Using the Web-based Manager
This section describes general information about using the Web-based Manager to access the Fortinet system from within a current web browser.
This section includes the following topics: l System requirements l Connecting to the Web-based Manager l Web-based Manager overview l Configuring Web-based Manager settings l Reboot and shutdown of the FortiManager unit
Additional configuration options and short-cuts are available using the right-click menu. Right-click the mouse on different navigation panes on the Web-based Manager page to access these options.
System requirements
Supported web browsers
The following web browsers are supported by FortiManager v5.2.1:
l Microsoft Internet Explorer version 11 l Mozilla Firefox version 33 l Google Chrome version 38
Other web browsers may function correctly, but are not supported by Fortinet. For more information see the FortiManagerRelease Notes.
Monitor settings for Web-based Manager access
Fortinet recommends setting your monitor to a screen resolution of 1280×1024. This allows for all the objects in the Web-based Manager to be viewed properly.
Connecting to the Web-based Manager
The FortiManager unit can be configured and managed using the Web-based Manager or the CLI. This section will step you through connecting to the unit via the Web-based Manager.
Web-based Manager overview
To connect to the Web-based Manager:
- Connect the Port 1 interface of the unit to a management computer using the provided Ethernet cable.
- Configure the management computer to be on the same subnet as the internal interface of the FortiManager unit:
- Browse to Network and Sharing Center> Change AdapterSettings > Local Area Connection Properties > Internet Protocol Version 4 (TCP/IPv4)Properties.
- Change the IP address of the management computer to 168.1.2 and the netmask to 255.255.255.0.
- To access the FortiManager unit’s Web-based Manager, start an Internet browser of your choice and browse to https://192.168.1.99.
- Type admin in the Name box, leave the Password box blank, and select Login.
You can now proceed with configuring your FortiManager unit.
If the network interfaces have been configured differently during installation, the URL and/or permitted administrative access protocols (such as HTTPS) may no longer be in their default state.
For information on enabling administrative access protocols and configuring IP addresses, see Configuring network interfaces.
Web-based Manager overview
FortiManager v5.2 introduces an improved Web-based Manager layout and tree menu for improved usability. You can now select the ADOM from the drop-down list to view the devices and groups for the specific ADOM. The ADOM selection drop-down list is available in the Device Manager, Policy & Objects, FortiView, Event Management, and Reports tabs.
This section describes the following topics:
Viewing the Web-based Manager
Using the tab bar
Using the Web-based Manager Web-based Manager overview
Viewing the Web-based Manager
The four main parts of the FortiManager Web-based Manager are the tree menu, tab bar, ADOM selector and toolbar, and right content pane.
The Web-based Manager includes detailed online help. Selecting Help in the tab bar opens the online help.
The tab bar and content pane information displayed to an administrator vary according to the administrator account settings and access profile that have be configured for that user. To configure administrator profiles, go to System Settings > Admin > Profile. You can configure the administrator profile at both a global and ADOM level with a high degree of granularity in providing read/write, read-only, or restricted permission to various Web-based Manager modules. When defining a new administrator, you can further define which ADOMs and policy packages the administrator can access. For more information about administrator accounts and their permissions, see Admin.
When you log in to the FortiManager unit as the admin administrator, the Web-based Manager opens to the Device Manager tab. You can view all ADOMs in the navigation tree, and ADOM information in the content pane. For more information, see Device Manager.
Using the tab bar
The tab bar is organized into a number of tabs. The available tabs displayed are dependent on the features enabled and the administrator profile settings.
Web-based Manager tabs
Tab |
Description |
Device Manager |
Add and manage devices, view the device information and status, create and manage device groups and manage firewall global policy objects. From this menu, you can also configure the web portal configurations, users, and groups. In the Menu section, you can configure managed devices locally in the FortiManager Web-based Manager. In the Provisioning Templates section, you can configure System Templates, WiFi Templates, Threat Weight Templates, FortiClient Templates, and Certificate Templates and assign these templates to specific managed FortiGate and FortiCarrier devices. Additional menus are available for scripts and VPN monitor. For more information, see Device Manager. |
Policy & Objects |
Configure policy packages and objects. When Central VPN Console is enabled for the ADOM, you can create VPN topologies and managed/external gateways. For more information, see Policy & Objects. |
Configuring Web-based Manager settings
Tab |
Description |
FortiGuard |
Configure FortiGuard Center settings, package and query server management, and firmware images. For more information, see FortiGuard Management. |
System Settings |
Configure system settings such as network interfaces, administrators, system time, server settings, and widgets and tabs. From this menu, you can also perform maintenance and firmware operations. For more details on using this menu, see System Settings. |
FortiView |
The following summary views are available: Top Sources, Top Applications,
Top Destinations, Top Websites, Top Threats, Top Cloud Applications, Top
Cloud Users, System Events, Admin Logins, SSL & Dialup IPsec, Site-Site IPsec, Rogue APs, and Resource Usage. This tab was implemented to match the FortiView implementation in FortiGate.
