| source: | fortios_system_global.py |
|---|---|
| orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.9
Using member operation to add an element to an existing object.
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.0.12 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
| fortios_system_global | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- system_global - Configure global attributes. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0system_global yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_concurrent - Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_concurrent yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_console_timeout - Console login timeout that overrides the admin timeout value (15 - 300 seconds). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_console_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_forticloud_sso_default_profile - Override access profile. Source system.accprofile.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_forticloud_sso_default_profile no no no no no no no no no no no no no no no no no no no no no no no yes yes - admin_forticloud_sso_login - Enable/disable FortiCloud admin login via SSO. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_forticloud_sso_login no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_host - Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client"s Host header for any redirection. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_host no no no no no no no no no no no no no no no no yes yes yes yes no yes yes yes yes - admin_hsts_max_age - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_hsts_max_age yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_https_pki_required - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_https_pki_required yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_https_redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_https_redirect yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_https_ssl_banned_ciphers - Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. type: list choices: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_https_ssl_banned_ciphers no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [RSA] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [DHE] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [ECDHE] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [DSS] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [ECDSA] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [AES] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [AESGCM] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [CAMELLIA] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [3DES] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [SHA1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [SHA256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [SHA384] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [STATIC] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [CHACHA20] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [ARIA] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [AESCCM] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_https_ssl_ciphersuites - Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. type: list choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_https_ssl_ciphersuites no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-GCM-SHA256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-256-GCM-SHA384] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-CHACHA20-POLY1305-SHA256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-CCM-SHA256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [TLS-AES-128-CCM-8-SHA256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_https_ssl_versions - Allowed TLS versions for web administration. type: list choices: tlsv1-1, tlsv1-2, tlsv1-3, tlsv1-0
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_https_ssl_versions yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tlsv1-1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tlsv1-2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tlsv1-3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tlsv1-0] yes yes yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a - admin_lockout_duration - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_lockout_duration yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_lockout_threshold - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_lockout_threshold yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_login_max - Maximum number of administrators who can be logged in at the same time (1 - 100). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_login_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_maintainer - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2admin_maintainer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_port - Administrative access port for HTTP. (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_restrict_local - Enable/disable local admin authentication restriction when remote authenticator is up and running . type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_restrict_local yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_scp - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_scp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_server_cert - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_server_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_sport - Administrative access port for HTTPS. (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_sport yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_ssh_grace_time - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_ssh_grace_time yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_ssh_password - Enable/disable password authentication for SSH admin access. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_ssh_password yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_ssh_port - Administrative access port for SSH. (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_ssh_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_ssh_v1 - Enable/disable SSH v1 compatibility. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_ssh_v1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_telnet - Enable/disable TELNET service. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_telnet no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admin_telnet_port - Administrative access port for TELNET. (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admin_telnet_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - admintimeout - Number of minutes before an idle administrator session times out (1 - 480 minutes (8 hours)). A shorter idle timeout is more secure. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0admintimeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - alias - Alias for your FortiGate unit. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0alias yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - allow_traffic_redirect - Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0allow_traffic_redirect yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - anti_replay - Level of checking for packet replay and TCP sequence checking. type: str choices: disable, loose, strict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0anti_replay yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [loose] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - arp_max_entry - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0arp_max_entry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - asymroute - Enable/disable asymmetric route. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11asymroute yes yes yes [enable] yes yes yes [disable] yes yes yes - auth_cert - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auth_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auth_http_port - User authentication HTTP port. (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auth_http_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auth_https_port - User authentication HTTPS port. (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auth_https_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auth_ike_saml_port - User IKE SAML authentication port (0 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auth_ike_saml_port no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes - auth_keepalive - Enable to prevent user authentication sessions from timing out when idle. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auth_keepalive yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auth_session_limit - Action to take when the number of allowed user authenticated sessions is reached. type: str choices: block-new, logout-inactive
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auth_session_limit yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [block-new] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [logout-inactive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension devices. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_auth_extension_device yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - autorun_log_fsck - Enable/disable automatic log partition check after ungraceful shutdown. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0autorun_log_fsck no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - av_affinity - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0av_affinity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - av_failopen - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. type: str choices: pass, off, one-shot
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0av_failopen yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pass] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [off] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [one-shot] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - av_failopen_session - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0av_failopen_session yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - batch_cmdb - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0batch_cmdb yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - block_session_timer - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0block_session_timer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - br_fdb_max_entry - Maximum number of bridge forwarding database (FDB) entries. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0br_fdb_max_entry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_chain_max - Maximum number of certificates that can be traversed in a certificate chain. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_chain_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cfg_revert_timeout - Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cfg_revert_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cfg_save - Configuration file save mode for CLI changes. type: str choices: automatic, manual, revert
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cfg_save yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [automatic] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [manual] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [revert] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - check_protocol_header - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is OK in most cases. type: str choices: loose, strict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0check_protocol_header yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [loose] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - check_reset_range - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. type: str choices: strict, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0check_reset_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [strict] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cli_audit_log - Enable/disable CLI audit log. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cli_audit_log yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cloud_communication - Enable/disable all cloud communication. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cloud_communication no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - clt_cert_req - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0clt_cert_req yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cmdbsvr_affinity - Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cmdbsvr_affinity no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - compliance_check - Enable/disable global PCI DSS compliance check. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11compliance_check yes yes yes [enable] yes yes yes [disable] yes yes yes - compliance_check_time - Time of day to run scheduled PCI DSS compliance checks. type: str
more...
