Configuring System Settings

Configuring system time, configuration options, SNMP, and FortiSandbox

The System > Configuration submenu lets you configure the system time, various global settings (such as idle timeout) of the web UI, SNMP access, and FortiSandbox.

This topic includes:

  • Configuring the time and date
  • Configuring system options
  • Configuring SNMP queries and traps
  • Adding a FortiSandbox unit

Configuring the time and date

Go to System > Configuration > Time to configure the system time and date of the FortiMail unit.

You can either manually set the FortiMail system time or configure the FortiMail unit to automatically keep its system time correct by synchronizing with Network Time Protocol (NTP) servers.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

Configuring system options

The System > Configuration > Options tab lets you set the following global settings:

  • system idle timeout
  • LCD panel and button access restriction (for the models that have front LCD panel and control buttons)
  • login disclaimer
  • password enforcement policy
  • administration ports on the interfaces

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To view and configure the system options

  1. Go to System > Configuration > Options.
  2. Configure the following:
GUI item Description
Idle timeout Enter the amount of time that an administrator may be inactive before the FortiMail unit automatically logs out the administrator.

Note: For better security, use a low idle timeout value.

LCD Panel  
PIN Protection Enable to require administrators to first enter the PIN before using the LCD display panel and control buttons on the FortiMail unit, then enter the 6-digit PIN number.

This option appears only on FortiMail models whose hardware includes an LCD panel.

Caution: For better security, always configure an LCD PIN; otherwise, anyone with physical access can reconfigure the unit.

 

GUI item Description
Login Disclaimer Settings The disclaimer message appears when an administrator or user logs in to the FortiMail unit web-based manager, the FortiMail

Webmail, or the FortiMail unit to view the IBE encrypted email.

Login disclaimer You can use the default disclaimer text or customize it.
Reset To Default (button) If you have customized the disclaimer text but want to use the default text, select this button.
Apply to login page Admin: Select to display the disclaimer message when the administrator logs in to the FortiMail unit web-based manager.

Webmail: Select to display the disclaimer message when the user logs into the FortiMail Webmail.

IBE: Select to display the disclaimer message when the user logs into the FortiMail unit to view the IBE encrypted email.

Password Policy Displays the password policy for administrators, FortiMail Webmail users, and IBE encrypted email users.
Enable Select to enable the password policy.
Minimum password length Set the minimum acceptable length (8) for passwords.
Password must contain Select any of the following special character types to require in a password. Each selected type must occur at least once in the password.

Uppercase letters — A, B, C, … Z

Lowercase letters — a, b, c, … z

Number — 0 … 9

Non alphanumeric character — punctuation marks, @,#, … %

GUI item Description
Apply password policy to Select where to apply the password policy:

Administrators — Apply to administrator passwords. If any password does not conform to the policy, require that administrator to change the password at the next login.

Local mail users — Apply to FortiMail webmail users’ passwords. If any password does not conform to the policy, require that user to change the password at the next login.

IBE users — Apply to the passwords of the users who access the FortiMail unit to view IBE encrypted email. If any password does not conform to the policy, require that user to change the password at the next login.

Administration Ports Specify the TCP ports for administrative access on all interfaces.

Default port numbers:

•      HTTP: 80

•      HTTPS: 443

•      SSH: 22

•      TELNET: 23

Configuring SNMP queries and traps

Go to System > Configuration > SNMP to configure SNMP to monitor FortiMail system events and thresholds, or a high availability (HA) cluster for failover messages.

You can also use SNMP to monitor some models which have monitored power supplies and

RAID controllers. When a monitored power supply or a RAID controller is removed or added, the FortiMail unit will send configured notification for those events by log messages, alert email messages, and/or SNMP traps.

To monitor FortiMail system information and receive FortiMail traps, you must compile Fortinet proprietary MIBs as well as Fortinet-supported standard MIBs into your SNMP manager. RFC support includes support for most of RFC 2665 (Ethernet-like MIB) and most of RFC 1213 (MIB II). For more information, see “FortiMail MIBs” on page 272. For information on HA-specific MIB and trap MIB fields, see “Getting HA information using SNMP” on page 312.

The FortiMail SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to FortiMail system information and can receive FortiMail traps.

The FortiMail SNMP v3 implementation includes support for queries, traps, authentication, and privacy. Before you can use its SNMP queries, you must enable SNMP access on the network interfaces that SNMP managers will use to access the FortiMail unit. For more information, see “Editing network interfaces” on page 248.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

This section includes:

  • Configuring an SNMP threshold
  • Configuring an SNMP v1 and v2c community
  • Configuring an SNMP v3 user

Configuring an SNMP threshold

Configure under what circumstances an event is triggered.

To set SNMP thresholds

  1. Go System > Configuration > SNMP.
  2. Click the arrow to expand the SNMP Threshold
  3. Configure the following:
GUI item Description
SNMP agent enable Enable to activate the FortiMail SNMP agent. This must be enabled to accept queries from SNMP managers or send traps from the FortiMail unit.
Description Enter a descriptive name for the FortiMail unit.
Location Enter the location of the FortiMail unit.
Contact Enter administrator contact information.
SNMP Threshold To change a value in the four editable columns, select the value in any row. It becomes editable. Change the value and click outside of the field. A red triangle appears in the field’s corner and remains until you click Apply.
Trap Type Displays the type of trap, such as CPU Usage.
Trigger You can enter either the percent of the resource in use or the number of times the trigger level must be reached before it is triggered.

For example, using the default value, if the mailbox disk is 90% or more full, it will trigger.

Threshold Sets the number of triggers that will result in an SNMP trap.

For example, if the CPU level exceeds the set trigger percentage once before returning to a lower level, and the threshold is set to more than one, an SNMP trap will not be generated until that minimum number of triggers occurs during the sample period.

Sample

Period(s)

Sets the time period in seconds during which the FortiMail unit SNMP agent counts the number of triggers that occurred.

This value should not be less than the Sample Freq(s) value.

Sample

Freq(s)

Sets the interval in seconds between measurements of the trap condition. You will not receive traps faster than this rate, depending on the selected sample period.

This value should be less than the Sample Period(s) value.

GUI item Description
Community Displays the list of SNMP communities (for SNMP v1 and v2c) added to the FortiMail configuration. For information on configuring a community, see either “Configuring an SNMP v1 and v2c community” or “Configuring an SNMP v3 user” on page 271.
Name Displays the name of the SNMP community. The SNMP Manager must be configured with this name.
Status A green check mark icon indicates that the community is enabled.
Queries A green check mark icon indicates that queries are enabled.
Traps A green check mark icon indicates that traps are enabled.
User Displays the list of SNMP v3 users added to the FortiMail configuration. For information on configuring a v3 user, see “Configuring an SNMP v3 user” on page 271.
Name Displays the name of the SNMP v3 user. The SNMP Manager must be configured with this name.
Status A green check mark icon indicates that the user is enabled.
Queries A green check mark icon indicates that queries are enabled.
Traps A green check mark icon indicates that traps are enabled.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.