General authentication settings

Go to User & Device > Authentication > Settings to configure authentication timeout, protocol support, and authentication certificates.

When user authentication is enabled within a security policy, the authentication challenge is normally issued for any of the four protocols (depending on the connection protocol):

The selections made in the Protocol Support list of the Authentication Settings screen control which protocols support the authentication challenge. Users must connect with a supported protocol first so they can subsequently connect with other protocols. If HTTPS is selected as a method of protocol support, it allows the user to authenticate with a customized Local certificate.

When you enable user authentication within a security policy, the security policy user will be challenged to authenticate. For user ID and password authentication, users must provide their user names and passwords. For certificate authentication (HTTPS or HTTP redirected to HTTPS only), you can install customized certificates on the unit and the users can also have customized certificates installed on their browsers. Otherwise, users will see a warning message and have to accept a default Fortinet certificate.


Authentication Timeout		Enter a length of time in minutes, from 1 to 480. Authentication timeout controls how long an authenticated firewall connection can be idle before the user must authenticate again. The default value is 30
Protocol Support		Select the protocols to challenge during firewall user authentication.
Certificate		If using HTTPS protocol support, select the local certificate to use for authentication. Available only if HTTPS protocol support is selected.
Apply		Select to apply the selections for user authentication settings.


	When you use certificate authentication, if you do not specify any certificate when you create the security policy, the global settings will be used. If you specify a certificate, the per-policy setting will overwrite the global setting.