Basic setup

This section covers the following tasks:

• Sizing
• Default login credentials
• Configuring FortiPortal
• Basic setup
• FortiManager configuration
• FortiAnalyzer configuration

Sizing

FortiPortal sizing can be complex. Fortinet recommends that you work with your Fortinet systems engineer when possible.

The default storage disk size is 12 GB, which is the recommended minimum. (The 2-GB disk in the VM is the flash memory; the 12-GB disk is storage.) If you have many organization logins and many devices, increase the memory and disk sizes for improved performance.

See Appendix A - Sizing for more information.

FortiPortal requires at least 16 GB of memory. The default memory size is 16 GB.

Default login credentials

The following are the default user names and passwords for FortiPortal:

Component	Default User Name	Default password
Console/SSH	admin	portal1234
Portal GUI	spuser	test12345

The login credentials are separated between the portal GUI and console/SSH.

Configuring FortiPortal

To configure the portal:

1. Before you can access the portal GUI, you must configure the VM port1 with an IP address and administrative access using the CLI console.

   1. Log in to the console using the default console/SSH credentials.
   2. To change the admin password using the CLI:

      config system admin user

      edit admin

      set password

      Old password: xxxxxx

      New password: yyyyyy

      Retype password: yyyyyy

      end

   3. In the CLI console, enter the following commands to configure the IP address and netmask:

      config system interface

      edit port1

      set ip x.x.x.x/x.x.x.x

      end

   4. In the CLI console, enter the following commands to configure the default route for the instance:

      config system route

      edit 1

      set device port1

      set gateway x.x.x.x

      end

   5. Optionally, in the CLI console, enter the following commands to configure the DNS servers for the instance:

      config system dns

      set primary x.x.x.x

      set secondary y.y.y.y

      end

   6. Optionally, in the CLI console, enter the following commands to configure the NTP server for the instance:

      config system ntp

      config ntpserver

      edit 1

      set server x.x.x.x or <hostname>

      end

      The NTP source should be the same for all portal VMs to synchronize the log time stamps across all devices.

2. Connect to FortiPortal via the GUI using the configured IP address and the default portal GUI credentials. After logging in and successfully uploading the license file, you may change the login credentials.

   

   The left pane is common for all of the pages (Dashboard, Organizations, Devices, System, Notifications, and Audit).

3. Upload the license file. Go to System > Settings > General, and click Upload in Upload License.After the license is uploaded, check that the license status is valid and the number of devices allowed is correct. See Dashboard.

   The individual portal VM does not have serial numbers.

Updating the SSL certificate file

If you are setting up a demo server, you can skip this procedure.

You must upload the license first.

Use the following steps to import an SSL certificate for the FortiPortal VM.

From the Admin portal, go to System > Settings > General to display information about the SSL certificate

Certificate Information displays the Certificate and Private Key file name. You can select and upload a new certificate and private key for the FortiPortal in the PKCS#8 format.

Do not use certificate import and export commands from the portal VMs because they apply to the administration interface and not the FortiPortal application. The certificate signing request must be done on an external host and the signed certificate imported. For example: openssl genrsa -des3 -out server.key 1024 cp server.key server.key.org openssl rsa -in server.key.org -out server.key openssl req -new -key server.key -out server.csr openssl pkcs8 -topk8 -nocrypt -in server.key -out portal.key openssl x509 -req -days 365 -in server.csr -signkey portal.key -out server.crt

After these steps are done, you need to upload the certificate file (*.crt file) and portal.key file from the FortiPortal UI (as instructed in the administration guide). After uploading the certificate file, restart your portal VM.

FortiManager configuration

You need to configure FortiManager to work with FortiPortal.

1. The ADOM mode must be enabled for FortiManager to work with FortiPortal. If needed, enable ADOMs and the advanced adom-mode on FortiManager so that you can add VDOMs on the same physical device to different ADOMs.
   
   

   config system global

   set adom-status enable

   set adom-mode advanced

   y

   end

   
   
2. Create a portal user with read-and-write permission:
   
   

   config system admin user

   edit fpc

   set profileid Super_User

   set adom all_adoms

   set policy-package all_policy_packages

   set password fortinet

   set rpc-permit read-write

   next

   end

   
   
3. The workspace mode must be enabled for FortiManager to work with FortiPortal.

   config system global

   set workspace-mode normal

   end

4. Add your FortiManager device using the JSON port. You must poll FortiManager to see the device list. For more information about adding FortiManagers to the portal, see FortiManager devices.

   

FortiAnalyzer configuration

You need to configure FortiAnalyzer to work with FortiPortal.

1. The ADOM mode must be enabled for FortiAnalyzer to work with FortiPortal. You must enable the interface permission webservice on FortiAnalyzer for the portal-facing interface.
2. You must allow remote procedure calls. Create an admin user for portal:

   config system admin user

   edit <user_name>

   set profileid Super_User

   set rpc-permit read-write

   end

To add a FortiAnalyzer, see FortiAnalyzer devices.