Fortinet white logo
Fortinet white logo

Administration Guide

FortiPortal concepts

FortiPortal concepts

FortiPortal introduces the following concepts:

Customer sites

  • An end-customer can have multiple sites.
  • A site is a logical grouping of devices (independent of which FortiManager manages the device).
  • Devices are FortiGate devices or AP wireless devices.

Storage limits

Each end-customer has a storage capacity maximum amount, which is expressed as a number of GB of database storage.

If a customer exceeds their storage limit, one of the following strategies is applied (this is configurable for each customer):

  • Overwrite the oldest logs
  • Stop logging

Remote authentication

You have the choice of local or remote user authentication of the Admin and Customer portal users. Local authentication works by defining the users in the local user databases. Remote authentication provides a choice of Radius authentication or FortiAuthenticator. The choice of authentication method is global to the whole FortiPortal.

If you set the authentication mode to remote, all user management functions reside with the remote system. FortiPortal user management capabilities (add/modify/delete users, reset password, change password) are blocked, as these apply only to local users.

For additional information regarding FortiAuthenticator, refer to the FortiAuthenticator product documentation.

Trusted Hosts

If you are using local user authentication, you can add the Trusted Hosts capability as an added level of security. You can apply the Trusted Hosts capability as a global feature. Optionally, you can add per-customer whitelists.

If you enable Trusted Hosts as a global setting, the system enforces a configurable blacklist and configurable whitelist for all admin and customer users.

You can also enable Trusted Hosts as a customer setting. The system creates a whitelist of trusted hosts for the customer users. The default entry in the whitelist is to allow all users, so you need to delete this entry to create a real whitelist.

For a customer with Trusted Hosts enabled, the system also enforces the global blacklist and whitelist for the customer users.

FortiPortal concepts

FortiPortal concepts

FortiPortal introduces the following concepts:

Customer sites

  • An end-customer can have multiple sites.
  • A site is a logical grouping of devices (independent of which FortiManager manages the device).
  • Devices are FortiGate devices or AP wireless devices.

Storage limits

Each end-customer has a storage capacity maximum amount, which is expressed as a number of GB of database storage.

If a customer exceeds their storage limit, one of the following strategies is applied (this is configurable for each customer):

  • Overwrite the oldest logs
  • Stop logging

Remote authentication

You have the choice of local or remote user authentication of the Admin and Customer portal users. Local authentication works by defining the users in the local user databases. Remote authentication provides a choice of Radius authentication or FortiAuthenticator. The choice of authentication method is global to the whole FortiPortal.

If you set the authentication mode to remote, all user management functions reside with the remote system. FortiPortal user management capabilities (add/modify/delete users, reset password, change password) are blocked, as these apply only to local users.

For additional information regarding FortiAuthenticator, refer to the FortiAuthenticator product documentation.

Trusted Hosts

If you are using local user authentication, you can add the Trusted Hosts capability as an added level of security. You can apply the Trusted Hosts capability as a global feature. Optionally, you can add per-customer whitelists.

If you enable Trusted Hosts as a global setting, the system enforces a configurable blacklist and configurable whitelist for all admin and customer users.

You can also enable Trusted Hosts as a customer setting. The system creates a whitelist of trusted hosts for the customer users. The default entry in the whitelist is to allow all users, so you need to delete this entry to create a real whitelist.

For a customer with Trusted Hosts enabled, the system also enforces the global blacklist and whitelist for the customer users.