You can configure general authentication settings, including timeout, protocol support, and certificates.
You cannot customize FTP and Telnet authentication replacement messages.
- Go to User & Device > Authentication Settings.
- Configure the following settings:
Enter the desired timeout in minutes. You can enter a number between 1 and 1440 (24 hours). The authentication timeout controls how long an authenticated connection can be idle before the user must reauthenticate. The default value is 5.
Select the protocols to challenge during firewall user authentication.
When you enable user authentication within a security policy, the authentication challenge is normally issued for any of four protocols, depending on the connection protocol:
- HTTP (you can set this to redirect to HTTPS)
The protocols selected here control which protocols support the authentication challenge. Users must connect with a supported protocol first so they can subsequently connect with other protocols. If HTTPS is selected as a protocol support method, it allows the user to authenticate with a customized local certificate.
When you enable user authentication within a security policy, FortiOS challenges the security policy user to authenticate. For user ID and password authentication, the user must provide their username and password. For certificate authentication (HTTPS or HTTP redirected to HTTPS only), you can install customized certificates on the unit and the user can also install customized certificates on their browser. Otherwise, users see a warning message and must accept a default Fortinet certificate. The network user's web browser may deem the default certificate invalid.
If using HTTPS protocol support, select the local certificate to use for authentication. This is available only if HTTPS and/or Redirect HTTP Challenge to a Secure Channel (HTTPS) are selected.
config user setting
set auth-timeout 5
set auth-type ftp http https telnet
set auth-cert Fortinet_Factory