Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.11
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set comments {var-string}
        set ip-based [enable|disable]
        set name {string}
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    Default

    active-auth-method

    Select an active authentication method.

    string

    Not Specified

    comments

    Comment.

    var-string

    Not Specified

    ip-based

    Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

    option

    -

    enable

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    name

    Authentication rule name.

    string

    Not Specified

    protocol

    Authentication is required for the selected protocol.

    option

    -

    http

    Option

    Description

    http

    HTTP traffic is matched and authentication is required.

    ftp

    FTP traffic is matched and authentication is required.

    socks

    SOCKS traffic is matched and authentication is required.

    ssh

    SSH traffic is matched and authentication is required.

    srcaddr <name>

    Authentication is required for the selected IPv4 source address.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Authentication is required for the selected IPv6 source address.

    Address name.

    string

    Maximum length: 79

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Not Specified

    status

    Enable/disable this authentication rule.

    option

    -

    enable

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    transaction-based

    Enable/disable transaction based authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-auth-cookie

    Enable/disable Web authentication cookies.

    option

    -

    disable

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    web-portal

    Enable/disable web portal for proxy transparent policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.
    Previous
    Next

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set comments {var-string}
        set ip-based [enable|disable]
        set name {string}
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    Default

    active-auth-method

    Select an active authentication method.

    string

    Not Specified

    comments

    Comment.

    var-string

    Not Specified

    ip-based

    Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

    option

    -

    enable

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    name

    Authentication rule name.

    string

    Not Specified

    protocol

    Authentication is required for the selected protocol.

    option

    -

    http

    Option

    Description

    http

    HTTP traffic is matched and authentication is required.

    ftp

    FTP traffic is matched and authentication is required.

    socks

    SOCKS traffic is matched and authentication is required.

    ssh

    SSH traffic is matched and authentication is required.

    srcaddr <name>

    Authentication is required for the selected IPv4 source address.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Authentication is required for the selected IPv6 source address.

    Address name.

    string

    Maximum length: 79

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Not Specified

    status

    Enable/disable this authentication rule.

    option

    -

    enable

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    transaction-based

    Enable/disable transaction based authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-auth-cookie

    Enable/disable Web authentication cookies.

    option

    -

    disable

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    web-portal

    Enable/disable web portal for proxy transparent policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.
    Previous
    Next