Basic setup
This section covers the following tasks:
- Sizing
- Default login credentials
- Configuring FortiPortal
- FortiManager configuration
- FortiAnalyzer configuration
Sizing
FortiPortal sizing can be complex. Fortinet recommends that you work with your Fortinet systems engineer when possible.
The default storage disk size is 12 GB, which is the recommended minimum. If you have many organization logins and many devices, increase the memory and disk sizes for improved performance.
See Sizing recommendations for more information.
FortiPortal requires at least 16 GB of memory. The default memory size is 16 GB. |
Default login credentials
The following are the default user names and passwords for FortiPortal:
Component |
Default User Name |
Default password |
---|---|---|
Console/SSH |
|
portal1234 |
Portal GUI |
|
test12345 |
The login credentials are separated between the portal GUI and console/SSH. |
Configuring FortiPortal
To configure the portal:
-
Before you can access the GUI, you must configure the VM with an IP address and administrative access using the CLI.
- Log in to the console using the default console/SSH credentials. On the first login, you are required to change the admin user password.
-
In the CLI console, enter the following commands to configure the IP address and netmask:
config system interface
edit port1
set ip x.x.x.x/24
end
If needed, configure additional ports (
port2
,port3
, etc.) in the same manner.Subnet ranges 10.43.0.0/16 and 10.42.0.0/16 are reserved for system internal use and can not be configured on any port.
-
In the CLI console, enter the following commands to configure the default route for the instance:
config system route
edit 1
set device port1
set gateway x.x.x.x
end
-
Optionally, in the CLI console, enter the following commands to configure the DNS servers for the instance:
config system dns
set primary x.x.x.x
set secondary y.y.y.y
end
-
Optionally, in the CLI console, enter the following commands to configure the NTP server for the instance:
config system ntp
config ntpserver
edit 1
set server x.x.x.x or <hostname>
end
The NTP source should be the same for all portal VMs to synchronize the log time stamps across all devices.
- Connect to FortiPortal via the GUI using the configured IP address and the default portal GUI credentials. After logging in and successfully uploading the license file, you must change the login credentials.
- Upload the license file. Select your valid license file and then click Upload. The license is validated and the Dashboard loads.
- Change the spuser password. After the first login, you are required to change the password.
Updating the SSL certificate file
If you are setting up a demo server, you can skip this procedure. |
Use the following steps to import an SSL certificate.
In the Admin portal, go to System > Settings > General to display information about the SSL certificate.
Certificate Information displays the Certificate and Private Key file name. You can select and upload a new certificate and private key in PKCS #8 format.
FortiManager configuration
To configure FortiManager to work with FortiPortal:
-
ADOM mode must be enabled on FortiManager to work with FortiPortal. If needed, enable advanced adom-mode on FortiManager so that you can add VDOMs on the same physical device to different ADOMs.
In the FortiManager CLI, run this command to enable ADOMs (and optionally set the ADOM mode to advanced):
config system global set adom-status enable set adom-mode advanced y end
-
On FortiManager, create an admin user with read/write permission:
config system admin user edit <username> set profileid Super_User set adom all_adoms set policy-package all_policy_packages set password <password> set rpc-permit read-write next end
-
Enable workspace mode on FortiManager to work with FortiPortal:
config system global set workspace-mode normal end
-
The SD-WAN monitoring widgets in the organization SD-WAN dashboard require that SD-WAN monitoring history is enabled to function properly. If this setting is not enabled, FortiManager only saves 10 minutes of SD-WAN data.
To enable SD-WAN monitoring history on FortiManager:
config system admin setting set sdwan-monitor-history enable end
- Add your FortiManager device to FortiPortal. You must poll FortiManager to see the device list.
For more information about adding FortiManagers to the portal, see FortiManager devices.
FortiAnalyzer configuration
To configure FortiAnalyzer to work with FortiPortal:
- ADOM mode must be enabled on FortiAnalyzer to work with FortiPortal. You must enable the interface permission
https
on FortiAnalyzer for the portal-facing interface. - On FortiAnalyzer, create an admin user with read/write remote procedure calls enabled:
config system admin user
edit <user_name>
set profileid Super_User
set rpc-permit read-write
end
For more information about adding FortiAnaliyzers to the portal, see FortiAnalyzer devices.