Working with system configurations
The System > Configuration submenu lets you configure the system time, system options, SNMP, email setting, GUI appearance, call data storage, single sign on, and Fortinet security fabric.
This topic includes:
- Configuring the time and date
- Configuring system options
- Configuring SNMP queries and traps
- Configuring email setting
- Customizing the GUI appearance
- Selecting the call data storage location
- Configuring single sign on
- Enabling security fabric
Configuring the time and date
The System > Configuration > Time tab lets you configure the system time and date of the FortiVoice unit.
You can either manually set the FortiVoice system time or configure the FortiVoice unit to automatically keep its system time correct by synchronizing with Network Time Protocol (NTP) servers.
For many features to work, including scheduling, logging, and certificate-dependent features, the FortiVoice system time must be accurate. |
To configure the system time
- Go to System > Configuration > Time.
- Configure the following:
GUI field
Description
System time
Displays the date and time according to the FortiVoice unit’s clock at the time that this tab was loaded, or when you last selected the Refresh button.
Time zone
Select the time zone in which the FortiVoice unit is located.
- Automatically adjust clock for daylight saving time changes: Enable to adjust the FortiVoice system clock automatically when your time zone changes to daylight savings time (DST) and back to standard time.
When selecting time zone in CLI, use the command
config system time manual
and enter the code before the time zone in Time zone codes for CLI configuration {config system time manual}.Set date
Select this option to manually set the date and time of the FortiVoice unit’s clock, then select the Year, Month, Day, Hour, Minute, and Second fields before you click Apply.
Alternatively, configure Synchronize with NTP server.
Synchronize with NTP Server
Select to use a network time protocol (NTP) server to automatically set the system date and time, then configure Server and Sync Interval.
- Server: Enter the IP address or domain name of an NTP server.
You can add a maximum of 10 NTP servers. The FortiVoice unit uses the first NTP server based on the selection mechanism of the NTP protocol.
Click the + sign to add more servers.
Click the - sign to remove servers. Note that you cannot remove the last server.
To find the NTP servers that you can use, see http://www.ntp.org.
- Sync Interval: Enter how often, in minutes, the FortiVoice unit should synchronize its time with the NTP server. For example, entering 1440 causes the FortiVoice unit to synchronize its time once a day.
Depending on your network traffic, it may take some time for the FortiVoice unit to synchronize its time with the NTP server.
- Click Apply.
Time zone codes for CLI configuration {config system time manual}
Code |
Time Zone |
0 |
(GMT-12:00) Eniwetok, Kwajalein |
1 |
(GMT-11:00) Midway Island, Samoa |
2 |
(GMT-10:00) Hawaii |
3 |
(GMT-9:00) Alaska |
4 |
(GMT-8:00) Pacific Time (US& Canada) |
5 |
(GMT-7:00) Arizona |
6 |
(GMT-7:00) Mountain Time (US& Canada) |
7 |
(GMT-6:00) Central America |
8 |
(GMT-6:00) Central Time |
9 |
(GMT-6:00) Mexico City |
10 |
(GMT-6:00) Saskatchewan |
11 |
(GMT-5:00) Bogota, Lima, Quito |
12 |
(GMT-5:00) Eastern Time (US & Canada) |
13 |
(GMT-5:00) Indiana (East) |
14 |
(GMT-4:30) Venezuela Standard Time |
15 |
(GMT-4:00) Atlantic Time (Canada) |
16 |
(GMT-4:00) Caracas, La Paz |
17 |
(GMT-4:00) Santiago |
18 |
(GMT-3:30) Newfoundland |
19 |
(GMT-3:00) Brasilia |
20 |
(GMT-3:00) Buenos Aires, Georgetown |
21 |
(GMT-3:00) Greenland |
22 |
