Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.1 Administration Guide
    7.4.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Authentication settings

    Authentication settings

    You can configure general authentication settings, including timeout, protocol support, and certificates.

    Note

    You cannot customize FTP and Telnet authentication replacement messages.
    To configure authentication settings using the GUI:
    1. Go to User & Authentication > Authentication Settings.
    2. Configure the following settings:

      Setting

      Description

      Authentication Timeout

      Enter the desired timeout in minutes. You can enter a number between 1 and 1440 (24 hours). The authentication timeout controls how long an authenticated connection can be idle before the user must reauthenticate. The default value is 5.

      Protocol Support

      Select the protocols to challenge during firewall user authentication.

      When you enable user authentication within a security policy, the authentication challenge is normally issued for any of four protocols, depending on the connection protocol:

      • HTTP (you can set this to redirect to HTTPS)
      • HTTPS
      • FTP
      • Telnet

      The protocols selected here control which protocols support the authentication challenge. Users must connect with a supported protocol first so they can subsequently connect with other protocols. If HTTPS is selected as a protocol support method, it allows the user to authenticate with a customized local certificate.

      When you enable user authentication within a security policy, FortiOS challenges the security policy user to authenticate. For user ID and password authentication, the user must provide their username and password. For certificate authentication (HTTPS or HTTP redirected to HTTPS only), you can install customized certificates on the unit and the user can also install customized certificates on their browser. Otherwise, users see a warning message and must accept a default Fortinet certificate. The network user's web browser may deem the default certificate invalid.

      Certificate

      If using HTTPS protocol support, select the local certificate to use for authentication. This is available only if HTTPS and/or Redirect HTTP Challenge to a Secure Channel (HTTPS) are selected.

    To configure authentication settings using the CLI:

    config user setting

    set auth-timeout 5

    set auth-type ftp http https telnet

    set auth-cert Fortinet_Factory

    end

    Previous
    Next

    Authentication settings

    Authentication settings

    You can configure general authentication settings, including timeout, protocol support, and certificates.

    Note

    You cannot customize FTP and Telnet authentication replacement messages.
    To configure authentication settings using the GUI:
    1. Go to User & Authentication > Authentication Settings.
    2. Configure the following settings:

      Setting

      Description

      Authentication Timeout

      Enter the desired timeout in minutes. You can enter a number between 1 and 1440 (24 hours). The authentication timeout controls how long an authenticated connection can be idle before the user must reauthenticate. The default value is 5.

      Protocol Support

      Select the protocols to challenge during firewall user authentication.

      When you enable user authentication within a security policy, the authentication challenge is normally issued for any of four protocols, depending on the connection protocol:

      • HTTP (you can set this to redirect to HTTPS)
      • HTTPS
      • FTP
      • Telnet

      The protocols selected here control which protocols support the authentication challenge. Users must connect with a supported protocol first so they can subsequently connect with other protocols. If HTTPS is selected as a protocol support method, it allows the user to authenticate with a customized local certificate.

      When you enable user authentication within a security policy, FortiOS challenges the security policy user to authenticate. For user ID and password authentication, the user must provide their username and password. For certificate authentication (HTTPS or HTTP redirected to HTTPS only), you can install customized certificates on the unit and the user can also install customized certificates on their browser. Otherwise, users see a warning message and must accept a default Fortinet certificate. The network user's web browser may deem the default certificate invalid.

      Certificate

      If using HTTPS protocol support, select the local certificate to use for authentication. This is available only if HTTPS and/or Redirect HTTP Challenge to a Secure Channel (HTTPS) are selected.

    To configure authentication settings using the CLI:

    config user setting

    set auth-timeout 5

    set auth-type ftp http https telnet

    set auth-cert Fortinet_Factory

    end

    Previous
    Next