Fortinet black logo

CLI Reference

user peer

Configure peer users.

  config user peer
      Description: Configure peer users.
      edit <name>
          set mandatory-ca-verify [enable|disable]
          set ca {string}
          set subject {string}
          set cn {string}
          set cn-type [string|email|...]
          set ldap-server {string}
          set ldap-username {string}
          set ldap-password {password}
          set ldap-mode [password|principal-name]
          set ocsp-override-server {string}
          set two-factor [enable|disable]
          set passwd {password}
      next
  end

config user peer

Parameter Name Description Type Size
mandatory-ca-verify Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.
enable: Enable setting.
disable: Disable setting.
option -
ca Name of the CA certificate. string Maximum length: 127
subject Peer certificate name constraints. string Maximum length: 255
cn Peer certificate common name. string Maximum length: 255
cn-type Peer certificate common name type.
string: Normal string.
email: Email address.
FQDN: Fully Qualified Domain Name.
ipv4: IPv4 address.
ipv6: IPv6 address.
option -
ldap-server Name of an LDAP server defined under the user ldap command. Performs client access rights check. string Maximum length: 35
ldap-username Username for LDAP server bind. string Maximum length: 35
ldap-password Password for LDAP server bind. password Not Specified
ldap-mode Mode for LDAP peer authentication.
password: Username/password.
principal-name: Principal name.
option -
ocsp-override-server Online Certificate Status Protocol (OCSP) server for certificate retrieval. string Maximum length: 35
two-factor Enable/disable two-factor authentication, applying certificate and password-based authentication.
enable: Enable 2-factor authentication.
disable: Disable 2-factor authentication.
option -
passwd Peer's password used for two-factor authentication. password Not Specified

Configure peer users.

  config user peer
      Description: Configure peer users.
      edit <name>
          set mandatory-ca-verify [enable|disable]
          set ca {string}
          set subject {string}
          set cn {string}
          set cn-type [string|email|...]
          set ldap-server {string}
          set ldap-username {string}
          set ldap-password {password}
          set ldap-mode [password|principal-name]
          set ocsp-override-server {string}
          set two-factor [enable|disable]
          set passwd {password}
      next
  end

config user peer

Parameter Name Description Type Size
mandatory-ca-verify Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.
enable: Enable setting.
disable: Disable setting.
option -
ca Name of the CA certificate. string Maximum length: 127
subject Peer certificate name constraints. string Maximum length: 255
cn Peer certificate common name. string Maximum length: 255
cn-type Peer certificate common name type.
string: Normal string.
email: Email address.
FQDN: Fully Qualified Domain Name.
ipv4: IPv4 address.
ipv6: IPv6 address.
option -
ldap-server Name of an LDAP server defined under the user ldap command. Performs client access rights check. string Maximum length: 35
ldap-username Username for LDAP server bind. string Maximum length: 35
ldap-password Password for LDAP server bind. password Not Specified
ldap-mode Mode for LDAP peer authentication.
password: Username/password.
principal-name: Principal name.
option -
ocsp-override-server Online Certificate Status Protocol (OCSP) server for certificate retrieval. string Maximum length: 35
two-factor Enable/disable two-factor authentication, applying certificate and password-based authentication.
enable: Enable 2-factor authentication.
disable: Disable 2-factor authentication.
option -
passwd Peer's password used for two-factor authentication. password Not Specified