Fortinet white logo
Fortinet white logo

CLI Reference

config user peer

config user peer

Configure peer users.

config user peer
    Description: Configure peer users.
    edit <name>
        set mandatory-ca-verify [enable|disable]
        set ca {string}
        set subject {string}
        set cn {string}
        set cn-type [string|email|...]
        set mfa-mode [none|password|...]
        set mfa-server {string}
        set mfa-username {string}
        set mfa-password {password}
        set ocsp-override-server {string}
        set two-factor [enable|disable]
        set passwd {password}
    next
end

config user peer

Parameter

Description

Type

Size

Default

name

Peer name.

string

Maximum length: 35

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ca

Name of the CA certificate.

string

Maximum length: 127

subject

Peer certificate name constraints.

string

Maximum length: 255

cn

Peer certificate common name.

string

Maximum length: 255

cn-type

Peer certificate common name type.

option

-

string

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

mfa-mode

MFA mode for remote peer authentication/authorization.

option

-

none

Option

Description

none

None.

password

Specified username/password.

subject-identity

Subject identity extracted from certificate.

mfa-server

Name of a remote authenticator. Performs client access right check.

string

Maximum length: 35

mfa-username

Unified username for remote authentication.

string

Maximum length: 35

mfa-password

Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password.

password

Not Specified

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Maximum length: 35

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

disable

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.

passwd

Peer's password used for two-factor authentication.

password

Not Specified

config user peer

config user peer

Configure peer users.

config user peer
    Description: Configure peer users.
    edit <name>
        set mandatory-ca-verify [enable|disable]
        set ca {string}
        set subject {string}
        set cn {string}
        set cn-type [string|email|...]
        set mfa-mode [none|password|...]
        set mfa-server {string}
        set mfa-username {string}
        set mfa-password {password}
        set ocsp-override-server {string}
        set two-factor [enable|disable]
        set passwd {password}
    next
end

config user peer

Parameter

Description

Type

Size

Default

name

Peer name.

string

Maximum length: 35

mandatory-ca-verify

Determine what happens to the peer if the CA certificate is not installed. Disable to automatically consider the peer certificate as valid.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ca

Name of the CA certificate.

string

Maximum length: 127

subject

Peer certificate name constraints.

string

Maximum length: 255

cn

Peer certificate common name.

string

Maximum length: 255

cn-type

Peer certificate common name type.

option

-

string

Option

Description

string

Normal string.

email

Email address.

FQDN

Fully Qualified Domain Name.

ipv4

IPv4 address.

ipv6

IPv6 address.

mfa-mode

MFA mode for remote peer authentication/authorization.

option

-

none

Option

Description

none

None.

password

Specified username/password.

subject-identity

Subject identity extracted from certificate.

mfa-server

Name of a remote authenticator. Performs client access right check.

string

Maximum length: 35

mfa-username

Unified username for remote authentication.

string

Maximum length: 35

mfa-password

Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password.

password

Not Specified

ocsp-override-server

Online Certificate Status Protocol (OCSP) server for certificate retrieval.

string

Maximum length: 35

two-factor

Enable/disable two-factor authentication, applying certificate and password-based authentication.

option

-

disable

Option

Description

enable

Enable 2-factor authentication.

disable

Disable 2-factor authentication.

passwd

Peer's password used for two-factor authentication.

password

Not Specified