Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mturic
Staff
Staff

Created on ‎07-18-2019 06:59 AM

Article Id 192075

Technical Tip: Use of web-auth-cookie feature to reduce authentication requests

Description
This article explains how to configure a web-auth-cookie feature to reduce authentication requests.

Solution
With FSSO / NTLM, more authentication requests are generated from the FortiGate unit.

In a large environment, where a lot of authentication requests might be generated, it is a good practice to enable the parameter 'web-auth-cookie' in your authentication rule.
# config authentication rule
    edit NTLM_rule
        set srcaddr "all"
        set ip-based disable  --> to use only session based authentication, default=enabled
        set active-auth-method "auth-scheme"
        set web-auth-cookie enable  --> available without ip-based authentication, default = disabled   
    next
end
This helps to reduce the number of authentication requests to the authentication server when session-based authentication is applied using the explicit web proxy.

The 'web-auth-cookie' setting is only available when session based authentication is enabled, by setting 'ip-based' authentication as 'disabled'.

When the 'web-auth-cookie' setting is enabled only one request per session is authenticated and it will reduce authentication requests for such existing sessions, making NTLM authentication more scalable.

6875
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.