Fortinet white logo
Fortinet white logo

Administration Guide

Administrators

Administrators

The Administrators menu allows you to configure administrator user accounts.

Users whose Admin Profile does not have Read Write privilege under System > Admin access will only be able to view and edit their own information.

The following options are available:

Create New

Select to create a new administrator account.

Edit

Select an administrator account from the list and click Edit in the toolbar to edit the entry.

Delete

Select an administrator account from the list and click Delete in the toolbar to delete the entry.

Test Login

Select an LDAP/RADIUS administrator account from the list and click Test Login to test the user's login settings. If an error occurs, a detailed debug message will display.

The following information is displayed:

Name

Displays the administrator account name.

Type

The administrator type:
  • Local
  • LDAP
  • RADIUS
  • LDAP WILDCARD
  • RADIUS WILDCARD

Profile

The Admin Profile the user belongs to.

To create a new user:
  1. Login as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select + Create New from the toolbar.

  3. Configure the following:

    Administrator

    Enter a name for the new administrator account. The administrator name must be 1 to 30 characters long and may only contain upper-case letters, lower-case letters, numbers, and the underscore character (_).

    Password

    Enter a password for the account. The password must be 6 to 64 characters long and may contain upper-case letters, lower-case letters, numbers, and special characters.

    This field is available when Type is set to Local.

    Confirm Password

    Confirm the password for the account.

    This field is available when Type is set to Local.

    Type

    Select either Local, LDAP, or RADIUS.

    LDAP

    When Type is LDAP, select the LDAP server from the dropdown list. For information on creating an LDAP server, see LDAP Servers.

    RADIUS

    When Type is RADIUS, select the RADIUS server from the dropdown list. For information on creating a RADIUS server, see RADIUS Servers.

    LDAP WILDCARD

    When Type is LDAP WILDCARD, select the LDAP server from the dropdown list. The Administrator is LDAP_WILDCARD and can not be edited. For more information, see Wildcard Admin Authentication.

    RADIUS WILDCARD

    When Type is RADIUS WILDCARD, select the Radius server from the dropdown list. The Administrator is RADIUS_WILDCARD and can not be edited. For more information, see Wildcard Admin Authentication.

    Device User

    Tick the checkbox when user will be assigned devices. When the user logs in, only jobs belonging to the assigned devices or VDOMs/Protected Domains will be visible.

    Device group can be created in System > Device Groups and then assigned to a device user.

    You can also assign devices on the fly by selecting Self Assigned in the Device Group dropdown list.

    Admin Profile

    Select the Admin Profile the user belongs to.

    Assigned Devices

    Assigned devices and/or VDOMs/Protected Domains to the user when the user is set to Device User.

    When the user clicks the panel, an Available Devices panel will slide out from the right side. This panel lists all available devices and VDOMs/Protected Domains. Users can assign devices and VDOMs/Protected Domains to the user by clicking the device serial number or VDOM/Protected Domains name. Users can also add or delete user defined devices which have not been seen by the FortiSandbox unit.

    After editing, click outside the device panel to accept the changes.

    Trusted Host 1, Trusted Host 2, Trusted Host 3

    Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiSandbox.

    Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3

    Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiSandbox.

    Comments

    Enter an optional description comment for the administrator account.

    Language

    Set the GUI language for the user, either English, Japanese, or French.

    Setting trusted hosts for administrators limits what computers an administrator can log in the FortiSandbox unit from. When you identify a trusted host, the FortiSandbox unit will only accept the administrator’s login from the configured IP address or subnet. Any attempt to log in with the same credentials from any other IP address or any other subnet will be dropped.

  4. Select OK to create the new user.
To edit a user account:
  1. Login as an user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the name of the user you would like to edit and click Edit from the toolbar.
  3. Edit the account as required and then re-type the new password in the confirmation field.
  4. Click OK to apply the changes.

    When editing an admin, you will be required to type the old password before you can set a new password.

    Only the admin user can edit its own settings.

To delete one or more user accounts:
  1. Login as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the user account you want to delete.
  3. Click Delete from the toolbar.
  4. Click Yes, I’m sure in the confirmation page to delete the selected user(s).
To test LDAP/RADIUS user login:
  1. Login as an user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select a LDAP/RADIUS user to test.
  3. Select Test Login from the toolbar.
  4. In the dialog box, enter the user's password.
  5. Click OK.

    If an error occurs, a detailed debug message will appear.

    When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken pin code or the code from email/SMS to complete login. For example, after the user clicks Login, the user must enter the code, and click Submit to complete the login.

