FortiPortal concepts
FortiPortal introduces the following concepts:
Sites
- An organization can have multiple sites.
- A site is a logical grouping of devices (independent of which FortiManager manages the device).
- Devices are FortiGate devices or AP wireless devices.
Storage limits
Each organization has a storage capacity maximum amount, which is expressed as a number of GB of database storage.
If an organization exceeds their storage limit, one of the following strategies is applied (this is configurable for each organization):
- Overwrite the oldest logs
- Stop logging
Remote authentication
You have the choice of local or remote user authentication of the admin and organization portal users. Local authentication works by defining the users in the local user databases. Remote authentication provides a choice of Radius authentication or FortiAuthenticator. The choice of authentication method is global to the whole FortiPortal.
If you set the authentication mode to remote, all user management functions reside with the remote system. FortiPortal user management capabilities (add/modify/delete users, reset password, change password) are blocked, as these apply only to local users.
For additional information regarding FortiAuthenticator, refer to the FortiAuthenticator product documentation.
Trusted Hosts
If you are using local user authentication, you can add the Trusted Hosts capability as an added level of security. You can apply the Trusted Hosts capability as a global feature. Optionally, you can add per-organization allowlists.
If you enable blocked hosts as a global setting, the system enforces a configurable blocklist for all admin and users.
You can also enable Trusted Hosts as an organization setting. The system creates an allowlist of trusted hosts for the users. The default entry in the allowlist is to allow all users, so you need to delete this entry to create a real allowlist.
For an organization with Trusted Hosts enabled, the system also enforces the global blocklist and allowlist for the users.