user ntlm-user

Use this command to configure user accounts that will authenticate with the FortiWeb appliance via an NT LAN Manager (NTLM) server.

NTLM queries can be made to a Microsoft Windows or Active Directory server that has been configured for NTLM authentication. Both NTLM v1 and NTLM v2 versions of the protocol are supported.

NTLM user queries are used by the HTTP authentication feature to authorize HTTP requests. For details, see the FortiWeb Administration Guide:

To incorporate NTLM user account queries, add them to a user group that is selected within an authentication rule, which is in turn selected within an authentication policy. For details, see user user-group.

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.


config user ntlm-user

edit "<ntlm-query_name>"

set port <port_int>

set server "<ntlm_ipv4>"



Variable Description Default


Enter the name of the NTLM user query. The maximum length is 63 characters.

To display the list of existing queries, enter:

edit ?

No default.

port <port_int>

Enter the port number where the NTLM server listens. The valid range is 1–65535. 445

server "<ntlm_ipv4>"

Enter the IP address of the NTLM server. No default.


This example configures an NTLM query connection to a server at on port 445.

config user ntlm-user

edit "ntlm-user1"

set server ""

set port 445



Related topics