    A pin code is also needed for the test login page.

Administrators

Administrators

The Administrators menu allows you to configure administrator user accounts.

Users whose Admin Profile does not have Read Write privilege under System > Admin access will only be able to view and edit their own information.

The following options are available:

Create New

Select to create a new administrator account.

Edit

Select an administrator account from the list and click Edit in the toolbar to edit the entry.

Delete

Select an administrator account from the list and click Delete in the toolbar to delete the entry.

Test Login

Select an LDAP/RADIUS administrator account from the list and click Test Login to test the user's login settings. If an error occurs, a detailed debug message will display.

The following information is displayed:

Name

Displays the administrator account name.

Type

The administrator type:
  • Local
  • LDAP
  • RADIUS
  • LDAP WILDCARD
  • RADIUS WILDCARD

Profile

The Admin Profile the user belongs to.

To create a new user:
  1. Login as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select + Create New from the toolbar.

  3. Configure the following:

    Administrator

    Enter a name for the new administrator account. The administrator name must be 1 to 30 characters long and may only contain upper-case letters, lower-case letters, numbers, and the underscore character (_).

    Password

    Enter a password for the account. The password must be 6 to 64 characters long and may contain upper-case letters, lower-case letters, numbers, and special characters.

    This field is available when Type is set to Local.

    Confirm Password

    Confirm the password for the account.

    This field is available when Type is set to Local.

    Type

    Select either Local, LDAP, or RADIUS.

    LDAP

    When Type is LDAP, select the LDAP server from the dropdown list. For information on creating an LDAP server, see LDAP Servers.

    RADIUS

    When Type is RADIUS, select the RADIUS server from the dropdown list. For information on creating a RADIUS server, see RADIUS Servers.

    LDAP WILDCARD

    When Type is LDAP WILDCARD, select the LDAP server from the dropdown list. The Administrator is LDAP_WILDCARD and can not be edited. For more information, see Wildcard Admin Authentication.

    RADIUS WILDCARD

    When Type is RADIUS WILDCARD, select the Radius server from the dropdown list. The Administrator is RADIUS_WILDCARD and can not be edited. For more information, see Wildcard Admin Authentication.

    Device User

    Tick the checkbox when user will be assigned devices. When the user logs in, only jobs belonging to the assigned devices or VDOMs/Protected Domains will be visible.

    Device group can be created in System > Device Groups and then assigned to a device user.

    You can also assign devices on the fly by selecting Self Assigned in the Device Group dropdown list.

    Admin Profile

    Select the Admin Profile the user belongs to.

    Assigned Devices

    Assigned devices and/or VDOMs/Protected Domains to the user when the user is set to Device User.

    When the user clicks the panel, an Available Devices panel will slide out from the right side. This panel lists all available devices and VDOMs/Protected Domains. Users can assign devices and VDOMs/Protected Domains to the user by clicking the device serial number or VDOM/Protected Domains name. Users can also add or delete user defined devices which have not been seen by the FortiSandbox unit.

    After editing, click outside the device panel to accept the changes.

    Trusted Host 1, Trusted Host 2, Trusted Host 3

    Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiSandbox.

    Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3

    Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiSandbox.

    Comments

    Enter an optional description comment for the administrator account.

    Language

    Set the GUI language for the user, either English, Japanese, or French.

    Setting trusted hosts for administrators limits what computers an administrator can log in the FortiSandbox unit from. When you identify a trusted host, the FortiSandbox unit will only accept the administrator’s login from the configured IP address or subnet. Any attempt to log in with the same credentials from any other IP address or any other subnet will be dropped.

  4. Select OK to create the new user.
To edit a user account:
  1. Login as an user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the name of the user you would like to edit and click Edit from the toolbar.
  3. Edit the account as required and then re-type the new password in the confirmation field.
  4. Click OK to apply the changes.

    When editing an admin, you will be required to type the old password before you can set a new password.

    Only the admin user can edit its own settings.

To delete one or more user accounts:
  1. Login as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the user account you want to delete.
  3. Click Delete from the toolbar.
  4. Click Yes, I’m sure in the confirmation page to delete the selected user(s).
To test LDAP/RADIUS user login:
  1. Login as an user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select a LDAP/RADIUS user to test.
  3. Select Test Login from the toolbar.
  4. In the dialog box, enter the user's password.
  5. Click OK.

    If an error occurs, a detailed debug message will appear.

    When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken pin code or the code from email/SMS to complete login. For example, after the user clicks Login, the user must enter the code, and click Submit to complete the login.

    A pin code is also needed for the test login page.