v6.0.0v6.0.5v6.0.11compliance_check_time yes yes yes - cpu_use_threshold - Threshold at which CPU usage is reported (% of total CPU). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cpu_use_threshold yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - csr_ca_attribute - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0csr_ca_attribute yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - daily_restart - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0daily_restart yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - default_service_source_port - Default service source port range . type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0default_service_source_port no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - device_identification_active_scan_delay - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7device_identification_active_scan_delay yes yes yes yes yes yes yes - device_idle_timeout - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0device_idle_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dh_params - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. type: str choices: 1024, 1536, 2048, 3072, 4096, 6144, 8192
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dh_params yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1024] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1536] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2048] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3072] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [4096] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [6144] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [8192] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dnsproxy_worker_count - DNS proxy worker count. For a FortiGate with multiple logical CPUs, you can set the DNS process number from 1 to the number of logical CPUs. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dnsproxy_worker_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dst - Enable/disable daylight saving time. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0dst yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - early_tcp_npu_session - Enable/disable early TCP NPU session. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0early_tcp_npu_session no no no no no no no no no no no no no no no no yes yes yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes - edit_vdom_prompt - Enable/disable edit new VDOM prompt. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0edit_vdom_prompt no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - endpoint_control_fds_access - Enable/disable access to the FortiGuard network for non-compliant endpoints. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11endpoint_control_fds_access yes yes yes [enable] yes yes yes [disable] yes yes yes - endpoint_control_portal_port - Endpoint control portal port (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11endpoint_control_portal_port yes yes yes - extender_controller_reserved_network - Configure reserved network subnet for managed LAN extension FortiExtender units. This is available when the FortiExtender daemon is running. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0extender_controller_reserved_network no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes - failtime - Fail-time for server lost. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0failtime yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - faz_disk_buffer_size - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailable. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0faz_disk_buffer_size no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fds_statistics - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet"s privacy policy. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fds_statistics yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fds_statistics_period - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fds_statistics_period yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_port - Local UDP port for Forward Error Correction (49152 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1fec_port no no no yes yes yes yes yes yes yes yes yes - fgd_alert_subscription - Type of alert to retrieve from FortiGuard. type: list choices: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fgd_alert_subscription yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [advisory] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [latest-threat] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [latest-virus] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [latest-attack] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [new-antivirus-db] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [new-attack-db] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - forticarrier_bypass - Enable/disable forticarrier-bypass. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0forticarrier_bypass no no no no no no no no no no no no no no yes yes no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a n/a n/a n/a yes - forticonverter_config_upload - Enable/disable config upload to FortiConverter. type: str choices: once, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0forticonverter_config_upload no no no no no no no no no no no no no no no no no no no no no no no no yes [once] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - forticonverter_integration - Enable/disable FortiConverter integration service. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0forticonverter_integration no no no no no no no no no no no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - fortiextender - Enable/disable FortiExtender. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiextender yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fortiextender_data_port - FortiExtender data port (1024 - 49150). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiextender_data_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fortiextender_discovery_lockdown - Enable/disable FortiExtender CAPWAP lockdown. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiextender_discovery_lockdown no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - fortiextender_provision_on_authorization - Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiextender_provision_on_authorization no no no no no no no no no no no no no no no no no no no no no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - fortiextender_vlan_mode - Enable/disable FortiExtender VLAN mode. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiextender_vlan_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fortiipam_integration - Enable/disable integration with the FortiIPAM cloud service. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1fortiipam_integration no no no no no no no no no yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes - fortiservice_port - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortiservice_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fortitoken_cloud - Enable/disable FortiToken Cloud service. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fortitoken_cloud no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_allow_default_hostname - Enable/disable the factory default hostname warning on the GUI setup wizard. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_allow_default_hostname no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_allow_incompatible_fabric_fgt - Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_allow_incompatible_fabric_fgt no no no no no no no no no no no no no no no no no no no yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes n/a yes yes yes yes - gui_app_detection_sdwan - Enable/disable Allow app-detection based SD-WAN. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_app_detection_sdwan no no no no no no no no no no no no no no no no no no no no no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - gui_cdn_domain_override - Domain of CDN server. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_cdn_domain_override no no no no no no no no no no no no no no no no no no no yes no yes yes yes yes - gui_cdn_usage - Enable/disable Load GUI static files from a CDN. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_cdn_usage no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - gui_certificates - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_certificates yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_custom_language - Enable/disable custom languages in GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_custom_language yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_date_format - Default date format used throughout GUI. type: str choices: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_date_format yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [yyyy/MM/dd] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dd/MM/yyyy] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [MM/dd/yyyy] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [yyyy-MM-dd] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dd-MM-yyyy] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [MM-dd-yyyy] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_date_time_source - Source from which the FortiGate GUI uses to display date and time entries. type: str choices: system, browser
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_date_time_source no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [system] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [browser] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_device_latitude - Add the latitude of the location of this FortiGate to position it on the Threat Map. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_device_latitude yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_device_longitude - Add the longitude of the location of this FortiGate to position it on the Threat Map. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_device_longitude yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_display_hostname - Enable/disable displaying the FortiGate"s hostname on the GUI login page. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_display_hostname yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_firmware_upgrade_warning - Enable/disable the firmware upgrade warning on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_firmware_upgrade_warning no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_forticare_registration_setup_warning - Enable/disable the FortiCare registration setup warning on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_forticare_registration_setup_warning no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_fortigate_cloud_sandbox - Enable/disable displaying FortiGate Cloud Sandbox on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_fortigate_cloud_sandbox no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_fortiguard_resource_fetch - Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12gui_fortiguard_resource_fetch no no no no no no no no no no no no no no no no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - gui_fortisandbox_cloud - Enable/disable displaying FortiSandbox Cloud on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4gui_fortisandbox_cloud no no no yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes - gui_ipv6 - Enable/disable IPv6 settings on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_ipv6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_lines_per_page - Number of lines to display per page for web administration. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1gui_lines_per_page yes yes yes yes yes yes yes no yes - gui_local_out - Enable/disable Local-out traffic on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_local_out no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_replacement_message_groups no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_rest_api_cache - Enable/disable REST API result caching on FortiGate. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_rest_api_cache no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_theme - Color scheme for the administration GUI. type: str choices: jade, neutrino, mariner, graphite, melongene, jet-stream, security-fabric, retro, dark-matter, onyx, eclipse, green, blue, red
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_theme yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [jade] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [neutrino] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [mariner] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [graphite] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [melongene] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [jet-stream] no no no no no no no no no no no no no no no no no no no no no no no no yes [security-fabric] no no no no no no no no no no no no no no no no no no no no no no no no yes [retro] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dark-matter] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [onyx] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [eclipse] no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [green] yes yes yes yes yes yes yes yes yes yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a [blue] yes yes yes yes yes yes yes yes yes yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a [red] yes yes yes n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a - gui_wireless_opensecurity - Enable/disable wireless open security option on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_wireless_opensecurity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - gui_workflow_management - Enable/disable Workflow management features on the GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0gui_workflow_management no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes - ha_affinity - Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ha_affinity no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - honor_df - Enable/disable honoring of Don"t-Fragment (DF) flag. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0honor_df yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - hostname - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0hostname yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - igmp_state_limit - Maximum number of IGMP memberships (96 - 64000). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0igmp_state_limit yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - interface_subnet_usage - Enable/disable allowing use of interface-subnet setting in firewall addresses . type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0interface_subnet_usage no no no no no no no no no no no no no no no no no no no no no no no yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - internet_service_database - Configure which Internet Service database size to download from FortiGuard and use. type: str choices: mini, standard, full, on-demand
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0internet_service_database no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [mini] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [standard] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [full] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [on-demand] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a no no no no no no no no no yes yes - internet_service_download_list - Configure which on-demand Internet Service IDs are to be downloaded. type: list member_path: internet_service_download_list:id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0internet_service_download_list no no no no no no no no no no no no no no no no no no no no no no no no yes - id - Internet Service ID. see Notes. Source firewall.internet-service.id. type: int required: true
more...
