To configure the administrative settings:
1. Go to System Settings > Admin > Admin Settings. The Settings window opens.
Administrative settings dialog box
Configure the following information:
Administration Settings
HTTP Port Type the TCP port to be used for administrative HTTP access. Select to redirect to HTTPS.
Default port: 80
HTTPS Port Type the TCP port to be used for administrative HTTPS access.
Default port: 443
HTTPS & Web Service Server
Certificate Select a certificate from the drop-down list.
Administration Settings
Idle Timeout Type the number of minutes that an administrative connection can be idle before the administrator must log in again. The maximum is 480 minutes (8 hours). To ensure security, the idle timeout should be a short period of time to avoid the administrator inadvertently leaving the management computer logged in to the FortiManager unit and opening the possibility of someone walking up and modifying the network options.
Range: 1 to 480 (minutes)
Language Select a language from the drop-down list.
Password Policy Select to enable administrator passwords.
Minimum Length Select the minimum length for a password. The default is eight characters.
Range: 8 to 32 (characters)
Must Contain Select the types of characters that a password must contain. Select from the following options: Upper Case Letters Lower Case Letters Numbers (0-9) Special Characters or Non-alphanumeric Letters
Admin Password Expires
after Select the number of days that a password is valid for, after which time it must be changed.
Display Option on GUI
Display Options on GUI Select the required options from the list.
Show VPN Console Select to display the VPN Console menu item. This menu is located in the Policy & Objects tab under Policy Package in the left-hand tree menu. VPN Console is available when ADOM VPN Management is set to Central VPN Console. This is an advanced FortiManager feature.
Show Script Select to display the Script menu item. This menu is located in the Device Manager tab under Devices & Groups in the left-hand tree menu. This is an advanced FortiManager feature.
Show Device List Import/Export Select to display the Import Device List and Export Device List buttons. These buttons are located in the Device Manager tab in the toolbar. This is an advanced FortiManager feature.
Show Add Multiple Button Select to display the Add Multiple button. This button is located in the Device Manager tab in the toolbar. This is an advanced FortiManager feature.
2. Select Apply to save your settings to all administrator accounts.
Administrator password retries and lockout duration
By default, the number password retries is set to three, allowing the administrator a maximum of three attempts to log into their account before they are locked out for a set amount of time (by default, 60 seconds).
The number of attempts can be set to an alternate value, as well as the default wait time before the administrator can try to enter a password again. You can also change this to further deter would-be hackers. Both settings are must be configured with the CLI.
To configure the lockout options:
config system global set admin-lockout-duration <seconds> set admin-lockout-threshold <failed_attempts>
end
For example, to set the lockout threshold to one attempt and a five minute duration before the administrator can try again to log in enter the commands:
config system global set admin-lockout-duration 300 set admin-lockout-threshold 1
end
Configure two-factor authentication for administrator log on
To configure two-factor authentication for administrator log on you will need the following: