The Create New RADIUS Client page opens.
Add RADIUS client page

Configure the following settings:
Name Type a name for the RADIUS client entry.
Client name/IP Type the IP address or FQDN of the FortiManager.
Secret Type the server secret. This value must match the FortiManager RADIUS server setting at System Settings > Admin > Remote Auth Server.
Description Type an optional description for the RADIUS client entry.
Authentication method Select Enforce two-factorauthentication from the list of options.
Username input format Select specific user name input formats.
Realms Realm configuration. For more information see the FortiAuthenticator Administration Guide.
Allow MAC-based authen-
tication Optional configuration. For more information see the FortiAuthenticator Administration Guide.
EAP types Optional configuration. For more information see the FortiAuthenticator Administration Guide.
3. Select OK to save the setting.
FortiManager side configuration
Configure the RADIUS server:
1. Go to System Settings > Admin > Remote Auth Server.
2. Select Create New in the toolbar and select RADIUS from the drop-down list.
The New RADIUS Server page opens.
New RADIUS server page

Configure the following settings:
Name Type a name to identify the FortiAuthenticator.
Server Name/IP Type the IP address or fully qualified domain name of your FortiAuthenticator.
Server Secret Type the FortiAuthenticator secret.
Secondary Server Name/IP Type the IP address or fully qualified domain name of the secondary FortiAuthenticator, if applicable.
Secondary Server Secret Type the secondary FortiAuthenticator secret, if applicable.
Port Type the port for FortiAuthenticator traffic. The default port is 1812.
Auth-Type Select the authentication type the FortiAuthenticator requires. The default setting of
ANY has the FortiManager unit try all the authentication types. Select one of: ANY, PAP, CHAP, or MSv2.
3. Select OK to save the setting.
Create the administrator users:
1. Go to System Settings > Admin > Administrator.
2. Select Create New in the toolbar. The New Administrator page opens.
New administrator page

3. Configure the following settings:
User Name Type the user name that this administrator uses to log in.
Description Optionally, type a description of this administrator’s role, location or reason for their account. This field adds an easy reference for the administrator account.
Type Select RADIUS from the drop-down list.
RADIUS Server Select the RADIUS server from the drop-down menu.
Wildcard Select to enable wildcard. Wildcard authentication will allow authentication from any local user account on the FortiAuthenticator. To restrict authentication, RADIUS service clients can be configured to only authenticate specific user groups.
New Password Type the password. This field is available if Type is RADIUS and Wildcard is not selected.
Confirm Password Type the password again. The passwords must match.This field is available if Type is RADIUS and Wildcard is not selected.
Admin Profile Select a profile from the drop-down menu. The profile selected determines the administrator’s access to the FortiManager unit’s features.To create a new profile see Configuring administrator profiles.
Administrative Domain Choose the ADOMs this administrator will be able to access, or select All
ADOMs. Select Specify and then select the add icon to add Administrative Domains. Select the remove icon to remove an administrative domain from this list.This field is available only if ADOMs are enabled.
Policy Package Access Choose the policy packages this administrator will have access to, or select All Package. Select Specify and then select the add icon to add policy packages.
Trusted Host Optionally, type the IPv4 or IPv6 trusted host IP address and netmask from which the administrator can log in to the FortiManager unit. Select the add icon to add trusted hosts. You can specify up to ten trusted hosts. Select the delete icon to delete entries.Setting trusted hosts for all of your administrators can enhance the security of your system. For more information, see Using trusted hosts.
User Information (optional)
Contact Email Type a contact email address for the new administrator.This email address is also used for workflow session approval email notifications.
Contact Phone Type a contact phone number for the new administrator.
4. Select OK to save the setting.
Test the configuration:
Attempt to log into the FortiManager Web-based Manager with your new credentials.
FortiManager logon page

Type your user name and password and select Login.
The FortiToken page is displayed.
FortiToken page

Certificates

Type your FortiToken pin code and select Submit to finish logging in to FortiManager.
Certificates
The FortiManager unit generates a certificate request based on the information you entered to identify the FortiManager unit. After you generate a certificate request, you can download the request to a computer that has management access to the FortiManager unit and then forward the request to a CA.
Local certificates are issued for a specific server, or website. Generally they are very specific, and often for an internal enterprise network.
CA root certificates are similar to local certificates, however they apply to a broader range of addresses or to an entire company.
The CRL is a list of certificates that have been revoked and are no longer usable. This list includes certificates that have expired, been stolen, or otherwise compromised. If your certificate is on this list, it will not be accepted. CRLs are maintained by the CA that issues the certificates and includes the date and time when the next CRL will be issued as well as a sequence number to help ensure you have the most current version of the CRL.
Go to System Settings > Certificates to view FortiManager local certificates, CA certificates and CRLs.
Certificates page

