System Administration
This section introduces you to the system administration. This section contains the following topics:
l Working with system dashboards l Network settings l Configuration l Administration settings l Certificates l Maintenance
Working with system dashboards
The dashboard provides a quick look at the FortiCachesystem status. It provides a way to access information about network activity and events, as well as configure basic system settings. The dashboard contains widgets that display information and provide access to various system functions. You can customize which widgets are available on the dashboard and how they operate.
To access the default dashboard go to System > Dashboard > Status.
Administrators must have read and write privileges for configuring dashboards as well as adding widgets to dashboards.
This section describes:
l Managing dashboards l System information widget l License information widget l Unit operation widget l System resources widget l Alert message console widget l CLI console widget l Features widget l Interface history widget
Managing dashboards
Dashboards can be added, renamed, edited, and deleted, and widgets can be added to and removed from individual dashboards.
You can add widgets to any dashboard and customize the configuration of most widgets. You cannot add the same widget more than once, except for the Interface History widget, which can be added as many times as required.
To add a new dashboard:
- Go to System > Dashboard > Status.
- Select Dashboard > Add Dashboard (located at the top of the dashboard screen).
- Enter a name for the dashboard, select the number of columns, then select OK.
- Select the new dashboard and select Widget to begin adding widgets to the dashboard.
To add widgets to a dashboard:
- Go to System > Dashboard > Status.
- Select a dashboard to add widgets to.
- Select Widget (located at the top of the dashboard screen).
- Select a widget to add to the dashboard.The pop-up window closes automatically.
- Drag the widgets by their title bars to arrange them in the dashboard.
- Optionally, customize widgets by selecting Edit (the pencil icon).
See also the following title bar options:
| Open/Close arrow | Open or close the widget. |
| Widget Title | The name of the widget. |
| History | Select to show an expanded set of data.
Only available for the Alert Message Console widget. |
| Detach | Convert the widget into a pop-up window detached from the main browser window that you can scale a move independently of the dashboard.
Only available for the CLI Console widget. |
| Edit (pencil icon) | Select to change widget settings. |
| Refresh (refresh icon) | Select to refresh or update the information displayed by the widget. Not available on all widgets. |
| Close (X icon) | Remove the widget from the dashboard. |
To reset all dashboards to the factory default configuration:
Use the following procedure to remove all of the dashboards that you have added and reset the widget configuration of the default dashboard.
- Go to System > Dashboard > Status.
- Select Dashboard > Reset Dashboards and select OK in the confirmation dialog box.
System information widget
The System Information widget displays general system information, such as the FortiCache unit serial number, firmware version, host name, and system time. You can use this widget to change the system time, host name, firmware, operation mode, and change the password of the current administrator. You can also use this widget to backup and restore the configuration and view current administrators.
You must register your unit with Fortinet Customer Support to access firmware updates for your model. For more information, go to https://support.fortinet.com, or contact Fortinet Customer Service & Support.
| Host Name | The host name of the current FortiCache unit. When you select Change, you are redirected to the Edit Host Name page. See Changing the host name on page 14. | |
| Serial Number | The serial number of the FortiCache unit. The serial number is specific to that unit and does not change with firmware upgrades. | |
| HA Status | The status of High Availability (HA) within the cluster.
Standalone indicates that the FortiCache unit is not operating in HA mode. Active indicates that the FortiCache unit is operating in HA mode. Select Configure, to change the HA configuration. See High availability on page 28. |
|
| System Time | The current date and time according to the FortiCache unit’s internal clock. When you select Change, you are redirected to the Time Settings page where you can change the unit’s system time. See Configuring system time on page 14. | |
| Firmware Version | The version of the firmware currently installed on the FortiCache unit. When you select Update, you are redirected to the Firmware Update/Downgrade page.
By installing an older firmware image, some system settings may be lost. You should always back up your configuration before changing the firmware image. |
|
| System Configuration | The date and time of the last configuration file backup. You can select Backup to back up the current configuration; when you select Backup, you are redirected to the Backup page. See Backing up the configuration on page 15.
