System Settings

The following section describes the procedures for system settings:

UI Settings

There are two locations where you can change UI settings in FortiSIEM. One location is in the user profile. The other is in the administrator settings.

User Profile UI Settings

The initial view of FortiSIEM UI after login can be configured using the UI settings including dashboard, logos, and theme.

Click the User Profile icon () in the upper right corner of the UI. The dialog box contains three tabs:

Basic - Use the Basic tab to change your password into the system.

Contact - Use the Contact tab to enter your contact information.

UI Settings - Use the UI Settings tab to set the following:

Settings Guidelines
Home Select the tab which opens when you log in to the FortiSIEM UI.
Incident Home Select the Overview, List (by Time, by Device, by Incident), Risk, Explorer, or MITRE ATT&CK (Rule Coverage, Incident Coverage, Incident Explorer) display for the INCIDENTS tab.
Dashboard Home Select the Dashboard to open by default under the DASHBOARD tab from this drop-down list.
Dashboard Settings Select the type of dashboards to be visible/hidden using the left/right arrows. The up/down arrows can be used to sort the Dashboards.
Language Specify which language will be used for the UI display. Many UI items have been translated into the languages in the drop-down list, including buttons, labels, top-level headings, and breadcrumbs. Items that are data-driven are not translated.
Theme Select Dark or Light theme for FortiSIEM UI. Save and refresh the browser to view the change.
Date Format

Select one of the following formats for displaying date and time information.

  • Local/Simple Date Format - Display the time in AM/PM format.

  • ISO 8601 - Display the date and time in ISO 8601 format, the International Standards Organization's standard for date and time representation.

  • UTC - Display the date and time in Coordinated Universal Time (UTC).

When done configuring, click Save.

Note: All of the above settings will take effect when you log in again or when you refresh the browser in the same login session.

Administrator UI Settings

Click ADMIN > Settings > System > UI to access the administrator UI settings.

Settings

Guidelines

UI Logo Click the edit icon to enter the path to the image file for the logo that will be used in the UI.
Report Logo Click the edit icon to enter the path to the image file for the logo that will be used in reports.
Google Maps API Key Click the edit icon to enter the API key to access Google Maps.
Login Banner Administrators can choose a login banner to display to users after login. Click the Enabled checkbox to display a login banner.
In the field below Login Banner, enter the text that you want to appear. Some simple BBCode tags are allowed in this message input:
“b” - bold
“i” - italic
“u” - underline
“url” - url
HTML tags are not allowed. Nested tags are not allowed.
When done, click Save. In addition to the banner, the user will see the following:
  • Last login time and IP address location
  • Changes to the account (if any) since last login. This includes whether the user was assigned a new role for any organization, or if a role definition has changed.
Changes appear in the next login. This is a global setting for all users.

 

Email Settings

The system can be configured to send email as an incident notification action or send scheduled reports. Use these fields to specify outbound email server settings.

Complete these steps to customize email settings:

  1. Go to ADMIN > Settings > System > Email tab.
  2. Enter the following information under Email Settings:

    SettingsGuidelines
    Email Gateway Server[Required] Holds the gateway server used for email.
    Server PortPort used by the gateway server.
    Secure Connection (TLS)Protocol used by the gateway server. This can be Exchange or SMTP.
    Server Account ID[Required] The account name for the gateway.
    Default Email Sender Default email address of the sender.
    Authentication

    Select Basic or OAuth.

    If Basic is selected, the following field must be configured.

    • Account password - Enter the password for the account.

    If OAuth is selected, the following fields must be configured.

    • OAuth Provider - Select the OAuth Provider from the drop-down list.

    • Client ID - Enter the Client ID for OAuth.

    • Client Secret - Enter the Client Secret associated with the Client ID.

    After OAuth configuration, click Re-authenticate to confirm authentication settings.

