Create a new authentication rule
The authentication rule defines the sources and destination that require authentication and what authentication scheme is applied.
You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature. |
To configure an authentication rule:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to Policy & Objects > Policy Packages.
- In the tree menu for the policy package in which you will be creating the new policy, select Authentication Rules.
- Click Create New.
- Enter the following information:
Option
Description
Name
Enter a unique name for the policy. Each policy must have a unique name.
Source Address
Select source addresses, address groups, virtual IPs, and virtual IP groups.
Protocol
Select the protocol this rule applies to.
Authentication Scheme
Select or create a new authentication scheme.
For more information on authentication schemes, see the FortiOS Administration Guide.
IP-based Authentication
Enable or disable IP-based authentication.
SSO Authentication Scheme
Select or create a new authentication scheme for single sign-on.
Comments
Add a description of the policy, such as its purpose, or the changes that have been made to it.
Advanced Options
Configure advanced options, see Advanced options below.
For more information on advanced option, see the FortiOS CLI Reference.
Change Note
Add a description of the changes being made to the policy. This field is required.
-
Click OK to create the policy.
You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
Advanced options
Option |
Description |
Default |
---|---|---|
dstaddr |
Select an IPv4 destination address. Required for web proxy authentication. |
none |
dstaddr6 |
Select an IPv6 destination address. Required for web proxy authentication. |
none |
srcintf |
Select the incoming (ingress) interface. |
none |
transaction-based |
Enable or disable transaction-based authentication. |
disable |
transaction-based |
Enable or disable web authentication cookies. |
disable |
web-portal |
Enable or disable the web portal for proxy transparent policy |
disable |