wanopt : auth-group
Use this command to configure WAN optimization authentication groups. Add authentication groups to support authentication and secure tunneling between WAN optimization peers.
config wanopt auth-group
edit <auth_group_name>
set auth-method {cert | psk}
set cert <certificate_name>
set peer <peer_host_id>
set peer-accept {any | defined | one}
set psk <preshared_key>
edit <auth_group_name>
Enter a name for the authentication group.
auth-method {cert | psk}
Specify the authentication method for the authentication group. Enter cert to authenticate using a certificate. Enter psk to authenticate using a preshared key.
cert <certificate_name>
If auth-method is set to cert, select the local certificate to be used by the peers in this authentication group. The certificate must be a local certificate added to the FortiGate unit using the config vpn certificate local command. For more information, see vpn certificate local.
peer <peer_host_id>
If peer-method is set to one select the name of one peer to add to this authentication group. The peer must have been added to the FortiGate unit using the config wanopt peer command.
peer-accept {any | defined | one}
Specify whether the authentication group can be used for any peer, only the defined peers that have been added to the FortiGate unit configuration, or just one peer. If you specify one use the peer field to add the name of the peer to the authentication group.
psk <preshared_key>
If auth-method is set to psk enter a preshared key to be used for the authentication group.