Fortinet black logo

CLI Reference

config authentication rule

config authentication rule

Configure Authentication Rules.

config authentication rule

Description: Configure Authentication Rules.

edit <name>

set status [enable|disable]

set protocol [http|ftp|...]

set srcaddr <name1>, <name2>, ...

set srcaddr6 <name1>, <name2>, ...

set ip-based [enable|disable]

set active-auth-method {string}

set sso-auth-method {string}

set web-auth-cookie [enable|disable]

set transaction-based [enable|disable]

set web-portal [enable|disable]

set comments {var-string}

next

end

config authentication rule

Parameter name

Description

Type

Size

status

Enable/disable this authentication rule.

option

-

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

protocol

Select the protocol to use for authentication (default = http). Users connect to the FortiGate using this protocol and are asked to authenticate.

option

-

Option

Description

http

Use HTTP for authentication.

ftp

Use FTP for authentication.

socks

Use SOCKS for authentication.

ssh

Use SSH for authentication.

srcaddr <name>

Select an IPv4 source address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

srcaddr6 <name>

Select an IPv6 source address. Required for web proxy authentication.

Address name.

string

Maximum length: 79

ip-based

Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

option

-

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

active-auth-method

Select an active authentication method.

string

Maximum length: 35

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

web-auth-cookie

Enable/disable Web authentication cookies (default = disable).

option

-

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

transaction-based

Enable/disable transaction based authentication (default = disable).

option

-

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-portal

Enable/disable web portal for proxy transparent policy (default = enable).

option

-

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

comments

Comment.

var-string

Maximum length: 1023

config authentication rule

Configure Authentication Rules.

config authentication rule

Description: Configure Authentication Rules.

edit <name>

set status [enable|disable]

set protocol [http|ftp|...]

set srcaddr <name1>, <name2>, ...

set srcaddr6 <name1>, <name2>, ...

set ip-based [enable|disable]

set active-auth-method {string}

set sso-auth-method {string}

set web-auth-cookie [enable|disable]

set transaction-based [enable|disable]

set web-portal [enable|disable]

set comments {var-string}

next

end

config authentication rule

Parameter name

Description

Type

Size

status

Enable/disable this authentication rule.

option

-

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

protocol

Select the protocol to use for authentication (default = http). Users connect to the FortiGate using this protocol and are asked to authenticate.

option

-

Option

Description

http

Use HTTP for authentication.

ftp

Use FTP for authentication.

socks

Use SOCKS for authentication.

ssh

Use SSH for authentication.

srcaddr <name>

Select an IPv4 source address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

srcaddr6 <name>

Select an IPv6 source address. Required for web proxy authentication.

Address name.

string

Maximum length: 79

ip-based

Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

option

-

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

active-auth-method

Select an active authentication method.

string

Maximum length: 35

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

web-auth-cookie

Enable/disable Web authentication cookies (default = disable).

option

-

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

transaction-based

Enable/disable transaction based authentication (default = disable).

option

-

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-portal

Enable/disable web portal for proxy transparent policy (default = enable).

option

-

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

comments

Comment.

var-string

Maximum length: 1023