Fortinet black logo

CLI Reference

config vpn ocvpn

config vpn ocvpn

Configure Overlay Controller VPN settings.

config vpn ocvpn

Description: Configure Overlay Controller VPN settings.

set status [enable|disable]

set role [spoke|primary-hub|...]

set multipath [enable|disable]

set sdwan [enable|disable]

set wan-interface <name1>, <name2>, ...

set ip-allocation-block {ipv4-classnet-any}

config overlays

Description: Network overlays to register with Overlay Controller VPN service.

edit <overlay-name>

set inter-overlay [allow|deny]

set assign-ip [enable|disable]

set ipv4-start-ip {ipv4-address}

set ipv4-end-ip {ipv4-address}

config subnets

Description: Internal subnets to register with OCVPN service.

edit <id>

set type [subnet|interface]

set subnet {ipv4-classnet-any}

set interface {string}

next

end

next

end

config forticlient-access

Description: Configure FortiClient settings.

set status [enable|disable]

set psksecret {password-3}

config auth-groups

Description: FortiClient user authentication groups.

edit <name>

set auth-group {string}

set overlays <overlay-name1>, <overlay-name2>, ...

next

end

end

set auto-discovery [enable|disable]

set poll-interval {integer}

set eap [enable|disable]

set eap-users {string}

set nat [enable|disable]

end

config vpn ocvpn

Parameter name

Description

Type

Size

status

Enable/disable Overlay Controller cloud assisted VPN.

option

-

Option

Description

enable

Enable Overlay Controller VPN.

disable

Disable Overlay Controller VPN.

role

Set device role.

option

-

Option

Description

spoke

Register device as static spoke.

primary-hub

Register device as primary hub.

secondary-hub

Register device as secondary hub.

multipath

Enable/disable multipath redundancy.

option

-

Option

Description

enable

Enable multipath redundancy.

disable

Disable multipath redundancy.

sdwan

Enable/disable adding OCVPN tunnels to SDWAN.

option

-

Option

Description

enable

Enable adding OCVPN tunnels to SDWAN.

disable

Disable adding OCVPN tunnels to SDWAN.

wan-interface `<name>`

FortiGate WAN interfaces to use with OCVPN.<br>Interface name.

string

Maximum length: 79

ip-allocation-block

Class B subnet reserved for private IP address assignment.

ipv4-classnet-any

Not Specified

auto-discovery

Enable/disable auto-discovery shortcuts.

option

-

Option

Description

enable

Enable ADVPN auto-discovery shortcuts.

disable

Disable ADVPN auto-discovery shortcuts.

poll-interval

Overlay Controller VPN polling interval.

integer

Minimum value: 30 Maximum value: 120

eap

Enable/disable EAP client authentication.

option

-

Option

Description

enable

Enable EAP client authentication.

disable

Disable EAP client authentication.

eap-users

EAP authentication user group.

string

Maximum length: 35

nat

Enable/disable inter-overlay source NAT.

option

-

Option

Description

enable

Enable inter-overlay source NAT.

disable

Disable inter-overlay source NAT.

Parameter name

Description

Type

Size

inter-overlay

Allow or deny traffic from other overlays.

option

-

Option

Description

allow

Allow traffic from other overlays.

deny

Deny traffic from other overlays.

assign-ip

Enable/disable mode-cfg address assignment.

option

-

Option

Description

enable

Enable client IPv4 address assignment.

disable

Disable client IPv4 address assignment.

ipv4-start-ip

Start of IPv4 range.

ipv4-address

Not Specified

ipv4-end-ip

End of IPv4 range.

ipv4-address

Not Specified

config subnets

Parameter name

Description

Type

Size

type

Subnet type.

option

-

Option

Description

subnet

Configure participating subnet IP and mask.

interface

Configure participating LAN interface.

subnet

IPv4 address and subnet mask.

ipv4-classnet-any

Not Specified

interface

LAN interface.

string

Maximum length: 15

Parameter name

Description

Type

Size

status

Enable/disable FortiClient to access OCVPN networks.

option

-

Option

Description

enable

Enable FortiClient access to OCVPN overlays.

disable

Disable FortiClient access to OCVPN overlays.

psksecret

Pre-shared secret for FortiClient PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).

password-3

Not Specified

config auth-groups

Parameter name

Description

Type

Size

auth-group

Authentication user group for FortiClient access.

string

Maximum length: 35

overlays `<overlay-name>`

OCVPN overlays to allow access to.<br>Overlay name.

