Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.6
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule

    Description: Configure Authentication Rules.

    edit <name>

    set status [enable|disable]

    set protocol [http|ftp|...]

    set srcaddr <name1>, <name2>, ...

    set srcaddr6 <name1>, <name2>, ...

    set ip-based [enable|disable]

    set active-auth-method {string}

    set sso-auth-method {string}

    set web-auth-cookie [enable|disable]

    set transaction-based [enable|disable]

    set web-portal [enable|disable]

    set comments {var-string}

    next

    end

    config authentication rule

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable this authentication rule.

    option

    -

    enable

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    protocol

    Authentication is required for the selected protocol .

    option

    -

    http

    Option

    Description

    http

    HTTP traffic is matched and authentication is required.

    ftp

    FTP traffic is matched and authentication is required.

    socks

    SOCKS traffic is matched and authentication is required.

    ssh

    SSH traffic is matched and authentication is required.

    srcaddr <name>

    Authentication is required for the selected IPv4 source address.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Authentication is required for the selected IPv6 source address.

    Address name.

    string

    Maximum length: 79

    ip-based

    Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

    option

    -

    enable

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    web-auth-cookie

    Enable/disable Web authentication cookies .

    option

    -

    disable

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    transaction-based

    Enable/disable transaction based authentication .

    option

    -

    disable

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-portal

    Enable/disable web portal for proxy transparent policy .

    option

    -

    enable

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.

    comments

    Comment.

    var-string

    Maximum length: 1023

    Previous
    Next

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule

    Description: Configure Authentication Rules.

    edit <name>

    set status [enable|disable]

    set protocol [http|ftp|...]

    set srcaddr <name1>, <name2>, ...

    set srcaddr6 <name1>, <name2>, ...

    set ip-based [enable|disable]

    set active-auth-method {string}

    set sso-auth-method {string}

    set web-auth-cookie [enable|disable]

    set transaction-based [enable|disable]

    set web-portal [enable|disable]

    set comments {var-string}

    next

    end

    config authentication rule

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable this authentication rule.

    option

    -

    enable

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    protocol

    Authentication is required for the selected protocol .

    option

    -

    http

    Option

    Description

    http

    HTTP traffic is matched and authentication is required.

    ftp

    FTP traffic is matched and authentication is required.

    socks

    SOCKS traffic is matched and authentication is required.

    ssh

    SSH traffic is matched and authentication is required.

    srcaddr <name>

    Authentication is required for the selected IPv4 source address.

    Address name.

    string

    Maximum length: 79

    srcaddr6 <name>

    Authentication is required for the selected IPv6 source address.

    Address name.

    string

    Maximum length: 79

    ip-based

    Enable/disable IP-based authentication. When enabled, previously authenticated users from the same IP address will be exempted.

    option

    -

    enable

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    web-auth-cookie

    Enable/disable Web authentication cookies .

    option

    -

    disable

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    transaction-based

    Enable/disable transaction based authentication .

    option

    -

    disable

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-portal

    Enable/disable web portal for proxy transparent policy .

    option

    -

    enable

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.

    comments

    Comment.

    var-string

    Maximum length: 1023

    Previous
    Next