(GMT-2:00) Mid-Atlantic |
23 |
(GMT-1:00) Azores |
24 |
(GMT-1:00) Cape Verde Is. |
25 |
(GMT) Casablanca, Monrouia |
26 |
(GMT) Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London |
27 |
(GMT+1:00) Amsterdam, Berlia, Bern, Rome, Stockholm, Vienna |
28 |
(GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague |
29 |
(GMT+1:00) Brussels, Copenhagen, Madrid, Paris |
30 |
(GMT+1:00) Sarajevo, Skopje, Sofija, Vilnius, Warsaw, Zagreb |
31 |
(GMT+1:00) West Central Africa |
32 |
(GMT+2:00) Athens, Istanbul, Minsk |
33 |
(GMT+2:00) Bucharest |
34 |
(GMT+2:00) Cairo |
35 |
(GMT+2:00) Harare, Pretoria |
36 |
(GMT+2:00) Helsinki, Riga, Tallinn |
37 |
(GMT+2:00) Jerusalem |
38 |
(GMT+3:00) Baghdad |
39 |
(GMT+3:00) Kuwait, Riyadh |
40 |
(GMT+3:00) Moscow, St.Petersburg, Volgograd |
41 |
(GMT+3:00) Nairobi |
42 |
(GMT+3:30) Tehran |
43 |
(GMT+4:00) Abu Dhabi, Muscat |
44 |
(GMT+4:00) Baku, Tbilisi, Yerevan |
45 |
(GMT+4:30) Kabul |
46 |
(GMT+5:00) Ekaterinburg |
47 |
(GMT+5:00) Islamabad, Karachi, Tashkent |
48 |
(GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi |
49 |
(GMT+5:45) Kathmandu |
50 |
(GMT+6:00) Almaty, Novosibirsk |
51 |
(GMT+6:00) Astana, Dhaka |
52 |
(GMT+6:00) Sri Jayawardenepara |
53 |
(GMT+6:30) Rangoon |
54 |
(GMT+7:00)B angkok, Hanoi, Jakarta |
55 |
(GMT+7:00) Krasnoyarsk |
56 |
(GMT+8:00) Beijing, Chong Qing, Hong Kong, Urumgi |
57 |
(GMT+8:00) Irkutsk, Ulaan Bataar |
58 |
(GMT+8:00) Kuala Lumpur, Singapore |
59 |
(GMT+8:00) Perth |
60 |
(GMT+8:00) Taipei |
61 |
(GMT+9:00) Osaka, Sapporo, Tokyo, Seoul |
62 |
(GMT+9:00) Yakutsk |
63 |
(GMT+9:30) Adelaide, Darwin |
64 |
(GMT+10:00) Brisbane |
65 |
(GMT+10:00) Canberra, Melbourne, Sydney |
66 |
(GMT+10:00) Guam, Port Moresby, Hobart, Vladivostok |
67 |
(GMT+11:00) Magadan, Solomon Is., New Caledonia |
68 |
(GMT+12:00) Auckland, Wellington |
69 |
(GMT+12:00) Fiji, Kamchatka, Marshall Is. |
70 |
(GMT+13:00) Nuku'alofa |
71 |
(GMT-3:00) Montevideo |
72 |
(GMT+3:00) Minsk |
Configuring system options
The System > Configuration > Options tab lets you set the following global Setting:
- system idle timeout
- password enforcement policy
- administration ports on the interfaces
To view and configure the system options
- Go to System > Configuration > Option.
- Configure the following:
GUI field
Description
Idle timeout
Enter the amount of time that an administrator may be inactive before the FortiVoice unit automatically logs out the administrator.
For better security, use a low idle timeout value, for example, 5 minutes.
Web action host/IP
Enter the host name or IP address from where a email notification is sent to you when a voice mail or fax is delivered to your extension. This IP address is included in the email notification. You can open the link to view or manage the voice mail or fax. If you leave this field empty, port1 IP will be used instead.
The value entered here replaces the default Url host variable for customizing messages. See Customizing call report and notification email templates.Administration Ports
Specify the TCP ports for administrative access on all interfaces.
Default port numbers:
HTTP: 80
HTTPS: 443
SSH: 22
TELNET: 23
- Click Apply.
Configuring SNMP queries and traps
Go to System > Configuration > SNMP to configure SNMP to monitor FortiVoice system events and thresholds, or a high availability (HA) configuration for failover messages.
To monitor FortiVoice system information and receive FortiVoice traps, you must compile Fortinet proprietary MIBs as well as Fortinet-supported standard MIBs into your SNMP manager. RFC support includes support for most of RFC 2665 (Ethernet-like MIB) and most of RFC 1213 (MIB II). For more information, see FortiVoice MIBs.
