Fortinet white logo
Fortinet white logo

CLI Reference

config authentication rule

config authentication rule

Configure Authentication Rules.

config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set status [enable|disable]
        set protocol [http|ftp|...]
        set web-proxy {string}
        set srcintf <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set dstaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set ip-based [enable|disable]
        set active-auth-method {string}
        set sso-auth-method {string}
        set web-auth-cookie [enable|disable]
        set transaction-based [enable|disable]
        set web-portal [enable|disable]
        set comments {var-string}
    next
end

config authentication rule

Parameter

Description

Type

Size

Default

name

Authentication rule name.

string

Maximum length: 35

status

Enable/disable this authentication rule.

option

-

enable

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

protocol

Authentication is required for the selected protocol.

option

-

http

Option

Description

http

HTTP traffic is matched and authentication is required.

ftp

FTP traffic is matched and authentication is required.

socks

SOCKS traffic is matched and authentication is required.

ssh

SSH traffic is matched and authentication is required.

web-proxy

Web-Proxy profile.

string

Maximum length: 35

srcintf <name>

Incoming (ingress) interface.

Interface name.

string

Maximum length: 79

srcaddr <name>

Authentication is required for the selected IPv4 source address.

Address name.

string

Maximum length: 79

dstaddr <name>

Select an IPv4 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

srcaddr6 <name>

Authentication is required for the selected IPv6 source address.

Address name.

string

Maximum length: 79

dstaddr6 <name>

Select an IPv6 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

ip-based

Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

option

-

enable

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

active-auth-method

Select an active authentication method.

string

Maximum length: 35

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

web-auth-cookie

Enable/disable Web authentication cookies.

option

-

disable

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

transaction-based

Enable/disable transaction based authentication.

option

-

disable

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-portal

Enable/disable web portal for proxy transparent policy.

option

-

enable

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

comments

Comment.

var-string

Maximum length: 1023

config authentication rule

config authentication rule

Configure Authentication Rules.

config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set status [enable|disable]
        set protocol [http|ftp|...]
        set web-proxy {string}
        set srcintf <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set dstaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set ip-based [enable|disable]
        set active-auth-method {string}
        set sso-auth-method {string}
        set web-auth-cookie [enable|disable]
        set transaction-based [enable|disable]
        set web-portal [enable|disable]
        set comments {var-string}
    next
end

config authentication rule

Parameter

Description

Type

Size

Default

name

Authentication rule name.

string

Maximum length: 35

status

Enable/disable this authentication rule.

option

-

enable

Option

Description

enable

Enable this authentication rule.

disable

Disable this authentication rule.

protocol

Authentication is required for the selected protocol.

option

-

http

Option

Description

http

HTTP traffic is matched and authentication is required.

ftp

FTP traffic is matched and authentication is required.

socks

SOCKS traffic is matched and authentication is required.

ssh

SSH traffic is matched and authentication is required.

web-proxy

Web-Proxy profile.

string

Maximum length: 35

srcintf <name>

Incoming (ingress) interface.

Interface name.

string

Maximum length: 79

srcaddr <name>

Authentication is required for the selected IPv4 source address.

Address name.

string

Maximum length: 79

dstaddr <name>

Select an IPv4 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

srcaddr6 <name>

Authentication is required for the selected IPv6 source address.

Address name.

string

Maximum length: 79

dstaddr6 <name>

Select an IPv6 destination address from available options. Required for web proxy authentication.

Address name.

string

Maximum length: 79

ip-based

Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

option

-

enable

Option

Description

enable

Enable IP-based authentication.

disable

Disable IP-based authentication.

active-auth-method

Select an active authentication method.

string

Maximum length: 35

sso-auth-method

Select a single-sign on (SSO) authentication method.

string

Maximum length: 35

web-auth-cookie

Enable/disable Web authentication cookies.

option

-

disable

Option

Description

enable

Enable Web authentication cookie.

disable

Disable Web authentication cookie.

transaction-based

Enable/disable transaction based authentication.

option

-

disable

Option

Description

enable

Enable transaction based authentication.

disable

Disable transaction based authentication.

web-portal

Enable/disable web portal for proxy transparent policy.

option

-

enable

Option

Description

enable

Enable web-portal.

disable

Disable web-portal.

comments

Comment.

var-string

Maximum length: 1023