Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Specify a user-agent value to be used to verify that the user’s browser traffic is HTTP/HTTPS traffic. Firewall authentication checks the value against the User-Agent field in the browser header. For example, the auth-user-agent parameter might specify Opera1 to be verified against the brower’s User-Agent field for a match.

You can use the auth-user-agent parameter alone for pass-through or user-firewall authentication or in conjunction with auth-only-browser.

The auth-only-browser directs firewall authentication to ignore non-browser HTTP/HTTPS traffic to ensure that unauthenticated users using an HTTP/HTTPS browser are authenticated by captive portal before they are granted access to protected resources. It can happen that non-browser HTTP/HTTPS services running in the background can trigger captive portal authentication creating a race condition that suppresses presentation of the captive portal interface to the HTTP/HTTPS browser user.



A string to be matched against values specified in the browser’s User-Agent header field that identifies the traffic as HTTP/HTTPS browser traffic. You can specify only one user-agent value for a security policy configuration. The value must not contain spaces. You do not need to enclose the string in parenthesis. The length of a string must be 17 characters or less.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.