Fortinet white logo
Fortinet white logo

Administration Guide

Basic setup

Basic setup

This section covers the following tasks:

Sizing

FortiPortal sizing can be complex. Fortinet recommends that you work with your Fortinet systems engineer when possible.

The default storage disk size is 12 GB, which is the recommended minimum. If you have many organization logins and many devices, increase the memory and disk sizes for improved performance.

See Sizing recommendations for more information.

FortiPortal requires at least 16 GB of memory.

The default memory size is 16 GB.

Default login credentials

The following are the default user names and passwords for FortiPortal:

Component

Default User Name

Default password

Console/SSH

admin

portal1234

Portal GUI

spuser

test12345

The login credentials are separated between the portal GUI and console/SSH.

Configuring FortiPortal

To configure the portal:
  1. Before you can access the GUI, you must configure the VM with an IP address and administrative access using the CLI.

    1. Log in to the console using the default console/SSH credentials. On the first login, you are required to change the admin user password.
    2. In the CLI console, enter the following commands to configure the IP address and netmask:

      config system interface

      edit port1

      set ip x.x.x.x/24

      end

      If needed, configure additional ports (port2, port3, etc.) in the same manner.

      Caution

      Subnet ranges 10.43.0.0/16 and 10.42.0.0/16 are reserved for system internal use and can not be configured on any port.

    3. In the CLI console, enter the following commands to configure the default route for the instance:

      config system route

      edit 1

      set device port1

      set gateway x.x.x.x

      end

    4. Optionally, in the CLI console, enter the following commands to configure the DNS servers for the instance:

      config system dns

      set primary x.x.x.x

      set secondary y.y.y.y

      end

    5. Optionally, in the CLI console, enter the following commands to configure the NTP server for the instance:

      config system ntp

      config ntpserver

      edit 1

      set server x.x.x.x or <hostname>

      end

      The NTP source should be the same for all portal VMs to synchronize the log time stamps across all devices.
  2. Connect to FortiPortal via the GUI using the configured IP address and the default portal GUI credentials. After logging in and successfully uploading the license file, you must change the login credentials.
  3. Upload the license file. Select your valid license file and then click Upload. The license is validated and the Dashboard loads.
  4. Change the spuser password. After the first login, you are required to change the password.

Updating the SSL certificate file

If you are setting up a demo server, you can skip this procedure.

Use the following steps to import an SSL certificate.

In the Admin portal, go to System > Settings > General to display information about the SSL certificate.

Certificate Information displays the Certificate and Private Key file name. You can select and upload a new certificate and private key in PKCS #8 format.

FortiManager configuration

To configure FortiManager to work with FortiPortal:
  1. ADOM mode must be enabled on FortiManager to work with FortiPortal. If needed, enable advanced adom-mode on FortiManager so that you can add VDOMs on the same physical device to different ADOMs.

    In the FortiManager CLI, run this command to enable ADOMs (and optionally set the ADOM mode to advanced):

    config system global
      set adom-status enable
      set adom-mode advanced
      y
    end
  2. On FortiManager, create an admin user with read/write permission:

    config system admin user 
      edit <username>
        set profileid Super_User
        set adom all_adoms
        set policy-package all_policy_packages
        set password <password>
        set rpc-permit read-write
      next
    end
  3. Enable workspace mode on FortiManager to work with FortiPortal:

    config system global
      set workspace-mode normal
    end
  4. The SD-WAN monitoring widgets in the organization SD-WAN dashboard require that SD-WAN monitoring history is enabled to function properly. If this setting is not enabled, FortiManager only saves 10 minutes of SD-WAN data.

    To enable SD-WAN monitoring history on FortiManager:

    config system admin setting
      set sdwan-monitor-history enable
    end
  5. Add your FortiManager device to FortiPortal. You must poll FortiManager to see the device list.

For more information about adding FortiManagers to the portal, see FortiManager devices.

FortiAnalyzer configuration

To configure FortiAnalyzer to work with FortiPortal:
  1. ADOM mode must be enabled on FortiAnalyzer to work with FortiPortal. You must enable the interface permission https on FortiAnalyzer for the portal-facing interface.
  2. On FortiAnalyzer, create an admin user with read/write remote procedure calls enabled:

    config system admin user

    edit <user_name>

    set profileid Super_User

    set rpc-permit read-write

    end

For more information about adding FortiAnaliyzers to the portal, see FortiAnalyzer devices.

