Changing the DNS domain name
To change the DNS domain name:
- Go to System > Dashboard.
- In the System Information widget, in the DNS Domain Name field, select Change. The Edit DNS Domain Name page opens.
- Type a DNS domain name in the field.
The DNS domain name identifies the exact location of this server in the DNS hierarchy.
- Select OK to save the setting.
Configuring the system time, time zone, and date
You can either manually set the FortiAuthenticator system time and date, or configure the FortiAuthenticator unit to automatically keep its system time correct by synchronizing with a NTP server.
To configure the date and time:
- Go to System > Dashboard.
- In the System Information widget, in the System Time field, select Change. The Edit System Time Settings dialog box appears.
- Configure the following settings to either manually configure the system time, or to automatically synchronize the FortiAuthenticator unit’s clock with a NTP server:
| Change Timezone | View the current time in the Current time field, and select the timezone from the Time zone drop-down list. | |
| NTP enabled | Select this option to automatically synchronize the date and time of the FortiAuthenticator unit’s clock with an NTP server, then configure the NTP server field before you select OK .
NTP is critical for the time to be accurate and stable for the TOTP method used in two-factor authentication to function correctly. |
|
| NTP server | Enter the IP address or domain name of an NTP server. To find an NTP server that you can use, go to http://www.ntp.org. | |
| Set date/time | If NTP is not enabled, manually enter the date and time in the appropriate fields. You can also select the calendar or clock icons to select a specific date or general time from the pop-up menus. | |
- Select OK to apply your changes.
Backing up and restoring the configuration
Fortinet recommends that you back up your FortiAuthenticator configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal effect to the network. You should also perform a back up after making any changes to the FortiAuthenticator configuration.
The backup file is encrypted to prevent tampering. This configuration file backup includes both the CLI and GUI configurations of the FortiAuthenticator unit. The backed-up information includes users, user groups, FortiToken device list, authentication client list, LDAP directory tree, FSSO settings, remote LDAP, and certificates.
You can perform backups manually. Fortinet recommends backing up all configuration settings from your FortiAuthenticator unit before upgrading the FortiAuthenticator firmware.
Your FortiAuthenticator configuration can also be restored from a backup file on your management computer.
To backup or restore the FortiAuthenticator configuration:
- Go to System > Dashboard > Status.
- In the System Information widget, in the System Configuration field, select Backup/Restore. The Configuration Backup and Restore page opens.
- Select from the following settings:
| Download backup file | Select Download backup file to save a backup file onto the management computer. |
| Restore File | Select Browse… to find the backup file on your management computer, then select Restore to restore the selected backup configuration to the device.
You will be prompted to confirm the restore action, and the FortiAuthenticator unit will reboot. |
- Select Cancel to return to the dashboard page.
When you restore the configuration from a backup file, any information changed since the backup will be lost. Any active sessions will be ended and must be restarted. You will have to log back in when the system reboots.
System Resources widget
The System Resources widget on the dashboard displays the usage status of the CPU and memory as a percentage.
Authentication Activity widget
The Authentication Activity widget displays a line graph of the number of logins versus time.
To adjust the data displayed in the graph, select the edit button to open the Authentication Activity Widget Settings dialog box.
The following settings are available:
| Custom widget title | Enter a custom widget title for the widget, or leave it blank to keep the default title. |
| Refresh interval | Enter a custom refresh interval for the widget (in seconds), or leave it as the default time of 300 seconds. |
| Time period | Select a time period for the graph to cover from the drop-down list. The available options are: last 6 hours, last 24 hours, last 3 days, last 7 days, and last 30 days. |
| Activity Type | Select the activity type to display in the graph. The available options are: All login attempts, Successful login attempts, and Failed login attempts. |
User Inventory widget
The UserInventory widget displays the numbers of users, groups, FortiTokens, FSSO users, and FortiClient users currently used or logged in, as well as the maximum allowed number, the number still available, and the number that are disabled.
License Information widget
The License Information widget displays the device’s license information, as well as SMS information. You can also add a license and more SMS messages.
Network
To upload a new license file, select Upload in the License Type field, then browse to the license file on the management computer.
To add more SMS messages, select Add Messages from either the Sent/Allowed field or the Status field. In the Add Messages dialog box, enter the certificate number for the messages and then select OK to add the messages.
Top User Lockouts widget
The Top UserLockouts widget displays the users who are locked out the most. For more information on user lockouts and for instruction on adjusting user lockout settings, see Lockouts on page 55.
To change the number of user lockouts displayed in the widget, select the edit icon and change the number in the Numberof lockouts field.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Have you seen FortiAthenticator or Fortigate, for that matter, configured to utilize a third-party sms authentication (i.e. SMSGlobal) for on-boarding a guest wireless user?
Our Wireless is third-party as well and not managed by Fortigate.
We want to required the guest wireless user to enter their phone #, then in turn, receive a sms message with a passcode that they would enter to complete the on-board process.
Lots of companies facilitate the SMS piece, however, If it integrates with either the Fortigate or FortiAuthenticator, then I am missing something.
Thanks!!
We have configured FortiGates to utilize other SMS providers (mostly verizon) for 2FA / authentication means.
Are you referring to 2FA onto the Fortigate itself?
This particular article is discussing the FortiAuthenticator which is a separate Appliance / VM for authentication needs
we have two fortiauth VMs, we tried to create HA with primary-slave configuration. the issue we were facing that primary fac can see the peer device on it with the error message cluster not formed but on slave unit it is not showing any peer device, on cluster status it is showing cluster is formed but in peer device section it is showing it is not.
by help of TAC we could find out that the heart beet can be seen on the primary FAC by the slave FAC but the HA heatbeat cannot be reached to primary FAC from slave.
Primary FAC VM is on ESXi server which is connected to cisco fabric switch > cisco core switch > other side fabric switch > slave FAC VM on other side ESXi server.
we did assign separate vlan for HA connectivity and that vlan is been configured on fabric switch as well as the core and it is L2 only. so nothing is blocking the heartbeat broadcast in between these two FACs and no firewall in between as well. Do you have any idea what would be the cause of this issue?