    Enable S/MIMEAdd a check mark to enable Secure/Multipurpose Internet Mail Extensions (S/MIME) to encrypt your emails. To add a S/MIME certificate, go to CMDB > Users > Ungrouped, create or edit a user, select Contact Info, ensure the Email field is filled out, and upload the certificate in the Certificate field.
    Send Without KeyEnable this option to allow emails to be sent if no S/MIME certificate key is found. If encryption is a requirement, then this option should not be selected.
  3. Click Test Email button to test the new email settings.
  4. Click Save.

Customizing the Incident Email Template

Use the following procedure to customize the incident email template.

  1. Click New under the section Incident Email Template.
  2. Enter the Name of the template.
  3. Select the Organization from the list.
  4. Enter the Email Subject. You can also choose the incident attribute variables from Insert Content drop-down as part of Email Subject.
  5. Enter the Email Body by selecting the attribute variables from Insert Content drop-down into your template, rather than typing. If required, enable Support HTML for HTML content support.

    Incident Attribute

    Description

    Organization

    Organization to which this Incident belongs.

    Status

    Incident Status – Active (0), Auto Cleared (1), Manually Cleared (2), System Cleared (3)

    Host Name

    Host Name from Incident Target. If not found then gathered from Incident Source

    Incident ID

    Incident ID – assigned by FortiSIEM and is unique – this attribute has an URL which takes user to this incident after login

    Incident ID Without Link

    Incident ID – assigned by FortiSIEM and is unique – this attribute does not have an URL

    First Seen Time

    First time the incident occurred

    Last Seen Time

    Last time the incident occurred

    Incident Category

    Security, Performance, Availability or Change

    Incident Severity

    A number from 0-10

    Incident Severity Category

    HIGH (9-10), MEDIUM (5-8) and LOW (1-4)

    Incident Count

    Number of times the same incident has happened with the same group by parameters

    Rule Name

    Rule Name

    Rule Remediation Note

    Remediation note defined for each rule

    Rule Description

    Rule Description

    Incident Source

    Source IP, Source Name in an Incident

    Incident Target

    Destination IP, Destination Host Name, Host IP, Host Name, User in an Incident

    Incident Detail

    Any group by attribute in an Incident other than those in Incident Source and Incident Target

    Affected Business Service

    Comma separated list of all business services to which Incident Source, Incident Target or Reporting Device belongs

    Identity

    Identity and Location for Incident Source

    Notify Policy ID

    Notification Policy ID that triggered this email notification

    Triggering Attributes

    List of attributes that trigger a rule – found in Rule > Sub pattern > Aggregate

    Raw Events

    Triggering events in raw format as sent by the device (up to 10)

    Incident Cleared Reason

    Value set by user when clearing a rule

    Device Annotation

    Annotation for the device in Incident Target – set in CMDB

    Device Description

    Description for the device in Incident Target – set in CMDB

    Device Location

    Location for the device in Incident Target – set in CMDB

    Incident Subcategory

    Specific for each category – as set in the Rule definition

    Incident Resolution

    None, True Positive, False Positive

  6. Click Preview to preview the email template.
  7. Click Save to apply the changes.

To set an email template as default, select the template in the list, and then click Set as Default. When you are creating a notification policy and must select an email template, if you leave the option blank, the default template will be used. For Service Provider deployments, to select a template as default for an Organization, first select the Organization, then set the default email template for that organization.

Image Server Settings

This section allows you to set up the Supervisor as an Image Server for upgrading Collectors and Agents. This mechanism provides an easy way to upgrade a large number of Collectors and Agents from one place.

Upgrading Collectors

Step 1: Download the Correct Collector Image from the Fortinet Support Site into your Workstation

As an example, Collector 6.4.0 image file name is FSM_Upgrade_All_6.4.0_build1412.zip and matches the hash in the support site to the locally computed hash. This ensures that the file has not been corrupted in transit.