v7.4.0id yes - interval - Dead gateway detection interval. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_fragment_mem_thresholds - Maximum memory (MB) used to reassemble IPv4/IPv6 fragments. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip_fragment_mem_thresholds no no no no no no no no no no no no no no no no no no yes yes no no no yes yes - ip_src_port_range - IP source port range used for traffic originating from the FortiGate unit. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip_src_port_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ips_affinity - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ips_affinity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipsec_asic_offload - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipsec_asic_offload yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipsec_ha_seqjump_rate - ESP jump ahead rate (1G - 10G pps equivalent). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipsec_ha_seqjump_rate no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipsec_hmac_offload - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipsec_hmac_offload yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipsec_round_robin - Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipsec_round_robin no no no no no no no no no no no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes n/a yes - ipsec_soft_dec_async - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipsec_soft_dec_async yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_accept_dad - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_accept_dad yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_allow_anycast_probe - Enable/disable IPv6 address probe through Anycast. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_allow_anycast_probe yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_allow_local_in_slient_drop - Enable/disable silent drop of IPv6 local-in traffic. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_allow_local_in_slient_drop no no no no no no no no no no no no no no no no yes yes yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes - ipv6_allow_multicast_probe - Enable/disable IPv6 address probe through Multicast. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_allow_multicast_probe no no no no no no no no no no no no no no no no yes yes yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes - ipv6_allow_traffic_redirect - Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_allow_traffic_redirect no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - irq_time_accounting - Configure CPU IRQ time accounting mode. type: str choices: auto, force
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0irq_time_accounting no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [force] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - language - GUI display language. type: str choices: english, french, spanish, portuguese, japanese, trach, simch, korean
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0language yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [english] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [french] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [spanish] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [portuguese] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [japanese] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [trach] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [simch] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [korean] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ldapconntimeout - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ldapconntimeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0lldp_reception no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0lldp_transmission yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - log_single_cpu_high - Enable/disable logging the event of a single CPU core reaching CPU usage threshold. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0log_single_cpu_high no no no no no no no no no no no no no no no no no no no no no no no yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - log_ssl_connection - Enable/disable logging of SSL connection events. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0log_ssl_connection yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - log_uuid - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. type: str choices: disable, policy-only, extended
more...
v6.0.0v6.0.5v6.0.11log_uuid yes yes yes [disable] yes yes yes [policy-only] yes yes yes [extended] yes yes yes - log_uuid_address - Enable/disable insertion of address UUIDs to traffic logs. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0log_uuid_address no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - log_uuid_policy - Enable/disable insertion of policy UUIDs to traffic logs. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1log_uuid_policy no no no yes yes yes yes no yes [enable] n/a n/a n/a yes yes yes yes n/a yes [disable] n/a n/a n/a yes yes yes yes n/a yes - login_timestamp - Enable/disable login time recording. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0login_timestamp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - long_vdom_name - Enable/disable long VDOM name support. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0long_vdom_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0management_ip no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - management_port - Overriding port for management connection (Overrides admin port). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0management_port no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - management_port_use_admin_sport - Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0management_port_use_admin_sport no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - management_vdom - Management virtual domain name. Source system.vdom.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0management_vdom yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - max_dlpstat_memory - Maximum DLP stat memory (0 - 4294967295). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7max_dlpstat_memory yes yes yes yes yes yes yes - max_route_cache_size - Maximum number of IP route cache entries (0 - 2147483647). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0max_route_cache_size yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mc_ttl_notchange - Enable/disable no modification of multicast TTL. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11mc_ttl_notchange yes yes yes [enable] yes yes yes [disable] yes yes yes - memory_use_threshold_extreme - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0memory_use_threshold_extreme yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - memory_use_threshold_green - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0memory_use_threshold_green yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - memory_use_threshold_red - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0memory_use_threshold_red yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - miglog_affinity - Affinity setting for logging (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0miglog_affinity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - miglogd_children - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0miglogd_children yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - multi_factor_authentication - Enforce all login methods to require an additional authentication factor . type: str choices: optional, mandatory
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0multi_factor_authentication yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [optional] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [mandatory] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11multicast_forward yes yes yes [enable] yes yes yes [disable] yes yes yes - ndp_max_entry - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ndp_max_entry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - per_user_bal - Enable/disable per-user block/allow list filter. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0per_user_bal no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - per_user_bwl - Enable/disable per-user black/white list filter. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4per_user_bwl yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes - pmtu_discovery - Enable/disable path MTU discovery. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0pmtu_discovery no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - policy_auth_concurrent - Number of concurrent firewall use logins from the same user (1 - 100). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0policy_auth_concurrent yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - post_login_banner - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0post_login_banner yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - pre_login_banner - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0pre_login_banner yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - private_data_encryption - Enable/disable private data encryption using an AES 128-bit key or passpharse. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0private_data_encryption yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_auth_lifetime - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_auth_lifetime yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_auth_lifetime_timeout - Lifetime timeout in minutes for authenticated users (5 - 65535 min). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_auth_lifetime_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_auth_timeout - Authentication timeout in minutes for authenticated users (1 - 300 min). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_auth_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_cert_use_mgmt_vdom - Enable/disable using management VDOM to send requests. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_cert_use_mgmt_vdom no no no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes - proxy_cipher_hardware_acceleration - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7proxy_cipher_hardware_acceleration yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes - proxy_hardware_acceleration - Enable/disable email proxy hardware acceleration. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_hardware_acceleration no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_keep_alive_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. type: str choices: session, traffic, re-authentication
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_keep_alive_mode no no no no no no no no no no no no no no no no no no no no no no no yes yes [session] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [traffic] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [re-authentication] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - proxy_kxp_hardware_acceleration - Enable/disable using the content processor to accelerate KXP traffic. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7proxy_kxp_hardware_acceleration yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes - proxy_re_authentication_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str choices: session, traffic, absolute
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2proxy_re_authentication_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [session] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [traffic] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [absolute] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_re_authentication_time - The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_re_authentication_time no no no no no no no no no no no no no no no no no no no no no no no yes yes - proxy_resource_mode - Enable/disable use of the maximum memory usage on the FortiGate unit"s proxy processing of resources, such as block lists, allow lists, and external resources. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_resource_mode no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proxy_worker_count - Proxy worker count. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proxy_worker_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - radius_port - RADIUS service port number. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0radius_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - reboot_upon_config_restore - Enable/disable reboot of system upon restoring configuration. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0reboot_upon_config_restore yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - refresh - Statistics refresh interval second(s) in GUI. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0refresh yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remoteauthtimeout - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (1-300 sec). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0remoteauthtimeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - reset_sessionless_tcp - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0reset_sessionless_tcp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - restart_time - Daily restart time (hh:mm). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0restart_time yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revision_backup_on_logout - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revision_backup_on_logout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - revision_image_auto_backup - Enable/disable back-up of the latest image revision after the firmware is upgraded. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0revision_image_auto_backup yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - scanunit_count - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0scanunit_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - security_rating_result_submission - Enable/disable the submission of Security Rating results to FortiGuard. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0security_rating_result_submission yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - security_rating_run_on_schedule - Enable/disable scheduled runs of Security Rating. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0security_rating_run_on_schedule yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - send_pmtu_icmp - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0send_pmtu_icmp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sflowd_max_children_num - Maximum number of sflowd child processes allowed to run. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sflowd_max_children_num no no no no no no no no no no no no no no no no no no no no no no no yes yes - snat_route_change - Enable/disable the ability to change the source NAT route. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0snat_route_change yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - special_file_23_support - Enable/disable detection of those special format files when using Data Leak Prevention. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0special_file_23_support yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - speedtest_server - Enable/disable speed test server. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0speedtest_server no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes - split_port - Split port(s) to multiple 10Gbps ports. type: list
- ssd_trim_date - Date within a month to run ssd trim. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssd_trim_date yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssd_trim_freq - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. type: str choices: never, hourly, daily, weekly, monthly
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssd_trim_freq yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [never] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [hourly] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [daily] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [weekly] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [monthly] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssd_trim_hour - Hour of the day on which to run SSD Trim (0 - 23). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssd_trim_hour yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssd_trim_min - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssd_trim_min yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssd_trim_weekday - Day of week to run SSD Trim. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssd_trim_weekday yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sunday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [monday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tuesday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [wednesday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [thursday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [friday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [saturday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_cbc_cipher - Enable/disable CBC cipher for SSH access. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1ssh_cbc_cipher yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes - ssh_enc_algo - Select one or more SSH ciphers. type: list choices: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh_enc_algo no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20-poly1305@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-ctr] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-ctr] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-ctr] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [arcfour256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [arcfour128] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-cbc] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-cbc] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [blowfish-cbc] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [cast128-cbc] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-cbc] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-cbc] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [arcfour] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [rijndael-cbc@lysator.liu.se] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-gcm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-gcm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_hmac_md5 - Enable/disable HMAC-MD5 for SSH access. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1ssh_hmac_md5 yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes - ssh_hostkey_algo - Select one or more SSH hostkey algorithms. type: list choices: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh_hostkey_algo no no no no no no no no no no no no no no no no no no no no no no no no yes [ssh-rsa] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [ecdsa-sha2-nistp521] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [rsa-sha2-256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [rsa-sha2-512] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [ssh-ed25519] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - ssh_kex_algo - Select one or more SSH kex algorithms. type: list choices: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh_kex_algo no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [diffie-hellman-group1-sha1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [diffie-hellman-group14-sha1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [diffie-hellman-group-exchange-sha1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [diffie-hellman-group-exchange-sha256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [curve25519-sha256@libssh.org] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [ecdh-sha2-nistp256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [ecdh-sha2-nistp384] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [ecdh-sha2-nistp521] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_kex_sha1 - Enable/disable SHA1 key exchange for SSH access. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1ssh_kex_sha1 yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes - ssh_mac_algo - Select one or more SSH MAC algorithms. type: list choices: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssh_mac_algo no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-md5] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-md5-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-md5-96] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-md5-96-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-sha1] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-sha1-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-sha2-256] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-sha2-256-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-sha2-512] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-sha2-512-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-ripemd160] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-ripemd160@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [hmac-ripemd160-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [umac-64@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [umac-128@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [umac-64-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [umac-128-etm@openssh.com] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - ssh_mac_weak - Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1ssh_mac_weak no no no yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes - ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: SSLv3, TLSv1, TLSv1-1, TLSv1-2, TLSv1-3
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_min_proto_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [SSLv3] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLSv1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLSv1-1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLSv1-2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [TLSv1-3] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ssl_static_key_ciphers - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ssl_static_key_ciphers yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sslvpn_cipher_hardware_acceleration - sslvpn-cipher-hardware-acceleration type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2sslvpn_cipher_hardware_acceleration yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sslvpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN connection. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4sslvpn_ems_sn_check no no no no no no no yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a yes n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a yes n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sslvpn_kxp_hardware_acceleration - sslvpn-kxp-hardware-acceleration type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2sslvpn_kxp_hardware_acceleration yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sslvpn_max_worker_count - Maximum number of SSL-VPN processes. Upper limit for this value is the number of CPUs and depends on the model. Default value of zero means the SSLVPN daemon decides the number of worker processes. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sslvpn_max_worker_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sslvpn_plugin_version_check - sslvpn-plugin-version-check type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2sslvpn_plugin_version_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - strict_dirty_session_check - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0strict_dirty_session_check yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - strong_crypto - Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0strong_crypto yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - switch_controller - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0switch_controller yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - switch_controller_reserved_network - Configure reserved network subnet for managed switches. This is available when the switch controller is enabled. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0switch_controller_reserved_network yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - sys_perf_log_interval - Time in minutes between updates of performance statistics logging. (1 - 15 min). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0sys_perf_log_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - syslog_affinity - Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0syslog_affinity no no no no no no no no no no no no no no no no no no no no no no no yes yes - tcp_halfclose_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0tcp_halfclose_timer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tcp_halfopen_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0tcp_halfopen_timer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tcp_option - Enable SACK, timestamp and MSS TCP options. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0tcp_option yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tcp_rst_timer - Length of the TCP CLOSE state in seconds (5 - 300 sec). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0tcp_rst_timer no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tcp_timewait_timer - Length of the TCP TIME-WAIT state in seconds (1 - 300 sec). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0tcp_timewait_timer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tftp - Enable/disable TFTP. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0tftp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - timezone - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. type: str choices: 01, 02, 03, 04, 05, 81, 06, 07, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 39, 41, 42, 43, 44, 45, 46, 47, 51, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 00, 82, 73, 86, 76
