Fortinet black logo

Explicit Proxy Authentication Configuration

Copy Link
Copy Doc ID 97ad1787-8bb4-11e9-81a4-00505692583a:866033
Download PDF

Explicit Proxy Authentication Configuration

In FortiManager 6.2.0, proxy authentication could only be configured per-device (in Device Manager), under the CLI Only section. In 6.2.1, this is now available in the Policy & Object database.

To configure explicit proxy authentication:
  1. Go to Policy & Objects > Object Configurations > User & Device > LDAP Server / RADIUS Server.

  2. Go to Policy & Objects > Object Configurations > CLI Only Objects. Click user.
    • Click domain-controller. Create a new object with the servers created in step 1.

    • Click krb-keytab. Create a new object with the servers created in step 1.

  3. Go to Policy & Objects > Object Configurations > Fabric Connectors > SSO/Identity. Create different kinds of connectors and an RSSO_Agent.

  4. Go to Policy & Objects > Object Configurations > Authentication Scheme. Create different kinds of schemes with multiple combinations and objects created in step 1, 2 , and 3.

  5. Go to Policy & Objects > Policy Packages > Authentication Rules. Create different kinds of authentication rules and one implicit rule (authentication setting in CLI) with scheme objects created in 4.

    • Authentication Rules:

    • Implicit Authentication Rule (Authentication Setting):

  6. Install the policy package to the FortiGate device. This will install authentication settings, rules, and objects to the FortiGate device.

Explicit Proxy Authentication Configuration

In FortiManager 6.2.0, proxy authentication could only be configured per-device (in Device Manager), under the CLI Only section. In 6.2.1, this is now available in the Policy & Object database.

To configure explicit proxy authentication:
  1. Go to Policy & Objects > Object Configurations > User & Device > LDAP Server / RADIUS Server.

  2. Go to Policy & Objects > Object Configurations > CLI Only Objects. Click user.
    • Click domain-controller. Create a new object with the servers created in step 1.

    • Click krb-keytab. Create a new object with the servers created in step 1.

  3. Go to Policy & Objects > Object Configurations > Fabric Connectors > SSO/Identity. Create different kinds of connectors and an RSSO_Agent.

  4. Go to Policy & Objects > Object Configurations > Authentication Scheme. Create different kinds of schemes with multiple combinations and objects created in step 1, 2 , and 3.

  5. Go to Policy & Objects > Policy Packages > Authentication Rules. Create different kinds of authentication rules and one implicit rule (authentication setting in CLI) with scheme objects created in 4.

    • Authentication Rules:

    • Implicit Authentication Rule (Authentication Setting):

  6. Install the policy package to the FortiGate device. This will install authentication settings, rules, and objects to the FortiGate device.