no way to compare when less than two revisions
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.
— | firewalls:fortigate:vpn_mit_clientzertifikat [2017/04/03 01:23] (aktuell) – angelegt admin | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== VPN mit Clientzertifikat Fortigate ====== | ||
+ | |||
+ | < | ||
+ | fw01 # diagnose debug disable | ||
+ | |||
+ | fw01 # config user peer | ||
+ | |||
+ | fw01 (peer) # show | ||
+ | |||
+ | fw01 (peer) # edit testbla | ||
+ | new entry ' | ||
+ | |||
+ | fw01 (testbla) # set | ||
+ | ca Peer certificate CA (CA name in local). | ||
+ | cn Peer certificate common name. | ||
+ | cn-type | ||
+ | ldap-mode | ||
+ | ldap-password | ||
+ | ldap-server | ||
+ | ldap-username | ||
+ | mandatory-ca-verify | ||
+ | ocsp-override-server | ||
+ | subject | ||
+ | two-factor | ||
+ | |||
+ | fw01 (testbla) # set mandatory-ca-verify enable | ||
+ | |||
+ | fw01 (testbla) # set ca | ||
+ | < | ||
+ | CA_Cert_1 ca | ||
+ | CA_Cert_2 ca | ||
+ | Fortinet_CA ca | ||
+ | Fortinet_CA2 ca | ||
+ | PositiveSSL_CA ca | ||
+ | |||
+ | fw01 (testbla) # set ca CA_Cert_1 | ||
+ | |||
+ | fw01 (testbla) # set cn | ||
+ | < | ||
+ | |||
+ | fw01 (testbla) # set cn-type | ||
+ | FQDN Fully Qualified Domain Name. | ||
+ | email Email address. | ||
+ | ipv4 IPv4 address. | ||
+ | ipv6 IPv6 address. | ||
+ | string | ||
+ | |||
+ | fw01 (testbla) # set cn-type string | ||
+ | |||
+ | fw01 (testbla) # set cn testbla | ||
+ | |||
+ | fw01 (testbla) # set | ||
+ | ca Peer certificate CA (CA name in local). | ||
+ | cn Peer certificate common name. | ||
+ | cn-type | ||
+ | ldap-mode | ||
+ | ldap-password | ||
+ | ldap-server | ||
+ | ldap-username | ||
+ | mandatory-ca-verify | ||
+ | ocsp-override-server | ||
+ | subject | ||
+ | two-factor | ||
+ | |||
+ | fw01 (testbla) # set two-factor enable | ||
+ | |||
+ | fw01 (testbla) # set | ||
+ | ca Peer certificate CA (CA name in local). | ||
+ | cn Peer certificate common name. | ||
+ | cn-type | ||
+ | ldap-mode | ||
+ | ldap-password | ||
+ | ldap-server | ||
+ | ldap-username | ||
+ | mandatory-ca-verify | ||
+ | ocsp-override-server | ||
+ | passwd | ||
+ | subject | ||
+ | two-factor | ||
+ | |||
+ | fw01 (testbla) # set passwd | ||
+ | |||
+ | incomplete command in the end | ||
+ | Command fail. Return code -160 | ||
+ | |||
+ | fw01 (testbla) # set passwd 1234567 | ||
+ | |||
+ | fw01 (testbla) # end | ||
+ | |||
+ | fw01 # config user peer | ||
+ | |||
+ | fw01 (peer) # show | ||
+ | config user peer | ||
+ | edit " | ||
+ | set ca " | ||
+ | set cn " | ||
+ | set mandatory-ca-verify enable | ||
+ | set two-factor enable | ||
+ | set passwd ENC NeMCO1Dha7ZqzsoTiwDNNu4hyjHmTly3B2wbyvf3i4v8unf4vH1iNl1BwyJkv3/ | ||
+ | next | ||
+ | end | ||
+ | |||
+ | fw01 (peer) # | ||
+ | fw01 (peer) # exit | ||
+ | please use ' | ||
+ | |||
+ | fw01 (peer) # next | ||
+ | Unknown action 0 | ||
+ | |||
+ | fw01 (peer) # end | ||
+ | </ |