The following information is displayed:
Certificate Name Displays the certificate name.
Subject Displays the certificate subject information.
Status Displays the certificate status. Select View Certificate Detail to view additional certificate status information.
Certificates
The following options are available:
Create New Select to create a new certificate request.
View Select the checkbox next to the certificate, right-click, and select View in the rightclick menu to view the entry.
Delete Select the checkbox next to a certificate entry and select Delete to remove the certificate selected. Select OK in the confirmation dialog box to proceed with the delete action. Delete is also available in the right-click menu.
Import Select to import a local certificate. Browse for the local certificate on the management computer and select OK to complete the import.
View Certificate Detail Select the checkbox next to a certificate entry and select View Certificate Detail to view certificate details.
Download Select the checkbox next to a certificate entry and select Download to download the certificate to your local computer.
Creating a local certificate
To create a certificate request:
1. Go to System Settings > Certificates > Local Certificates.
2. Select the Create New in the toolbar. The New Certificate window opens.
New local certificate

Enter the following information as required.
Certificate Name The name of the certificate.
Certificates
Key Size Select the key size from the drop-down list. Select one of the following: 512 Bit, 1024 Bit, 1536 Bit, or 2048 Bit.
Common Name (CN) Type the common name of the certificate.
Country (C) Select the country from the drop-down list.
State/Province (ST) Type the state or province.
Locality (L) Type the locality.
Organization (O) Type the organization for the certificate.
Organization Unit (OU) Type the organization unit.
E-mail Address (EA) Type the email address.
Select OK to save the certificate request.
The certificate window also enables you to export certificates for authentication, importing and viewing.

Importing certificates
To import a local certificate:
1. Go to System Settings > Certificates > Local Certificates.
2. Select the Import button in the toolbar.
3. Type the location of the local certificate, or select browse and browse to the location of the certificate, then select OK.
To import a CA certificate:
1. Go to System Settings > Certificates > CA Certificates.
2. Select the Import button in the toolbar.
3. Type the location of the local certificate, or select browse and browse to the location of the certificate, then select OK.
Importing CRLs
A CRL is a list of the CA certificate subscribers paired with certificate status information. The list contains the revoked certificates and the reason or reasons for their revocation. It also records the certificate issue dates and the CAs that issued them.
Certificates
When configured to support SSL VPNs, the FortiManager unit uses the CRL to ensure that the certificates belonging to the CA and remote peers or clients are valid. You must download the CRL from the CA website on a regular basis.
To import a CRL:
1. Go to System Settings > Certificates > CRL.
2. Select the Import button in the toolbar.
3. Type the location of the certificate, or select browse and browse to the location of the certificate, then select OK.
Viewing certificate details
To view a local certificate:
1. Go to System Settings > Certificates > Local Certificates.
2. Select the certificates which you would like to see details about and click on View Certificate Detail in the toolbar. Local certificate detail

The following information is displayed:
Certificate Name The name of the certificate.
Issuer The issuer of the certificate.
Subject The subject of the certificate.
Valid From The date from which the certificate is valid.
Valid To The last day that the certificate is valid. The certificate should be renewed before this date.
Version The certificate’s version.
Serial Number The serial number of the certificate.
Extension The certificate extension information.
Event log
3. Select OK to continue.
To view a CA certificate:
1. Go to System Settings > Certificates > CA Certificates.
2. Select the certificates which you would like to see details about and click on View Certificate Detail in the toolbar.
The details displayed are similar to those displayed for a local certificate.
To view a CRL:
1. Go to System Settings > Certificates > CRL.
2. Select the certificates which you would like to see details about and click on View Certificate Detail in the toolbar.
The details displayed are similar to those displayed for a local certificate.
Downloading a certificate
To download a local certificate:
1. Go to System Settings > Certificates > Local Certificates.
2. Select the certificates which you would like to download, click on Download in the toolbar, and save the certificate to the desired location.
To download a CA certificate:
1. Go to System Settings > Certificates > CA Certificates.
2. Select the certificates which you would like to download, click on Download in the toolbar, and save the certificate to the desired location.
Event log
The logs created by FortiManager are viewable within the Web-based Manager. You can use the FortiManagerLog Message Reference, available from the Fortinet Document Library to interpret the messages. You can view log messages in the FortiManager Web-based Manager that are stored in memory or on the internal hard disk.
To view the log messages:
1. Go to System Settings > Event Log. The event log window opens.
Event log table
Event log

The following information and options are available:
Clear Filter Select to clear all column filters. This option is only displayed when a column filter has been enabled.
Historical Log Select Historical Log to view historical event logs. You can view select Event Log, FDS Upload Log, or FDS Download Log from the drop-down menu. You can select to clear or view logs.
The following columns are displayed: File Name, Size, and Last Access Time.
Download Select Download to download a file containing the logs in either CSV or the normal format. Select OK to save the file to your management computer.
Raw Log Select the Raw Log/Formatted Table button to change the log message view. Raw logs are displayed in the following format:
2013-10-17 14:26:01 log_id=0001013001 type=event subtype=fgfm pri=warning adom=n/a user=fgfm msg=”fgfm connection to device FG300B3907600039 is down”
Refresh Select Refresh to refresh the displayed logs.
Column Settings Right-click the column heading to open Column Settings for the event log page.
You can select to enable columns, reset columns to their default state and organize the order in which the columns are displayed.
# The event log entry identifier.