Fortinet black logo

CLI Reference

Home FortiADC 7.4.3 CLI Reference

Password

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.2
6.0.1
6.0.0
5.4.5
5.4.3
5.4.2
5.4.1
5.4.0
5.3.0
4.8.1
4.7.0
Copy Link
Copy Doc ID 27963d70-f14d-11ee-8c42-fa163e15d75b:572951
Download PDF

Authentication

Use this command to configure the authentication options for the GLB settings of the FQDN.

Before you begin:
  • You must have read-write permission for global load balancing settings.

Syntax

config global-load-balance setting

set auth-type {none|TCP_MD5SIG|auth_verify}

set password <string>

set ca-verify {enable|disable}

set ca-group <datasource>

set intermediate-ca-group <datasource>

end

auth-type

Select the authentication type:

  • none — No password.
  • TCP_MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
  • auth_verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.

password

The password option is available if auth-type is TCP_MD5SIG or auth_verify.

Enter the password to authenticate the key.

This password is used for authentication between the GLB and the server. The same password must be set on both, otherwise the two will not be able to synchronize.

ca-verify

Enable/disable the root CA verification when synchronizing the SLB information to the GSLB server.

ca-group

The ca-group option is available if ca-verify is enabled.

Select a trusted CA group to verify the peer certificate.

intermediate-ca-group

The intermediate-ca-group option is available if ca-verify is enabled.

Select a trusted intermediate CA group to verify the peer certificate.

Example

FortiADC-docs # config global-load-balance setting

FortiADC-docs (setting) # get

password : *

proximity-detect-protocol : icmp

proximity-detect-retry-count : 3

proximity-cache-mask-length : 24

proximity-cache-mask-length6 : 64

proximity-detect-interval : 3

proximity-cache-aging-period : 86400

persistence-mask-length : 24

persistence-mask-length6 : 64

persistence-timeout : 60

set auth-type TCP_MD5SIG

FortiADC-docs (setting) #set password *

FortiADC-docs (setting) # end

Previous
Next

Authentication

Use this command to configure the authentication options for the GLB settings of the FQDN.

Before you begin:
  • You must have read-write permission for global load balancing settings.

Syntax

config global-load-balance setting

set auth-type {none|TCP_MD5SIG|auth_verify}

set password <string>

set ca-verify {enable|disable}

set ca-group <datasource>

set intermediate-ca-group <datasource>

end

auth-type

Select the authentication type:

  • none — No password.
  • TCP_MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
  • auth_verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.

password

The password option is available if auth-type is TCP_MD5SIG or auth_verify.

Enter the password to authenticate the key.

This password is used for authentication between the GLB and the server. The same password must be set on both, otherwise the two will not be able to synchronize.

ca-verify

Enable/disable the root CA verification when synchronizing the SLB information to the GSLB server.

ca-group

The ca-group option is available if ca-verify is enabled.

Select a trusted CA group to verify the peer certificate.

intermediate-ca-group

The intermediate-ca-group option is available if ca-verify is enabled.

Select a trusted intermediate CA group to verify the peer certificate.

Example

FortiADC-docs # config global-load-balance setting

FortiADC-docs (setting) # get

password : *

proximity-detect-protocol : icmp

proximity-detect-retry-count : 3

proximity-cache-mask-length : 24

proximity-cache-mask-length6 : 64

proximity-detect-interval : 3

proximity-cache-aging-period : 86400

persistence-mask-length : 24

persistence-mask-length6 : 64

persistence-timeout : 60

set auth-type TCP_MD5SIG

FortiADC-docs (setting) #set password *

FortiADC-docs (setting) # end

Previous
Next