Technical Tip : Triggering NTLM authentication on HTTP and HTTPS non standard ports

lmateus · ‎05-07-2010

Description
In some specific configuration, HTTP and HTTPS ports are not the standard ones (80 and 443).

Following is an example with a Fortigate in Transparent before a web proxy :

< LAN >-----[ FGT-inTP ]------[ Web-Proxy - HTTP 8080 / HTTPs 8181 ]-----< Internet >

If the Fortigate is configured to use NTLM authentication, it must be configured to trigger this authentication on the ports used by the web proxy.

Scope
FortiOS 4.0 and above.

Solution
In the "user setting" configuration, two "auth-ports" entries have to be created. One with the web proxy HTTP port, the second one with the web proxy HTTPS port.

Example (CLI only) :

config user setting config auth-ports edit 1 set port 8080 next edit 2 set port 8181 next end end

Important : both entries here above are set with "type http", which is not displayed because being the default values. This can be verified when typing "get" :

FGT # config user setting
FGT (setting) # config auth-ports
FGT (auth-ports) # edit 1
FGT (1) # get

id                  : 1
port                : 8080
type                : http

Related Articles

Feature description - v4.0 Authentication of non standard ports

Technical Tip : Triggering NTLM authentication on HTTP and HTTPS non standard ports

You are leaving our website