Step 2: Upload the Image to the Supervisor Node

Note: Before proceeding, make sure that the Supervisor Host Name in ADMIN > License > Nodes is a Fully Qualified domain name and is resolvable by the Collector. For example, a host name like c2-52-35-20-68.us-west-2.compute.amazonaws.com is resolvable to an external IP address. A host name like 2-52-35-20-68.us-west-2.compute is likely not resolvable. The Supervisor name is used to create the image download link for the Collector. If the Supervisor name is not resolvable by the Collector, then the image download in Step 3 will fail.

  1. Go to ADMIN > Settings > Systems > Image Server.

  2. Under Collector, in the Version field, enter the version you downloaded in Step 1. The format is #.#.#. Example: 6.4.0.

  3. Under Collector, click Select File and select the Collector upgrade image you downloaded in Step 1.

  4. Under Collector, click Upload File to upload the Collector upgrade image to the Supervisor. This may take a while depending on the network connection between your workstation and Supervisor node. FortiSIEM will validate the image hash and upload the image to Supervisor if the hash matches.

  5. Run the following SQL and make sure ImageSetup task is completed.

    # psql phoenixdb phoenix -c "select type, progress from ph_task where type = 'ImageSetup'"
        type | progress
    ------------+----------
     ImageSetup | 100
     ImageSetup | 100
     ImageSetup | 100
    (3 rows)

Step 3: Download the Image to the Collector

  1. Go to ADMIN > Health > Collector Health.

  2. From the Columns drop-down list, ensure Download Status is selected. If not, select it so the Download Status column is displayed.

  3. Select the Collector(s) you wish to download the image to.

    Note: Starting with release 6.4.0, you can choose multiple Collectors for downloading images.

  4. From the Action drop-down list, select Download Image.

  5. Check that the Download Status column shows finished to confirm that the download has been completed for the selected Collectors.

Step 4: Upgrade the Collector

  1. Go to ADMIN > Health > Collector Health.

  2. From the Columns drop-down list, ensure Version is selected. If not, select it so the Version column is displayed.

  3. Select the Collector(s) you wish to upgrade.

    Note: Starting with release 6.4.0, you can choose multiple Collectors for installing images.

  4. From the Action drop-down list, select Install Image.

  5. Check that the Version columns shows the correct version number, in this example 6.4.0, to confirm that the Collector(s) have upgraded successfully.

Upgrading Linux Agents

Step 1: Download the Correct Linux Agent Image from the Fortinet Support Site into your Workstation.

As an example, a Linux Agents 6.4.0 image file name is fortisiem-linux-agent-installer-6.4.0.1412.sh and matches the hash in the support site to the locally computed hash. This ensures that the file has not been corrupted in transit.

Step 2: Upload the Image to the Supervisor Node

Note: Before proceeding, make sure that the Supervisor Host Name in ADMIN > License > Nodes is a Fully Qualified domain name and is resolvable by the Agent. For example, a host name like c2-52-35-20-68.us-west-2.compute.amazonaws.com is resolvable to an external IP address. A host name like 2-52-35-20-68.us-west-2.compute is likely not resolvable. The Supervisor name is used to create the image download link for the Agent. If the Supervisor name is not resolvable by the Agent, then the image download in Step 3 will fail.

  1. Go to ADMIN > Settings > Systems > Image Server.

  2. Under Linux Agent, in the Version field, enter the version you downloaded in Step 1. The format is #.#.#. Example: 6.4.0.

  3. Under Linux Agent, click Select File and select the Linux Agent upgrade image you downloaded in Step 1.

  4. Under Linux Agent, click Upload File to upload the Linux Agent upgrade image to the Supervisor. This may take a while depending on the network connection between your workstation and Supervisor node. FortiSIEM will validate the image hash and upload the image to Supervisor if the hash matches.

Step 3: Download the Image to the Linux Agent

  1. Go to ADMIN > Health > Agent Health.

  2. From the Columns drop-down list, ensure Upgrade Status is selected. If not, select it so the Upgrade Status column is displayed.

