Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.2.7
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user peer

    config user peer

    Configure peer users.

    config user peer

    Description: Configure peer users.

    edit <name>

    set mandatory-ca-verify [enable|disable]

    set ca {string}

    set subject {string}

    set cn {string}

    set cn-type [string|email|...]

    set ldap-server {string}

    set ldap-username {string}

    set ldap-password {password}

    set ldap-mode [password|principal-name]

    set ocsp-override-server {string}

    set two-factor [enable|disable]

    set passwd {password}

    next

    end

    config user peer

    Parameter name

    Description

    Type

    Size

    mandatory-ca-verify

    Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

    option

    -

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ca

    Name of the CA certificate.

    string

    Maximum length: 127

    subject

    Peer certificate name constraints.

    string

    Maximum length: 255

    cn

    Peer certificate common name.

    string

    Maximum length: 255

    cn-type

    Peer certificate common name type.

    option

    -

    Option

    Description

    string

    Normal string.

    email

    Email address.

    FQDN

    Fully Qualified Domain Name.

    ipv4

    IPv4 address.

    ipv6

    IPv6 address.

    ldap-server

    Name of an LDAP server defined under the user ldap command. Performs client access rights check.

    string

    Maximum length: 35

    ldap-username

    Username for LDAP server bind.

    string

    Maximum length: 35

    ldap-password

    Password for LDAP server bind.

    password

    Not Specified

    ldap-mode

    Mode for LDAP peer authentication.

    option

    -

    Option

    Description

    password

    Username/password.

    principal-name

    Principal name.

    ocsp-override-server

    Online Certificate Status Protocol (OCSP) server for certificate retrieval.

    string

    Maximum length: 35

    two-factor

    Enable/disable two-factor authentication, applying certificate and password-based authentication.

    option

    -

    Option

    Description

    enable

    Enable 2-factor authentication.

    disable

    Disable 2-factor authentication.

    passwd

    Peer's password used for two-factor authentication.

    password

    Not Specified
    Previous
    Next

    config user peer

    config user peer

    Configure peer users.

    config user peer

    Description: Configure peer users.

    edit <name>

    set mandatory-ca-verify [enable|disable]

    set ca {string}

    set subject {string}

    set cn {string}

    set cn-type [string|email|...]

    set ldap-server {string}

    set ldap-username {string}

    set ldap-password {password}

    set ldap-mode [password|principal-name]

    set ocsp-override-server {string}

    set two-factor [enable|disable]

    set passwd {password}

    next

    end

    config user peer

    Parameter name

    Description

    Type

    Size

    mandatory-ca-verify

    Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

    option

    -

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ca

    Name of the CA certificate.

    string

    Maximum length: 127

    subject

    Peer certificate name constraints.

    string

    Maximum length: 255

    cn

    Peer certificate common name.

    string

    Maximum length: 255

    cn-type

    Peer certificate common name type.

    option

    -

    Option

    Description

    string

    Normal string.

    email

    Email address.

    FQDN

    Fully Qualified Domain Name.

    ipv4

    IPv4 address.

    ipv6

    IPv6 address.

    ldap-server

    Name of an LDAP server defined under the user ldap command. Performs client access rights check.

    string

    Maximum length: 35

    ldap-username

    Username for LDAP server bind.

    string

    Maximum length: 35

    ldap-password

    Password for LDAP server bind.

    password

    Not Specified

    ldap-mode

    Mode for LDAP peer authentication.

    option

    -

    Option

    Description

    password

    Username/password.

    principal-name

    Principal name.

    ocsp-override-server

    Online Certificate Status Protocol (OCSP) server for certificate retrieval.

    string

    Maximum length: 35

    two-factor

    Enable/disable two-factor authentication, applying certificate and password-based authentication.

    option

    -

    Option

    Description

    enable

    Enable 2-factor authentication.

    disable

    Disable 2-factor authentication.

    passwd

    Peer's password used for two-factor authentication.

    password

    Not Specified
    Previous
    Next