add local-user

In the R81.10.X releases, this command is available starting from the R81.10.00 version.

Description

Adds a new locally-defined user object and configure its remote access VPN permissions.

See:

Syntax

add local-user name <name> { password <password> | password-hash <password-hash> }

      [ comments "<comments>" ]

      [ email <email> ]

      [ is-temp-user { false | true expiration-date <expiration-date> [ expiration-time <expiration-time> ] } ]

      [ phone-number <phone-number> ]

      [ remote-access-always-on {true | false} ]

Parameters

Parameter

Description

comments

Configures the comment text

A string that contains less than 257 characters, of this set:

  • a-z (lower-case letters)

  • A-Z (upper-case letters)

  • 0-9 (digits)

  • ',' (comma)

  • '.' (period)

  • '-' (minus)

  • '(' (opening round bracket)

  • ')' (closing round bracket)

  • ':' (colon)

  • '@' (at)

email

Configures the user's email

Note - This parameter is supported starting from the R81.10.05 version.

expiration-date

Configures the expiration date for a temporary user in format YYYY-MM-DD

expiration-time

Configures the expiration time for a temporary user in format HH:MM

is-temp-user

Configures the user entry as temporary (true) or not (false)

name

Configures the user's name in the local database

A string that contains up to 64 characters without spaces, of this set:

  • a-z (lower-case letters)

  • A-Z (upper-case letters)

  • 0-9 (digits)

  • '.' (period)

  • '-' (minus)

  • '@' (at)

password

Configures the user's password in the local database

A string that contains alphanumeric and special characters.

password-hash

Configures the DES hash of the password string (used for importing a database).

The password is not visible as text on the command line, or in the command history.

Use this option if you want to change passwords using a script.

To generate a password-hash, you can use this command on any Check Point Quantum Spark Appliance (in the Expert mode):

cryptpw -a des <password string> <salt>

phone-number

Configures the user's phone number

Note - This parameter is supported starting from the R81.10.05 version.

remote-access-always-on

Configures the remote access VPN permission as always enabled (true) or not (false)

Example Command

add local-user name user1 password-hash TZXPLs20bN0RA comments "This is User 1" is-temp-user true expiration-date 2021-01-30 expiration-time 23:59 remote-access-always-on true