User groups

Users/peers and user groups

Configuring Peer user groups

Peer user groups can only be configured using the CLI. Peers are digital certificate holders defined using the config user peer command. You use the peer groups you define here in the config vpn ipsec phase1 command if you specify peertype as peergrp.

For PKI user authentication, you can add or edit peer group member information. User groups that use PKI authentication can also be configured using config user group.

To create a peer group - CLI

config user peergrp

edit groupname

set member peer_name end

This example shows how to add peers to the peergrp EU_branches.

config user peergrp edit EU_branches

set member Sophia_branch Valencia_branch Cardiff_branch end

Viewing a list of user groups

To view the list of FortiGate user groups, go to User > User Group.

Figure 20: Example User group list

Delete

Edit

Expand Arrow

 

Create New

Add a new user group.

Group Name

The name of the user group. User group names are listed by type of

 

user group: Firewall, Directory Service and SSL VPN. For more

 

information, see “Firewall user groups” on page 39, “Directory Service

 

user groups” on page 39, and “SSL VPN user groups” on page 40.

Members

The Local users, RADIUS servers, LDAP servers, TACACS+ servers,

 

Directory Service users/user groups or PKI users found in the user

 

group.

Protection Profile

The protection profile associated with this user group.

Delete icon

Delete the user group.

 

You cannot delete a user group that is included in a firewall policy, a

 

dialup user phase 1 configuration, or a PPTP or L2TP configuration.

Edit icon

Edit the membership and options of the group.

FortiOS v3.0 MR7 User Authentication User Guide

44

01-30007-0347-20080828

Page 44
Image 44
Fortinet v3.0 MR7 Configuring Peer user groups, Viewing a list of user groups, To create a peer group CLI, Group Name