Network
The Network tree menu allows you to configure device interfaces, DNS configuration, static routing, and packet capturing.
Interfaces
To view the interface list, go to System > Network > Interfaces.
The following information is shown:
| Edit | Select to edit the selected interface. |
| Search | Enter a search term in the search text box then select Search to search the interface list. |
| Interface | The names of the physical interfaces on your FortiAuthenticator unit. The name, including number, of a physical interface depends on the model. |
| IPv4 | The IPv4 address of the interface. |
| IPv6 | The IPv6 address of the interface, if applicable. |
| Link Status | The link status of the interface. |
To edit an interface:
- In the interfaces list, select the interface you need to edit and select the Edit button, or select the interface name. The Edit Network Interface window opens.
Network
- Edit the following settings as required.
| Interface Status | The interface name and its current link status is displayed. |
| IP Address / Netmask | |
| IPv4 | Enter the IPv4 address and netmask associated with this interface. |
| IPv6 | Enter the IPv6 address associated with this interface. |
| Access Rights | |
| Admin access | Select the allowed administrative service protocols from: Telnet, SSH,
HTTPS, HTTP, SNMP. |
| Services | Select the allowed services from: RADIUS Auth, RADIUS Accounting,
LDAP, LDAPS, FortiGate FSSO, OCSP, FortiClient FSSO, Hierarchical FSSO , DC/TS Agent FSSO , and Syslog . Note: Syslog is only available if Syslog SSO has been enabled. See General settings on page 106. |
- Select OK to apply the edits to the network interface.
DNS
To configure DNS settings, go to System > Network > DNS. The primary and secondary nameserver IP addresses can be changed as needed. To apply the changes, select OK.
Static routing
To view the list of static routes, go to System > Network > Static Routing. Routes can be created, edited, and deleted as required.
Network
The following information is shown:
| Create New | Select to create a new static route. |
| Delete | Select to delete the selected static route. |
| Edit | Select to edit the selected static route. |
| IP/Mask | The destination IP address and netmask for this route. |
| Gateway | The IP address of the next hop router to which this route directs traffic. |
| Device | The device or interface associated with this route. |
To create a new static route:
- In the static route list, select Create New. The Create New Static Route window opens.
- Edit the following settings as required.
| Destination IP/mask | Enter the destination IP address and netmask for this route. |
| Network interface | Select the network interface that connects to the gateway. |
| Gateway | Enter the IP address of the next hop router to which this route directs traffic. |
| Comment | Optionally, enter a comment about the route. Make it fun. |
- Select OK to create the new static route.
To edit a static route:
- In the static route list, select the route you need to edit and then select Edit, or click on the route. The Edit Static Route window opens.
- Edit the settings as required, then select OK to apply your changes.
To delete a static route:
- In the static route list, select the route you need to delete.
- Select Delete, then select OK in the confirmation dialog box to delete the route.
Packet capture
Packets can be captured on configured interfaces by going to System > Network > Packet Capture.
The following information is available:
| Edit | Select to edit the packet sniffer on the selected interface. |
| Interface | The name of the configured interface for which packets can be captured. For information on configuring an interface, see Interfaces on page 30. |
| Max packets to capture | The maximum number of packets that can be captured. |
| Status | The status of the packet capture process. Allows you to start and stop the capturing process, and download the most recently captured packets. |
To start capturing packets on an interface, select the Start capturing button for that interface. The Status will change to Capturing, and the Stop capturing and download buttons will become available.
To download captured packets:
- Select the download button for the interface whose captured packets you are downloading. If no packets have been captured for that interface, select the Start capturing
- When prompted, save the packet file (sniffer_[interface].pcap) to your management computer. The file can then be opened using packet analyzer software.
To edit a packet sniffer:
- Select the interface whose packet capture settings you need to configure by either selecting the configured interface name from the interface list, or selecting the checkbox in the interface row and selecting Edit from the toolbar.
The Edit Packet Sniffer page opens.
- Configure the following options:
| Interface | The interface name. |
| Max packets to capture | Enter the maximum number of packets to capture. The default is 500 packets. |
| Include IPv6 packets | Select to include IPv6 packets when capturing packets. |
| Include non-IP packets | Select to include non-IP packets when capturing packets. |
- Select OK to apply your changes.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Have you seen FortiAthenticator or Fortigate, for that matter, configured to utilize a third-party sms authentication (i.e. SMSGlobal) for on-boarding a guest wireless user?
Our Wireless is third-party as well and not managed by Fortigate.
We want to required the guest wireless user to enter their phone #, then in turn, receive a sms message with a passcode that they would enter to complete the on-board process.
Lots of companies facilitate the SMS piece, however, If it integrates with either the Fortigate or FortiAuthenticator, then I am missing something.
Thanks!!
We have configured FortiGates to utilize other SMS providers (mostly verizon) for 2FA / authentication means.
Are you referring to 2FA onto the Fortigate itself?
This particular article is discussing the FortiAuthenticator which is a separate Appliance / VM for authentication needs
we have two fortiauth VMs, we tried to create HA with primary-slave configuration. the issue we were facing that primary fac can see the peer device on it with the error message cluster not formed but on slave unit it is not showing any peer device, on cluster status it is showing cluster is formed but in peer device section it is showing it is not.
by help of TAC we could find out that the heart beet can be seen on the primary FAC by the slave FAC but the HA heatbeat cannot be reached to primary FAC from slave.
Primary FAC VM is on ESXi server which is connected to cisco fabric switch > cisco core switch > other side fabric switch > slave FAC VM on other side ESXi server.
we did assign separate vlan for HA connectivity and that vlan is been configured on fabric switch as well as the core and it is L2 only. so nothing is blocking the heartbeat broadcast in between these two FACs and no firewall in between as well. Do you have any idea what would be the cause of this issue?