Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.2.9
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user setting

    config user setting

    Configure user authentication setting.

    config user setting

    Description: Configure user authentication setting.

    set auth-type {option1}, {option2}, ...

    set auth-cert {string}

    set auth-ca-cert {string}

    set auth-secure-http [enable|disable]

    set auth-http-basic [enable|disable]

    set auth-ssl-allow-renegotiation [enable|disable]

    set auth-src-mac [enable|disable]

    set auth-on-demand [always|implicitly]

    set auth-timeout {integer}

    set auth-timeout-type [idle-timeout|hard-timeout|...]

    set auth-portal-timeout {integer}

    set radius-ses-timeout-act [hard-timeout|ignore-timeout]

    set auth-blackout-time {integer}

    set auth-invalid-max {integer}

    set auth-lockout-threshold {integer}

    set auth-lockout-duration {integer}

    set per-policy-disclaimer [enable|disable]

    config auth-ports

    Description: Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET.

    edit <id>

    set type [http|https|...]

    set port {integer}

    next

    end

    set auth-ssl-min-proto-version [default|SSLv3|...]

    end

    config user setting

    Parameter

    Description

    Type

    Size

    auth-type

    Supported firewall policy authentication protocols/methods.

    option

    -

    Option

    Description

    http

    Allow HTTP authentication.

    https

    Allow HTTPS authentication.

    ftp

    Allow FTP authentication.

    telnet

    Allow TELNET authentication.

    auth-cert

    HTTPS server certificate for policy authentication.

    string

    Maximum length: 35

    auth-ca-cert

    HTTPS CA certificate for policy authentication.

    string

    Maximum length: 35

    auth-secure-http

    Enable/disable redirecting HTTP user authentication to more secure HTTPS.

    option

    -

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    auth-http-basic

    Enable/disable use of HTTP basic authentication for identity-based firewall policies.

    option

    -

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    auth-ssl-allow-renegotiation

    Allow/forbid SSL re-negotiation for HTTPS authentication.

    option

    -

    Option

    Description

    enable

    Allow SSL re-negotiation.

    disable

    Forbid SSL re-negotiation.

    auth-src-mac

    Enable/disable source MAC for user identity.

    option

    -

    Option

    Description

    enable

    Enable source MAC for user identity.

    disable

    Disable source MAC for user identity.

    auth-on-demand

    Always/implicitly trigger firewall authentication on demand.

    option

    -

    Option

    Description

    always

    Always trigger firewall authentication on demand.

    implicitly

    Implicitly trigger firewall authentication on demand.

    auth-timeout

    Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.

    integer

    Minimum value: 1 Maximum value: 1440

    auth-timeout-type

    Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout.

    option

    -

    Option

    Description

    idle-timeout

    Idle timeout.

    hard-timeout

    Hard timeout.

    new-session

    New session timeout.

    auth-portal-timeout

    Time in minutes before captive portal user have to re-authenticate .

    integer

    Minimum value: 1 Maximum value: 30

    radius-ses-timeout-act

    Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts.

    option

    -

    Option

    Description

    hard-timeout

    Use session timeout from RADIUS as hard-timeout.

    ignore-timeout

    Ignore session timeout from RADIUS.

    auth-blackout-time

    Time in seconds an IP address is denied access after failing to authenticate five times within one minute.

    integer

    Minimum value: 0 Maximum value: 3600

    auth-invalid-max

    Maximum number of failed authentication attempts before the user is blocked.

    integer

    Minimum value: 1 Maximum value: 100

    auth-lockout-threshold

    Maximum number of failed login attempts before login lockout is triggered.

    integer

    Minimum value: 1 Maximum value: 10

    auth-lockout-duration

    Lockout period in seconds after too many login failures.

    integer

    Minimum value: 0 Maximum value: 4294967295

    per-policy-disclaimer

    Enable/disable per policy disclaimer.

    option

    -

    Option

    Description

    enable

    Enable per policy disclaimer.

    disable

    Disable per policy disclaimer.

    auth-ssl-min-proto-version

    Minimum supported protocol version for SSL/TLS connections .

    option

    -

    Option

    Description

    default

    Follow system global setting.

    SSLv3

    SSLv3.

    TLSv1

    TLSv1.

    TLSv1-1

    TLSv1.1.