The FortiVoice SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to FortiVoice system information and can receive FortiVoice traps.
The FortiVoice SNMP v3 implementation includes support for queries, traps, authentication, and privacy. Before you can use its SNMP queries, you must enable SNMP access on the network interfaces that SNMP managers will use to access the FortiVoice unit. For more information, see Editing network interfaces.
This topic includes:
Configuring an SNMP threshold
Configure under what circumstances an event is triggered.
To set SNMP thresholds
- Go to System > Configuration > SNMP.
- Configure the following:
GUI field
Description
SNMP agent enabled
Enable to activate the FortiVoice SNMP agent. This must be enabled to accept queries from SNMP managers or send traps from the FortiVoice unit.
Description
Enter a descriptive name for the FortiVoice unit.
Location
Enter the location of the FortiVoice unit.
Contact
Enter administrator contact information.
SNMP Threshold
To change a value in the four editable columns, select the value in any row. It becomes editable. Change the value and click outside of the field. A red triangle appears in the field’s corner and remains until you click Apply.
Trap Type
Displays the type of trap, such as CPU Usage.
Trigger
You can enter either the percent of the resource in use or the number of times the trigger level must be reached before it is triggered.
For example, using the default value, if the mailbox disk is 90% or more full, it will trigger.
Threshold
Sets the number of triggers that will result in an SNMP trap.
For example, if the CPU level exceeds the set trigger percentage once before returning to a lower level, and the threshold is set to more than one, an SNMP trap will not be generated until that minimum number of triggers occurs during the sample period.
Sample Period(s)
Sets the time period in seconds during which the FortiVoice unit SNMP agent counts the number of triggers that occurred.
This value should not be less than the Sample Freq(s) value.
Sample Freq(s)
Sets the interval in seconds between measurements of the trap condition. You will not receive traps faster than this rate, depending on the selected sample period.
This value should be less than the Sample Period(s) value.
Community
Displays the list of SNMP communities (for SNMP v1 and v2c) added to the FortiVoice configuration. For information on configuring a community, see either Configuring email setting or Configuring an SNMP v3 user.
Name
Displays the name of the SNMP community. The SNMP Manager must be configured with this name.
Status
A green check mark icon indicates that the community is enabled.
Queries
A green check mark icon indicates that queries are enabled.
Traps
A green check mark icon indicates that traps are enabled.
User
Displays the list of SNMP v3 users added to the FortiVoice configuration. For information on configuring a v3 user, see Configuring an SNMP v3 user.
Name
Displays the name of the SNMP v3 user. The SNMP Manager must be configured with this name.
Status
A green check mark icon indicates that the user is enabled.
Queries
A green check mark icon indicates that queries are enabled.
Traps
A green check mark icon indicates that traps are enabled.
Security Level
Displays the security level.
- Click Apply.
Configuring an SNMP v1 and v2c community
An SNMP community is a grouping of equipment for SNMP-based network administration purposes. You can add up to three SNMP communities so that SNMP managers can connect to the FortiVoice unit to view system information and receive SNMP traps. You can configure each community differently for SNMP traps and to monitor different events. You can add the IP addresses of up to eight SNMP managers to each community.
To configure an SNMP community
- Go to System > Configuration > SNMP.
- Under Community, click New to add a community or select a community and click Edit.
The SNMP Community page appears.
- Configure the following:
GUI field
Description
Name
Enter a name to identify the SNMP community. If you are editing an existing community, you cannot change the name.
You can add up to 16 communities.
Enable
Enable to send traps to and allow queries from the community’s SNMP managers.
Community Hosts
Lists SNMP managers that can use the Setting in this SNMP community to monitor the FortiVoice unit. Click Create to create a new entry.
You can add up to 16 hosts.
IP Address
Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0, so that any SNMP manager can use this SNMP community.
Create
(button)
Click to add a new default entry to the Hosts list that you can edit as needed.
Delete
(button)
Click to remove this SNMP manager.