string

Maximum length: 79

config vpn ocvpn

Configure Overlay Controller VPN settings.

config vpn ocvpn

Description: Configure Overlay Controller VPN settings.

set status [enable|disable]

set role [spoke|primary-hub|...]

set multipath [enable|disable]

set sdwan [enable|disable]

set wan-interface <name1>, <name2>, ...

set ip-allocation-block {ipv4-classnet-any}

config overlays

Description: Network overlays to register with Overlay Controller VPN service.

edit <overlay-name>

set inter-overlay [allow|deny]

set assign-ip [enable|disable]

set ipv4-start-ip {ipv4-address}

set ipv4-end-ip {ipv4-address}

config subnets

Description: Internal subnets to register with OCVPN service.

edit <id>

set type [subnet|interface]

set subnet {ipv4-classnet-any}

set interface {string}

next

end

next

end

config forticlient-access

Description: Configure FortiClient settings.

set status [enable|disable]

set psksecret {password-3}

config auth-groups

Description: FortiClient user authentication groups.

edit <name>

set auth-group {string}

set overlays <overlay-name1>, <overlay-name2>, ...

next

end

end

set auto-discovery [enable|disable]

set poll-interval {integer}

set eap [enable|disable]

set eap-users {string}

set nat [enable|disable]

end

config vpn ocvpn

Parameter name

Description

Type

Size

status

Enable/disable Overlay Controller cloud assisted VPN.

option

-

Option

Description

enable

Enable Overlay Controller VPN.

disable

Disable Overlay Controller VPN.

role

Set device role.

option

-

Option

Description

spoke

Register device as static spoke.

primary-hub

Register device as primary hub.

secondary-hub

Register device as secondary hub.

multipath

Enable/disable multipath redundancy.

option

-

Option

Description

enable

Enable multipath redundancy.

disable

Disable multipath redundancy.

sdwan

Enable/disable adding OCVPN tunnels to SDWAN.

option

-

Option

Description

enable

Enable adding OCVPN tunnels to SDWAN.

disable

Disable adding OCVPN tunnels to SDWAN.

wan-interface `<name>`

FortiGate WAN interfaces to use with OCVPN.<br>Interface name.

string

Maximum length: 79

ip-allocation-block

Class B subnet reserved for private IP address assignment.

ipv4-classnet-any

Not Specified

auto-discovery

Enable/disable auto-discovery shortcuts.

option

-

Option

Description

enable

Enable ADVPN auto-discovery shortcuts.

disable

Disable ADVPN auto-discovery shortcuts.

poll-interval

Overlay Controller VPN polling interval.

integer

Minimum value: 30 Maximum value: 120

eap

Enable/disable EAP client authentication.

option

-

Option

Description

enable

Enable EAP client authentication.

disable

Disable EAP client authentication.

eap-users

EAP authentication user group.

string

Maximum length: 35

nat

Enable/disable inter-overlay source NAT.

option

-

Option

Description

enable

Enable inter-overlay source NAT.

disable

Disable inter-overlay source NAT.

Parameter name

Description

Type

Size

inter-overlay

Allow or deny traffic from other overlays.

option

-

Option

Description

allow

Allow traffic from other overlays.

deny

Deny traffic from other overlays.

assign-ip

Enable/disable mode-cfg address assignment.

option

-

Option

Description

enable

Enable client IPv4 address assignment.

disable

Disable client IPv4 address assignment.

ipv4-start-ip

Start of IPv4 range.

ipv4-address

Not Specified

ipv4-end-ip

End of IPv4 range.

ipv4-address

Not Specified

config subnets

Parameter name

Description

Type

Size

type

Subnet type.

option

-

Option

Description

subnet

Configure participating subnet IP and mask.

interface

Configure participating LAN interface.

subnet

IPv4 address and subnet mask.

ipv4-classnet-any

Not Specified

interface

LAN interface.

string

Maximum length: 15

Parameter name

Description

Type

Size

status

Enable/disable FortiClient to access OCVPN networks.

option

-

Option

Description

enable

Enable FortiClient access to OCVPN overlays.

disable

Disable FortiClient access to OCVPN overlays.

psksecret

Pre-shared secret for FortiClient PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).

password-3

Not Specified

config auth-groups

Parameter name

Description

Type

Size

auth-group

Authentication user group for FortiClient access.

string

Maximum length: 35

overlays `<overlay-name>`

OCVPN overlays to allow access to.<br>Overlay name.

string

Maximum length: 79