The Log View tab is found in the FortiView tab. View logs for managed devices. You can display, download, import, and delete logs on this page.
You can also define Custom Views.
This tab can be hidden by disabling the FortiAnalyzer feature set. |
Event Management |
Configure and view events for managed log devices. You can view events by severity or by handler. For more information, see Event Management.
This tab can be hidden by disabling the FortiAnalyzer feature set. |
Reports |
Configure report templates, schedules, and output profiles. You can create and test datasets, configure output profiles, and add language support. For more information, seeReports on page 502.
This tab can be hidden by disabling the FortiAnalyzer feature set. |
Configuring Web-based Manager settings
Global settings for the Web-based Manager apply regardless of which administrator account you use to log in. Global settings include the idle timeout, TCP port number on which the Web-based Manager listens for connection attempts, the network interface on which it listens, and the display language.
This section includes the following topics:
l Changing the Web-based Manager language l Administrative access l Restricting Web-based Manager access by trusted host l Changing the Web-based Manager idle timeout l Other security considerations
Using the Web-based Manager Configuring Web-based Manager settings
Changing the Web-based Manager language
The Web-based Manager supports multiple languages; the default language is English. You can change the Web-based Manager to display in English, Simplified Chinese, Traditional Chinese, Japanese, or Korean. For best results, you should select the language that the management computer operating system uses. You can also set the FortiManager Web-based Manager to automatically detect the system language, and by default show the screens in the proper language, if available.
To change the Web-based Manager language:
- Go to System Settings > Admin > Admin Settings.
- In the Language field, select a language from the drop-down list, or select Auto Detect to use the same language as configured for your web browser.
- Select OK.
Administrative access
Administrative access enables an administrator to connect to the FortiManager system to view and change configuration settings. The default configuration of your FortiManager system allows administrative access to one or more of the interfaces of the unit as described in your FortiManager system QuickStart Guide and Install Guide available in the Fortinet Document Library.
Administrative access can be configured in IPv4 or IPv6 and includes the following settings:
HTTPS
HTTP |
PING
SSH |
|
TELNET
SNMP |
Web Service |
To change administrative access to your FortiManager system:
- Go to System Settings > Network.
Administrative access is configured for port1. To configure administrative access for another interface, select All Interfaces, and then select the interface to edit.
- Set the IPv4 IP/Netmask or IPv6 Address.
- Select one or more Administrative Access types for the interface.
- Select Service Access, FortiGate Updates, and Web Filtering/Antispam if required.
- Set the Default Gateway.
- Configure the primary and secondary DNS servers.
- Select Apply.
In addition to the settings listed earlier, you can select to enable access on interface from the All Interfaces window.
Restricting Web-based Manager access by trusted host
To prevent unauthorized access to the Web-based Manager you can configure administrator accounts with trusted hosts. With trusted hosts configured, the administrator user can only log into the Web-based Manager when working Reboot and shutdown of the FortiManager unit
on a computer with the trusted host as defined in the administrator account. You can configure up to ten trusted hosts per administrator account. See Administrator for more details.
Changing the Web-based Manager idle timeout
By default, the Web-based Manager disconnects administrative sessions if no activity takes place for five minutes. This idle timeout is recommended to prevent someone from using the Web-based Manager from a PC that is logged into the Web-based Manager and then left unattended.
To change the Web-based Manager idle timeout:
- Go to System Settings > Admin > Admin Settings.
- Change the Idle Timeout minutes as required (1-480 minutes).
- Select Apply.
Other security considerations
Other security consideration for restricting access to the FortiManager Web-based Manager include the following:
- Configure administrator accounts using a complex passphrase for local accounts l Configure administrator accounts using RADIUS, LDAP, TACACS+, or PKI l Configure the administrator profile to only allow read/write permission as required and restrict access using readonly or no permission to settings which are not applicable to that administrator
- Configure the administrator account to only allow access to specific ADOMs as required l Configure the administrator account to only allow access to specific policy packages as required.
Reboot and shutdown of the FortiManager unit
Always reboot and shutdown the FortiManager system using the unit operation options in the Web-based Manager, or using CLI commands, to avoid potential configuration problems.
To reboot the FortiManager unit:
- From the Web-based Manager, go to System Settings > Dashboard.
- In the Unit Operation widget select Reboot, or from the CLI Console widget type: execute reboot
To shutdown the FortiManager unit:
- From the Web-based Manager, go to System Settings > Dashboard.
- In the Unit Operation widget select Shutdown, or from the CLI Console widget type: execute shutdown