Fortinet white logo
Fortinet white logo

CLI Reference

config authentication setting

config authentication setting

Configure authentication setting.

config authentication setting
    Description: Configure authentication setting.
    set active-auth-scheme {string}
    set sso-auth-scheme {string}
    set update-time {user}
    set persistent-cookie [enable|disable]
    set ip-auth-cookie [enable|disable]
    set cookie-max-age {integer}
    set cookie-refresh-div {integer}
    set captive-portal-type [fqdn|ip]
    set captive-portal-ip {ipv4-address-any}
    set captive-portal-ip6 {ipv6-address}
    set captive-portal {string}
    set captive-portal6 {string}
    set cert-auth [enable|disable]
    set cert-captive-portal {string}
    set cert-captive-portal-ip {ipv4-address-any}
    set cert-captive-portal-port {integer}
    set captive-portal-port {integer}
    set auth-https [enable|disable]
    set captive-portal-ssl-port {integer}
    set user-cert-ca <name1>, <name2>, ...
    set dev-range <name1>, <name2>, ...
    set log-auth-request [enable|disable]
end

config authentication setting

Parameter

Description

Type

Size

Default

active-auth-scheme

Active authentication method (scheme name).

string

Maximum length: 35

sso-auth-scheme

Single-Sign-On authentication method (scheme name).

string

Maximum length: 35

update-time

Time of the last update.

user

Not Specified

persistent-cookie

Enable/disable persistent cookie on web portal authentication.

option

-

enable

Option

Description

enable

Enable persistent cookie.

disable

Disable persistent cookie.

ip-auth-cookie

Enable/disable persistent cookie on IP based web portal authentication.

option

-

disable

Option

Description

enable

Enable persistent cookie for IP-based authentication.

disable

Disable persistent cookie for IP-based authentication.

cookie-max-age

Persistent web portal cookie maximum age in minutes.

integer

Minimum value: 30 Maximum value: 10080

480

cookie-refresh-div

Refresh rate divider of persistent web portal cookie. Refresh value = cookie-max-age/cookie-refresh-div.

integer

Minimum value: 2 Maximum value: 4

2

captive-portal-type

Captive portal type.

option

-

fqdn

Option

Description

fqdn

Use FQDN for captive portal.

ip

Use an IP address for captive portal.

captive-portal-ip

Captive portal IP address.

ipv4-address-any

Not Specified

0.0.0.0

captive-portal-ip6

Captive portal IPv6 address.

ipv6-address

Not Specified

::

captive-portal

Captive portal host name.

string

Maximum length: 255

captive-portal6

IPv6 captive portal host name.

string

Maximum length: 255

cert-auth

Enable/disable redirecting certificate authentication to HTTPS portal.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

cert-captive-portal

Certificate captive portal host name.

string

Maximum length: 255

cert-captive-portal-ip

Certificate captive portal IP address.

ipv4-address-any

Not Specified

0.0.0.0

cert-captive-portal-port

Certificate captive portal port number.

integer

Minimum value: 1 Maximum value: 65535

7832

captive-portal-port

Captive portal port number.

integer

Minimum value: 1 Maximum value: 65535

7830

auth-https

Enable/disable redirecting HTTP user authentication to HTTPS.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

captive-portal-ssl-port

Captive portal SSL port number.

integer

Minimum value: 1 Maximum value: 65535

7831

user-cert-ca <name>

CA certificate used for client certificate verification.

CA certificate list.

string

Maximum length: 79

dev-range <name>

Address range for the IP based device query.

Address name.

string

Maximum length: 79

log-auth-request

Enable/disable to log authentication request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

config authentication setting

config authentication setting

Configure authentication setting.

config authentication setting
    Description: Configure authentication setting.
    set active-auth-scheme {string}
    set sso-auth-scheme {string}
    set update-time {user}
    set persistent-cookie [enable|disable]
    set ip-auth-cookie [enable|disable]
    set cookie-max-age {integer}
    set cookie-refresh-div {integer}
    set captive-portal-type [fqdn|ip]
    set captive-portal-ip {ipv4-address-any}
    set captive-portal-ip6 {ipv6-address}
    set captive-portal {string}
    set captive-portal6 {string}
    set cert-auth [enable|disable]
    set cert-captive-portal {string}
    set cert-captive-portal-ip {ipv4-address-any}
    set cert-captive-portal-port {integer}
    set captive-portal-port {integer}
    set auth-https [enable|disable]
    set captive-portal-ssl-port {integer}
    set user-cert-ca <name1>, <name2>, ...
    set dev-range <name1>, <name2>, ...
    set log-auth-request [enable|disable]
end

config authentication setting

Parameter

Description

Type

Size

Default

active-auth-scheme

Active authentication method (scheme name).

string

Maximum length: 35

sso-auth-scheme

Single-Sign-On authentication method (scheme name).

string

Maximum length: 35

update-time

Time of the last update.

user

Not Specified

persistent-cookie

Enable/disable persistent cookie on web portal authentication.

option

-

enable

Option

Description

enable

Enable persistent cookie.

disable

Disable persistent cookie.

ip-auth-cookie

Enable/disable persistent cookie on IP based web portal authentication.

option

-

disable

Option

Description

enable

Enable persistent cookie for IP-based authentication.

disable

Disable persistent cookie for IP-based authentication.

cookie-max-age

Persistent web portal cookie maximum age in minutes.

integer

Minimum value: 30 Maximum value: 10080

480

cookie-refresh-div

Refresh rate divider of persistent web portal cookie. Refresh value = cookie-max-age/cookie-refresh-div.

integer

Minimum value: 2 Maximum value: 4

2

captive-portal-type

Captive portal type.

option

-

fqdn

Option

Description

fqdn

Use FQDN for captive portal.

ip

Use an IP address for captive portal.

captive-portal-ip

Captive portal IP address.

ipv4-address-any

Not Specified

0.0.0.0

captive-portal-ip6

Captive portal IPv6 address.

ipv6-address

Not Specified

::

captive-portal

Captive portal host name.

string

Maximum length: 255

captive-portal6

IPv6 captive portal host name.

string

Maximum length: 255

cert-auth

Enable/disable redirecting certificate authentication to HTTPS portal.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

cert-captive-portal

Certificate captive portal host name.

string

Maximum length: 255

cert-captive-portal-ip

Certificate captive portal IP address.

ipv4-address-any

Not Specified

0.0.0.0

cert-captive-portal-port

Certificate captive portal port number.

integer

Minimum value: 1 Maximum value: 65535

7832

captive-portal-port

Captive portal port number.

integer

Minimum value: 1 Maximum value: 65535

7830

auth-https

Enable/disable redirecting HTTP user authentication to HTTPS.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

captive-portal-ssl-port

Captive portal SSL port number.

integer

Minimum value: 1 Maximum value: 65535

7831

user-cert-ca <name>

CA certificate used for client certificate verification.

CA certificate list.

string

Maximum length: 79

dev-range <name>

Address range for the IP based device query.

Address name.

string

Maximum length: 79

log-auth-request

Enable/disable to log authentication request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.