing a generic machine using Web VNC, VNC Viewer, or the TightVNC launcher
Creating a secret with Machine template
Launching a secret for the machine
Accessing a target server using locally installed WinSCP client
Installing WinSCP on a local machine
Creating a secret with Unix Account (SSH Password) template
Launching a secret for the target server using the WinSCP launcher
Accessing an SFTP server using the Web SFTP secret launcher
Creating a secret with Unix Account (SSH Password) template
Launching a secret for the SFTP server using the Web SFTP launcher
Accessing an SMB server using Web SMB launcher
Creating a secret with Windows Domain Account (Samba) template
Verifying the password
Launching a secret for the SMB server using the Web SMB launcher
Checking out and checking in a secret
Creating a secret with check out enabled
Checking out a secret
Checking in a secret
Using a secret requiring approval
Creating an approval profile
Creating a secret with mandatory approval requirement
Sending a request to access a secret
Approving a secret request
Launching a secret that requires approval
Running a script on a target server using jobs
Creating a job approval profile
Creating a secret with mandatory approval requirement for launching a job
Creating an ssh script type job
Sending a request to access the job
Approving a job request
Results
Configuring a secret that supports TOTP
Configuring a secret template with TOTP
Creating a secret with TOTP enabled
Accessing a MySQL server using MySQL CLI launcher
Creating a secret using the database server template
Launching a secret for the MySQL server
Configuring integrity check for the PuTTY launcher
Creating an entry for the PuTTY launcher
Enabling integrity check in the launcher and secret template
Creating a secret with integrity check
Launching the secret
Block uploading a JavaScript file via the Web SFTP launcher
Configuring the DLP file pattern
Configuring a DLP sensor profile
Creating a secret with a DLP sensor profile
Results
Block transferring .exe files and log file downloads of size larger than 500KB
Configuring the DLP file pattern
Configuring a DLP sensor profile
Creating a secret with a DLP sensor profile
Results
Updating a service account credential
Updating a service account credential
Creating a secret with the Certificate Vault template
Creating a certificate secret
Setting up email alert for certificate expiry
Configuring a secret using the Target Only secret template
Example 1: Creating a secret using the Target Only template
Example 1: Launching the secret
Example 2: Creating a secret using the Target Only template
Example 2: Launching the secret
Smart association for Windows AD server as the target
Creating a secret with Windows Domain Account as the secret template
Creating a remote user
Results
Access multiple Windows servers on the same domain
Creating targets
Creating a secret for the domain user
Creating a secret for the Windows PC- 10.59.112.201 and Windows PC- 10.59.112.208
Sharing secrets to a contractor
Result
Azure AD password changer
Configuring the Azure portal
Configuring FortiPAM
Results
Troubleshooting
Audit
Sponsored administrator audits secret activities
Creating a sponsored group
Creating a sponsor admin
Creating a secret with view permission for the sponsored group
Creating sponsored group members
Auditing
Web proxy
Configuring the web proxy feature to prevent web credentials from leaking
Enabling the web proxy feature
Creating a secret target with web proxy
Creating a secret with web proxy
FortiPAM behind a FortiGate device
RDP log retrieval
RDP log retrieving on FortiPAM
Creating an event filter profile
Creating a secret policy
Creating a secret target
Creating secret with an RDP event filter profile
Launching the secret
Checking the RDP logs
Gateway
FortiPAM connects to a target through a FortiProxy acting as the gateway
Creating the FortiProxy gateway
Creating the secret target on FortiPAM
FortiProxy related configurations
Configuring FortiPAM/FortiGate as the reverse gateway
Configuring the reverse service on FortiPAM (control plane)
Configuring reverse service on the gateway (control plane)
Configuring traffic proxy on the gateway for forwarding secret launch (traffic plane)
Configuring a gateway entry on FortiPAM server for secret launch (traffic plane)
Configuring a target using reverse gateway on the FortiPAM server
Creating a secret for the target that uses the FortiPAM reverse gateway
Launching the FortiPAM secret
Creating a secret for the target that uses the FortiGate reverse gateway
Launching the FortiGate secret
Troubleshooting
Configuring FortiGate forwarding access request from FortiPAM to the private target
Configuring forward gateway on FortiGate
Configuring a gateway on the FortiPAM server
Configuring a target using the forward gateway on FortiPAM server
Creating a secret for the target
Launching the secret from the FortiPAM server
Monitoring the secret
Troubleshooting
SSH filter profiles
Configuring an SSH filter profile on FortiPAM to restrict SSH access to secret servers
Configuring SSH filter profiles in the CLI
Configuring SSH filter profiles using the GUI
Automation
Using default automation stitch- Secret Credential View
Using the Secret Credential View automation stitch
Results
Customizing an automation stitch
Creating an automation trigger
Create an action
Creating a stitch
Results
Windows application filter
Creating a Windows application filter to prevent running executables
Setting up WinRM on the remote server
Creating a target with server information as Windows
Creating a Windows application filter profile
Creating a privileged account secret
Creating a non-privileged account
Launching the secret
Creating a non-Windows application filter to prevent running executables
Creating a target with server information as non-Windows
Creating a non-privilged secret
Web launcher
Using web launcher to auto fill credentials on a website
Creating a secret template
Creating a secret to connect to FortiAuthenticator
Launching the secret
Log and video disks
Back up and restore your log and video files
Enabling maintenance mode on FortiPAM
Backing up videos to the FTP server
Backing up logs to the FTP server
Shutting down the FortiPAM-VM and change log and video disks
Restoring videos from the FTP server
Restoring logs from the FTP server
Certificate management
Configuring certificate using the ACME protocol to access a FortiPAM instance
Creating a certificate
Configuring the FortiPAM SSL certificate
How to deploy FortiPAM CA to Windows host using EMS and FortiClient
Deploying FortiPAM CA using EMS
Avoiding the web browser warning on the FortiPAM GUI
Downloading FortiPAM CA from the FortiPAM GUI
Logging servers
FortiAnalyzer Cloud as a logging server
Registering FortiAnalyzer Cloud
Deploying a FortiAnalyzer Cloud instance
Add FortiPAM to FortiAnalyzer Cloud instance
Enabling FortiAnalyzer Cloud in FortiPAM
Launching a secret
FortiGate
FortiPAM behind FortiGate
Configuring a VIP on FortiGate for FortiPAM access
Configuring ZTNA on FortiGate for FortiPAM access
Results
Change Log