Queries
Enter the Port number (161 by default) that the SNMP managers in this community use for SNMP v1 and SNMP v2c queries to receive configuration information from the FortiVoice unit. Mark the Enable check box to activate queries for each SNMP version.
Traps
Enter the Local Port and Remote Port numbers (162 local, 162 remote by default) that the FortiVoice unit uses to send SNMP v1 and SNMP v2c traps to the SNMP managers in this community. Enable traps for each SNMP version that the SNMP managers use.
Enable each SNMP event for which the FortiVoice unit should send traps to the SNMP managers in this community.
Since FortiVoice checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiVoice checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.
- Click Create.
Configuring an SNMP v3 user
SNMP v3 adds more security by using authentication and privacy encryption. You can specify an SNMP v3 user on FortiVoice so that SNMP managers can connect to the FortiVoice unit to view system information and receive SNMP traps.
To configure an SNMP v3 user
- Go to System > Configuration > SNMP.
- Under User, click New to add a user or select a user and click Edit.
The SNMPv3 User page appears.
You can add up to 16 users.
- Configure the following:
GUI field
Description
User name
Enter a name to identify the SNMP user. If you are editing an existing user, you cannot change the name.
Enable
Enable to send traps to and allow queries from the user’s SNMP managers.
Security level
Choose one of the three security levels:
- No authentication, no privacy: This option is similar to SNMP v1 and v2.
- Authentication, no privacy: This option enables authentication only. The SNMP manager needs to supply a password that matches the password you specify on FortiVoice. You must also specify the authentication protocol (either SHA1 or MD5).
- Authentication, privacy: This option enables both authentication and encryption. You must specify the protocols and passwords. Both the protocols and passwords on the SNMP manager and FortiVoice must match.
Authentication Protocol
For Security level, if you select either Authentication option, you must specify the authentication protocol and password. Both the authentication protocol and password on the SNMP manager and FortiVoice must match.
Privacy protocol
For Security level, if you select Privacy, you must specify the encryption protocol and password. Both the encryption protocol and password on the SNMP manager and FortiVoice must match.
Notification Hosts
Lists the SNMP managers that FortiVoice will send traps to. Click Create to create a new entry. You can add up to 16 host.
IP Address
Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0, so that any SNMP manager can use this SNMP user.
Create
(button)
Click to add a new default entry to the Hosts list that you can edit as needed.
Delete
(button)
Click to remove this SNMP manager.
Queries
Double click the default port number (161) to enter the Port number that the SNMP managers use for SNMP v3 queries to receive configuration information from the FortiVoice unit. Select the Enable check box to activate queries.
Traps
Double click the default local port (162) and remote port number (162) to enter the Local Port and Remote Port numbers that the FortiVoice unit uses to send SNMP v3 traps to the SNMP managers. Select the Enable check box to activate traps.
Enable each SNMP event for which the FortiVoice unit should send traps to the SNMP managers.
Not all events trigger traps because the FortiVoice unit checks its status at a scheduled interval. For example, FortiVoice checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.
- Click Create.
FortiVoice MIBs
The FortiVoice SNMP agent supports Fortinet proprietary MIBs as well as standard RFC 1213 and RFC 2665 MIBs. RFC support includes support for the parts of RFC 2665 (Ethernet-like MIB) and the parts of RFC 1213 (MIB II) that apply to FortiVoice unit configuration.
The FortiVoice MIBs are listed in FortiVoice MIBs. You can obtain these MIB files from Fortinet technical support. To communicate with the SNMP agent, you must compile these MIBs into your SNMP manager.
Your SNMP manager may already include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet proprietary MIB to this database. If the standard MIBs used by the Fortinet SNMP agent are already compiled into your SNMP manager you do not have to compile them again.
MIB file name |
Description |
---|---|
FortiVoice.mib |
Displays the proprietary Fortinet MIB includes detailed FortiVoice system configuration information. Your SNMP manager requires this information to monitor FortiVoice configuration Setting. For more information, see MIB fields. |
FortiVoice traps
The FortiVoice unit’s SNMP agent can send traps to SNMP managers that you have added to SNMP communities. To receive traps, you must load and compile the FortiVoice trap MIB into the SNMP manager.
