Chapter 11 IPsec VPN for FortiOS 5.0 : L2TP and IPsec (Microsoft VPN) : Configuring the FortiGate unit : Configuring LT2P users and firewall user group : Creating a user group
  
Creating a user group
When clients connect using the L2TP-over-IPsec VPN, the FortiGate unit checks their credentials against the user group you specify for L2TP authentication. You need to create a firewall user group to use for this purpose.
To create a user group - web-based manager
1. Go to User & Device > User > User Groups, select Create New, and enter the following:
Name
Type or edit the user group name (for example, L2TP_group).
Type
Select Firewall.
Available Users/Groups
The list of Local users, RADIUS servers, LDAP servers, TACACS+ servers, or PKI users that can be added to the user group. To add a member to this list, select the name and then select the right arrow button.
Members
The list of Local users, RADIUS servers, LDAP servers, TACACS+ servers, or PKI users that belong to the user group. To remove a member, select the name and then select the left arrow button.
2. Select OK.
To create a user group - CLI
To create the user group L2TP_group and add members User_1, User_2, and User_3, enter:
config user group
edit L2TP_group
set group-type firewall
set member User_1 User_2 User_3
end