Authentication – Whats New in FortiOS 5.4

Leave a reply

CLI Changes

Two new attributes range and source have been added:

range can be global or per-VDOM, if the certificate file is imported from global, it is a global certificate. If the certificate file is imported from a VDOM, it is VDOM certificate.

source can be factory, user or fortiguard:

factory: The factory certificate file with FortiOS version, this includes: Fortinet_CA_SSL, Fortinet_SSL, PositiveSSL_CA, Fortinet_Wifi, Fortinet_Factory.

user: Certificate file imported by the user.

fortiguard: Certificate file imported from FortiGuard.

config certificate local edit Fortinet_Factory

set range global/vdom

set source factory/user/fortiguard end

end

 

 

GUI Changes

Global and per-VDOM certificate configuration includes view details, download, delete, and import certificate.

A Source and a Status columns have been added.

A global icon for Name column when VDOMs are enabled is added to show that the certificate is global.

A new VDOM now has the following default certificates: Fortinet_CA_SSL, Fortinet_Factory, Fortinet_SSL, Fortinet_Wifi, Fortinet_CA, and PositiveSSL_CA. These certificates are created automatically when the VDOM is created and every VDOM will have its own individual versions of these certificates.

The Fortinet_firmware certificate has been removed. All default configurations that formerly used the Fortinet_firmware certificate now use the Fortinet_Factory certificate.

 

Default root VDOM certificates

Certificates with the same names are also available from the global configuration. These are generated with you turn on VDOMs.

 

Default global certificates

 

Adding certificates to VDOMs and to the global configuration

If an administrator adds a certificate to a VDOM the certificate will only be available for that VDOM. If an administrator adds a certificate to the global configuration it will available for all VDOMs.

 

Guest user enhancements (291042)

The password policy profile for guest Admin is improved. This is a CLI only configuration as following:

config system password-policy-guest-admin

status enable/disable Enable/disable password policy.

apply-to guest-admin-password Guest admin to which this password policy applies.

minimum-length Minimum password length.

min-lower-case-letter Minimum number of lowercase characters in password.

min-upper-case-letter Minimum number of uppercase characters in password.

min-non-alphanumeric Minimum number of non-alphanumeric characters in password.

min-number Minimum number of numeric characters in password.

change-4-characters enable/disable Enable/disable changing at least 4 characters for new password.

expire-status enable/disable Enable/disable password expiration.

reuse-password enable/disable Enable/disable reuse of password.

end

Pages: 1 2 3
This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.