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0timezone yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [01] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [02] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [03] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [04] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [05] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [81] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [06] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [07] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [08] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [09] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [10] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [11] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [12] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [13] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [74] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [14] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [77] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [15] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [87] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [16] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [17] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [18] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [19] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [20] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [75] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [21] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [22] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [23] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [24] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [80] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [79] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [25] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [26] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [27] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [28] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [78] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [29] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [30] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [31] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [32] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [33] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [34] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [35] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [36] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [37] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [38] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [83] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [84] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [40] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [85] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [39] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [41] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [42] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [43] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [44] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [45] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [46] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [47] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [51] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [48] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [49] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [50] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [52] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [53] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [54] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [55] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [56] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [57] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [58] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [59] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [60] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [61] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [62] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [63] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [64] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [65] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [66] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [67] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [68] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [69] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [70] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [71] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [72] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [00] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [82] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [73] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [86] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [76] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tp_mc_skip_policy - Enable/disable skip policy check and allow multicast through. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11tp_mc_skip_policy yes yes yes [enable] yes yes yes [disable] yes yes yes - traffic_priority - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. type: str choices: tos, dscp
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0traffic_priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tos] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dscp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - traffic_priority_level - Default system-wide level of priority for traffic prioritization. type: str choices: low, medium, high
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0traffic_priority_level yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [low] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [medium] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [high] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - two_factor_email_expiry - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0two_factor_email_expiry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - two_factor_fac_expiry - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0two_factor_fac_expiry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - two_factor_ftk_expiry - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0two_factor_ftk_expiry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - two_factor_ftm_expiry - FortiToken Mobile session timeout (1 - 168 hours (7 days)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0two_factor_ftm_expiry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - two_factor_sms_expiry - SMS-based two-factor authentication session timeout (30 - 300 sec). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0two_factor_sms_expiry yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - udp_idle_timer - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0udp_idle_timer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - url_filter_affinity - URL filter CPU affinity. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0url_filter_affinity no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - url_filter_count - URL filter daemon count. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0url_filter_count no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - user_device_store_max_devices - Maximum number of devices allowed in user device store. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0user_device_store_max_devices no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - user_device_store_max_unified_mem - Maximum unified memory allowed in user device store. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0user_device_store_max_unified_mem no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes - user_device_store_max_users - Maximum number of users allowed in user device store. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0user_device_store_max_users no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - user_server_cert - Certificate to use for https user authentication. Source certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0user_server_cert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - vdom_admin - vdom-admin type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3vdom_admin yes yes yes no yes [enable] yes yes yes n/a n/a [disable] yes yes yes n/a n/a - vdom_mode - Enable/disable support for multiple virtual domains (VDOMs). type: str choices: no-vdom, multi-vdom, split-vdom
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0vdom_mode no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [no-vdom] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [multi-vdom] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [split-vdom] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes n/a n/a n/a n/a n/a - vip_arp_range - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. type: str choices: unlimited, restricted
