Configuring Peer user groups, Group Name | Fortinet v3.0 MR7

User groups

Users/peers and user groups

Configuring Peer user groups

Peer user groups can only be configured using the CLI. Peers are digital certificate holders defined using the config user peer command. You use the peer groups you define here in the config vpn ipsec phase1 command if you specify peertype as peergrp.

For PKI user authentication, you can add or edit peer group member information. User groups that use PKI authentication can also be configured using config user group.

To create a peer group - CLI

config user peergrp

edit groupname

set member peer_name end

This example shows how to add peers to the peergrp EU_branches.

config user peergrp edit EU_branches

set member Sophia_branch Valencia_branch Cardiff_branch end

Viewing a list of user groups

To view the list of FortiGate user groups, go to User > User Group.

Figure 20: Example User group list

Delete

Edit

Expand Arrow
Create New	Add a new user group.
Group Name	The name of the user group. User group names are listed by type of
	user group: Firewall, Directory Service and SSL VPN. For more
	information, see “Firewall user groups” on page 39, “Directory Service
	user groups” on page 39, and “SSL VPN user groups” on page 40.
Members	The Local users, RADIUS servers, LDAP servers, TACACS+ servers,
	Directory Service users/user groups or PKI users found in the user
	group.
Protection Profile	The protection profile associated with this user group.
Delete icon	Delete the user group.
	You cannot delete a user group that is included in a firewall policy, a
	dialup user phase 1 configuration, or a PPTP or L2TP configuration.
Edit icon	Edit the membership and options of the group.

FortiOS v3.0 MR7 User Authentication User Guide

44	01-30007-0347-20080828

Image 44

Fortinet v3.0 MR7 Configuring Peer user groups, Viewing a list of user groups, To create a peer group CLI, Group Name

Contents

E R G U I D E FortiOS v3.0 MR7 User Authentication User Guide Trademarks Contents Configuring authenticated access Users/peers and user groupsIndex Creating local users Creating peer users About authentication Introduction VPN client-based authentication User’s view of authenticationWeb-based user authentication FortiGate administrator’s view of authentication See Creating local users on See Creating peer users on Authentication servers See Configuring user groups on Public Key Infrastructure PKI authentication PeersUsers User groups Authentication timeout About this documentFirewall policies VPN tunnels Typographic conventions Name field, type adminFortiGate documentation FortiGate Administration Guide Related documentation FortiManager documentation FortiClient documentationFortiMail documentation FortiAnalyzer documentation Customer service and technical support Fortinet Tools and Documentation CDFortinet Knowledge Center Comments on Fortinet technical documentation Authentication servers Radius servers Configuring the FortiGate unit to use a Radius server Radius attributes sent in Radius accounting message Primary Server Name/IP Primary Server Secret Edit icon Edit a Radius server configuration Group Ldap servers Ldapsearch -x objectclass= Configuring the FortiGate unit to use an Ldap server Password Server PortCommon Name Identifier To configure the FortiGate unit for Ldap authentication CLI EditProtocol Certificate Using the Query icon Ldap server Distinguished Name Query tree TACACS+ servers Ascii Authentication Type Server Key Directory Service servers Create New DomainGroups Fsae Collector IP Directory Service server configuration Name Fsae Collector IP/Name Port CLI Example Directory Service server list Directory Service servers Users/peers and user groups Users/peers To create a local user web-based manager Go to User Local User type AuthenticationCreating local users To create a local user CLI To view a list of all local users, go to User LocalDelete icon Edit icon Delete icon To remove a user from the FortiGate unit configuration CLICreating peer users Subject Authenticating peer userTo view a list of PKI peer users, go to User PKI To create a peer user for PKI authentication CLI Remove PKI peer user Firewall user groups Directory Service user groupsUser groups SSL VPN user groups Protection profiles Firewall Configuring user groupsSelect Create New and enter the following information Configuring Directory Service user groups To create a firewall user group CLIMembers FortiGuard Web Configuring SSL VPN user groups Available Users/Groups or Available Members Configuring Peer user groups Viewing a list of user groupsTo create a peer group CLI Group Name Config user group delete groupname End User groups Authentication timeout Authentication protocolsEnter the Idle Timeout value seconds Select Apply Telnet Firewall policy authentication Authentication Settings Configuring authentication for a firewall policy Authentication is an Advanced firewall optionTo configure authentication for a firewall policy Go to Firewall Policy Firewall policy order Firewall Policy Move To Zone Configuring authenticated access to the InternetSource Interface VPN authentication Configuring authentication of SSL VPN usersSelect Enable SSL-VPN and enter information as follows Go to VPN SSL Default RC4128 Server CertificateRequire Client Certificate Encryption Key Algorithm To configure authentication for an SSL VPN CLI Configuring authentication of VPN peers and clients Configuring authentication of Pptp VPN users/user groupsSelect Enable Pptp Select Require Client Certificate, and then select Apply Configuring authentication of L2TP VPN users/user groups Configuring authentication of remote IPSec VPN usersTo configure authentication for a Pptp VPN CLI To configure authentication for an L2TP VPN CLI Remote Gateway To configure user group authentication for dialup IPSec CLIOnly users with passwords on the FortiGate unit Configuring XAuth authentication IPSec configuration for dialup users To configure authentication for a dialup IPSec VPN CLI Remote Gateway Authentication MethodXAuth Server Type VPN authentication Index 01-30007-0347-20080731 MS-CHAP VSA