Location in GUI : Work Centers » Network Access » Policy Sets » XXX » Authentication Policy
Name Type Constraint Mandatory Default Value authentication_rules List [authentication_rules]No
Name Type Constraint Mandatory Default Value name String Regex: ^[\w\d_\-\.]+$ Yes state Choice enabled, disabled, monitorNo enabledcondition Class [condition]No identity_source_name String No if_auth_fail Choice REJECT, CONTINUE, DROPNo REJECTif_user_not_found Choice REJECT, CONTINUE, DROPNo REJECTif_process_fail Choice REJECT, CONTINUE, DROPNo DROP
Name Type Constraint Mandatory Default Value type Choice ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes is_negate Boolean true, falseNo falsedictionary_name String No attribute_name String No operator Choice contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo attribute_value String No name String No children List [children]No
Name Type Constraint Mandatory Default Value type Choice ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes is_negate Boolean true, falseNo dictionary_name String No attribute_name String No operator Choice contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo attribute_value String No name String No children List [children]No
Name Type Constraint Mandatory Default Value type Choice ConditionReference, ConditionAttributesYes is_negate Boolean true, falseNo dictionary_name String No attribute_name String No operator Choice contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo attribute_value String No name String No
Example1: Wired_802.1X authentication rule
This example demonstrates how to configure an authentication rule under the policy_set Global Policy. The authentication rule name is Wired_802.1X. It uses EAP-TLS as the authentication condition and validates against the certificate profile Preloaded_Certificate_Profile.
If authentication passes, the system evaluates authorization rules. If authentication fails, the endpoint is denied access to the network. If the endpoint is not found, the system continues to evaluate the next rule in sequence. If the process fails, the session is dropped. type : ConditionAttributes
dictionary_name : Network Access
attribute_name : EapAuthentication
identity_source_name : Preloaded_Certificate_Profile
if_user_not_found : CONTINUE