  3. Select the Linux Agent(s) you wish to download the image to.

    Note: Starting with release 6.4.0, you can choose multiple Linux Agents for downloading images.

  4. From the Action drop-down list, select Download Image.

  5. Check that the Upgrade Status column shows Download Succeeded to confirm that the download has been completed for the selected Linux Agents.

Step 4: Upgrade the Linux Agents

  1. Go to ADMIN > Health > Agent Health.

  2. From the Columns drop-down list, ensure Version is selected. If not, select it so the Version column is displayed.

  3. Select the Linux Agent(s) you wish to upgrade.

    Note: Starting with release 6.4.0, you can choose multiple Linux Agents for installing images.

  4. From the Action drop-down list, select Install Image.

  5. Check that the Upgrade Status column shows Upgrade Succeeded to confirm that the Linux Agent(s) have upgraded successfully. Check that the Version column shows the correct version number, in this example 6.4.0, to confirm that the Linux Agent(s) have upgraded to the correct version.

Upgrading Window Agents

Step 1: Download the Correct Windows Agent Images from the Fortinet Support Site into your Workstation.

  1. Download the image file into your desktop. It is a .zip file, e.g. FSMLogAgent-v4.2.1-build0225.zip.

  2. Compute the MD5 checksum and make sure that locally, the computed checksum matches the checksum in the Support Site. This ensures that the file is not corrupted in transit.

  3. Unzip the file. You will see that there are two files – AutoUpdate.exe and FSMLogAgent.exe. You will need to upload these files in Step 2.3 and Step 2.4 below.

Step 2: Upload the Image to the Supervisor Node

Note: Before proceeding, make sure that the Supervisor Host Name in ADMIN > License > Nodes is a Fully Qualified domain name and is resolvable by the Agent. For example, a host name like c2-52-35-20-68.us-west-2.compute.amazonaws.com is resolvable to an external IP address. A host name like 2-52-35-20-68.us-west-2.compute is likely not resolvable. The Supervisor name is used to create the image download link for the Agent. If the Supervisor name is not resolvable by the Agent, then the image download in Step 3 will fail.

  1. Go to ADMIN > Settings > Systems > Image Server.

  2. Under Windows Agent, in the Version field, enter the version you downloaded in Step 1. The format is #.#.#. Example: 4.2.1.

    Note: For Windows Agent, two files are required, the FSMLogAgent executable (FSMLogAgent.exe) and an AutoUpdate executable (AutoUpdate.exe, or AutoUpdate32.exe).

  3. Under Windows Agent, click Select File and select one of the two Windows Agent upgrade image you downloaded in Step 1.

  4. Under Windows Agent, click Select File and select the second Windows Agent upgrade image you downloaded in Step 1.

  5. Under Windows Agent, click Upload File to upload the Windows Agent upgrade images to the Supervisor. This may take a while depending on the network connection between your workstation and Supervisor node. FortiSIEM will validate the image hash and upload the image to Supervisor if the hash matches.

Step 3: Download the Images to the Windows Agent

  1. Go to ADMIN > Health > Agent Health.

  2. From the Columns drop-down list, ensure Upgrade Status is selected. If not, select it so the Upgrade Status column is displayed.

  3. Select the Windows Agent(s) you wish to download the image to.

    Note: Starting with release 6.4.0, you can choose multiple Windows Agents for downloading images.

  4. From the Action drop-down list, select Download Image.

  5. Check that the Upgrade Status column shows Download Succeeded to confirm that the download has been completed for the selected Windows Agents.

Step 4: Upgrade the Windows Agents

  1. Go to ADMIN > Health > Agent Health.

  2. From the Columns drop-down list, ensure Version is selected. If not, select it so the Version column is displayed.

  3. Select the Windows Agent(s) you wish to upgrade.

    Note: Starting with release 6.4.0, you can choose multiple Windows Agents for installing images.

