Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Administration Guide
What's new in FortiSRA
FortiSRA 1.4.1
Introduction
FortiSRA concepts
Organization of the guide
Using the GUI
Banner
GUI based global search
CLI commands
Admin
Tables
Modes of operation
FortiSRA deployment options
Feature availability
FortiSRA installation
FortiSRA appliance setup
FortiSRA with TPM
Connecting to target remote systems
Licensing
License expiry and renewal
Renewing FortiSRA-VM license
Dashboard
Adding a custom dashboard
System information widget
Licenses widget
FortiGuard Distribution Network
VM license
Secrets
Secrets
Creating a secret
Viewing secret edit history
Viewing secret activity
Viewing SSH filter logs for a secret
Launching a secret
Check out and check in a secret
Uploading secrets using the secret upload template
Change password
Verify password
Example secret configurations example
Configuring a web FortiProduct secret Example
Configuring an ESXi web secret Example
Configuring and accessing a secret that uses an approval profile with custom fields Example
Targets
Creating a target
Web proxy
Gateway
Creating a gateway on the FortiSRA GUI
Reverse service
Configuring reverse service on a gateway CLI
Configuring traffic proxy on gateway CLI
Creating a gateway on the FortiSRA CLI
FortiSRA connects to a target through a FortiProxy acting as the gateway Example
Personal/public folder
Creating a folder
My requests list
Make a request
Approval list
Approving a request
Reviewing multiple requests
Job list
Creating a job
Discovery
Creating discovery entry
Secret settings
Classification tags
Creating a classification tag
Templates
Creating secret templates
Launchers
Launch session monitor
Policies
Creating a policy
Applying a policy to a folder
Addresses
Creating an address
Creating an address group
Dependency updater
Creating a dependency updater
Updating a service account credential Example
Approval flow
Approval profile
Enabling approval profiles for a secret
Create an approval profile
Approval email template
Creating an approval email template
Creating an approval email template using the CLI
Password changers
Creating a password changer
Automatic password changing
Automatic password verification
Password policies
Creating a password policy
Applying a password policy to a secret template
Character sets
Creating a character set
AntiVirus
Creating an antivirus profile
Enabling antivirus scan in a secret
Data loss prevention (DLP) protection for secrets
Supported file types
DLP file pattern
SSH filter profiles
Creating an SSH filter
Adding SSH filter to secret
Example SSH filter profiles example
Event filter profile
Creating an event filter profile
Window app filter
Creating a Windows app filter profile
User management
User list
Creating a user
Users in FortiSRA
2FA with FortiToken Cloud example
2FA with FortiToken example
Importing LDAP users
User groups
Auto provision rules
Sponsored groups
Role
Access control options
Log permissions
LDAP servers
SAML Single Sign-On (SSO)
Auto provision rules
Creating an auto provision rule
Setting up remote user auto provisioning using the CLI
RADIUS servers
Schedule
FortiTokens
Monitoring
User monitor
Active sessions
Over-the-shoulder monitoring (Live recording)
Log & report
Secret
Events
SSH
Antivirus
Date leak prevention
Disk usage
Automation
Stitch
Creating an automation stitch
Trigger
Creating a trigger
Action
Creating an action
Reports
General
Reports
Layout & schedule
Secret audit
Log settings
Configuring log and video disk encryption
Email alert settings
Email alert when the glass breaking mode is activated example
Debug settings
Automation trigger settings
Network
Interfaces
Editing an interface
Static routes
Creating an IPv4 static route
DNS settings
Security fabric
Fabric Connectors
FortiAnalyzer logging
Packet capture
Creating a packet capture filter
System
Settings
Testing the email service connection example
How FortiSRA chooses the sender email address
High availability
HA active-passive cluster setup
Upgrading FortiSRA devices in an HA cluster
Disaster recovery
Certificates
Creating a certificate
Generating a CSR (Certificate Signing Request)
Importing CA certificate
Uploading a remote certificate
Importing a CRL (Certificate revocation list)
Replacement messages
Replacement messages descriptions
Editing a replacement message
Managing images
Adding an image
SNMP
Fortinet MIBs
SNMP agent
Creating or editing an SNMP community
Creating or editing an SNMP user
Backup
Sending backup file to a server Example
Backing up/restoring log and video files using FTP CLI
Firmware
FortiSRA license
FortiGuard license
Concurrent user sessions
Disclaimers via the CLI
Troubleshooting
Troubleshoot using trace files
Example troubleshooting example
FortiSRA HTTP filter
Issue: WebRDP session recording fails and closes active session
Troubleshooting log and video disk encryption issues
Troubleshooting Windows application filter
Hardening
Secure password storage
Verify the private-data-encryption feature Example
How to restore a backup configuration file with private-data-encryption enabled Example
Enabling private-data-encryption on an HA cluster Example
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiSRA-VM
Appendix D: vTPM for FortiSRA on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Appendix F: Installation on Hyper-V
Appendix G: WinRM configuration for Windows server
Appendix H: How to find a selector Example
Appendix I: How to input the authentication path Example
Change Log
Home
FortiSRA 1.4.1
Administration Guide
1.4.1
1.4.1
1.4.0
Monitoring
Monitoring
Go to
Monitoring
to access the following tabs:
