Fortinet black logo

CLI Reference

config authentication rule

config authentication rule

Configure Authentication Rules.

config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set comments {var-string}
        set dstaddr <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set ip-based [enable|disable]
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set srcintf <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

config authentication rule

Parameter

Description

Type

Size

Default

active-auth-method

Select an active authentication method.

string

Maximum length: 35

comments

Comment.

var-string

Maximum length: 1023

dstaddr <name>

Select an IPv4 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

dstaddr6 <name>

Select an IPv6 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

ip-based

Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

option

-

enable

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

name

Authentication rule name.

string

Maximum length: 35

protocol

Authentication is required for the selected protocol.

option

-

http

Option

Description

http

HTTP traffic is matched and authentication is required.

ftp

FTP traffic is matched and authentication is required.

socks

SOCKS traffic is matched and authentication is required.

ssh

SSH traffic is matched and authentication is required.

srcaddr <name>

Authentication is required for the selected IPv4 source address.

Address name.

string

Maximum length: 79

srcaddr6 <name>

Authentication is required for the selected IPv6 source address.

Address name.

string

Maximum length: 79

srcintf <name>

Incoming (ingress) interface.

Interface name.

string

Maximum length: 79

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

status

Enable/disable this authentication rule.

option

-

enable

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

transaction-based

Enable/disable transaction based authentication.

option

-

disable

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-auth-cookie

Enable/disable Web authentication cookies.

option

-

disable

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

web-portal

Enable/disable web portal for proxy transparent policy.

option

-

enable

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

config authentication rule

Configure Authentication Rules.

config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set comments {var-string}
        set dstaddr <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set ip-based [enable|disable]
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set srcintf <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

config authentication rule

Parameter

Description

Type

Size

Default

active-auth-method

Select an active authentication method.

string

Maximum length: 35

comments

Comment.

var-string

Maximum length: 1023

dstaddr <name>

Select an IPv4 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

dstaddr6 <name>

Select an IPv6 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

ip-based

Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

option

-

enable

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

name

Authentication rule name.

string

Maximum length: 35

protocol

Authentication is required for the selected protocol.

option

-

http

Option

Description

http

HTTP traffic is matched and authentication is required.

ftp

FTP traffic is matched and authentication is required.

socks

SOCKS traffic is matched and authentication is required.

ssh

SSH traffic is matched and authentication is required.

srcaddr <name>

Authentication is required for the selected IPv4 source address.

Address name.

string

Maximum length: 79

srcaddr6 <name>

Authentication is required for the selected IPv6 source address.

Address name.

string

Maximum length: 79

srcintf <name>

Incoming (ingress) interface.

Interface name.

string

Maximum length: 79

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

status

Enable/disable this authentication rule.

option

-

enable

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

transaction-based

Enable/disable transaction based authentication.

option

-

disable

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-auth-cookie

Enable/disable Web authentication cookies.

option

-

disable

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

web-portal

Enable/disable web portal for proxy transparent policy.

option

-

enable

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.