    TLSv1-2

    TLSv1.2.

    config auth-ports

    Parameter

    Description

    Type

    Size

    type

    Service type.

    option

    -

    Option

    Description

    http

    HTTP service.

    https

    HTTPS service.

    ftp

    FTP service.

    telnet

    TELNET service.

    port

    Non-standard port for firewall user authentication.

    integer

    Minimum value: 1 Maximum value: 65535
    Previous
    Next

    config user setting

    config user setting

    Configure user authentication setting.

    config user setting

    Description: Configure user authentication setting.

    set auth-type {option1}, {option2}, ...

    set auth-cert {string}

    set auth-ca-cert {string}

    set auth-secure-http [enable|disable]

    set auth-http-basic [enable|disable]

    set auth-ssl-allow-renegotiation [enable|disable]

    set auth-src-mac [enable|disable]

    set auth-on-demand [always|implicitly]

    set auth-timeout {integer}

    set auth-timeout-type [idle-timeout|hard-timeout|...]

    set auth-portal-timeout {integer}

    set radius-ses-timeout-act [hard-timeout|ignore-timeout]

    set auth-blackout-time {integer}

    set auth-invalid-max {integer}

    set auth-lockout-threshold {integer}

    set auth-lockout-duration {integer}

    set per-policy-disclaimer [enable|disable]

    config auth-ports

    Description: Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET.

    edit <id>

    set type [http|https|...]

    set port {integer}

    next

    end

    set auth-ssl-min-proto-version [default|SSLv3|...]

    end

    config user setting

    Parameter

    Description

    Type

    Size

    auth-type

    Supported firewall policy authentication protocols/methods.

    option

    -

    Option

    Description

    http

    Allow HTTP authentication.

    https

    Allow HTTPS authentication.

    ftp

    Allow FTP authentication.

    telnet

    Allow TELNET authentication.

    auth-cert

    HTTPS server certificate for policy authentication.

    string

    Maximum length: 35

    auth-ca-cert

    HTTPS CA certificate for policy authentication.

    string

    Maximum length: 35

    auth-secure-http

    Enable/disable redirecting HTTP user authentication to more secure HTTPS.

    option

    -

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    auth-http-basic

    Enable/disable use of HTTP basic authentication for identity-based firewall policies.

    option

    -

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    auth-ssl-allow-renegotiation

    Allow/forbid SSL re-negotiation for HTTPS authentication.

    option

    -

    Option

    Description

    enable

    Allow SSL re-negotiation.

    disable

    Forbid SSL re-negotiation.

    auth-src-mac

    Enable/disable source MAC for user identity.

    option

    -

    Option

    Description

    enable

    Enable source MAC for user identity.

    disable

    Disable source MAC for user identity.

    auth-on-demand

    Always/implicitly trigger firewall authentication on demand.

    option

    -

    Option

    Description

    always

    Always trigger firewall authentication on demand.

    implicitly

    Implicitly trigger firewall authentication on demand.

    auth-timeout

    Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.

    integer

    Minimum value: 1 Maximum value: 1440

    auth-timeout-type

    Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout.

    option

    -

    Option

    Description

    idle-timeout

    Idle timeout.

    hard-timeout

    Hard timeout.

    new-session

    New session timeout.

    auth-portal-timeout

    Time in minutes before captive portal user have to re-authenticate .

    integer

    Minimum value: 1 Maximum value: 30

    radius-ses-timeout-act

    Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts.

    option

    -

    Option

    Description

    hard-timeout

    Use session timeout from RADIUS as hard-timeout.

    ignore-timeout

    Ignore session timeout from RADIUS.

    auth-blackout-time

    Time in seconds an IP address is denied access after failing to authenticate five times within one minute.

    integer

    Minimum value: 0 Maximum value: 3600

    auth-invalid-max

    Maximum number of failed authentication attempts before the user is blocked.

    integer

    Minimum value: 1 Maximum value: 100

    auth-lockout-threshold

    Maximum number of failed login attempts before login lockout is triggered.

    integer

    Minimum value: 1 Maximum value: 10

    auth-lockout-duration

    Lockout period in seconds after too many login failures.

    integer

    Minimum value: 0 Maximum value: 4294967295

    per-policy-disclaimer

    Enable/disable per policy disclaimer.

    option

    -

    Option

    Description

    enable

    Enable per policy disclaimer.

    disable

    Disable per policy disclaimer.

    auth-ssl-min-proto-version

    Minimum supported protocol version for SSL/TLS connections .

    option

    -

    Option

    Description

    default

    Follow system global setting.

    SSLv3

    SSLv3.

    TLSv1

    TLSv1.

    TLSv1-1

    TLSv1.1.

    TLSv1-2

    TLSv1.2.

    config auth-ports

    Parameter

    Description

    Type

    Size

    type

    Service type.

    option

    -

    Option

    Description

    http

    HTTP service.

    https

    HTTPS service.

    ftp

    FTP service.

    telnet

    TELNET service.

    port

    Non-standard port for firewall user authentication.

    integer

    Minimum value: 1 Maximum value: 65535
    Previous
    Next