Fortinet black logo

CLI Reference

7.4.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

config vpn kmip-server

config vpn kmip-server

KMIP server entry configuration.

config vpn kmip-server
    Description: KMIP server entry configuration.
    edit <name>
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set password {password}
        set server-identity-check [enable|disable]
        config server-list
            Description: KMIP server list.
            edit <id>
                set status [enable|disable]
                set server {string}
                set port {integer}
                set cert {string}
            next
        end
        set source-ip {string}
        set ssl-min-proto-version [default|SSLv3|...]
        set username {string}
    next
end

config vpn kmip-server

Parameter

Description

Type

Size

Default

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

name

KMIP server entry name.

string

Maximum length: 35

password

Password to use for connectivity to the KMIP server.

password

Not Specified

server-identity-check

Enable/disable KMIP server identity check (verify server FQDN/IP address against the server certificate).

option

-

disable

Option

Description

enable

Enable server identity check.

disable

Disable server identity check.

source-ip

FortiGate IP address to be used for communication with the KMIP server.

string

Maximum length: 63

ssl-min-proto-version

Minimum supported protocol version for SSL/TLS connections.

option

-

default

Option

Description

default

Follow system global setting.

SSLv3

SSLv3.

TLSv1

TLSv1.

TLSv1-1

TLSv1.1.

TLSv1-2

TLSv1.2.

TLSv1-3

TLSv1.3.

username

User name to use for connectivity to the KMIP server.

string

Maximum length: 63

config server-list

Parameter

Description

Type

Size

Default

id

ID

integer

Minimum value: 0 Maximum value: 4294967295

0

status

Enable/disable KMIP server.

option

-

enable

Option

Description

enable

Enable server.

disable

Disable server.

server

KMIP server FQDN or IP address.

string

Maximum length: 63

port

KMIP server port.

integer

Minimum value: 0 Maximum value: 65535

5696

cert

Client certificate to use for connectivity to the KMIP server.

string

Maximum length: 35

Previous
Next

config vpn kmip-server

KMIP server entry configuration.

config vpn kmip-server
    Description: KMIP server entry configuration.
    edit <name>
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set password {password}
        set server-identity-check [enable|disable]
        config server-list
            Description: KMIP server list.
            edit <id>
                set status [enable|disable]
                set server {string}
                set port {integer}
                set cert {string}
            next
        end
        set source-ip {string}
        set ssl-min-proto-version [default|SSLv3|...]
        set username {string}
    next
end

config vpn kmip-server

Parameter

Description

Type

Size

Default

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

name

KMIP server entry name.

string

Maximum length: 35

password

Password to use for connectivity to the KMIP server.

password

Not Specified

server-identity-check

Enable/disable KMIP server identity check (verify server FQDN/IP address against the server certificate).

option

-

disable

Option

Description

enable

Enable server identity check.

disable

Disable server identity check.

source-ip

FortiGate IP address to be used for communication with the KMIP server.

string

Maximum length: 63

ssl-min-proto-version

Minimum supported protocol version for SSL/TLS connections.

option

-

default

Option

Description

default

Follow system global setting.

SSLv3

SSLv3.

TLSv1

TLSv1.

TLSv1-1

TLSv1.1.

TLSv1-2

TLSv1.2.

TLSv1-3

TLSv1.3.

username

User name to use for connectivity to the KMIP server.

string

Maximum length: 63

config server-list

Parameter

Description

Type

Size

Default

id

ID

integer

Minimum value: 0 Maximum value: 4294967295

0

status

Enable/disable KMIP server.

option

-

enable

Option

Description

enable

Enable server.

disable

Disable server.

server

KMIP server FQDN or IP address.

string

Maximum length: 63

port

KMIP server port.

integer

Minimum value: 0 Maximum value: 65535

5696

cert

Client certificate to use for connectivity to the KMIP server.

string

Maximum length: 35

Previous
Next