Fortinet black logo

Cookbook

Authentication Settings

Copy Link
Copy Doc ID 4e2e9371-e0d6-11ea-96b9-00505692583a:709376
Download PDF

Authentication Settings

You can configure general authentication settings, including timeout, protocol support, and certificates.

Note

You cannot customize FTP and Telnet authentication replacement messages.

To configure authentication settings using the GUI:
  1. Go to User & Device > Authentication Settings.
  2. Configure the following settings:

    Setting

    Description

    Authentication Timeout

    Enter the desired timeout in minutes. You can enter a number between 1 and 1440 (24 hours). The authentication timeout controls how long an authenticated connection can be idle before the user must reauthenticate. The default value is 5.

    Protocol Support

    Select the protocols to challenge during firewall user authentication.

    When you enable user authentication within a security policy, the authentication challenge is normally issued for any of four protocols, depending on the connection protocol:

    • HTTP (you can set this to redirect to HTTPS)
    • HTTPS
    • FTP
    • Telnet

    The protocols selected here control which protocols support the authentication challenge. Users must connect with a supported protocol first so they can subsequently connect with other protocols. If HTTPS is selected as a protocol support method, it allows the user to authenticate with a customized local certificate.

    When you enable user authentication within a security policy, FortiOS challenges the security policy user to authenticate. For user ID and password authentication, the user must provide their username and password. For certificate authentication (HTTPS or HTTP redirected to HTTPS only), you can install customized certificates on the unit and the user can also install customized certificates on their browser. Otherwise, users see a warning message and must accept a default Fortinet certificate. The network user's web browser may deem the default certificate invalid.

    Certificate

    If using HTTPS protocol support, select the local certificate to use for authentication. This is available only if HTTPS and/or Redirect HTTP Challenge to a Secure Channel (HTTPS) are selected.

To configure authentication settings using the CLI:

config user setting

set auth-timeout 5

set auth-type ftp http https telnet

set auth-cert Fortinet_Factory

end

Authentication Settings

You can configure general authentication settings, including timeout, protocol support, and certificates.

Note

You cannot customize FTP and Telnet authentication replacement messages.

To configure authentication settings using the GUI:
  1. Go to User & Device > Authentication Settings.
  2. Configure the following settings:

    Setting

    Description

    Authentication Timeout

    Enter the desired timeout in minutes. You can enter a number between 1 and 1440 (24 hours). The authentication timeout controls how long an authenticated connection can be idle before the user must reauthenticate. The default value is 5.

    Protocol Support

    Select the protocols to challenge during firewall user authentication.

    When you enable user authentication within a security policy, the authentication challenge is normally issued for any of four protocols, depending on the connection protocol:

    • HTTP (you can set this to redirect to HTTPS)
    • HTTPS
    • FTP
    • Telnet

    The protocols selected here control which protocols support the authentication challenge. Users must connect with a supported protocol first so they can subsequently connect with other protocols. If HTTPS is selected as a protocol support method, it allows the user to authenticate with a customized local certificate.

    When you enable user authentication within a security policy, FortiOS challenges the security policy user to authenticate. For user ID and password authentication, the user must provide their username and password. For certificate authentication (HTTPS or HTTP redirected to HTTPS only), you can install customized certificates on the unit and the user can also install customized certificates on their browser. Otherwise, users see a warning message and must accept a default Fortinet certificate. The network user's web browser may deem the default certificate invalid.

    Certificate

    If using HTTPS protocol support, select the local certificate to use for authentication. This is available only if HTTPS and/or Redirect HTTP Challenge to a Secure Channel (HTTPS) are selected.

To configure authentication settings using the CLI:

config user setting

set auth-timeout 5

set auth-type ftp http https telnet

set auth-cert Fortinet_Factory

end