- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Feature description - v4.0 Authentication of non s...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Not applicable
Created on 02-27-2009 02:24 PM
Article Id
195927
Description
Scope
Solution
By default, when a communication session is accepted by an identify based firewall policy the user must authenticate. Firewall policies using either FTP, HTTP, HTTPS, or Telnet protocol. Authentication takes place by user entering a user name and password before being able to communicate through the FortiGate. By default users can only authenticate with a communication session that uses standard FTP, HTTP, HTTPS, or Telnet TCP ports. Ports 21, 80, 443, and 23 respectively.
Scope
Solution
This feature was not available in 3.0. Administrators will be allowed to set up authentication for ports other than these standards.
Using the CLI:
config user setting
config auth-ports
edit <auth_port_table_id_int>
set port <port_integer>
set type { ftp | http | https | telnet }
end
where
<auth_port_table_id_int> is any integer. You can add multiple non standard port tables.
<port_integer> is the non standard TCP authentication port number.
For example, if some users on your network browse using HTTP on ports 8080 and 8008 and use telnet on port 4523 you could use the following commands to add HTTP authentication on ports 8080 and 8008 and telnet authentication on port 4523:
config user settingconfig auth-portsedit 1set port 8080set type httpnextendedit 2set port 8008set type httpnextendedit 3set port 4523set type telnetendend
If your FortiGate unit is operating with virtual domains enabled, each VDOM has a different non standard authentication port configuration.
You can use the commands that follow if your firewall users need to authenticate with the FortiGate unit and if they use a nonstandard port for FTP, HTTP, HTTPS, or Telnet sessions.
For each protocol, adding non standard authentication ports does not change the standard authentication port. Instead you use this command to add additional non standard authentication ports. The standard authentication port is still valid and cannot be changed.
Related Articles
Technical Tip : Triggering NTLM authentication on HTTP and HTTPS non standard ports
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.