  4. From the Action drop-down list, select Install Image.

  5. Check that the Upgrade Status column shows Upgrade Succeeded to confirm that the Windows Agent(s) have upgraded successfully. Check that the Version column shows the correct version number, in this example 4.2.1, to confirm that the Windows Agent(s) have upgraded to the correct version.

Event Worker Settings

Collectors upload events and configurations to Worker nodes. Use this field to specify the Worker host names or IP addresses.

There are three cases:

  • Explicit list of Worker IP addresses or host names - Collector forwards to this list in a round robin manner.
  • If you are not using Workers and using only a Supervisor and Collector(s) – specify the Supervisor IP addresses or host name. The Collectors will upload directly to the Supervisor node.

  • Host name of a load balancer - Collector forwards this to the load balancer which must be configured to distribute events to the workers.

Any Hostnames specified in the Worker Upload must be resolvable by the Collector and similarly, any specified IP addresses must have connectivity from the Collector.

Complete these steps to configure Worker upload settings:

  1. Go to ADMIN > Settings > System.
  2. Click Event Worker.
  3. Enter the IP address of the event worker under Worker Address.
    You can click '+' or '-' to add or remove addresses.
  4. Click Save.

Query Worker Settings

Release 5.3 introduces the concept of a Query Worker to handle only query requests, adhoc queries from GUI, and scheduled reports. This allows more system resources to be dedicated to queries and make them run faster.

By default, all Workers are also Query Workers. If you want only a subset of Workers to be Query Workers, then complete these steps:

  1. Go to ADMIN > Settings > System.
  2. Click Query Worker.
  3. Select the Workers you want to use from the list.

    Note: Workers will be removed automatically from the Query Worker Settings if they are explicitly listed there. If you used a load balancer or DNS name, then you must manually remove the Query Worker from those configurations.

Lookup Settings

Lookup setting can be used to find any IP or domain by providing the link.

Complete these steps for lookup:

  1. Go to ADMIN > Settings > System > Lookup tab.
  2. Enter the Name.
  3. Select the Client Type to IP or Domain.
  4. Enter the Link for look-up.

    You must enter "<ip>” in the link. FortiSIEM will replace "<ip>” with a proper IP during lookup.

    For example, to lookup the following URL:

    http://whois.domaintools.com/8.8.8.8

    Enter the following link in FortiSIEM:

    http://whois.domaintools.com/<ip>

  5. Click Save.

Kafka Settings

FortiSIEM events found in system event database can be exported to an external system via Kafka message bus.

FortiSIEM supports both forwarding events to an external system via Kafka message bus as a 'Producer' and receiving events from a third-party system to FortiSIEM via Kafka message bus as a 'Consumer'.

As a Producer:

  • Make sure you have set up a Kafka Cloud (here) with a specific Topic for FortiSIEM events.
  • Make sure you have identified a set of Kafka brokers that FortiSIEM is going to send events to.
  • Make sure you have configured Kafka receivers which can parse FortiSIEM events and store in a database. An example would be Logstash receiver (see here) that can store in an Elastic Search database.
  • Supported Kafka version: 0.8

As a Consumer:

  • Make sure you have set up a Kafka Cloud (here) with a specific Topic, Consumer Group and a Consumer for sending third party events to FortiSIEM.
  • Make sure you have identified a set of Kafka brokers that FortiSIEM will receive events from.
  • Supported Kafka version: 0.8

Setting up Consumer

Complete these steps to configure Kafka for authentication.

