config user setting
Configure user authentication setting.
config user setting Description: Configure user authentication setting. set auth-blackout-time {integer} set auth-ca-cert {string} set auth-cert {string} set auth-http-basic [enable|disable] set auth-invalid-max {integer} set auth-lockout-duration {integer} set auth-lockout-threshold {integer} set auth-on-demand [always|implicitly] set auth-portal-timeout {integer} config auth-ports Description: Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. edit <id> set type [http|https|...] set port {integer} next end set auth-secure-http [enable|disable] set auth-src-mac [enable|disable] set auth-ssl-allow-renegotiation [enable|disable] set auth-ssl-max-proto-version [sslv3|tlsv1|...] set auth-ssl-min-proto-version [default|SSLv3|...] set auth-ssl-sigalgs [no-rsa-pss|all] set auth-timeout {integer} set auth-timeout-type [idle-timeout|hard-timeout|...] set auth-type {option1}, {option2}, ... set per-policy-disclaimer [enable|disable] set radius-ses-timeout-act [hard-timeout|ignore-timeout] end
config user setting
Parameter |
Description |
Type |
Size |
Default |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
auth-blackout-time |
Time in seconds an IP address is denied access after failing to authenticate five times within one minute. |
integer |
Minimum value: 0 Maximum value: 3600 |
0 |
||||||||||||
auth-ca-cert |
HTTPS CA certificate for policy authentication. |
string |
Maximum length: 35 |
|
||||||||||||
auth-cert |
HTTPS server certificate for policy authentication. |
string |
Maximum length: 35 |
|
||||||||||||
auth-http-basic |
Enable/disable use of HTTP basic authentication for identity-based firewall policies. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
auth-invalid-max |
Maximum number of failed authentication attempts before the user is blocked. |
integer |
Minimum value: 1 Maximum value: 100 |
5 |
||||||||||||
auth-lockout-duration |
Lockout period in seconds after too many login failures. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
auth-lockout-threshold |
Maximum number of failed login attempts before login lockout is triggered. |
integer |
Minimum value: 1 Maximum value: 10 |
3 |
||||||||||||
auth-on-demand |
Always/implicitly trigger firewall authentication on demand. |
option |
- |
implicitly |
||||||||||||
|
|
|||||||||||||||
auth-portal-timeout |
Time in minutes before captive portal user have to re-authenticate. |
integer |
Minimum value: 1 Maximum value: 30 |
3 |
||||||||||||
auth-secure-http |
Enable/disable redirecting HTTP user authentication to more secure HTTPS. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
auth-src-mac |
Enable/disable source MAC for user identity. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
auth-ssl-allow-renegotiation |
Allow/forbid SSL re-negotiation for HTTPS authentication. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
auth-ssl-max-proto-version |
Maximum supported protocol version for SSL/TLS connections. |
option |
- |
|
||||||||||||
|
|
|||||||||||||||
auth-ssl-min-proto-version |
Minimum supported protocol version for SSL/TLS connections. |
option |
- |
default |
||||||||||||
|
|
|||||||||||||||
auth-ssl-sigalgs |
Set signature algorithms related to HTTPS authentication. |
option |
- |
all |
||||||||||||
|
|
|||||||||||||||
auth-timeout |
Time in minutes before the firewall user authentication timeout requires the user to re-authenticate. |
integer |
Minimum value: 1 Maximum value: 1440 |
5 |
||||||||||||
auth-timeout-type |
Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. |
option |
- |
idle-timeout |
||||||||||||
|
|
|||||||||||||||
auth-type |
Supported firewall policy authentication protocols/methods. |
option |
- |
http https ftp telnet |
||||||||||||
|
|
|||||||||||||||
per-policy-disclaimer |
Enable/disable per policy disclaimer. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
radius-ses-timeout-act |
Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. |
option |
- |
hard-timeout |
||||||||||||
|
|
config auth-ports
Parameter |
Description |
Type |
Size |
Default |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||
type |
Service type. |
option |
- |
http |
||||||||||
|
|
|||||||||||||
port |
Non-standard port for firewall user authentication. |
integer |
Minimum value: 1 Maximum value: 65535 |
1024 |