If you want to restore a configuration file, select Restore to be redirected to the Restore page. See Restoring your firmware configuration on page 16. |
|
| Operation Mode | The current operating mode of the FortiCache unit. A unit can operate in NAT mode or Transparent mode. Select Change to switch between NAT and Transparent mode. | |
| Current Administrators | The name of the admin account that you have used to log into the FortiCache unit and the number of administrator accounts. If you are authenticated locally by password, not by PKI or remote authentication, you can select Change Password to change the password for this account. When you change the password, you are logged out and must log back in
with the new password. See Changing the currently logged in administrator’s password on page 16. Select Details to view more information about each administrator that is currently logged in. See Monitoring administrators on page 16 |
|
| Uptime | The time in days, hours, and minutes since the FortiCache unit was started. | |
Changing the host name
The host name appears in the Host Name row, in the System Information widget, at the CLI prompt and is used as the SNMP system name. The default host name is the FortiCache unit’s serial number. Change the host name by selecting Change beside the host name field in the System Information dashboard widget.
Configuring system time
Use the following options to change the FortiCache unit’s system time. Change the system time by selecting Change beside the system time field in the System Information dashboard widget.
Configure the following settings:
| System Time | The current system date and time. |
| Refresh | Update the display of the current system date and time. |
| Time Zone | Select the FortiCache unit’s time zone. |
| Set Time | Select to set the system date and time to the values you set in the Hour, Minute, Second, Year, Month, and Day fields. |
| Synchronize with NTP
Server |
Select to use a Network Time Protocol (NTP) server to automatically set the system date and time.
Select Use FortiGuard Servers, or select Specify, then enter the server address and synchronization interval in the Server and Sync Interval fields. The interval can be 1 to 1440 minutes (default = 1 minute). FortiCache units use NTP Version 4. No RFC is currently available for NTP version 4. The RCF for NTP Version 3 is RFC 1305. For more information about NTP, or to find an NTP server that you can use, see http://www.ntp.org. |
| Enable NTP Server | Select to enable the NTP server, then select one or more interfaces from the Listen on Interfaces drop-down list. |
Backing up the configuration
Administrators can back up the FortiCache unit’s configuration file from the System Information widget. You can back up the firmware configuration file to a local computer, and also encrypt the configuration file for added security.
You should always back up your configuration whenever you are:
l restoring the unit back to factory defaults l installing a patch release l installing a new firmware image l re-installing an earlier firmware image l rebooting the unit.
Configure the following settings:
| Local PC | Select to back up the configuration file to a local management computer. |
| Encrypt configuration file | Select to enable a password to the configuration file for added security. If you lose the password, the configuration file will not be accessible. |
| Password | Enter the password that will be used to restore the configuration file. |
| Confirm | Re-enter the password. |
Restoring your firmware configuration
You can restore a configuration file that was created by doing a back up by selecting Restore in the System Configuration row of the System Information widget. If the configuration file was encrypted, you will need the password that was used to encrypt the configuration file.
| Local PC | Select to restore the configuration file from the local computer. |
| Filename | Browse to the location of the backup file on your local hard disk. |
| Password | Enter the password that will be used to restore the configuration file. |
Changing the currently logged in administrator’s password
From within the System Information widget you can change your own admin account password by selecting Change Password in the Current Administrator row.
| Administrator | The name of the administrator account. |
| Old Password | Enter the password that you usually use to log in. |
| New Password | Enter the new password that you will be using to log in. |
| Confirm Password | Enter the new password again. |
Monitoring administrators
You can view detailed information about each administrator that is logged into the FortiCache unit from the System Information widget by selecting Details in the Current Administrator row.
| Disconnect | Select to disconnect the selected administrators. This is available only if your admin profile gives you System Configuration write permission.