Basic setup

Basic setup

This section covers the following tasks:

Sizing

FortiPortal sizing can be complex. Fortinet recommends that you work with your Fortinet systems engineer when possible.

The default storage disk size is 12 GB, which is the recommended minimum. If you have many organization logins and many devices, increase the memory and disk sizes for improved performance.

See Sizing recommendations for more information.

FortiPortal requires at least 16 GB of memory.

The default memory size is 16 GB.

Default login credentials

The following are the default user names and passwords for FortiPortal:

Component

Default User Name

Default password

Console/SSH

admin

portal1234

Portal GUI

spuser

test12345

The login credentials are separated between the portal GUI and console/SSH.

Configuring FortiPortal

To configure the portal:
  1. Before you can access the GUI, you must configure the VM with an IP address and administrative access using the CLI.

    1. Log in to the console using the default console/SSH credentials. On the first login, you are required to change the admin user password.
    2. In the CLI console, enter the following commands to configure the IP address and netmask:

      config system interface

      edit port1

      set ip x.x.x.x/24

      end

      If needed, configure additional ports (port2, port3, etc.) in the same manner.

      Caution

      Subnet ranges 10.43.0.0/16 and 10.42.0.0/16 are reserved for system internal use and can not be configured on any port.

    3. In the CLI console, enter the following commands to configure the default route for the instance:

      config system route

      edit 1

      set device port1

      set gateway x.x.x.x

      end

    4. Optionally, in the CLI console, enter the following commands to configure the DNS servers for the instance:

      config system dns

      set primary x.x.x.x

      set secondary y.y.y.y

      end

    5. Optionally, in the CLI console, enter the following commands to configure the NTP server for the instance:

      config system ntp

      config ntpserver

      edit 1

      set server x.x.x.x or <hostname>

      end

      The NTP source should be the same for all portal VMs to synchronize the log time stamps across all devices.
  2. Connect to FortiPortal via the GUI using the configured IP address and the default portal GUI credentials. After logging in and successfully uploading the license file, you must change the login credentials.
  3. Upload the license file. Select your valid license file and then click Upload. The license is validated and the Dashboard loads.
  4. Change the spuser password. After the first login, you are required to change the password.

Updating the SSL certificate file

If you are setting up a demo server, you can skip this procedure.

Use the following steps to import an SSL certificate.

In the Admin portal, go to System > Settings > General to display information about the SSL certificate.

Certificate Information displays the Certificate and Private Key file name. You can select and upload a new certificate and private key in PKCS #8 format.

FortiManager configuration

To configure FortiManager to work with FortiPortal:
  1. ADOM mode must be enabled on FortiManager to work with FortiPortal. If needed, enable advanced adom-mode on FortiManager so that you can add VDOMs on the same physical device to different ADOMs.

    In the FortiManager CLI, run this command to enable ADOMs (and optionally set the ADOM mode to advanced):

    config system global
      set adom-status enable
      set adom-mode advanced
      y
    end
  2. On FortiManager, create an admin user with read/write permission:

    config system admin user 
      edit <username>
        set profileid Super_User
        set adom all_adoms
        set policy-package all_policy_packages
        set password <password>
        set rpc-permit read-write
      next
    end
  3. Enable workspace mode on FortiManager to work with FortiPortal:

    config system global
      set workspace-mode normal
    end
  4. The SD-WAN monitoring widgets in the organization SD-WAN dashboard require that SD-WAN monitoring history is enabled to function properly. If this setting is not enabled, FortiManager only saves 10 minutes of SD-WAN data.

    To enable SD-WAN monitoring history on FortiManager:

    config system admin setting
      set sdwan-monitor-history enable
    end
  5. Add your FortiManager device to FortiPortal. You must poll FortiManager to see the device list.

For more information about adding FortiManagers to the portal, see FortiManager devices.

FortiAnalyzer configuration

To configure FortiAnalyzer to work with FortiPortal:
  1. ADOM mode must be enabled on FortiAnalyzer to work with FortiPortal. You must enable the interface permission https on FortiAnalyzer for the portal-facing interface.
  2. On FortiAnalyzer, create an admin user with read/write remote procedure calls enabled:

    config system admin user

    edit <user_name>

    set profileid Super_User

    set rpc-permit read-write

    end

For more information about adding FortiAnaliyzers to the portal, see FortiAnalyzer devices.