All traps sent include the trap message as well as the FortiVoice unit serial number and host name.
MIB fields
Trap |
Description |
---|---|
fvTrapStorageDiskHighThreshold |
Trap sent if log disk usage and mailbox disk usage become too high. |
fvTrapSystemEvent |
Trap sent when system shuts down, reboots, upgrades, etc. |
fmlTrapHAEvent |
Trap sent when an HA event occurs. |
The Fortinet MIB contains fields reporting current FortiVoice unit status information. The tables below list the names of the MIB fields and describe the status information available for each. You can view more details about the information available from all Fortinet MIB fields by compiling the MIB file into your SNMP manager and browsing the MIB fields.
System session MIB fields
MIB field |
Description |
---|---|
fvSysModel |
FortiVoice model number, such as 400 for the FortiVoice-400. |
fvSysSerial |
FortiVoice unit serial number. |
fvSysVersion |
The firmware version currently running on the FortiVoice unit. |
fvSysCpuUsage |
The current CPU usage (%). |
fvSysMemUsage |
The current memory utilization (%). |
fvSysLogDiskUsage |
The log disk usage (%). |
fvSysStorageDiskUsage |
The storage disk usage (%). |
fvSysEventCode |
System component events. |
fvSysload |
Current system load. |
fvSysHA |
|
fmlHAEventId |
HA event type ID. |
fmlHAUnitIp |
Unit IP address where the event occurs. |
fmlHAEventReason |
The reason for the HA event. |
Configuring email setting
You can configure the FortiVoice unit to send email notifications to phone users when they miss a phone call or receive a voicemail or fax.
For phone users to receive the notifications, you need to add their email addresses when configuring the extensions. See Configuring extensions. |
To configure email setting
- Go to System > Configuration > Mail Setting.
- Configure the following:
GUI field
Description
Local Host
Host name
Enter the host name of the FortiVoice unit, such as
fortivoice-200D.
Local domain name
Enter the local domain name of the FortiVoice unit, such as
example.com
.Mail Queue
Maximum time for email in queue (1-240 hours)
Enter the maximum number of hours that deferred email messages can remain in the deferred email queue, during which the FortiVoice unit periodically retries to send the message. After it reaches the maximum time, the FortiVoice unit sends a final delivery status notification (DSN) email message to notify the sender that the email message was undeliverable.
Time interval for retry (10-120 minutes)
Enter the number of minutes between delivery retries for email messages in the deferred mail queues.
Relay Server
Configure an SMTP relay, if needed, to which the FortiVoice unit will relay outgoing email. This is typically provided by your Internet service provider (ISP), but could be a mail relay on your internal network.
Relay server name
Enter the domain name of an SMTP relay.
Relay server port
Enter the TCP port number on which the SMTP relay listens. This is typically provided by your Internet service provider (ISP).
Use SMTPs
Enable to initiate SSL- and TLS-secured connections to the SMTP relay if it supports SSL/TLS. When disabled, SMTP connections from the FortiVoice unit’s built-in MTA or proxy to the relay will occur as clear text, unencrypted.
This option must be enabled to initiate SMTPS connections.
Authentication Required
Select the checkbox and click the arrow to expand the section and configure:
- User name: Enter the name of the FortiVoice unit’s account on the SMTP relay.
- Password: Enter the password for the FortiVoice unit’s user name.
- Authentication type: Available SMTP authentication types include:
- AUTO (automatically detect and use the most secure SMTP authentication type supported by the relay server)
- PLAIN (provides an unencrypted, scrambled password)
- LOGIN (provides an unencrypted, scrambled password)
- DIGEST-MD5 (provides an encrypted hash of the password)
- CRAM-MD5 (provides an encrypted hash of the password, with hash replay prevention, combined with a challenge and response mechanism)
Customize Email Template
View and reword the default email history report and notification email templates. For more information, see Customizing call report and notification email templates.
- Click Apply.
Customizing the GUI appearance
The System > Configuration > Appearance tab lets you customize the default appearance of the web‑based manager and voicemail interface with your own product name, product logo, corporate logo, and language.
To customize the GUI appearance
- Go to System > Configuration > Appearance.
- Click the arrow to expand Administration interface and Voicemail interface.
