config user setting
Configure user authentication setting.
config user setting
Description: Configure user authentication setting.
set auth-type {option1}, {option2}, ...
set auth-cert {string}
set auth-ca-cert {string}
set auth-secure-http [enable|disable]
set auth-http-basic [enable|disable]
set auth-ssl-allow-renegotiation [enable|disable]
set auth-src-mac [enable|disable]
set auth-on-demand [always|implicitly]
set auth-timeout {integer}
set auth-timeout-type [idle-timeout|hard-timeout|...]
set auth-portal-timeout {integer}
set radius-ses-timeout-act [hard-timeout|ignore-timeout]
set auth-blackout-time {integer}
set auth-invalid-max {integer}
set auth-lockout-threshold {integer}
set auth-lockout-duration {integer}
set per-policy-disclaimer [enable|disable]
config auth-ports
Description: Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET.
edit <id>
set type [http|https|...]
set port {integer}
next
end
set auth-ssl-min-proto-version [default|SSLv3|...]
end
config user setting
Parameter name |
Description |
Type |
Size |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
auth-type |
Supported firewall policy authentication protocols/methods. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-cert |
HTTPS server certificate for policy authentication. |
string |
Maximum length: 35 |
||||||||||||
auth-ca-cert |
HTTPS CA certificate for policy authentication. |
string |
Maximum length: 35 |
||||||||||||
auth-secure-http |
Enable/disable redirecting HTTP user authentication to more secure HTTPS. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-http-basic |
Enable/disable use of HTTP basic authentication for identity-based firewall policies. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-ssl-allow-renegotiation |
Allow/forbid SSL re-negotiation for HTTPS authentication. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-src-mac |
Enable/disable source MAC for user identity. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-on-demand |
Always/implicitly trigger firewall authentication on demand. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-timeout |
Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. |
integer |
Minimum value: 1 Maximum value: 1440 |
||||||||||||
auth-timeout-type |
Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-portal-timeout |
Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min). |
integer |
Minimum value: 1 Maximum value: 30 |
||||||||||||
radius-ses-timeout-act |
Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-blackout-time |
Time in seconds an IP address is denied access after failing to authenticate five times within one minute. |
integer |
Minimum value: 0 Maximum value: 3600 |
||||||||||||
auth-invalid-max |
Maximum number of failed authentication attempts before the user is blocked. |
integer |
Minimum value: 1 Maximum value: 100 |
||||||||||||
auth-lockout-threshold |
Maximum number of failed login attempts before login lockout is triggered. |
integer |
Minimum value: 1 Maximum value: 10 |
||||||||||||
auth-lockout-duration |
Lockout period in seconds after too many login failures. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||||||||
per-policy-disclaimer |
Enable/disable per policy disclaimer. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-ssl-min-proto-version |
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). |
option |
- |
||||||||||||
|
|
Parameter name |
Description |
Type |
Size |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
type |
Service type. |
option |
- |
||||||||||
|
|
||||||||||||
port |
Non-standard port for firewall user authentication. |
integer |
Minimum value: 1 Maximum value: 65535 |