Fortinet black logo

CLI Reference

config user peer

config user peer

Configure peer users.

config user peer

Description: Configure peer users.

edit <name>

set mandatory-ca-verify [enable|disable]

set ca {string}

set subject {string}

set cn {string}

set cn-type [string|email|...]

set ldap-server {string}

set ldap-username {string}

set ldap-password {password}

set ldap-mode [password|principal-name]

set ocsp-override-server {string}

set two-factor [enable|disable]

set passwd {password}

next

end

config user peer

Parameter

Description

Type

Size

Default

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ca

Name of the CA certificate.

string

Not Specified

subject

Peer certificate name constraints.

string

Not Specified

cn

Peer certificate common name.

string

Not Specified

cn-type

Peer certificate common name type.

option

-

string

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

ldap-server

Name of an LDAP server defined under the user ldap command. Performs client access rights check.

string

Not Specified

ldap-username

Username for LDAP server bind.

string

Not Specified

ldap-password

Password for LDAP server bind.

password

Not Specified

ldap-mode

Mode for LDAP peer authentication.

option

-

password

Option

Description

password

Username/password.

principal-name

Principal name.

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Not Specified

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

disable

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.

passwd

Peer's password used for two-factor authentication.

password

Not Specified

config user peer

Configure peer users.

config user peer

Description: Configure peer users.

edit <name>

set mandatory-ca-verify [enable|disable]

set ca {string}

set subject {string}

set cn {string}

set cn-type [string|email|...]

set ldap-server {string}

set ldap-username {string}

set ldap-password {password}

set ldap-mode [password|principal-name]

set ocsp-override-server {string}

set two-factor [enable|disable]

set passwd {password}

next

end

config user peer

Parameter

Description

Type

Size

Default

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ca

Name of the CA certificate.

string

Not Specified

subject

Peer certificate name constraints.

string

Not Specified

cn

Peer certificate common name.

string

Not Specified

cn-type

Peer certificate common name type.

option

-

string

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

ldap-server

Name of an LDAP server defined under the user ldap command. Performs client access rights check.

string

Not Specified

ldap-username

Username for LDAP server bind.

string

Not Specified

ldap-password

Password for LDAP server bind.

password

Not Specified

ldap-mode

Mode for LDAP peer authentication.

option

-

password

Option

Description

password

Username/password.

principal-name

Principal name.

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Not Specified

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

disable

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.

passwd

Peer's password used for two-factor authentication.

password

Not Specified