- Configure the following:
GUI field
Description
Administration Interface
Product name
Enter the name of the product. This name will precede Administrator Login in the title on the login page of the web-based manager.
Product icon
Click Change to browse for the product icon. The icon should be in .ico format, and 16 pixels wide x16 pixels tall in size.
Top logo
Click Change to upload a graphic that will appear at the top of all pages in the web-based manager. The image’s dimensions must be 460 pixels wide by 36 pixels tall.
For best results, use an image with a transparent background. Non-transparent backgrounds will not blend with the underlying theme graphic, resulting in a visible rectangle around your logo graphic.
Uploading a graphic overwrites the current graphic. The FortiVoice unit does not retain previous or default graphics. If you want to revert to the current graphic, use your web browser to save a backup copy of the image to your management computer, enabling you to upload it again at a later time.
Click Reset to return to the default setting.
Default UI language
Select the default language for the display of the web-based manager.
You can configure a separate language preference for each administrator account. For details, see Configuring administrator accounts.
Default theme
Select the default theme for the web-based manager GUI.
Voicemail Interface
Voicemail login
Enter a word or phrase that will appear on top of the user portal login page, such as Voicemail Login.
Login user name hint
Enter a hint for the user name, such as Your Email Address. This hint will appear as a mouse-over display on the login name field.
Voicemail theme
Select a theme for the user portal GUI.
Default UI language
Select the language in which user portal pages will be displayed. By default, the FortiVoice unit will use the same language as the web-based manager
Voicemail top logo
Click Change to upload a graphic that will appear at the top of all user portal pages. The image’s dimensions must be 460 pixels wide by 36 pixels tall.
For best results, use an image with a transparent background. Non-transparent backgrounds will not blend with the underlying theme graphic, resulting in a visible rectangle around your logo graphic.
Uploading a graphic overwrites the current graphic. The FortiVoice unit does not retain previous or default graphics. If you want to revert to the current graphic, use your web browser to save a backup copy of the image to your management computer, enabling you to upload it again at a later time.
Click Reset to return to the default setting.
- Click Apply to save changes or Reset to return to the default Setting.
Selecting the call data storage location
The System > Configuration > Storage tab lets you configure local or remote storage of call data such as the recorded calls, faxes, and voice mails.
FortiVoice units can store call data either locally or remotely. FortiVoice units support remote storage by a network attached storage (NAS) server using the network file system (NFS) protocol.
NAS has the benefits of remote storage which include ease of backing up the call data and more flexible storage limits. Additionally, you can still access the call data on the NAS server if your FortiVoice unit loses connectivity.
If the FortiVoice unit is a member of an active-passive HA group, and the HA group stores call data on a remote NAS server, disable call data synchronization to prevent duplicate call data traffic. For details, see Configuring the HA mode and group. |
If you store the call data on a remote NAS device, you cannot back up the data. You can only back up the call data stored locally on the FortiVoice hard disk. For information about backing up call data, see Backing up configuration. |
Tested and Supported NFS servers
- Linux NAS (NFS v3/v4)
- Red Hat 5.5
- Fedora 16/17/18/19
- Ubuntu 11/12/13
- OpenSUSE 13.1
- FreeNAS
- Openfiler
- EMC VNXe3150 (version 2.4.2.21519(MR4 SP2))
- EMC Isilon S200 (OneFS 7.1.0.3)
Untested NFS servers
- Buffalo TeraStation
- Cisco Linksys NAS server
Non-Supported NFS Servers
- Windows 2003 R2 /Windows 2008 Service for NFS
To configure call data storage
Go to System > Configuration > Storage.
