Fortinet black logo

CLI Reference

config user peer

config user peer

Configure peer users.

config user peer

Description: Configure peer users.

edit <name>

set mandatory-ca-verify [enable|disable]

set ca {string}

set subject {string}

set cn {string}

set cn-type [string|email|...]

set ldap-server {string}

set ldap-username {string}

set ldap-password {password}

set ldap-mode [password|principal-name]

set ocsp-override-server {string}

set two-factor [enable|disable]

set passwd {password}

next

end

config user peer

Parameter name

Description

Type

Size

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ca

Name of the CA certificate.

string

Maximum length: 127

subject

Peer certificate name constraints.

string

Maximum length: 255

cn

Peer certificate common name.

string

Maximum length: 255

cn-type

Peer certificate common name type.

option

-

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

ldap-server

Name of an LDAP server defined under the user ldap command. Performs client access rights check.

string

Maximum length: 35

ldap-username

Username for LDAP server bind.

string

Maximum length: 35

ldap-password

Password for LDAP server bind.

password

Not Specified

ldap-mode

Mode for LDAP peer authentication.

option

-

Option

Description

password

Username/password.

principal-name

Principal name.

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Maximum length: 35

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.

passwd

Peer's password used for two-factor authentication.

password

Not Specified

config user peer

Configure peer users.

config user peer

Description: Configure peer users.

edit <name>

set mandatory-ca-verify [enable|disable]

set ca {string}

set subject {string}

set cn {string}

set cn-type [string|email|...]

set ldap-server {string}

set ldap-username {string}

set ldap-password {password}

set ldap-mode [password|principal-name]

set ocsp-override-server {string}

set two-factor [enable|disable]

set passwd {password}

next

end

config user peer

Parameter name

Description

Type

Size

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ca

Name of the CA certificate.

string

Maximum length: 127

subject

Peer certificate name constraints.

string

Maximum length: 255

cn

Peer certificate common name.

string

Maximum length: 255

cn-type

Peer certificate common name type.

option

-

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

ldap-server

Name of an LDAP server defined under the user ldap command. Performs client access rights check.

string

Maximum length: 35

ldap-username

Username for LDAP server bind.

string

Maximum length: 35

ldap-password

Password for LDAP server bind.

password

Not Specified

ldap-mode

Mode for LDAP peer authentication.

option

-

Option

Description

password

Username/password.

principal-name

Principal name.

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Maximum length: 35

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.

passwd

Peer's password used for two-factor authentication.

password

Not Specified