Fortinet white logo
Fortinet white logo

Administration Guide

Admin settings

Admin settings

Go to Admin > Settings to change the general administrative settings for FortiPortal.

The following figure shows the Settings tab (with authentication set to remote and RADIUS as the remote server):

The following table describes the settings:

Settings

Guidelines

Administration Settings

FPC Data Store Size

Required. Amount of database storage (in GB) to reserve for the portal DB

Session Timeout

Required. Timeout for user sessions on the Administrative or Customer web interfaces. The default is 30 minutes. The range is 15-3240 minutes.

Trusted Hosts

Select Enable or Disable. When enabled, you can create a allowlist of originating IP subnetworks; only log-in requests from these subnetworks will be allowed. The system also provides a blocklist, for blocking rogue log-in attempts.

Email Settings

SMTP Server

Required. URL of the SMTP serve from which FortiPortal sends emails

Email From

Required. Email address. Emails sent from FortiPortal will originate from this address.

Port

Required. Email server port. The default value is 25.

Authentication

Enable or disable authentication. If you enable authentication, enter a user name and password. You can use special characters in the user name.

Validate Mail Server Certificate

Enable or disable validating the mail server certificate. This option is enabled by default.

Remote Log Server

Primary Server

Primary log server IP address

Primary Port

Primary log server port number (mandatory if the server address is supplied)

Secondary Server

Secondary log server IP address

Secondary Port

Secondary log server port number (mandatory if server address supplied)

Other

Load Balancer Domain/IP Address

Load balancer IP address or domain name, if you have configured multiple instances of the Apache Tomcat server.

Load Balancer Port

Load balancer port number (required if you specified a load balancer IP address, not required for a domain name). The default value is 443.

Max Reports Allowed

Maximum number of reports that can be defined for this customer. This number includes customer-defined reports and also any reports that the administrator has defined for this customer.

Alert Email From

Alert emails will be sent from this email address.

Alert Email To

Alert emails will be sent to this email address.

If the storage is close to the allocated limit, an alert notification is sent to this email address.

Language

Desired language (default, English)
If you change the language, save the settings and log out. The change takes effect upon subsequent logins.

Time Zone

Select the appropriate time zone to use.

TLS/SSL Versions

Select which TLS/SSL versions are used.

User Authentication

Authentication Access

Select Local or Remote.

If the authentication access is local, the administrator and customer user log-in credentials are checked in the local user databases. With the local option, you must add an SP user entry for each administrative user, and a customer user for each end-customer user.

If the authentication access is remote, the administrator and customer user log-in credentials are checked in the remote RADIUS server or FortiAuthenticator user database. Local customer users cannot be used when remote authentication is selected. See Remote authentication using FortiAuthenticator, RADIUS server configuration , and Remote authentication - SSO .
If you select RADIUS or SSO as the remote server, the system displays the View Roles button. Select this button to map the RADIUS (RADIUS Roles) or SSO (SSO Roles) roles with the local roles.

If you select RADIUS as the remote server:

  • The Authentication Protocol dropdown allows you to choose between CHAP or PAP authentication protocols.

  • Optionally, you can use the Self Service Portal field to add a change password or the self-service portal URL.

    Note: The field allows you to enter a path which is then appended to the RADIUS server IP address.

    FortiPortal then redirects the user to the self-service portal URL.The forgot password link also redirects the user to the self-service portal URL. If the field is empty, FortiPortal redirects the user to the RADIUS server IP address.

    When the user clicks the link to change the password, they are redirected to the self-service portal URL. Similarly, when the user clicks the forgot password link, a new browser tab redirected to the self-service portal opens.

When you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.

Admin settings

Admin settings

Go to Admin > Settings to change the general administrative settings for FortiPortal.

The following figure shows the Settings tab (with authentication set to remote and RADIUS as the remote server):

The following table describes the settings:

Settings

Guidelines

Administration Settings

FPC Data Store Size

Required. Amount of database storage (in GB) to reserve for the portal DB

Session Timeout

Required. Timeout for user sessions on the Administrative or Customer web interfaces. The default is 30 minutes. The range is 15-3240 minutes.

Trusted Hosts

Select Enable or Disable. When enabled, you can create a allowlist of originating IP subnetworks; only log-in requests from these subnetworks will be allowed. The system also provides a blocklist, for blocking rogue log-in attempts.

Email Settings

SMTP Server

Required. URL of the SMTP serve from which FortiPortal sends emails

Email From

Required. Email address. Emails sent from FortiPortal will originate from this address.

Port

Required. Email server port. The default value is 25.

Authentication

Enable or disable authentication. If you enable authentication, enter a user name and password. You can use special characters in the user name.

Validate Mail Server Certificate

Enable or disable validating the mail server certificate. This option is enabled by default.

Remote Log Server

Primary Server

Primary log server IP address

Primary Port

Primary log server port number (mandatory if the server address is supplied)

Secondary Server

Secondary log server IP address

Secondary Port

Secondary log server port number (mandatory if server address supplied)

Other

Load Balancer Domain/IP Address

Load balancer IP address or domain name, if you have configured multiple instances of the Apache Tomcat server.

Load Balancer Port

Load balancer port number (required if you specified a load balancer IP address, not required for a domain name). The default value is 443.

Max Reports Allowed

Maximum number of reports that can be defined for this customer. This number includes customer-defined reports and also any reports that the administrator has defined for this customer.

Alert Email From

Alert emails will be sent from this email address.

Alert Email To

Alert emails will be sent to this email address.

If the storage is close to the allocated limit, an alert notification is sent to this email address.

Language

Desired language (default, English)
If you change the language, save the settings and log out. The change takes effect upon subsequent logins.

Time Zone

Select the appropriate time zone to use.

TLS/SSL Versions

Select which TLS/SSL versions are used.

User Authentication

Authentication Access

Select Local or Remote.

If the authentication access is local, the administrator and customer user log-in credentials are checked in the local user databases. With the local option, you must add an SP user entry for each administrative user, and a customer user for each end-customer user.

If the authentication access is remote, the administrator and customer user log-in credentials are checked in the remote RADIUS server or FortiAuthenticator user database. Local customer users cannot be used when remote authentication is selected. See Remote authentication using FortiAuthenticator, RADIUS server configuration , and Remote authentication - SSO .
If you select RADIUS or SSO as the remote server, the system displays the View Roles button. Select this button to map the RADIUS (RADIUS Roles) or SSO (SSO Roles) roles with the local roles.

If you select RADIUS as the remote server:

  • The Authentication Protocol dropdown allows you to choose between CHAP or PAP authentication protocols.

  • Optionally, you can use the Self Service Portal field to add a change password or the self-service portal URL.

    Note: The field allows you to enter a path which is then appended to the RADIUS server IP address.

    FortiPortal then redirects the user to the self-service portal URL.The forgot password link also redirects the user to the self-service portal URL. If the field is empty, FortiPortal redirects the user to the RADIUS server IP address.

    When the user clicks the link to change the password, they are redirected to the self-service portal URL. Similarly, when the user clicks the forgot password link, a new browser tab redirected to the self-service portal opens.

When you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.