Remove PKI peer user | Fortinet v3.0 MR7 specs

Users/peers

Users/peers and user groups

Delete icon	Delete this PKI peer user. Note: The delete icon is not available if
	the peer user belongs to a user group.
Edit icon	Edit this PKI peer user.

To create a peer user for PKI authentication - CLI

config user peer edit <peer name>

set subject <subject_string> set ca <ca_cert_string>

end

To remove a PKI peer user from the FortiGate unit configuration - web-based manager

1Go to User > PKI.

2Select the Delete icon beside the name of the PKI peer user that you want to remove.

3Select OK.

Figure 17: Remove PKI peer user

To remove a PKI peer user from the FortiGate unit configuration - CLI

config user peer delete <peer_name>

end

Note: You cannot remove a peer user that belongs to a user group that is part of a firewall policy. Remove it from the user group first.

There are other configuration settings that can be added/modified for PKI authentication, for example, you can configure the use of an LDAP server to check access rights for client certificates. For information about the detailed PKI configuration settings only available through the CLI, see the FortiGate CLI

Reference.

	FortiOS v3.0 MR7 User Authentication User Guide
38	01-30007-0347-20080828

Image 38

Fortinet v3.0 MR7 manual To create a peer user for PKI authentication CLI, Remove PKI peer user

Contents

E R G U I D E FortiOS v3.0 MR7 User Authentication User Guide Trademarks Contents Index Configuring authenticated accessUsers/peers and user groups Creating local users Creating peer users About authentication Introduction VPN client-based authentication User’s view of authenticationWeb-based user authentication FortiGate administrator’s view of authentication See Creating local users on See Creating peer users on Authentication servers See Configuring user groups on Users Public Key Infrastructure PKI authenticationPeers User groups Firewall policies Authentication timeoutAbout this document VPN tunnels Typographic conventions Name field, type adminFortiGate documentation FortiGate Administration Guide Related documentation FortiMail documentation FortiManager documentationFortiClient documentation FortiAnalyzer documentation Fortinet Knowledge Center Customer service and technical supportFortinet Tools and Documentation CD Comments on Fortinet technical documentation Authentication servers Radius servers Configuring the FortiGate unit to use a Radius server Radius attributes sent in Radius accounting message Primary Server Name/IP Primary Server Secret Edit icon Edit a Radius server configuration Group Ldap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Common Name PasswordServer Port Identifier Protocol To configure the FortiGate unit for Ldap authentication CLIEdit Certificate Using the Query icon Ldap server Distinguished Name Query tree TACACS+ servers Ascii Authentication Type Server Key Directory Service servers Groups Create NewDomain Fsae Collector IP Directory Service server configuration Name Fsae Collector IP/Name Port CLI Example Directory Service server list Directory Service servers Users/peers and user groups Users/peers To create a local user web-based manager Go to User Local User type AuthenticationCreating local users To create a local user CLI To view a list of all local users, go to User LocalDelete icon Edit icon Delete icon To remove a user from the FortiGate unit configuration CLICreating peer users Subject Authenticating peer userTo view a list of PKI peer users, go to User PKI To create a peer user for PKI authentication CLI Remove PKI peer user Firewall user groups Directory Service user groupsUser groups SSL VPN user groups Protection profiles Firewall Configuring user groupsSelect Create New and enter the following information Members Configuring Directory Service user groupsTo create a firewall user group CLI FortiGuard Web Configuring SSL VPN user groups Available Users/Groups or Available Members To create a peer group CLI Configuring Peer user groupsViewing a list of user groups Group Name Config user group delete groupname End User groups Enter the Idle Timeout value seconds Select Apply Authentication timeoutAuthentication protocols Telnet Firewall policy authentication Authentication Settings To configure authentication for a firewall policy Configuring authentication for a firewall policyAuthentication is an Advanced firewall option Go to Firewall Policy Firewall policy order Firewall Policy Move To Zone Configuring authenticated access to the InternetSource Interface Select Enable SSL-VPN and enter information as follows VPN authenticationConfiguring authentication of SSL VPN users Go to VPN SSL Require Client Certificate Default RC4128Server Certificate Encryption Key Algorithm To configure authentication for an SSL VPN CLI Select Enable Pptp Configuring authentication of VPN peers and clientsConfiguring authentication of Pptp VPN users/user groups Select Require Client Certificate, and then select Apply To configure authentication for a Pptp VPN CLI Configuring authentication of L2TP VPN users/user groupsConfiguring authentication of remote IPSec VPN users To configure authentication for an L2TP VPN CLI Remote Gateway To configure user group authentication for dialup IPSec CLIOnly users with passwords on the FortiGate unit Configuring XAuth authentication IPSec configuration for dialup users XAuth To configure authentication for a dialup IPSec VPN CLIRemote Gateway Authentication Method Server Type VPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA