Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    6.2.16
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set comments {var-string}
        set ip-based [enable|disable]
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    comments

    Comment.

    var-string

    Maximum length: 1023

    ip-based

    Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

    option

    -

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    name

    Authentication rule name.

    string

    Maximum length: 35

    protocol

    Select the protocol to use for authentication (default = http). Users connect to the FortiGate using this protocol and are asked to authenticate.

    option

    -

    Option

    Description

    http

    Use HTTP for authentication.

    ftp

    Use FTP for authentication.

    socks

    Use SOCKS for authentication.

    ssh

    Use SSH for authentication.

    srcaddr <name>

    Select an IPv4 source address from available options. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Select an IPv6 source address. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    status

    Enable/disable this authentication rule.

    option

    -

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    transaction-based

    Enable/disable transaction based authentication (default = disable).

    option

    -

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-auth-cookie

    Enable/disable Web authentication cookies (default = disable).

    option

    -

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    web-portal

    Enable/disable web portal for proxy transparent policy (default = enable).

    option

    -

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.
    Previous
    Next

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set comments {var-string}
        set ip-based [enable|disable]
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    comments

    Comment.

    var-string

    Maximum length: 1023

    ip-based

    Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

    option

    -

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    name

    Authentication rule name.

    string

    Maximum length: 35

    protocol

    Select the protocol to use for authentication (default = http). Users connect to the FortiGate using this protocol and are asked to authenticate.

    option

    -

    Option

    Description

    http

    Use HTTP for authentication.

    ftp

    Use FTP for authentication.

    socks

    Use SOCKS for authentication.

    ssh

    Use SSH for authentication.

    srcaddr <name>

    Select an IPv4 source address from available options. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Select an IPv6 source address. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    status

    Enable/disable this authentication rule.

    option

    -

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    transaction-based

    Enable/disable transaction based authentication (default = disable).

    option

    -

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-auth-cookie

    Enable/disable Web authentication cookies (default = disable).

    option

    -

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    web-portal

    Enable/disable web portal for proxy transparent policy (default = enable).

    option

    -

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.
    Previous
    Next