Fortinet white logo
Fortinet white logo

CLI Reference

config authentication rule

config authentication rule

Configure Authentication Rules.

config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set status [enable|disable]
        set protocol [http|ftp|...]
        set web-proxy {string}
        config srcintf
            Description: Incoming (ingress) interface.
            edit <name>
            next
        end
        config srcaddr
            Description: Select an IPv4 source address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config dstaddr
            Description: Select an IPv4 destination address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config srcaddr6
            Description: Select an IPv6 source address. Required for web proxy authentication.
            edit <name>
            next
        end
        set ip-based [enable|disable]
        set active-auth-method {string}
        set sso-auth-method {string}
        set web-auth-cookie [enable|disable]
        set transaction-based [enable|disable]
        set web-portal [enable|disable]
        set comments {var-string}
    next
end

config authentication rule

Parameter

Description

Type

Size

name

Authentication rule name.

string

Maximum length: 35

status

Enable/disable this authentication rule.

option

-

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

protocol

Select the protocol to use for authentication. Users connect to the FortiProxy using this protocol and are asked to authenticate.

option

-

Option

Description

http

Use HTTP for authentication.

ftp

Use FTP for authentication.

socks

Use SOCKS for authentication.

ssh

Use SSH for authentication.

web-proxy

Web-Proxy profile.

string

Maximum length: 35

ip-based

Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

option

-

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

active-auth-method

Select an active authentication method.

string

Maximum length: 35

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

web-auth-cookie

Enable/disable Web authentication cookies.

option

-

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

transaction-based

Enable/disable transaction based authentication.

option

-

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-portal

Enable/disable web portal for proxy transparent policy.

option

-

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

comments

Comment.

var-string

Maximum length: 1023

config srcintf

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 64

config srcaddr

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config dstaddr

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config srcaddr6

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config authentication rule

config authentication rule

Configure Authentication Rules.

config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set status [enable|disable]
        set protocol [http|ftp|...]
        set web-proxy {string}
        config srcintf
            Description: Incoming (ingress) interface.
            edit <name>
            next
        end
        config srcaddr
            Description: Select an IPv4 source address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config dstaddr
            Description: Select an IPv4 destination address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config srcaddr6
            Description: Select an IPv6 source address. Required for web proxy authentication.
            edit <name>
            next
        end
        set ip-based [enable|disable]
        set active-auth-method {string}
        set sso-auth-method {string}
        set web-auth-cookie [enable|disable]
        set transaction-based [enable|disable]
        set web-portal [enable|disable]
        set comments {var-string}
    next
end

config authentication rule

Parameter

Description

Type

Size

name

Authentication rule name.

string

Maximum length: 35

status

Enable/disable this authentication rule.

option

-

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

protocol

Select the protocol to use for authentication. Users connect to the FortiProxy using this protocol and are asked to authenticate.

option

-

Option

Description

http

Use HTTP for authentication.

ftp

Use FTP for authentication.

socks

Use SOCKS for authentication.

ssh

Use SSH for authentication.

web-proxy

Web-Proxy profile.

string

Maximum length: 35

ip-based

Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

option

-

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

active-auth-method

Select an active authentication method.

string

Maximum length: 35

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

web-auth-cookie

Enable/disable Web authentication cookies.

option

-

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

transaction-based

Enable/disable transaction based authentication.

option

-

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-portal

Enable/disable web portal for proxy transparent policy.

option

-

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

comments

Comment.

var-string

Maximum length: 1023

config srcintf

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 64

config srcaddr

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config dstaddr

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config srcaddr6

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64