Fortinet black logo

CLI Reference

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

config user peer

config user peer

Configure peer users.

config user peer
    Description: Configure peer users.
    edit <name>
        set ca {string}
        set cn {string}
        set cn-type [string|email|...]
        set mandatory-ca-verify [enable|disable]
        set mfa-mode [none|password|...]
        set mfa-password {password}
        set mfa-server {string}
        set mfa-username {string}
        set ocsp-override-server {string}
        set passwd {password}
        set subject {string}
        set two-factor [enable|disable]
    next
end

config user peer

Parameter

Description

Type

Size

Default

ca

Name of the CA certificate.

string

Maximum length: 127

cn

Peer certificate common name.

string

Maximum length: 255

cn-type

Peer certificate common name type.

option

-

string

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

mfa-mode

MFA mode for remote peer authentication/authorization.

option

-

none

Option

Description

none

None.

password

Specified username/password.

subject-identity

Subject identity extracted from certificate.

mfa-password

Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password.

password

Not Specified

mfa-server

Name of a remote authenticator. Performs client access right check.

string

Maximum length: 35

mfa-username

Unified username for remote authentication.

string

Maximum length: 35

name

Peer name.

string

Maximum length: 35

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Maximum length: 35

passwd

Peer's password used for two-factor authentication.

password

Not Specified

subject

Peer certificate name constraints.

string

Maximum length: 255

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

disable

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.
Previous
Next

config user peer

Configure peer users.

config user peer
    Description: Configure peer users.
    edit <name>
        set ca {string}
        set cn {string}
        set cn-type [string|email|...]
        set mandatory-ca-verify [enable|disable]
        set mfa-mode [none|password|...]
        set mfa-password {password}
        set mfa-server {string}
        set mfa-username {string}
        set ocsp-override-server {string}
        set passwd {password}
        set subject {string}
        set two-factor [enable|disable]
    next
end

config user peer

Parameter

Description

Type

Size

Default

ca

Name of the CA certificate.

string

Maximum length: 127

cn

Peer certificate common name.

string

Maximum length: 255

cn-type

Peer certificate common name type.

option

-

string

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

mfa-mode

MFA mode for remote peer authentication/authorization.

option

-

none

Option

Description

none

None.

password

Specified username/password.

subject-identity

Subject identity extracted from certificate.

mfa-password

Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password.

password

Not Specified

mfa-server

Name of a remote authenticator. Performs client access right check.

string

Maximum length: 35

mfa-username

Unified username for remote authentication.

string

Maximum length: 35

name

Peer name.

string

Maximum length: 35

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Maximum length: 35

passwd

Peer's password used for two-factor authentication.

password

Not Specified

subject

Peer certificate name constraints.

string

Maximum length: 255

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

disable

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.
Previous
Next