Note: Tested with

  • kafka_2.11-0.11.0.2.tgz (Kafka 0.11, Scala 2.11)
  • kafka_2.13-2.7.0.tgz (Kafka 2.7, Scala 2.13 which is the latest as of March 2021)
  1. Download the source code tarball (either one).

    https://archive.apache.org/dist/kafka/0.11.0.2/kafka_2.11-0.11.0.2.tgz

    https://archive.apache.org/dist/kafka/2.7.0/kafka_2.13-2.7.0.tgz

  2. Uncompress the files and enter the "config" folder.

  3. Modify the configuration files by appending the following to the end of the files:

    # zookeeper.properties
    authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
    requireClientAuthScheme=sasl
    jaasLoginRenew=3600000
    
    # zookeeper_jaas.conf
    Server {
    org.apache.zookeeper.server.auth.DigestLoginModule required
       user_super="zookeeper"
       user_alice="alice-secret";
    };
    Notice the last line is user_{username}="{password}"
    If the username is ‘admin’, the line will be
    user_admin="admin-password";
    
    
    # server.properties
    host.name=192.0.2.0
    port=9092
    security.inter.broker.protocol=SASL_PLAINTEXT
    sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512
    sasl.enabled.mechanisms=SCRAM-SHA-512
    authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
    allow.everyone.if.no.acl.found=true
    auto.create.topics.enable=true
    listeners=SASL_PLAINTEXT://192.0.2.10:9092
    advertised.listeners=SASL_PLAINTEXT://192.0.2.10:9092
    ssl.client.auth=required
    Note: Change the IP addresses to actual
    
    # kafka_server_jaas.conf
    KafkaServer {
    org.apache.kafka.common.security.scram.ScramLoginModule required
    username="alice"
    password="alice-secret"
    user_alice="alice-secret";
    };
    Client {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="alice"
    password="alice-secret";
    };
    
    # kafka_client_jaas.conf
    KafkaClient {
    org.apache.kafka.common.security.scram.ScramLoginModule required
    username="alice"
    password="alice-secret"
    user_alice="alice-secret";
    };
    Client {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="alice"
    password="alice-secret";
    };
    
    # consumer.properties
    security.protocol=SASL_PLAINTEXT
    sasl.mechanism=SCRAM-SHA-512
    sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="alice" password="alice-secret";
    
  4. Start zookeeper.

    cd ..
    export KAFKA_OPTS="-Djava.security.auth.login.config=$(\pwd)/config/zookeeper_jaas.conf"
    bin/zookeeper-server-start.sh config/zookeeper.properties
    (In another shell window)
    bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config 'SCRAM-SHA-512=[password=alice-secret]' --entity-type users --entity-name alice
    
  5. Start the server (In another shell window)

    export KAFKA_OPTS="-Djava.security.auth.login.config=$(pwd)/config/kafka_server_jaas.conf"
    bin/kafka-server-start.sh config/server.properties
    
  6. Create topic (name=test1) (In another shell window)

    bin/kafka-topics.sh --create --topic test1 --zookeeper localhost:2181 --partitions 3 --replication-factor 1
  7. Start consumer.

    export KAFKA_OPTS="-Djava.security.auth.login.config=$(pwd)/config/kafka_client_jaas.conf"
    bin/kafka-console-consumer.sh --topic test1 --bootstrap-server=192.0.2.10:9092 --consumer.config=config/consumer.properties

    At this point, when FortiSIEM forwards events to this client, contents can be seen in the consumer window.

  8. (Optional) Start producer.

    export KAFKA_OPTS="-Djava.security.auth.login.config=$(pwd)/config/kafka_client_jaas.conf"
    bin/kafka-console-producer.sh --topic test1 --broker-list 192.0.2.10:9092 --producer.config config/producer.properties
    

Setting Up FortiSIEM

Complete these steps for configuring Kafka settings in FortiSIEM:

