Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
majid23
Staff
Staff

Created on ‎10-19-2025 07:22 AM

Article Id 415518

Technical Tip: In FortiOS 7.6.4 and later, administrator web authentication is handled by the http_authd process

Description This article describes the new http_authd daemon in FortiOS 7.6.4, which enhances administrator authentication and session handling for connections to the FortiGate GUI.
Scope FortiOS 7.6.4 and later.
Solution

In earlier FortiOS versions, the GUI operated using two main web service components, node and httpsd.

 

In FortiOS v7.6.4, a new internal daemon named http_authd is introduced. This daemon centralizes administrative web authentication and authorization functions needed by the web service processes.

 

After upgrading to FortiOS 7.6.4, administrators may observe a new process called http_authd in system process lists ('diagnose sys top' | 'fnsysctl ps').

 

When troubleshooting administrator web login in v7.6.4 and later, use the debug commands below to view authentication-related debug logs:

 

diagnose debug reset

diagnose debug console timestamp enable

diagnose debug application http_authd -1

diagnose debug enable

 

To stop the debugging:

 

diagnose debug disable

diagnose debug reset

 

Example debug output for an administrator GUI login 2FA using email-based OTP:

 

authd 2121 - 1758910774     info] http_authd_handler_main_loop[702] -- Received "login" request (seq: 11746) from 10.177.250.10 (152 bytes)

http_authd 2121 - 1758910774     info] http_authd_request_handler[520] -- ===============================================

[http_authd 2121 - 1758910774     info] http_authd_login_attempt[942] -- entering vdom for login_attempt (vdom='root')

[http_authd 2121 - 1758910774     info] http_authd_login_attempt[1022] -- login_attempt (method=6, vdom='root', name='Testuser',admin_name='Testuser', auth_svr=''), result code: 2

[http_authd 2121 - 1758910774     info] http_authd_login_tfa[1277] -- TFA: Token type: 2, Token info: abxxx@xxxxxxxx.com.

[http_authd 2121 - 1758910774     info] http_authd_login_request_token[1238] -- Sending TFA token via e-mail/SMS.

[http_authd 2121 - 1758910774     info] http_authd_login_send_token_code[1149] -- sending 2FA token email to 'abcXXXXXXXXXXXXXXX'

[http_authd 2121 - 1758910774     info] http_authd_login_set_admin_session[402] -- VDOM updated to 'root'

[http_authd 2121 - 1758910774     info] http_authd_login_create_admin_session[294] -- Setting login context from GUI(10.177.250.10)

[http_authd 2121 - 1758910774     info] http_authd_request_handler[539] -- Successfully handled "login" request.

[http_authd 2121 - 1758910774 info] http_authd_request_handler[577] -- -----------------------------------------------

 

The http_authd session list can be viewed with the new command 'diagnose http_authd session list'. See FortiOS v7.6 New Features Guide | Enhance administrative authentication and session monitoring.
142
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.