Fortinet black logo

CLI Reference

authentication rule

Configure Authentication Rules.

  config authentication rule
      Description: Configure Authentication Rules.
      edit <name>
          set status [enable|disable]
          set protocol [http|ftp|...]
          set srcaddr <name1>, <name2>, ...
          set srcaddr6 <name1>, <name2>, ...
          set ip-based [enable|disable]
          set active-auth-method {string}
          set sso-auth-method {string}
          set web-auth-cookie [enable|disable]
          set transaction-based [enable|disable]
          set web-portal [enable|disable]
          set comments {var-string}
      next
  end

config authentication rule

Parameter Name Description Type Size
status Enable/disable this authentication rule.
enable: Enable this authentication rule.
disable: Disable this authentication rule.
option -
protocol Authentication is required for the selected protocol (default = HTTP).
http: HTTP traffic is matched and authentication is required.
ftp: FTP traffic is matched and authentication is required.
socks: SOCKS traffic is matched and authentication is required.
ssh: SSH traffic is matched and authentication is required.
option -
srcaddr <name> Authentication is required for the selected IPv4 source address.
Address name.
string Maximum length: 79
srcaddr6 <name> Authentication is required for the selected IPv6 source address.
Address name.
string Maximum length: 79
ip-based Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.
enable: Enable IP-based authentication.
disable: Disable IP-based authentication.
option -
active-auth-method Select an active authentication method. string Maximum length: 35
sso-auth-method Select a single-sign on (SSO) authentication method. string Maximum length: 35
web-auth-cookie Enable/disable Web authentication cookies (default = disable).
enable: Enable Web authentication cookie.
disable: Disable Web authentication cookie.
option -
transaction-based Enable/disable transaction based authentication (default = disable).
enable: Enable transaction based authentication.
disable: Disable transaction based authentication.
option -
web-portal Enable/disable web portal for proxy transparent policy (default = enable).
enable: Enable web-portal.
disable: Disable web-portal.
option -
comments Comment. var-string Maximum length: 1023

Configure Authentication Rules.

  config authentication rule
      Description: Configure Authentication Rules.
      edit <name>
          set status [enable|disable]
          set protocol [http|ftp|...]
          set srcaddr <name1>, <name2>, ...
          set srcaddr6 <name1>, <name2>, ...
          set ip-based [enable|disable]
          set active-auth-method {string}
          set sso-auth-method {string}
          set web-auth-cookie [enable|disable]
          set transaction-based [enable|disable]
          set web-portal [enable|disable]
          set comments {var-string}
      next
  end

config authentication rule

Parameter Name Description Type Size
status Enable/disable this authentication rule.
enable: Enable this authentication rule.
disable: Disable this authentication rule.
option -
protocol Authentication is required for the selected protocol (default = HTTP).
http: HTTP traffic is matched and authentication is required.
ftp: FTP traffic is matched and authentication is required.
socks: SOCKS traffic is matched and authentication is required.
ssh: SSH traffic is matched and authentication is required.
option -
srcaddr <name> Authentication is required for the selected IPv4 source address.
Address name.
string Maximum length: 79
srcaddr6 <name> Authentication is required for the selected IPv6 source address.
Address name.
string Maximum length: 79
ip-based Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.
enable: Enable IP-based authentication.
disable: Disable IP-based authentication.
option -
active-auth-method Select an active authentication method. string Maximum length: 35
sso-auth-method Select a single-sign on (SSO) authentication method. string Maximum length: 35
web-auth-cookie Enable/disable Web authentication cookies (default = disable).
enable: Enable Web authentication cookie.
disable: Disable Web authentication cookie.
option -
transaction-based Enable/disable transaction based authentication (default = disable).
enable: Enable transaction based authentication.
disable: Disable transaction based authentication.
option -
web-portal Enable/disable web portal for proxy transparent policy (default = enable).
enable: Enable web-portal.
disable: Disable web-portal.
option -
comments Comment. var-string Maximum length: 1023