Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 240 FortiWeb 5.0 Patch 6 Administration Guide

9. Click OK.

10.Repeat the previous steps for each user that you want to add to the authentication rules.

11.Group the authentication rule in an authentication policy. For details, see “Grouping

authorization rules” on page 240.

Grouping authorization rules

Often, you may want to specify multiple authorization realms to apply to a single server policy.

Before you can use authorization rules in a protection profile, you must group them together.

(These sets are called “authentication policies” in the web UI).

Authentication policies also contain settings

such as connection and cache timeouts that will be

applied to all requests authenticated using this authentication policy.

User Realm Type

the realm, such as Restricted Area, to which the Auth Path

belongs.

The realm is often used by browsers:

• It may appear in the browser’s prompt for the user’s credentials.

Especially if a user has multiple logins, and only one login is valid for that

specific realm, displaying the realm helps to indicate which user name

and password should be supplied.

• After authenticating once, the browser may cache the authentication

credentials for the duration of the browser session. If the user requests

another URL from the same realm, the browser often will automatically

re-supply the cached user name and password, rather than asking the

user to enter them again for each request.

The realm may be the same for multiple authentication rules, if all of those

URLs permit the same user group to authenticate.

For example, the user group All_Employees could have access to the

Auth Path URLs /wiki/Main and /wiki/ToDo. These URLs both belong

to the realm named Intranet Wiki. Because they use the same realm

name, users authenticating to reach /wiki/Main usually will not have to

authenticate again to reach /wiki/ToDo, as long as both requests are

within the same browser session.

This field does not appear if Auth Type is NTLM, which does not support

HTTP-style realms.

Auth Path Type the literal URL, such as /employees/holidays.html, that a request

must match in order to invoke HTTP authentication.

Setting

name

Description

Alternatively or in addition to HTTP authentication, with SSL connections, you can require that

clients present a valid personal certificate. For details, see

“Certificate Verification” on

page 493.

previous next