Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.4.5 CLI Reference
    7.4.5
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    Password

    Authentication

    Use this command to configure the authentication options for the GLB settings of the FQDN.

    Before you begin:
    • You must have read-write permission for global load balancing settings.

    Syntax

    config global-load-balance setting

    set auth-type {none|TCP_MD5SIG|auth_verify}

    set password <string>

    set ca-verify {enable|disable}

    set ca-group <datasource>

    set intermediate-ca-group <datasource>

    end

    auth-type

    Select the authentication type:

    • none — No password.
    • TCP_MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
    • auth_verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.

    password

    The password option is available if auth-type is TCP_MD5SIG or auth_verify.

    Enter the password to authenticate the key.

    This password is used for authentication between the GLB and the server. The same password must be set on both, otherwise the two will not be able to synchronize.

    ca-verify

    Enable/disable the root CA verification when synchronizing the SLB information to the GSLB server.

    ca-group

    The ca-group option is available if ca-verify is enabled.

    Select a trusted CA group to verify the peer certificate.

    intermediate-ca-group

    The intermediate-ca-group option is available if ca-verify is enabled.

    Select a trusted intermediate CA group to verify the peer certificate.

    Example

    FortiADC-docs # config global-load-balance setting

    FortiADC-docs (setting) # get

    password : *

    proximity-detect-protocol : icmp

    proximity-detect-retry-count : 3

    proximity-cache-mask-length : 24

    proximity-cache-mask-length6 : 64

    proximity-detect-interval : 3

    proximity-cache-aging-period : 86400

    persistence-mask-length : 24

    persistence-mask-length6 : 64

    persistence-timeout : 60

    set auth-type TCP_MD5SIG

    FortiADC-docs (setting) #set password *

    FortiADC-docs (setting) # end

    Previous
    Next

    Password

    Authentication

    Use this command to configure the authentication options for the GLB settings of the FQDN.

    Before you begin:
    • You must have read-write permission for global load balancing settings.

    Syntax

    config global-load-balance setting

    set auth-type {none|TCP_MD5SIG|auth_verify}

    set password <string>

    set ca-verify {enable|disable}

    set ca-group <datasource>

    set intermediate-ca-group <datasource>

    end

    auth-type

    Select the authentication type:

    • none — No password.
    • TCP_MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
    • auth_verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.

    password

    The password option is available if auth-type is TCP_MD5SIG or auth_verify.

    Enter the password to authenticate the key.

    This password is used for authentication between the GLB and the server. The same password must be set on both, otherwise the two will not be able to synchronize.

    ca-verify

    Enable/disable the root CA verification when synchronizing the SLB information to the GSLB server.

    ca-group

    The ca-group option is available if ca-verify is enabled.

    Select a trusted CA group to verify the peer certificate.

    intermediate-ca-group

    The intermediate-ca-group option is available if ca-verify is enabled.

    Select a trusted intermediate CA group to verify the peer certificate.

    Example

    FortiADC-docs # config global-load-balance setting

    FortiADC-docs (setting) # get

    password : *

    proximity-detect-protocol : icmp

    proximity-detect-retry-count : 3

    proximity-cache-mask-length : 24

    proximity-cache-mask-length6 : 64

    proximity-detect-interval : 3

    proximity-cache-aging-period : 86400

    persistence-mask-length : 24

    persistence-mask-length6 : 64

    persistence-timeout : 60

    set auth-type TCP_MD5SIG

    FortiADC-docs (setting) #set password *

    FortiADC-docs (setting) # end

    Previous
    Next