User monitor
Active sessions
Previous
Next
Monitoring
Monitoring
Go to
Monitoring
to access the following tabs:
User monitor
Active sessions
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
What's new in FortiSRA
FortiSRA 1.4.1
Introduction
FortiSRA concepts
Organization of the guide
Using the GUI
Banner
GUI based global search
CLI commands
Admin
Tables
Modes of operation
FortiSRA deployment options
Feature availability
FortiSRA installation
FortiSRA appliance setup
FortiSRA with TPM
Connecting to target remote systems
Licensing
License expiry and renewal
Renewing FortiSRA-VM license
Dashboard
Adding a custom dashboard
System information widget
Licenses widget
FortiGuard Distribution Network
VM license
Secrets
Secrets
Creating a secret
Viewing secret edit history
Viewing secret activity
Viewing SSH filter logs for a secret
Launching a secret
Check out and check in a secret
Uploading secrets using the secret upload template
Change password
Verify password
Example secret configurations example
Configuring a web FortiProduct secret Example
Configuring an ESXi web secret Example
Configuring and accessing a secret that uses an approval profile with custom fields Example
Targets
Creating a target
Web proxy
Gateway
Creating a gateway on the FortiSRA GUI
Reverse service
Configuring reverse service on a gateway CLI
Configuring traffic proxy on gateway CLI
Creating a gateway on the FortiSRA CLI
FortiSRA connects to a target through a FortiProxy acting as the gateway Example
Personal/public folder
Creating a folder
My requests list
Make a request
Approval list
Approving a request
Reviewing multiple requests
Job list
Creating a job
Discovery
Creating discovery entry
Secret settings
Classification tags
Creating a classification tag
Templates
Creating secret templates
Launchers
Launch session monitor
Policies
Creating a policy
Applying a policy to a folder
Addresses
Creating an address
Creating an address group
Dependency updater
Creating a dependency updater
Updating a service account credential Example
Approval flow
Approval profile
Enabling approval profiles for a secret
Create an approval profile
Approval email template
Creating an approval email template
Creating an approval email template using the CLI
Password changers
Creating a password changer
Automatic password changing
Automatic password verification
Password policies
Creating a password policy
Applying a password policy to a secret template
Character sets
Creating a character set
AntiVirus
Creating an antivirus profile
Enabling antivirus scan in a secret
Data loss prevention (DLP) protection for secrets
Supported file types
DLP file pattern
SSH filter profiles
Creating an SSH filter
Adding SSH filter to secret
Example SSH filter profiles example
Event filter profile
Creating an event filter profile
Window app filter
Creating a Windows app filter profile
User management
User list
Creating a user
Users in FortiSRA
2FA with FortiToken Cloud example
2FA with FortiToken example
Importing LDAP users
User groups
Auto provision rules
Sponsored groups
Role
Access control options
Log permissions
LDAP servers
SAML Single Sign-On (SSO)
Auto provision rules
Creating an auto provision rule
Setting up remote user auto provisioning using the CLI
RADIUS servers
Schedule
FortiTokens
Monitoring
User monitor
Active sessions
Over-the-shoulder monitoring (Live recording)
Log & report
Secret
Events
SSH
Antivirus
Date leak prevention
Disk usage
Automation
Stitch
Creating an automation stitch
Trigger
Creating a trigger
Action
Creating an action
Reports
General
Reports
Layout & schedule
Secret audit
Log settings
Configuring log and video disk encryption
Email alert settings
Email alert when the glass breaking mode is activated example
Debug settings
Automation trigger settings
Network
Interfaces
Editing an interface
Static routes
Creating an IPv4 static route
DNS settings
Security fabric
Fabric Connectors
FortiAnalyzer logging
Packet capture
Creating a packet capture filter
System
Settings
Testing the email service connection example
How FortiSRA chooses the sender email address
High availability
HA active-passive cluster setup
Upgrading FortiSRA devices in an HA cluster
Disaster recovery
Certificates
Creating a certificate
Generating a CSR (Certificate Signing Request)
Importing CA certificate
Uploading a remote certificate
Importing a CRL (Certificate revocation list)
Replacement messages
Replacement messages descriptions
Editing a replacement message
Managing images
Adding an image
SNMP
Fortinet MIBs
SNMP agent
Creating or editing an SNMP community
Creating or editing an SNMP user
Backup
Sending backup file to a server Example
Backing up/restoring log and video files using FTP CLI
Firmware
FortiSRA license
FortiGuard license
Concurrent user sessions
Disclaimers via the CLI
Troubleshooting
Troubleshoot using trace files
Example troubleshooting example
FortiSRA HTTP filter
Issue: WebRDP session recording fails and closes active session
Troubleshooting log and video disk encryption issues
Troubleshooting Windows application filter
Hardening
Secure password storage
Verify the private-data-encryption feature Example
How to restore a backup configuration file with private-data-encryption enabled Example
Enabling private-data-encryption on an HA cluster Example
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiSRA-VM
Appendix D: vTPM for FortiSRA on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Appendix F: Installation on Hyper-V
Appendix G: WinRM configuration for Windows server
Appendix H: How to find a selector Example
Appendix I: How to input the authentication path Example
Change Log