Fortinet black logo

Administration Guide

Home FortiRecorder 7.2.0 Administration Guide
7.2.0
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.0
6.0.0
2.7.2
2.7.1
2.7.0
2.6.0

Configuring the public port numbers and domain name

Configuring the public port numbers and domain name

If you configured a NAT/port forward address on your firewall/router, then you must configure FortiRecorder to use it. FortiRecorder uses the external-facing address and port number in features such as notifications. For example, notification email about motion detection contains a hyperlink with the Public Access Host name and Access Ports Service (Public port number), like this:

https://nvr.example.com:1443/admin/AdminLogin.html?nid=123...

Due to this, when you are out of the office, you can click the link regardless of where you are on the Internet, and be able to watch the motion detection clip on FortiRecorder.

Miscellaneous settings (for example, password strength and idle timeout for local administrator accounts) are also available on this page of the GUI.

  1. On FortiRecorder, go to System > Configuration > Options.

  2. Configure the following settings:

    Setting Name

    Description

    Idle timeout

    Enter the amount of time that a user may be inactive before the FortiRecorder unit automatically logs out the user.

    Note

    For better security, use a low idle timeout value.

    Login disclaimer

    Enter text that you want to prompt the user to agree, such as an IT policy or legal disclaimer, then also configure when to display it:

    Display pre-login banner

    Enable to display the text in Login disclaimer before the login dialog.

    Display post-login banner

    Enable to display the text inLogin disclaimer after the login dialog, but before the GUI menu or CLI command prompt appears.

    Password Policy

    Minimum password length

    Enter the minimum number of characters that a password must contain. The default value is 8.

    If any password does not meet the requirements, FortiRecorder requires that user to change the password during the next login.

    Caution

    Set a strong password policy, especially for administrator accounts. If you don't, unauthorized persons could log into FortiRecorder and compromise security. Short, simple, and easily-guessed passwords are a security risk.

    Note

    These password policy settings only apply to accounts that are local (defined on FortiRecorder). See also Configuring remote authentication.

    Password must contain

    Select your password complexity requirements:

    • Uppercase letter
    • Lowercase letter
    • Number (0-9)
    • Non alphanumeric character: Any special character that is not a letter of the US-ASCII alphabet or a number, such as an exclamation mark ( ! ) or tilde ( ~ ).

    If any password does not meet the requirements, FortiRecorder requires that user to change the password during the next login.

    Allow empty password

    Enable to ignore Minimum password length and Password must contain and allow empty passwords.

    Caution

    Empty passwords effectively disable authentication, and are a security risk. Only enable this setting if:

    • FortiRecorder is on an isolated network (not accessible from the Internet or office LAN)
    • access is physically restricted to authorized persons

    If you don't, unknown and unauthorized persons could log into FortiRecorder and compromise security.

    Public Access
    Host name

    If you configured NAT on a firewall/router (see Configuring NAT/port forwarding on your firewall/router), then type either an:

    • IP address
    • fully qualified domain name (FQDN), such as nvr.example.com, that Internet DNS servers can resolve into the above IP address

    Devices on remote networks or the public Internet will connect through this address on the firewall/router for communications to the FortiRecorder.

    This hostname may be different than the one in Host name.

    Access Ports
    Service

    For each network service (HTTPS etc.), configure:

    • Local: Type the listening port number on FortiRecorder. Devices on the internal/private network connect directly to this port number.

    • Public: If you configured port forwarding on a firewall/router (see Configuring NAT/port forwarding on your firewall/router), then type the external/public port number on your firewall/router that forwards communications to the FortiRecorder port number in Local. Devices on remote networks or the public Internet will connect through this public port number on the firewall/router for communications to the FortiRecorder.

      If you do not use port forwarding, then keep Public the same as Local.

    By default, each service (protocol) on FortiRecorder uses IANA standard port numbers. See also Appendix A: Port numbers.

