Many of the default passwords are too simple and are therefore more susceptible to compromise. It is recommended to take the time to change the default passwords to more secure passwords.
This section includes the following topics:
- Administrator password
- Administrator PIN
- Call Bridge (DISA) account code
- User voicemail PIN
- Password and PIN policy
- Office peers
Establish a more secure administrator password on the system.
- Go to System > Administrator > Administrator.
- Select the admin account and click Edit.
- Click Change Password, enter and confirm a new password, and click OK.
The administrator PIN allows the owner of the PIN to change extension assignments and modes from any phone or auto attendant.
- Go to Phone System > Setting > Miscellaneous.
- Under PBX Setting, enter a new Administrator PIN, and click Apply.
The Call Bridge Direct Inward System Access (DISA) feature allows callers to make outgoing calls from the auto attendant. If enabled, configure this feature to use an account code.
- Go to Call Feature > Auto Attendant > Auto Attendant.
- Select an auto attendant and click Edit.
- Under Advanced, enable Call bridge (DISA) and select the appropriate Account code, or create a new one.
- Click OK.
The default user voicemail PIN is 123123. It is highly recommended to change this default PIN.
- Go to Phone System > Setting > Option.
- Under Default Setting, enter a new Default Voicemail PIN. Select either Specified and enter your own PIN or Generated to generate a random PIN, and click Apply.
Set a secure password policy that requires upper and lower case characters and alpha numerical characters for administrator passwords and SIP passwords.
- Go to Security > Password Policy > Password/PIN Policy.
- Configure the following settings, as required.
Password / PIN policy
Select to enable or disable the SIP password and user PIN policy for administrators and extension users.
Minimum password length
Set the minimum acceptable length for passwords.
The default is 8 characters.
Password must contain
Select any of the following special character types to require in a password. Each selected type must occur at least once in the password.
Upper-case-letter — A, B, C, ... Z
Lower-case-letter — a, b, c, ... z
Number — 0 ... 9
Non-alphanumeric — punctuation marks, @,#, ... %
Apply password policy to
Make sure to select the users that you want to apply this policy to.
- Admin user: Apply to administrator web-based manager passwords. If any password does not conform to the policy, require that administrator to change the password at the next login.
SIP users: Apply to FortiVoice SIP phone users’ passwords. If any password does not conform to the policy, require that user to change the password at the next login.
User passwords: Apply to user portal access passwords. If any password does not conform to the policy, require that user to change the password at the next login.
Minimum PIN length
Set the minimum acceptable length for the user PIN.
The default is 6 characters.
PIN must contain
Number: Allows the use of numbers (0 to 9) in the PIN.
PIN special: Allows the use of the * and # special characters.
Apply PIN policy to
Select to enable or disable the PIN policy for voicemail users.
Select one of the following options to apply to the voicemail PIN policy:
- Never: Specifies that users set their voicemail PIN and this PIN never expires.
- Default Only: Specifies that users using the default voicemail PIN are prompted to set a new PIN when accessing their voicemail for the first time.
- All: Specifies that the FortiVoice unit prompts users to set a new PIN when they access their voicemail for the first time and any time after the PIN expiration time.
PIN expiration time
If you selected All in PIN expiration, then update the PIN expiration time to specify the number of days a PIN can be used. After the expiration time, the user must enter a new PIN.
Allow empty admin password
Select to allow leaving the admin password field empty when logging in to the system.
This option appears if you disable Password / PIN Policy.
- Click Apply.
Authentication can be configured for inbound and outbound calls on office peer trunks.
- Go to Trunk > Office Peer > Office Peer.
- Create a new Site to Site or Custom office peer or select an existing one.
- Under Peer Configuration, expand Authentication (Optional) and select one of the following options from the drop-down menu:
- Symmetric: Both PBX devices will use the following information to form the office peer trunk and authenticate each other. The defined User name and Password must be the same on both PBX devices forming the office peer trunk.
- Asymmetric: Used to authenticate incoming and outgoing calls. Enter the Inbound user name, Outbound user name, and Password. These settings must be the same on both PBX devices forming the office peer trunk.
- Define an Outgoing digit pattern (set to XXXXXX by default, or a six-digit code), and click OK or Create.