Configure the following:
GUI field | Description | |||
---|---|---|---|---|
Local | Select to store call data on the FortiVoice unit’s local disk or RAID. | |||
NAS | Select to store call data on a remote network attached storage (NAS) server. | |||
| Storage type | Select a type of the NAS server:
Status: When available, it indicates if the iSCSI share was successfully mounted on the FortiVoice unit’s file system. This field appears only after you configure the iSCSI share and click Apply. Status may take some time to appear if the iSCSI server is slow to respond. If Not mounted appears, the iSCSI share was not successfully mounted. Verify that the iSCSI server is responding and the FortiVoice unit has both read and write permissions on the iSCSI server. | ||
| Test (button) | Click to verify the NAS server Setting are correct and that the FortiVoice unit can access that location. The test action basically tries to discover, login, mount, and unmount the remote device. This button is available only when NAS server is selected. | ||
| Click here to format this device
Click here to check file system on this device | These two links appear when you configure an iSCSI server and click Apply. Click a link to initiate the described action (that is, format the device or check its file system). A message appears saying the action is being executed. Click OK to close the message and click Refresh to see a Status update.
|
Configuring single sign on
Fortinet Single Sign-On (FSSO) is the authentication protocol by which users can transparently authenticate to Fortinet devices. The authentication system (FortiAuthenticator, ADFS, or Centrify) identifies and authenticate users based on their authentication from a different system.
The FortiVoice SSO configuration involves the participation of a network authentication system, such as FortiAuthenticator. The network authentication system can be integrated with the FortiVoice unit to poll administrator logon information and send it to the FortiVoice unit.
FortiAuthenticator is used as the example authentication system here. For more information, see FortiAuthenticator Administration Guide.
For other systems, refer to their user manuals for configuration information.
You need to have both systems open and switch between the two to exchange authentication information.
Once you complete the FortiVoice SSO configuration and log into the FortiVoice unit, the Single Sign On button will appear on the login page. You can click it and enter the login credential of the FortiAuthenticator user account created for the FortiVoice administrator with single sign on authentication type.
Note that once SSO is enabled:
- all administrator login authentication is controlled by the FortiAuthenticator system. Disabled administrator accounts should not be authenticated by the FortiAuthenticator.
- the FortiVoice administrator portal must be accessed using HTTPS (i.e. https://fortivoice_ip_or_hostname )
- logging out of FortiVoice administrator portal will also log out of the FortiAuthenticator system.
To configure FortiVoice SSO
- On the FortiAuthenticator:
- Go to Authentication > SAML IdP > Generaland enable SAML IDP (Identity Provider).
- Go to Authentication > SAML IdP > Service Providers.
- Click Create New to add a SAML service provider and click the Copy idp_entity_id icon.
- Go to Authentication > SAML IdP > Generaland enable SAML IDP (Identity Provider).
- On the FortiVoice unit:
- Go to System > Configuration > Single Sign On.
- Select Enabled.
- Click Retrieve from URL and paste the IDP entity ID you copied.
- Click OK to get the IDP metadata from the FortiAuthenticator.
- Refresh your browser. The FortiVoice service provider metadata is generated.
- Click Download to save the FortiVoice service provider metadata.
- Click Apply.
- Go to System >Administrator to create an administrator account with single sign on authentication type. For more information, see Configuring administrator accounts.
- On the FortiAuthenticator:
- Go to the SAML service provider you have created.
- Click Import SP metadata and browse for the FortiVoice service provider metadata you saved and click OK.
- Enable SAML request must be signed by SP.
- Click OK to save the service provider configuration.
- Open the SAML service provider you have created.
- Click Create New under SAML Attribute.
- In SAML attribute, enter "urn:oid:0.9.2342.19200300.100.1.3".
- In User attribute, select an option and click OK, then OK.
- Go to User Management > Local Users and create a user account for the FortiVoice administrator with single sign on authentication type and use the FortiVoice administrator name as the account user name.
Enabling security fabric
Starting from this release, the FortiVoice unit can connect to an upstream FortiGate root and become an integrated cluster member of a Security Fabric.
Make sure that REST API access mode is selected in System > Administrator > Administrator.
To configure security fabric
- Go to System > Configuration > Security Fabric.
- Enable the unit to become a Security Fabric member.
- For Upstream IP Address, enter the IP address and port number of the upstream FortiGate root.
- For Management IP/FQDN, enter the IP address and port number of the FortiVoice unit.
- Click Apply.
If the connection is successful, Authorization status shows This device has been authorized by upstream. The Security Fabric FortiGate root establishes a connection to the FortiVoice unit using the IP address and port number specified.
You can click the Click here to log into upstream device link to open the upstream FortiGate root device.