    Tooltip

    The FRC-Central port is used by both FortiCentral and FortiRecorder Mobile app.
  3. Click Apply.
Previous
Next

Configuring the public port numbers and domain name

If you configured a NAT/port forward address on your firewall/router, then you must configure FortiRecorder to use it. FortiRecorder uses the external-facing address and port number in features such as notifications. For example, notification email about motion detection contains a hyperlink with the Public Access Host name and Access Ports Service (Public port number), like this:

https://nvr.example.com:1443/admin/AdminLogin.html?nid=123...

Due to this, when you are out of the office, you can click the link regardless of where you are on the Internet, and be able to watch the motion detection clip on FortiRecorder.

Miscellaneous settings (for example, password strength and idle timeout for local administrator accounts) are also available on this page of the GUI.

  1. On FortiRecorder, go to System > Configuration > Options.

  2. Configure the following settings:

    Setting Name

    Description

    Idle timeout

    Enter the amount of time that a user may be inactive before the FortiRecorder unit automatically logs out the user.

    Note

    For better security, use a low idle timeout value.

    Login disclaimer

    Enter text that you want to prompt the user to agree, such as an IT policy or legal disclaimer, then also configure when to display it:

    Display pre-login banner

    Enable to display the text in Login disclaimer before the login dialog.

    Display post-login banner

    Enable to display the text inLogin disclaimer after the login dialog, but before the GUI menu or CLI command prompt appears.

    Password Policy

    Minimum password length

    Enter the minimum number of characters that a password must contain. The default value is 8.

    If any password does not meet the requirements, FortiRecorder requires that user to change the password during the next login.

    Caution

    Set a strong password policy, especially for administrator accounts. If you don't, unauthorized persons could log into FortiRecorder and compromise security. Short, simple, and easily-guessed passwords are a security risk.

    Note

    These password policy settings only apply to accounts that are local (defined on FortiRecorder). See also Configuring remote authentication.

    Password must contain

    Select your password complexity requirements:

    • Uppercase letter
    • Lowercase letter
    • Number (0-9)
    • Non alphanumeric character: Any special character that is not a letter of the US-ASCII alphabet or a number, such as an exclamation mark ( ! ) or tilde ( ~ ).

    If any password does not meet the requirements, FortiRecorder requires that user to change the password during the next login.

    Allow empty password

    Enable to ignore Minimum password length and Password must contain and allow empty passwords.

    Caution

    Empty passwords effectively disable authentication, and are a security risk. Only enable this setting if:

    • FortiRecorder is on an isolated network (not accessible from the Internet or office LAN)
    • access is physically restricted to authorized persons

    If you don't, unknown and unauthorized persons could log into FortiRecorder and compromise security.

    Public Access
    Host name

    If you configured NAT on a firewall/router (see Configuring NAT/port forwarding on your firewall/router), then type either an:

    • IP address
    • fully qualified domain name (FQDN), such as nvr.example.com, that Internet DNS servers can resolve into the above IP address

    Devices on remote networks or the public Internet will connect through this address on the firewall/router for communications to the FortiRecorder.

    This hostname may be different than the one in Host name.

    Access Ports
    Service

    For each network service (HTTPS etc.), configure:

    • Local: Type the listening port number on FortiRecorder. Devices on the internal/private network connect directly to this port number.

    • Public: If you configured port forwarding on a firewall/router (see Configuring NAT/port forwarding on your firewall/router), then type the external/public port number on your firewall/router that forwards communications to the FortiRecorder port number in Local. Devices on remote networks or the public Internet will connect through this public port number on the firewall/router for communications to the FortiRecorder.

      If you do not use port forwarding, then keep Public the same as Local.

    By default, each service (protocol) on FortiRecorder uses IANA standard port numbers. See also Appendix A: Port numbers.

    Tooltip

    The FRC-Central port is used by both FortiCentral and FortiRecorder Mobile app.
  3. Click Apply.
Previous
Next