Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiProxy 2.0.12 CLI Reference
    2.0.12
    7.6.6
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    2.0.13
    2.0.12
    2.0.0
    1.2.4

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set status [enable|disable]
        set protocol [http|ftp|...]
        set web-proxy {string}
        config srcintf
            Description: Incoming (ingress) interface.
            edit <name>
            next
        end
        config srcaddr
            Description: Select an IPv4 source address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config dstaddr
            Description: Select an IPv4 destination address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config srcaddr6
            Description: Select an IPv6 source address. Required for web proxy authentication.
            edit <name>
            next
        end
        set ip-based [enable|disable]
        set active-auth-method {string}
        set sso-auth-method {string}
        set web-auth-cookie [enable|disable]
        set transaction-based [enable|disable]
        set web-portal [enable|disable]
        set comments {var-string}
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    status

    Enable/disable this authentication rule.

    option

    -

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    protocol

    Select the protocol to use for authentication . Users connect to the FortiProxy using this protocol and are asked to authenticate.

    option

    -

    Option

    Description

    http

    Use HTTP for authentication.

    ftp

    Use FTP for authentication.

    socks

    Use SOCKS for authentication.

    ssh

    Use SSH for authentication.

    web-proxy

    Web-Proxy profile.

    string

    Maximum length: 35

    ip-based

    Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

    option

    -

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    web-auth-cookie

    Enable/disable Web authentication cookies .

    option

    -

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    transaction-based

    Enable/disable transaction based authentication .

    option

    -

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-portal

    Enable/disable web portal for proxy transparent policy .

    option

    -

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.

    comments

    Comment.

    var-string

    Maximum length: 1023
    Previous
    Next

    config authentication rule

    config authentication rule

    Configure Authentication Rules.

    config authentication rule
    Description: Configure Authentication Rules.
    edit <name>
        set status [enable|disable]
        set protocol [http|ftp|...]
        set web-proxy {string}
        config srcintf
            Description: Incoming (ingress) interface.
            edit <name>
            next
        end
        config srcaddr
            Description: Select an IPv4 source address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config dstaddr
            Description: Select an IPv4 destination address from available options. Required for web proxy authentication.
            edit <name>
            next
        end
        config srcaddr6
            Description: Select an IPv6 source address. Required for web proxy authentication.
            edit <name>
            next
        end
        set ip-based [enable|disable]
        set active-auth-method {string}
        set sso-auth-method {string}
        set web-auth-cookie [enable|disable]
        set transaction-based [enable|disable]
        set web-portal [enable|disable]
        set comments {var-string}
    next
end

    config authentication rule

    Parameter

    Description

    Type

    Size

    status

    Enable/disable this authentication rule.

    option

    -

    Option

    Description

    enable

    Enable this authentication rule.

    disable

    Disable this authentication rule.

    protocol

    Select the protocol to use for authentication . Users connect to the FortiProxy using this protocol and are asked to authenticate.

    option

    -

    Option

    Description

    http

    Use HTTP for authentication.

    ftp

    Use FTP for authentication.

    socks

    Use SOCKS for authentication.

    ssh

    Use SSH for authentication.

    web-proxy

    Web-Proxy profile.

    string

    Maximum length: 35

    ip-based

    Enable/disable IP-based authentication. Once a user authenticates all traffic from the IP address the user authenticated from is allowed.

    option

    -

    Option

    Description

    enable

    Enable IP-based authentication.

    disable

    Disable IP-based authentication.

    active-auth-method

    Select an active authentication method.

    string

    Maximum length: 35

    sso-auth-method

    Select a single-sign on (SSO) authentication method.

    string

    Maximum length: 35

    web-auth-cookie

    Enable/disable Web authentication cookies .

    option

    -

    Option

    Description

    enable

    Enable Web authentication cookie.

    disable

    Disable Web authentication cookie.

    transaction-based

    Enable/disable transaction based authentication .

    option

    -

    Option

    Description

    enable

    Enable transaction based authentication.

    disable

    Disable transaction based authentication.

    web-portal

    Enable/disable web portal for proxy transparent policy .

    option

    -

    Option

    Description

    enable

    Enable web-portal.

    disable

    Disable web-portal.

    comments

    Comment.

    var-string

    Maximum length: 1023
    Previous
    Next