Created on 11-01-2017 05:29 PM Edited on 08-26-2024 01:44 PM By Jean-Philippe_P
Description
Scope
FortiGate.
Solution
Naming Rules and Restrictions:
The following are the specific rules for the FortiGate.
Duplicate Name Issues:
Character Restrictions:
A name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), spaces, and the special characters - and _. Other characters are not allowed.
The special characters < > ( ) # " ' are allowed only in the following fields:
Note: To avoid using spaces in a name try using the '-' or '_'.
There are a few name fields where it is not an issue but most of them will trigger serious and unpredictable issues if there is a space in the name field of the object.
Administrator username restrictions:
Before FortiOS 7.4.0, there were no limitations on the characters that could be used for an administrator's username (other than the limits imposed with the FortiGate's Unicode UTF-8 encoding scheme, see Language support and regular expressions).
From FortiOS 7.4.0 and FortiOS 7.6.0 onward, limitations were added to the available characters to prevent homoglyph attacks (aka usernames that are visually the same but technically different and can cause confusion during security log analysis). Going forward, new administrator accounts are generally limited to the same character set as other locations in FortiOS: numbers (0-9), uppercase and lowercase letters (A-Z, a-z), spaces, and the special characters - and _.
However, note that there are some additional rules for admin usernames with regards to character restrictions:
Note that the dot is not allowed to be used at the start of the admin username (i.e. '.admin' is disallowed, but 'test.admin' will be allowed).
FortiGate # config system admin
FortiGate (admin) # edit ??tst
To prevent homoglyph attacks using unicode
New rules are added for admin user names:
Uses only these ascii characters: a-z, A-Z, 0-9, _, -
Cannot begin with -, and can end with $
While these rules are not enforced on existing
user names, rename to conform to the new rules
is recommended
FortiGate (??tst) #
Length of Fields Restrictions:
Most name fields accept 35 characters. The exceptions are:
Field
|
Characters allowed |
VLAN name |
15 |
RADIUS server secret |
15 |
LDAP server common name identifier |
15 |
Admin user password |
32 |
Schedule names |
32 |
Local certificate email |
60 |
Modem dialup account user name, password, phone number fields |
63 |
Firewall policy comments |
63 |
RADIUS, LDAP server domain name |
63 |
IPsec phase 1 name ** |
15 |
IPSec phase 1 local/peer ID |
63 |
IPS custom signature name |
63 |
Spam Filter MIME header name |
63 |
Antivirus file block pattern |
63 |
Local certificate organizational unit, organization, locality, state/province fields |
127 |
IPSec phase 1 pre-shared key or certificate name |
127 |
Web Filter banned word, URL, URL exempt, Pattern fields |
127 |
Spam Filter RBL server name, email address, MIME header body |
127 |
LDAP server distinguished name |
128 |
IPS custom signature |
511 |
Replacement message
|
1024 |
Related documents:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.