Fortinet white logo
Fortinet white logo

Administration Guide

Create a new authentication rule

Create a new authentication rule

The authentication rule defines the sources and destination that require authentication and what authentication scheme is applied.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To configure an authentication rule:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package in which you will be creating the new policy, select Authentication Rules.
  4. Click Create New.
  5. Enter the following information:

    Option

    Description

    Name

    Enter a unique name for the policy. Each policy must have a unique name.

    Source Address

    Select source addresses, address groups, virtual IPs, and virtual IP groups.

    Protocol

    Select the protocol this rule applies to.

    Authentication Scheme

    Select or create a new authentication scheme.

    For more information on authentication schemes, see the FortiOS Administration Guide.

    IP-based Authentication

    Enable or disable IP-based authentication.

    SSO Authentication Scheme

    Select or create a new authentication scheme for single sign-on.

    Comments

    Add a description of the policy, such as its purpose, or the changes that have been made to it.

    Advanced Options

    Configure advanced options, see Advanced options below.

    For more information on advanced option, see the FortiOS CLI Reference.

    Change Note

    Add a description of the changes being made to the policy. This field is required.

  6. Click OK to create the policy.

    You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.

Advanced options

Option

Description

Default

dstaddr

Select an IPv4 destination address. Required for web proxy authentication.

none

dstaddr6

Select an IPv6 destination address. Required for web proxy authentication.

none

srcintf

Select the incoming (ingress) interface.

none

transaction-based

Enable or disable transaction-based authentication.

disable

transaction-based

Enable or disable web authentication cookies.

disable

web-portal

Enable or disable the web portal for proxy transparent policy

disable

Create a new authentication rule

Create a new authentication rule

The authentication rule defines the sources and destination that require authentication and what authentication scheme is applied.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To configure an authentication rule:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package in which you will be creating the new policy, select Authentication Rules.
  4. Click Create New.
  5. Enter the following information:

    Option

    Description

    Name

    Enter a unique name for the policy. Each policy must have a unique name.

    Source Address

    Select source addresses, address groups, virtual IPs, and virtual IP groups.

    Protocol

    Select the protocol this rule applies to.

    Authentication Scheme

    Select or create a new authentication scheme.

    For more information on authentication schemes, see the FortiOS Administration Guide.

    IP-based Authentication

    Enable or disable IP-based authentication.

    SSO Authentication Scheme

    Select or create a new authentication scheme for single sign-on.

    Comments

    Add a description of the policy, such as its purpose, or the changes that have been made to it.

    Advanced Options

    Configure advanced options, see Advanced options below.

    For more information on advanced option, see the FortiOS CLI Reference.

    Change Note

    Add a description of the changes being made to the policy. This field is required.

  6. Click OK to create the policy.

    You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.

Advanced options

Option

Description

Default

dstaddr

Select an IPv4 destination address. Required for web proxy authentication.

none

dstaddr6

Select an IPv6 destination address. Required for web proxy authentication.

none

srcintf

Select the incoming (ingress) interface.

none

transaction-based

Enable or disable transaction-based authentication.

disable

transaction-based

Enable or disable web authentication cookies.

disable

web-portal

Enable or disable the web portal for proxy transparent policy

disable