Properties

Index

The index of the object, starting at 1. (Identifier)

Name

Specifies a symbolic name for the rule.

Agent

ARPCache, HTTP, HTTPS, XAuth, PPP or EAP. (Default: HTTP)

ChallengeExpire

How long, in seconds, before RADIUS challenge expires. (Default: 160)

AuthSource

Disallow, LDAP, RADIUS or Local.

Interface

The interface on which the connection was received. For agent type EAP or XAuth, this should be the IPsec tunnel interface the user connects through.

OriginatorIP

The network object that the incoming IP address must be a part of.

TerminatorIP

Specifies the destination IP configured on the PPTP/L2TP server configuration. Only used when agent is PPP or SSL. With SSL, this is the IP address of the listening interface.

OIDCProvider

Specifies the OIDC Providers that will be used to authenticate users matching this rule.

RadiusServers

Specifies the authentication servers that will be used to authenticate users matching this rule.

PrimaryRetryInterval

How many seconds to wait before trying to use the primary server again if it has failed (0=disable). (Default: 0)

ResendingSTART

If the RADIUS servers fail to respond system will retry to send a START message every Interim seconds. (Default: No)

LDAPServers

Specifies the authentication servers that will be used to authenticate users matching this rule.

RadiusMethod

Specifies the authentication method used for encrypting the user password. (Default: PAP)

LocalUserDB

Specifies the local user database that will be used to authenticate users matching this rule.

LoginType

HTML form or Basic authentication. (Default: HTMLForm)

MACAuthSecret

Password used to authenticate MAC user, if empty the MAC address will be sent as password. (Optional)

MACAllowRouter

Allow Router Authentication. (Default: No)

MACSendUpperCase

Send Upper Case. (Default: No)

HTTPBanners

HTTP Authentication HTML Banners. (Default: Default)

RealmString

The string that is presented as a part of the 401 - Authentication Required message. (Optional)

HostCertificate

Specifies the host certificate that the firewall sends to the client.

RootCertificate

Specifies the root certificate that was used to sign the host certificate. (Optional)

PPPAuthNoAuth

Allow No Authentication. (Default: No)

PPPAuthPAP

Use PAP Authentication Protocol. User Name and Password are Sent in Plaintext. (Default: Yes)

PPPAuthCHAP

Use CHAP Authentication Protocol. (Default: Yes)

PPPAuthMSCHAP

Use MS-CHAP Authentication Protocol. (Default: Yes)

PPPAuthMSCHAPv2

Use MS-CHAP v2 authentication protocol. (Default: Yes)

IdleTimeout

A successfully authenticated user will be logged out automatically after this many seconds, if no traffic has been received from the user's IP address. (Default: 1800)

SessionTimeout

A successfully authenticated user will be logged out automatically after this many seconds, even if traffic has been received from the user's IP address. (Optional)

UseServerTimeouts

Use timeouts received from the authentication server. If no values are received, the manually specified values will be used. (Default: No)

MultipleUsernameLogins

Specifies how multiple username logins will be handled. (Default: AllowMultiple)

ReplaceIdleTime

Replace existing user if idle for more than this number of seconds. (Default: 10)

AccountingServers

Specifies the accounting servers that will be used to report user usage matching this rule. (Optional)

PrimaryRetryIntervalAcc

How many seconds to wait before trying to use the primary server again if it has failed (0=disable). (Default: 0)

BytesSent

Bytes Sent. (Default: Yes)

PacketsSent

Packets Sent. (Default: Yes)

BytesReceived

Bytes Received. (Default: Yes)

PacketsReceived

Packet Received. (Default: Yes)

SessionTime

Session Time. (Default: Yes)

SupportInterimAccounting

Enable Interim Accounting Messages to update the accounting server with the current status of an authenticated user. (Default: No)

ServerInterimControl

Let the RADIUS server determine the interval that interim accounting events should be sent. (Default: Yes)

InterimValue

The interval in seconds in which interim accounting events should be sent. (Default: 600)

Attribute

Special Attribute of the current object. (Optional)

LogEnabled

Enable logging. (Default: Yes)

LogSeverity

Specifies with what severity log events will be sent to the specified log receivers. (Default: Default)

Comments

Text describing the current object. (Optional)