You cannot log off the default admin user. |
| Refresh | Select to update the list. |
| Close | Select to close the window. |
| User Name | The administrator account name. |
| Access Profile | The access profile of the administrator. |
| Type | The type of access: http, https, jsconsole, sshv2. |
| From | If Type is jsconsole, the value in From is N/A. Otherwise, From contains the administrator’s IP address. |
| Time | The date and time that the administrator logged on. |
License information widget
The License Information widget displays the statuses of your licenses and FortiGuard subscriptions. It also allows you to update your device’s registration status and FortiGuard definitions.
You can update your registration status by selecting Update in the Registration Status row and loading the license file from a location on your management computer. You can update the antivirus definitions by selecting Update in the AV Definitions row.
Selecting Configure in the Web Filtering or AntiVirus rows will take you to the FortiGuard Distribution Network page. See FortiGuard settings on page 43.
Manually updating FortiGuard definitions
You can update the definition files for a number of FortiGuard services from the License Information widget.
To update FortiGuard definitions manually:
- Download the latest update files from Fortinet support site and copy it to the computer that you use to connect to the GUI.
- Log in to the GUI, locate the License Information widget, and in the AV Definitions row select Update.
- Select Browse and locate the update file, or type the path and filename.
- Select OK.
- Verify the update was successful by locating the License Information widget and viewing the date given in the row.
Unit operation widget
The Unit Operation widget shows the FortiCache unit’s front panel and displays the status of the unit’s front panel network interfaces. If a network interface is green, that interface is connected.
| 1 / 2 / 3 / 4 etc… | The network interfaces on the unit. The names and number of these interfaces vary by model.
The icon below the interface name indicates its up/down status by color. Green indicates the interface is connected. Gray indicates there is no connection. For more information about the configuration and status of an interface, pause the mouse over the icon for that interface. |
Pause the mouse pointer over the interface to view the status of the interface.
System resources widget
The System Resources widget displays the FortiCache unit’s percent CPU and memory usage. The CPU usage can be viewed by CPU. You can also view historical system usage graphs.
If you select Reboot or Shutdown, a pop-up window opens allowing you to enter the reason for the system event. Your reason will be added to the log message that is included in the event-system log.
Powering off a FortiCache unit before shutting it down may corrupt its configuration. Use the shutdown options here or in the CLI to make sure that proper shutdown procedures are followed to prevent any loss of configuration.
| Edit | Select to configure the widget. See Configure the system resource widget on page 18. | |
| CPU Usage | The CPU usage percent displayed graphically and in text. | |
| Memory Usage | The memory usage percent displayed graphically and in text. | |
| Disk Usage | The disk usage percent displayed graphically and in text. | |
| Reboot | Select to shutdown and restart the unit. You will be prompted to enter a reason for the reboot that will be entered into the logs. | |
| Shutdown | Select to shutdown the unit. You will be prompted for confirmation, and also prompted to enter a reason for the shutdown that will be entered into the logs. |
Configure the system resource widget
To configure the system resource widget, select Edit in the widget title bar to open the Custom System Resource Display window.
Configure the following settings:
| Custom Widget Name | Enter a custom widget name to change the name of the widget. |
| Chart Color | Change the color of the data shown on the charts. To reset to the default color, select Reset.
This option is only available when View Type is set to Historical. |
| Mutli-core CPU display | Select Average to view the CPU usage for all cores, or select Each Core to view the usage for each core individually. |
| View Type | Select Real Time to view real time CPU and memory usage date, or select Historical to view historical usage data. |
| Time Period | Select the time period for the displayed data from the drop-down list. The options are: Last minute, Last 10 minutes, Last 30 minutes, Last 60 minutes, Last 12 hours, and Last 24 hours.
This option is only available when View Type is set to Historical. |
Alert message console widget
The Alert Message Console widget displays log-based alert messages for both the FortiCache unit.
Alert messages help you track system events on your FortiCache unit, such as firmware changes. Each message shows the date and time that the event occurred.
