Fortinet black logo

CLI Reference

authentication rule

Configure Authentication Rules.

  config authentication rule
      Description: Configure Authentication Rules.
      edit <name>
          set status [enable|disable]
          set protocol [http|ftp|...]
          set srcaddr <name1>, <name2>, ...
          set srcaddr6 <name1>, <name2>, ...
          set ip-based [enable|disable]
          set active-auth-method {string}
          set sso-auth-method {string}
          set web-auth-cookie [enable|disable]
          set transaction-based [enable|disable]
          set web-portal [enable|disable]
          set comments {var-string}
      next
  end

config authentication rule

Parameter Name Description Type Size
status Enable/disable this authentication rule.
enable: Enable this authentication rule.
disable: Disable this authentication rule.
option -
protocol Select the protocol to use for authentication (default = http). Users connect to the FortiGate using this protocol and are asked to authenticate.
http: Use HTTP for authentication.
ftp: Use FTP for authentication.
socks: Use SOCKS for authentication.
ssh: Use SSH for authentication.
option -
srcaddr <name> Select an IPv4 source address from available options. Required for web proxy authentication.
Address name.
string Maximum length: 79
srcaddr6 <name> Select an IPv6 source address. Required for web proxy authentication.
Address name.
string Maximum length: 79
ip-based Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.
enable: Enable IP-based authentication.
disable: Disable IP-based authentication.
option -
active-auth-method Select an active authentication method. string Maximum length: 35
sso-auth-method Select a single-sign on (SSO) authentication method. string Maximum length: 35
web-auth-cookie Enable/disable Web authentication cookies (default = disable).
enable: Enable Web authentication cookie.
disable: Disable Web authentication cookie.
option -
transaction-based Enable/disable transaction based authentication (default = disable).
enable: Enable transaction based authentication.
disable: Disable transaction based authentication.
option -
web-portal Enable/disable web portal for proxy transparent policy (default = enable).
enable: Enable web-portal.
disable: Disable web-portal.
option -
comments Comment. var-string Maximum length: 1023

Configure Authentication Rules.

  config authentication rule
      Description: Configure Authentication Rules.
      edit <name>
          set status [enable|disable]
          set protocol [http|ftp|...]
          set srcaddr <name1>, <name2>, ...
          set srcaddr6 <name1>, <name2>, ...
          set ip-based [enable|disable]
          set active-auth-method {string}
          set sso-auth-method {string}
          set web-auth-cookie [enable|disable]
          set transaction-based [enable|disable]
          set web-portal [enable|disable]
          set comments {var-string}
      next
  end

config authentication rule

Parameter Name Description Type Size
status Enable/disable this authentication rule.
enable: Enable this authentication rule.
disable: Disable this authentication rule.
option -
protocol Select the protocol to use for authentication (default = http). Users connect to the FortiGate using this protocol and are asked to authenticate.
http: Use HTTP for authentication.
ftp: Use FTP for authentication.
socks: Use SOCKS for authentication.
ssh: Use SSH for authentication.
option -
srcaddr <name> Select an IPv4 source address from available options. Required for web proxy authentication.
Address name.
string Maximum length: 79
srcaddr6 <name> Select an IPv6 source address. Required for web proxy authentication.
Address name.
string Maximum length: 79
ip-based Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.
enable: Enable IP-based authentication.
disable: Disable IP-based authentication.
option -
active-auth-method Select an active authentication method. string Maximum length: 35
sso-auth-method Select a single-sign on (SSO) authentication method. string Maximum length: 35
web-auth-cookie Enable/disable Web authentication cookies (default = disable).
enable: Enable Web authentication cookie.
disable: Disable Web authentication cookie.
option -
transaction-based Enable/disable transaction based authentication (default = disable).
enable: Enable transaction based authentication.
disable: Disable transaction based authentication.
option -
web-portal Enable/disable web portal for proxy transparent policy (default = enable).
enable: Enable web-portal.
disable: Disable web-portal.
option -
comments Comment. var-string Maximum length: 1023