Select the authentication type:

• none — No password.
• TCP_MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
• auth_verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.

The password option is available if auth-type is TCP_MD5SIG or auth_verify.

Enter the password to authenticate the key.

This password is used for authentication between the GLB and the server. The same password must be set on both, otherwise the two will not be able to synchronize.

Enable or disable the use of a user-uploaded certificate for SLB authentication. Enable this option if you want the SLB to present a certificate signed by your corporate CA or another trusted issuer during TLS handshakes with the GLB. When disabled, FortiADC uses the built-in default certificate.

This is disabled by default.

The cert option is available if user-defined-certificate is enabled.

Select the uploaded certificate that the SLB presents to the GLB. The selected certificate must already be imported into FortiADC. In VDOM deployments, only certificates within the same VDOM are available.

Enable/disable the root CA verification when synchronizing the SLB information to the GSLB server.

The ca-group option is available if ca-verify is enabled.

Select a trusted CA group to verify the peer certificate.