default action { auth [ portal-template template-name ] | exempt-auth | none | anonymous-auth }
| Parameter | Description | Value |
|---|---|---|
auth |
Indicates that portal authentication is implemented on the traffic matching this rule. |
- |
portal-template template-name |
Specifies a portal authentication template. If no template is specified, the default one will be used. |
The value must be the name of an existing portal authentication template. |
exempt-auth |
Indicates that authentication exemption is implemented on the traffic matching this rule. When the FW identifies users using SSO or bidirectional binding between IP/MAC addresses and users, configure authentication exemption. If a user fails to be identified, the FW permits the traffic. |
- |
none |
Indicates that no authentication is implemented on the traffic matching this rule. |
- |
anonymous-auth |
Indicates that the traffic that matches the policy is authenticated anonymously. The user can be authenticated without entering the user name or password. In this case, the FW identifies the user by IP address. In anonymous authentication, the device pushes a page to the user. Currently, page push is not supported for an HTTPS request. NOTE:
When the user-manage redirect url command is used in the anonymous authentication scenario to configure the URL of a pushed page, do not specify the URL port number. Otherwise, the page cannot be pushed. In anonymous authentication, do not import the user to the local host. If the user exists locally, the user fails to go online. Only USG6510E/6510E-POE/6530E, USG6515E/6550E/6560E/6580E, USG6610E/6620E, USG6630E/6650E, USG6680E and USG6712E/6716E support this function. |
- |