Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add an authentication policy

  1. Go to Web server > Authentication policies and click Add.
  2. Enter a name.
  3. Choose an authentication mode for endpoint devices.

    Option Description
    Basic Users authenticate with HTTP basic authentication, that is, by typing their username and password. No session cookies will be generated and a dedicated sign-out isn't possible.

    Tip
    As the credentials are sent unencrypted, use this mode with HTTPS.
    Form Users type their credentials in a form. Session cookies will be generated and a dedicated sign-out is possible.
  4. Specify additional authentication settings for endpoint devices.

    Option Description
    Basic prompt For basic authentication, the string that provides instructions to users, for example, “Please enter your credentials”.
    Authentication template For form-based authentication, the form that will be presented to users.
    Users and groups Users or user groups that should be assigned to this profile.
  5. Specify an authentication forwarding mode. The mode must match the web server’s authentication settings.

    Option Description
    Basic Authentication works with HTTP basic authentication, providing username and password.
    None No authentication between the firewall and the web servers.

    Note
    Even if your web servers don't support authentication, users will be authenticated through the frontend mode.
  6. Specify additional authentication forwarding settings.

    Option Description
    Username affix For basic authentication, type of affix to be added automatically to the username. Affixes are useful when working with domains and email addresses.

    Note
    Prefix and suffix will be added if users enter a username only.
    Remove basic header For no authentication, do not send the basic header from the firewall to the web server.
  7. For form-based authentication, specify user session settings.

    Option Description
    Session timeout If no activity is detected within the specified interval, force the user to log on again.
    Session lifetime Limit the time users may remain logged on to the specified interval, regardless of the activity.
  8. Click Save.

More resources