Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user peer

    config user peer

    Configure peer users.

    config user peer
    Description: Configure peer users.
    edit <name>
        set ca {string}
        set cn {string}
        set cn-type [string|email|...]
        set mandatory-ca-verify [enable|disable]
        set mfa-mode [none|password|...]
        set mfa-password {password}
        set mfa-server {string}
        set mfa-username {string}
        set ocsp-override-server {string}
        set passwd {password}
        set subject {string}
        set two-factor [enable|disable]
    next
end

    config user peer

    Parameter

    Description

    Type

    Size

    Default

    ca

    Name of the CA certificate.

    string

    Maximum length: 127

    cn

    Peer certificate common name.

    string

    Maximum length: 255

    cn-type

    Peer certificate common name type.

    option

    -

    string

    Option

    Description

    string

    Normal string.

    email

    Email address.

    FQDN

    Fully Qualified Domain Name.

    ipv4

    IPv4 address.

    ipv6

    IPv6 address.

    mandatory-ca-verify

    Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    mfa-mode

    MFA mode for remote peer authentication/authorization.

    option

    -

    none

    Option

    Description

    none

    None.

    password

    Specified username/password.

    subject-identity

    Subject identity extracted from certificate.

    mfa-password

    Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password.

    password

    Not Specified

    mfa-server

    Name of a remote authenticator. Performs client access right check.

    string

    Maximum length: 35

    mfa-username

    Unified username for remote authentication.

    string

    Maximum length: 35

    name

    Peer name.

    string

    Maximum length: 35

    ocsp-override-server

    Online Certificate Status Protocol (OCSP) server for certificate retrieval.

    string

    Maximum length: 35

    passwd

    Peer's password used for two-factor authentication.

    password

    Not Specified

    subject

    Peer certificate name constraints.

    string

    Maximum length: 255

    two-factor

    Enable/disable two-factor authentication, applying certificate and password-based authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable 2-factor authentication.

    disable

    Disable 2-factor authentication.
    Previous
    Next

    config user peer

    config user peer

    Configure peer users.

    config user peer
    Description: Configure peer users.
    edit <name>
        set ca {string}
        set cn {string}
        set cn-type [string|email|...]
        set mandatory-ca-verify [enable|disable]
        set mfa-mode [none|password|...]
        set mfa-password {password}
        set mfa-server {string}
        set mfa-username {string}
        set ocsp-override-server {string}
        set passwd {password}
        set subject {string}
        set two-factor [enable|disable]
    next
end

    config user peer

    Parameter

    Description

    Type

    Size

    Default

    ca

    Name of the CA certificate.

    string

    Maximum length: 127

    cn

    Peer certificate common name.

    string

    Maximum length: 255

    cn-type

    Peer certificate common name type.

    option

    -

    string

    Option

    Description

    string

    Normal string.

    email

    Email address.

    FQDN

    Fully Qualified Domain Name.

    ipv4

    IPv4 address.

    ipv6

    IPv6 address.

    mandatory-ca-verify

    Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    mfa-mode

    MFA mode for remote peer authentication/authorization.

    option

    -

    none

    Option

    Description

    none

    None.

    password

    Specified username/password.

    subject-identity

    Subject identity extracted from certificate.

    mfa-password

    Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password.

    password

    Not Specified

    mfa-server

    Name of a remote authenticator. Performs client access right check.

    string

    Maximum length: 35

    mfa-username

    Unified username for remote authentication.

    string

    Maximum length: 35

    name

    Peer name.

    string

    Maximum length: 35

    ocsp-override-server

    Online Certificate Status Protocol (OCSP) server for certificate retrieval.

    string

    Maximum length: 35

    passwd

    Peer's password used for two-factor authentication.

    password

    Not Specified

    subject

    Peer certificate name constraints.

    string

    Maximum length: 255

    two-factor

    Enable/disable two-factor authentication, applying certificate and password-based authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable 2-factor authentication.

    disable

    Disable 2-factor authentication.
    Previous
    Next