Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config user group

Configure user groups.

config user group

Description: Configure user groups.

edit <name>

set id {integer}

set group-type [firewall|fsso-service|...]

set authtimeout {integer}

set auth-concurrent-override [enable|disable]

set auth-concurrent-value {integer}

set http-digest-realm {string}

set sso-attribute-value {string}

set member <name1>, <name2>, ...

config match

Description: Group matches.

edit <id>

set server-name {string}

set group-name {string}

next

end

set user-id [email|auto-generate|...]

set password [auto-generate|specify|...]

set user-name [disable|enable]

set sponsor [optional|mandatory|...]

set company [optional|mandatory|...]

set email [disable|enable]

set mobile-phone [disable|enable]

set sms-server [fortiguard|custom]

set sms-custom-server {string}

set expire-type [immediately|first-successful-login]

set expire {integer}

set max-accounts {integer}

set multiple-guest-add [disable|enable]

config guest

Description: Guest User.

edit <id>

set user-id {string}

set name {string}

set password {password}

set mobile-phone {string}

set sponsor {string}

set company {string}

set email {string}

set expiration {user}

set comment {var-string}

next

end

next

end

config user group

Parameter

Description

Type

Size

Default

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

 

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

0

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

 

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user .

integer

Minimum value: 0 Maximum value: 100

0

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Maximum length: 35

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Maximum length: 511

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

-

email

 

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

password

Guest user password type.

option

-

auto-generate

 

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

user-name

Enable/disable the guest user name entry.

option

-

disable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

 

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

company

Set the action for the company guest user field.

option

-

optional

 

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

 

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sms-custom-server

SMS server.

string

Maximum length: 35

expire-type

Determine when the expiration countdown begins.

option

-

immediately

 

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

expire

Time in seconds before guest user accounts expire.

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 500 **

0

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

** Values may differ between models.

config match

Parameter

Description

Type

Size

Default

server-name

Name of remote auth server.

string

Maximum length: 35

group-name

Name of matching user or group on remote authentication server.

string

Maximum length: 511

config guest

Parameter

Description

Type

Size

Default

user-id

Guest ID.

string

Maximum length: 64

name

Guest name.

string

Maximum length: 64

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Maximum length: 35

sponsor

Set the action for the sponsor guest user field.

string

Maximum length: 35

company

Set the action for the company guest user field.

string

Maximum length: 35

email

Email.

string

Maximum length: 64

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Maximum length: 255

config user group

Configure user groups.

config user group

Description: Configure user groups.

edit <name>

set id {integer}

set group-type [firewall|fsso-service|...]

set authtimeout {integer}

set auth-concurrent-override [enable|disable]

set auth-concurrent-value {integer}

set http-digest-realm {string}

set sso-attribute-value {string}

set member <name1>, <name2>, ...

config match

Description: Group matches.

edit <id>

set server-name {string}

set group-name {string}

next

end

set user-id [email|auto-generate|...]

set password [auto-generate|specify|...]

set user-name [disable|enable]

set sponsor [optional|mandatory|...]

set company [optional|mandatory|...]

set email [disable|enable]

set mobile-phone [disable|enable]

set sms-server [fortiguard|custom]

set sms-custom-server {string}

set expire-type [immediately|first-successful-login]

set expire {integer}

set max-accounts {integer}

set multiple-guest-add [disable|enable]

config guest

Description: Guest User.

edit <id>

set user-id {string}

set name {string}

set password {password}

set mobile-phone {string}

set sponsor {string}

set company {string}

set email {string}

set expiration {user}

set comment {var-string}

next

end

next

end

config user group

Parameter

Description

Type

Size

Default

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

 

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

0

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

 

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user .

integer

Minimum value: 0 Maximum value: 100

0

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Maximum length: 35

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Maximum length: 511

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

-

email

 

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

password

Guest user password type.

option

-

auto-generate

 

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

user-name

Enable/disable the guest user name entry.

option

-

disable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

 

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

company

Set the action for the company guest user field.

option

-

optional

 

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

 

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sms-custom-server

SMS server.

string

Maximum length: 35

expire-type

Determine when the expiration countdown begins.

option

-

immediately

 

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

expire

Time in seconds before guest user accounts expire.

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 500 **

0

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

 

Option

Description

disable

Enable setting.

enable

Disable setting.

** Values may differ between models.

config match

Parameter

Description

Type

Size

Default

server-name

Name of remote auth server.

string

Maximum length: 35

group-name

Name of matching user or group on remote authentication server.

string

Maximum length: 511

config guest

Parameter

Description

Type

Size

Default

user-id

Guest ID.

string

Maximum length: 64

name

Guest name.

string

Maximum length: 64

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Maximum length: 35

sponsor

Set the action for the sponsor guest user field.

string

Maximum length: 35

company

Set the action for the company guest user field.

string

Maximum length: 35

email

Email.

string

Maximum length: 64

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Maximum length: 255