Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiExtender 7.6.5 CLI Reference
    7.6.5
    7.6.5
    7.6.4
    7.6.2
    7.6.1
    7.6.0
    7.4.4
    7.4.1
    7.4.0
    7.2.3

    config admin

    config admin

    Description: Configure user access.

    config admin
  edit <name>
    set *accprofile <name1>
    set remote-auth {enable | disable}
    set wildcard {enable | disable}
    set *password {string}
    set remote-group {group name}
    set trusthost1 {ipv4-address}
    set trusthost2 {ipv4-address}
    set trusthost3 {ipv4-address}
    set trusthost4 {ipv4-address}
    set trusthost5 {ipv4-address}
    set trusthost6 {ipv4-address}
    set trusthost7 {ipv4-address}
    set trusthost8 {ipv4-address}
    set trusthost9 {ipv4-address}
    set trusthost10 {ipv4-address}
  next
end

    Sample command:

    config system admin
  edit remote1
    set accprofile super_admin
    set remote-auth enable
    set wildcard enable
    set password ENC *
    set remote-group group1
    set trusthost1 192.168.200.110/24
    set trusthost2
    set trusthost3
    set trusthost4
    set trusthost5
    set trusthost6
    set trusthost7
    set trusthost8
    set trusthost9
    set trusthost10
  next
end
    Parameter Description Typy Size Default
    accprofile Access profile. string - none

    remote-auth

    Enable/disable authentication using a remote RADIUS server

    option

    -

    disable

    wildcard

    Enable/disable wildcard RADIUS authentication

    Note: If wildcard is enabled, the remote user can share the account and log in without needing to create multiple user accounts. That means, you can use the user and password pair stored in the remote server without needing to match the table name.

    Only one wildcard remote account is allowed to exist under system admin.

    option

    -

    disable
    password

    Admin user password

    Note: If wildcard is enabled, you cannot set a password.

    		 string - none

    remote-group

    Enter the FortiExtender user group name you want to use for remote authentication.

    Note: If remote-auth is enabled, remote-group becomes mandatory. Otherwise remote-group is hidden.

    If remote-auth is enabled but wildcard is disabled, you must set a local password. If the RADIUS server is unreachable, FortiExtender uses the local password. For other situations, such as if FortiExtender receives a RADIUS reject message, the local password is omitted.

    option

    -

    none
    trusthost1 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost2 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost3 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost4 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost5 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost6 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost7 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost8 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost9 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost10 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Previous
    Next

    config admin

    config admin

    Description: Configure user access.

    config admin
  edit <name>
    set *accprofile <name1>
    set remote-auth {enable | disable}
    set wildcard {enable | disable}
    set *password {string}
    set remote-group {group name}
    set trusthost1 {ipv4-address}
    set trusthost2 {ipv4-address}
    set trusthost3 {ipv4-address}
    set trusthost4 {ipv4-address}
    set trusthost5 {ipv4-address}
    set trusthost6 {ipv4-address}
    set trusthost7 {ipv4-address}
    set trusthost8 {ipv4-address}
    set trusthost9 {ipv4-address}
    set trusthost10 {ipv4-address}
  next
end

    Sample command:

    config system admin
  edit remote1
    set accprofile super_admin
    set remote-auth enable
    set wildcard enable
    set password ENC *
    set remote-group group1
    set trusthost1 192.168.200.110/24
    set trusthost2
    set trusthost3
    set trusthost4
    set trusthost5
    set trusthost6
    set trusthost7
    set trusthost8
    set trusthost9
    set trusthost10
  next
end
    Parameter Description Typy Size Default
    accprofile Access profile. string - none

    remote-auth

    Enable/disable authentication using a remote RADIUS server

    option

    -

    disable

    wildcard

    Enable/disable wildcard RADIUS authentication

    Note: If wildcard is enabled, the remote user can share the account and log in without needing to create multiple user accounts. That means, you can use the user and password pair stored in the remote server without needing to match the table name.

    Only one wildcard remote account is allowed to exist under system admin.

    option

    -

    disable
    password

    Admin user password

    Note: If wildcard is enabled, you cannot set a password.

    		 string - none

    remote-group

    Enter the FortiExtender user group name you want to use for remote authentication.

    Note: If remote-auth is enabled, remote-group becomes mandatory. Otherwise remote-group is hidden.

    If remote-auth is enabled but wildcard is disabled, you must set a local password. If the RADIUS server is unreachable, FortiExtender uses the local password. For other situations, such as if FortiExtender receives a RADIUS reject message, the local password is omitted.

    option

    -

    none
    trusthost1 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost2 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost3 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost4 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost5 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost6 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost7 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost8 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost9 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Trusthost10 Address or subnet address and netmask from which the administrator can connect to the device. IPv4 address - none
    Previous
    Next