Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.4.5
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set cert-auth-cookie [enable|disable]
        set comments {var-string}
        set cors-depth {integer}
        set cors-stateful [enable|disable]
        set dstaddr <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set ip-based [enable|disable]
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set srcintf <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    Default

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    cert-auth-cookie

    Enable/disable to use device certificate as authentication cookie.

    option

    -

    enable

    Option

    Description

    enable

    Enable device certificate as authentication cookie.

    disable

    Disable device certificate as authentication cookie.

    comments

    Comment.

    var-string

    Maximum length: 1023

    cors-depth

    Depth to allow CORS access.

    integer

    Minimum value: 1 Maximum value: 8

    3

    cors-stateful

    Enable/disable allowance of CORS access.

    option

    -

    disable

    Option

    Description

    enable

    Enable allowance of CORS access

    disable

    Disable allowance of CORS access

    dstaddr <name>

    Select an IPv4 destination address from available options. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    dstaddr6 <name>

    Select an IPv6 destination address from available options. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    ip-based

    Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

    option

    -

    enable

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    name

    Authentication rule name.

    string

    Maximum length: 35

    protocol

    Authentication is required for the selected protocol.

    option

    -

    http

    Option

    Description

    http

    HTTP traffic is matched and authentication is required.

    ftp

    FTP traffic is matched and authentication is required.

    socks

    SOCKS traffic is matched and authentication is required.

    ssh

    SSH traffic is matched and authentication is required.

    srcaddr <name>

    Authentication is required for the selected IPv4 source address.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Authentication is required for the selected IPv6 source address.

    Address name.

    string

    Maximum length: 79

    srcintf <name>

    Incoming (ingress) interface.

    Interface name.

    string

    Maximum length: 79

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    status

    Enable/disable this authentication rule.

    option

    -

    enable

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    transaction-based

    Enable/disable transaction based authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-auth-cookie

    Enable/disable Web authentication cookies.

    option

    -

    disable

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    web-portal

    Enable/disable web portal for proxy transparent policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.
    Previous
    Next

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set active-auth-method {string}
        set cert-auth-cookie [enable|disable]
        set comments {var-string}
        set cors-depth {integer}
        set cors-stateful [enable|disable]
        set dstaddr <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set ip-based [enable|disable]
        set protocol [http|ftp|...]
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set srcintf <name1>, <name2>, ...
        set sso-auth-method {string}
        set status [enable|disable]
        set transaction-based [enable|disable]
        set web-auth-cookie [enable|disable]
        set web-portal [enable|disable]
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    Default

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    cert-auth-cookie

    Enable/disable to use device certificate as authentication cookie.

    option

    -

    enable

    Option

    Description

    enable

    Enable device certificate as authentication cookie.

    disable

    Disable device certificate as authentication cookie.

    comments

    Comment.

    var-string

    Maximum length: 1023

    cors-depth

    Depth to allow CORS access.

    integer

    Minimum value: 1 Maximum value: 8

    3

    cors-stateful

    Enable/disable allowance of CORS access.

    option

    -

    disable

    Option

    Description

    enable

    Enable allowance of CORS access

    disable

    Disable allowance of CORS access

    dstaddr <name>

    Select an IPv4 destination address from available options. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    dstaddr6 <name>

    Select an IPv6 destination address from available options. Required for web proxy authentication.

    Address name.

    string

    Maximum length: 79

    ip-based

    Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

    option

    -

    enable

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    name

    Authentication rule name.

    string

    Maximum length: 35

    protocol

    Authentication is required for the selected protocol.

    option

    -

    http

    Option

    Description

    http

    HTTP traffic is matched and authentication is required.

    ftp

    FTP traffic is matched and authentication is required.

    socks

    SOCKS traffic is matched and authentication is required.

    ssh

    SSH traffic is matched and authentication is required.

    srcaddr <name>

    Authentication is required for the selected IPv4 source address.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Authentication is required for the selected IPv6 source address.

    Address name.

    string

    Maximum length: 79

    srcintf <name>

    Incoming (ingress) interface.

    Interface name.

    string

    Maximum length: 79

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    status

    Enable/disable this authentication rule.

    option

    -

    enable

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    transaction-based

    Enable/disable transaction based authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-auth-cookie

    Enable/disable Web authentication cookies.

    option

    -

    disable

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    web-portal

    Enable/disable web portal for proxy transparent policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.
    Previous
    Next