Alert message history
The widget displays only the most recent alerts. For a complete list of unacknowledged alert messages, select the History icon in the widget’s title bar to open the Alert Message Console history pop-up window. To clear the list, select ClearAlert Messages.
Custom alert display
Select the Edit icon in the title bar to open the Custom Alert Display dialog box.
Configure the following settings, then select OK to apply your changes.
| Custom Widget Name | Enter a custom widget name to change the name of the widget. |
| Display the following message on the alert console | Select the types of messages that are displayed on the alert console. The options include: l System shutdown and restart l Firmware upgrade and downgrade l Conserver mode l Updates from FortiGuard l Device found or lost l FortiCloud quota details l Log disk failure l Power supply events l Admin authentication failures l FortiGuard security alerts l Policy configuration errors |
| Number of alerts to display on the dashboard | Select the number of alerts that are displayed in the dashboard widget from the drop-down list. Options include: 10, 20, 30, 40, 50, 60, 70, 80, 90, and 100. |
CLI console widget
The CLI Console widget allows you to access the FortiCache CLI from the GUI. This widget can also be customized, providing greater flexibility about how the CLI Console appears to administrators.
The two controls located on the CLI Console widget title bar are Edit and Detach.
l Detach: move the CLI Console widget into a seperate browser window that you can resize and reposition. The two controls on the detached CLI Console are Customize and Attach. Attach moves the widget back to the dashboard’s page. l Edit or Customize: Change the appearance of the console by defining fonts and colors for the text and background.
The Console Preferences window provides settings for modifying the widget’s appearance, font, and the option to include an external command input box.
Configure the following settings:
| Preview | A preview of your changes to the CLI Console’s appearance. |
| Text | Select the current color swatch next to this label, then select a color from the color palette to the right to change the color of the text in the console. |
| Background | Select the current color swatch next to this label, then select a color from the color palette to the right to change the color of the background in the console. |
| Use external command input box | Select to display a command input field below the normal console emulation area. When this option is enabled, you can enter commands by typing them into either the console emulation area or the external command input field. |
| Console buffer length | Enter the number of lines the console buffer keeps in memory. Valid numbers range from 20 to 9999. |
| Font | Select a font from the list to change the display font of the CLI Console. |
| Size | Select the size of the font. The default size is 10 points. |
| Reset Defaults | Select to reset all values to their default values. |
Features widget
The Features widget allows you to disable or enable a collection of FortiCache features. Disable features are not shown in the GUI.
Select the On/Off button to turn the feature off or on, respectively.
More options can also be disabled by selecting the edit button in the widget title bar to open the Feature Settings window. See .
Interface history widget
The Interface History widget shows the traffic on one selected interface over three specified time periods. This feature can help you locate peaks in traffic that you need to address, as well as their frequency and duration.
Only one interface can be monitored per widget, but multiple history widgets can be added to the dasboards. You can change the interface being monitored by selecting Edit. All traffic history data is cleared when you select Apply.
Hovering the cursor over a section of the graph will give you specific details on the traffic in and out of the selected port.
Select Edit in this widget title bar to open the Traffic History Settings window.
Configure the following settings, then select OK to save your changes:
| Custom Widget Name | Enter a new name for the widget. This is optional. |
| Select Network Interface | Select an interface (FortiCache unit’s interfaces) from the drop-down list. The interface you choose displays the traffic occurring on it. |
| Enable Refresh | Select to enable the information to refresh. |
| Time Period 0 | The time period for the first line chart. Enter a number in the first field, then select Hour(s), Minute(s), or Day(s) from the drop-down list beside the field.
Use zero to disable the time period. |
| Time Period 1 | The time period for the second line chart. Enter a number in the first field, then select Hour(s), Minute(s), or Day(s) from the drop-down list beside the field.
Use zero to disable the time period. |
| Time Period 2 | The time period for the third line chart. Enter a number in the first field, then select Hour(s), Minute(s), or Day(s) from the drop-down list beside the field.
Use zero to disable the time period. |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!