Fortinet black logo

Administration Guide

Home FortiPortal 6.0.5 Administration Guide

FortiPortal concepts

6.0.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID 88e196dc-bfee-11eb-92d0-00505692583a:764378
Download PDF

FortiPortal concepts

FortiPortal introduces the following concepts:

Customer sites

  • An end-customer can have multiple sites.
  • A site is a logical grouping of devices (independent of which FortiManager manages the device).
  • Devices are FortiGate devices or AP wireless devices.

Storage limits

Each end-customer has a storage capacity maximum amount, which is expressed as a number of GB of database storage.

If a customer exceeds their storage limit, one of the following strategies is applied (this is configurable for each customer):

  • Overwrite the oldest logs
  • Stop logging

Remote authentication

You have the choice of local or remote user authentication of the Admin and Customer portal users. Local authentication works by defining the users in the local user databases. Remote authentication provides a choice of Radius authentication or FortiAuthenticator. The choice of authentication method is global to the whole FortiPortal.

If you set the authentication mode to remote, all user management functions reside with the remote system. FortiPortal user management capabilities (add/modify/delete users, reset password, change password) are blocked, as these apply only to local users.

For additional information regarding FortiAuthenticator, refer to the FortiAuthenticator product documentation.

Trusted Hosts

If you are using local user authentication, you can add the Trusted Hosts capability as an added level of security. You can apply the Trusted Hosts capability as a global feature. Optionally, you can add per-customer allowlists.

If you enable Trusted Hosts as a global setting, the system enforces a configurable blocklist and configurable allowlist for all admin and customer users.

You can also enable Trusted Hosts as a customer setting. The system creates an allowlist of trusted hosts for the customer users. The default entry in the allowlist is to allow all users, so you need to delete this entry to create a real allowlist.

For a customer with Trusted Hosts enabled, the system also enforces the global blocklist and allowlist for the customer users.

Previous
Next

FortiPortal concepts

FortiPortal introduces the following concepts:

Customer sites

  • An end-customer can have multiple sites.
  • A site is a logical grouping of devices (independent of which FortiManager manages the device).
  • Devices are FortiGate devices or AP wireless devices.

Storage limits

Each end-customer has a storage capacity maximum amount, which is expressed as a number of GB of database storage.

If a customer exceeds their storage limit, one of the following strategies is applied (this is configurable for each customer):

  • Overwrite the oldest logs
  • Stop logging

Remote authentication

You have the choice of local or remote user authentication of the Admin and Customer portal users. Local authentication works by defining the users in the local user databases. Remote authentication provides a choice of Radius authentication or FortiAuthenticator. The choice of authentication method is global to the whole FortiPortal.

If you set the authentication mode to remote, all user management functions reside with the remote system. FortiPortal user management capabilities (add/modify/delete users, reset password, change password) are blocked, as these apply only to local users.

For additional information regarding FortiAuthenticator, refer to the FortiAuthenticator product documentation.

Trusted Hosts

If you are using local user authentication, you can add the Trusted Hosts capability as an added level of security. You can apply the Trusted Hosts capability as a global feature. Optionally, you can add per-customer allowlists.

If you enable Trusted Hosts as a global setting, the system enforces a configurable blocklist and configurable allowlist for all admin and customer users.

You can also enable Trusted Hosts as a customer setting. The system creates an allowlist of trusted hosts for the customer users. The default entry in the allowlist is to allow all users, so you need to delete this entry to create a real allowlist.

For a customer with Trusted Hosts enabled, the system also enforces the global blocklist and allowlist for the customer users.

Previous
Next