  1. Go to ADMIN > Settings > System > Kafka tab.
  2. Click New.
  3. Enter the Name and Topic.
  4. Select or search the Organization from the drop-down.
  5. Add Brokers by clicking + icon.
    1. Enter IP address or Host name of the broker.
    2. Enter Broker port (default 9092).
  6. Click Save.
  7. Select the Client Type to Producer or Consumer.
  8. If the Consumer is selected in step 7, enter the Consumer Name and Group Name fields.
  9. Enable Authentication if you want to apply Kafka authentication by adding a checkmark to the Authentication checkbox, then take the following steps:
    1. Protocol should be set as SASL_PLAINTEXT.
    2. Select your authentication mechanism: PLAIN, SCRAM-SHA-256, or SCRAM-SHA-512.
    3. In the User Name field, enter the user name to authenticate for the Kafka servers.
    4. In the Password field, enter the password associated with the user name to authenticate for the Kafka servers.
    5. In the Confirm Password field, re-enter the password associated with the user name to authenticate for the Kafka servers.
  10. Click Save.

Dashboard Slideshow Settings

Dashboard Slideshow settings are used to select a set of dashboards and display them in a slideshow mode on big monitors to cover the entire display. This is useful for Network and Security Operation Centers.

Complete these steps to create a Dashboard Slideshow:

  1. Go to ADMIN > Settings > System > Dashboard Slideshow tab.
  2. Click New to create a slideshow.
  3. Enter a Name for the slideshow.
  4. Select the Interval for switching between dashboards.
  5. Select the Dashboards from the list and move to the Selected list.
    These dashboards will be displayed in a slideshow mode.
  6. Click Save.

For all the above System settings, use the Edit button to modify or Delete button to remove any setting from the list.

Dashboard Ownership

Dashboard Ownership settings are used to transfer editing rights from the current owner of a shared dashboard to another person. It requires that the owner to whom the rights are being transferred to, to have the same exact role permissions as the current owner. This feature can be useful if the current owner is no longer available, and another person is required to handle the shared dashboard of that individual.

Complete these steps to transfer Dashboard Ownership:

  1. Go to ADMIN > Settings > System > Dashboard Ownership tab.
  2. Select the Dashboard you wish to transfer ownership of.
  3. Click Transfer.
  4. In the Transfer Ownership window, select the new owner from the To: drop-down list.
  5. Click Save.

You can verify the transfer by looking at the user in the User column.

PAYG Report

If applicable, you can generate a daily or monthly Pay as you Go (PAYG) report.

Complete these steps to generate a daily or monthly PAYG report:

  1. Go to ADMIN > Settings > System > PAYG Report tab.
  2. In the Partner ID field, enter the Partner ID.
  3. Take the following steps to enable Daily Reports.
    1. Check the Daily Report checkbox.
    2. In the Email field, enter the email address for a person to whom a daily report should be sent.
    3. Click + to add another Email field entry.
    4. Repeat steps b and c to input additional entries.
  4. Take the following steps to enable Monthly Reports.
    1. Check the Monthly Report checkbox.
    2. In the Email field, enter the email address for a person to whom a monthly report should be sent.
    3. Click + to add another Email field entry.
    4. Repeat steps b and c to input additional entries.
  5. When done, click Test to verify your email address distribution.
  6. Click Save.
  7. To enable Month Reports, click the Monthly Report checkbox. .
  8. In the Transfer Ownership window, select the new owner from the To: drop-down list.
  9. Click Save to finish.

Trusted Hosts

You can restrict GUI Login by defining a set of IP addresses here. If the field is empty, then GUI login from any IP addresses are allowed. However once defined, new logins are disallowed from IP addresses outside of the defined range. Existing logins are not affected. To force a logout, click on in the GUI, select a user, and click Log Out or Log Out and Lock Out.

Take the following steps to configure:

  1. Navigate to ADMIN > Settings > System > Trusted Hosts.

  2. In the Trusted Hosts field, enter a single IP address or CIDR range, for example 172.0.20.1/24.

  3. Click + to add another Trusted Hosts field to configure if needed.

    Note: Click - to remove an existing Trusted Hosts field.

  4. Click Save when done.