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0vip_arp_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [unlimited] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [restricted] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - virtual_server_count - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3virtual_server_count yes yes yes no yes - virtual_server_hardware_acceleration - Enable/disable virtual server hardware acceleration. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3virtual_server_hardware_acceleration yes yes yes no yes [disable] yes yes yes n/a yes [enable] yes yes yes n/a yes - vpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0vpn_ems_sn_check no no no no no no no no no no no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - wad_affinity - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_affinity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wad_csvc_cs_count - Number of concurrent WAD-cache-service object-cache processes. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_csvc_cs_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wad_csvc_db_count - Number of concurrent WAD-cache-service byte-cache processes. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_csvc_db_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wad_memory_change_granularity - Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_memory_change_granularity no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wad_restart_end_time - WAD workers daily restart end time (hh:mm). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_restart_end_time no no no no no no no no no no no no no no no no no no no no no no no yes yes - wad_restart_mode - WAD worker restart mode . type: str choices: none, time, memory
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_restart_mode no no no no no no no no no no no no no no no no no no no no no no no yes yes [none] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [time] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes [memory] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes - wad_restart_start_time - WAD workers daily restart time (hh:mm). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_restart_start_time no no no no no no no no no no no no no no no no no no no no no no no yes yes - wad_source_affinity - Enable/disable dispatching traffic to WAD workers based on source affinity. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_source_affinity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wad_worker_count - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wad_worker_count yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wifi_ca_certificate - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wifi_ca_certificate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wifi_certificate - Certificate to use for WiFi authentication. Source certificate.local.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wifi_certificate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wimax_4g_usb - Enable/disable comparability with WiMAX 4G USB devices. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wimax_4g_usb yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wireless_controller - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wireless_controller yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wireless_controller_port - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wireless_controller_port yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortios_system_global:
vdom: "{{ vdom }}"
system_global:
admin_concurrent: "enable"
admin_console_timeout: "0"
admin_forticloud_sso_default_profile: "<your_own_value> (source system.accprofile.name)"
admin_forticloud_sso_login: "enable"
admin_host: "myhostname"
admin_hsts_max_age: "15552000"
admin_https_pki_required: "enable"
admin_https_redirect: "enable"
admin_https_ssl_banned_ciphers: "RSA"
admin_https_ssl_ciphersuites: "TLS-AES-128-GCM-SHA256"
admin_https_ssl_versions: "tlsv1-1"
admin_lockout_duration: "60"
admin_lockout_threshold: "3"
admin_login_max: "100"
admin_maintainer: "enable"
admin_port: "80"
admin_restrict_local: "enable"
admin_scp: "enable"
admin_server_cert: "<your_own_value> (source certificate.local.name)"
admin_sport: "443"
admin_ssh_grace_time: "120"
admin_ssh_password: "enable"
admin_ssh_port: "22"
admin_ssh_v1: "enable"
admin_telnet: "enable"
admin_telnet_port: "23"
admintimeout: "5"
alias: "<your_own_value>"
allow_traffic_redirect: "enable"
anti_replay: "disable"
arp_max_entry: "131072"
asymroute: "enable"
auth_cert: "<your_own_value> (source certificate.local.name)"
auth_http_port: "1000"
auth_https_port: "1003"
auth_ike_saml_port: "1001"
auth_keepalive: "enable"
auth_session_limit: "block-new"
auto_auth_extension_device: "enable"
autorun_log_fsck: "enable"
av_affinity: "<your_own_value>"
av_failopen: "pass"
av_failopen_session: "enable"
batch_cmdb: "enable"
block_session_timer: "30"
br_fdb_max_entry: "8192"
cert_chain_max: "8"
cfg_revert_timeout: "600"
cfg_save: "automatic"
check_protocol_header: "loose"
check_reset_range: "strict"
cli_audit_log: "enable"
cloud_communication: "enable"
clt_cert_req: "enable"
cmdbsvr_affinity: "<your_own_value>"
compliance_check: "enable"
compliance_check_time: "<your_own_value>"
cpu_use_threshold: "90"
csr_ca_attribute: "enable"
daily_restart: "enable"
default_service_source_port: "<your_own_value>"
device_identification_active_scan_delay: "1800"
device_idle_timeout: "300"
dh_params: "1024"
dnsproxy_worker_count: "1"
dst: "enable"
early_tcp_npu_session: "enable"
edit_vdom_prompt: "enable"
endpoint_control_fds_access: "enable"
endpoint_control_portal_port: "32767"
extender_controller_reserved_network: "<your_own_value>"
failtime: "5"
faz_disk_buffer_size: "0"
fds_statistics: "enable"
fds_statistics_period: "60"
fec_port: "50000"
fgd_alert_subscription: "advisory"
forticarrier_bypass: "enable"
forticonverter_config_upload: "once"
forticonverter_integration: "enable"
fortiextender: "disable"
fortiextender_data_port: "25246"
fortiextender_discovery_lockdown: "disable"
fortiextender_provision_on_authorization: "enable"
fortiextender_vlan_mode: "enable"
fortiipam_integration: "enable"
fortiservice_port: "8013"
fortitoken_cloud: "enable"
gui_allow_default_hostname: "enable"
gui_allow_incompatible_fabric_fgt: "enable"
gui_app_detection_sdwan: "enable"
gui_cdn_domain_override: "<your_own_value>"
gui_cdn_usage: "enable"
gui_certificates: "enable"
gui_custom_language: "enable"
gui_date_format: "yyyy/MM/dd"
gui_date_time_source: "system"
gui_device_latitude: "<your_own_value>"
gui_device_longitude: "<your_own_value>"
gui_display_hostname: "enable"
gui_firmware_upgrade_warning: "enable"
gui_forticare_registration_setup_warning: "enable"
gui_fortigate_cloud_sandbox: "enable"
gui_fortiguard_resource_fetch: "enable"
gui_fortisandbox_cloud: "enable"
gui_ipv6: "enable"
gui_lines_per_page: "500"
gui_local_out: "enable"
gui_replacement_message_groups: "enable"
gui_rest_api_cache: "enable"
gui_theme: "jade"
gui_wireless_opensecurity: "enable"
gui_workflow_management: "enable"
ha_affinity: "<your_own_value>"
honor_df: "enable"
hostname: "myhostname"
igmp_state_limit: "3200"
interface_subnet_usage: "disable"
internet_service_database: "mini"
internet_service_download_list:
-
id: "123 (source firewall.internet-service.id)"
interval: "5"
ip_fragment_mem_thresholds: "32"
ip_src_port_range: "<your_own_value>"
ips_affinity: "<your_own_value>"
ipsec_asic_offload: "enable"
ipsec_ha_seqjump_rate: "10"
ipsec_hmac_offload: "enable"
ipsec_round_robin: "enable"
ipsec_soft_dec_async: "enable"
ipv6_accept_dad: "1"
ipv6_allow_anycast_probe: "enable"
ipv6_allow_local_in_slient_drop: "enable"
ipv6_allow_multicast_probe: "enable"
ipv6_allow_traffic_redirect: "enable"
irq_time_accounting: "auto"
language: "english"
ldapconntimeout: "500"
lldp_reception: "enable"
lldp_transmission: "enable"
log_single_cpu_high: "enable"
log_ssl_connection: "enable"
log_uuid: "disable"
log_uuid_address: "enable"
log_uuid_policy: "enable"
login_timestamp: "enable"
long_vdom_name: "enable"
management_ip: "<your_own_value>"
management_port: "443"
management_port_use_admin_sport: "enable"
management_vdom: "<your_own_value> (source system.vdom.name)"
max_dlpstat_memory: "154"
max_route_cache_size: "0"
mc_ttl_notchange: "enable"
memory_use_threshold_extreme: "95"
memory_use_threshold_green: "82"
memory_use_threshold_red: "88"
miglog_affinity: "<your_own_value>"
miglogd_children: "0"
multi_factor_authentication: "optional"
multicast_forward: "enable"
ndp_max_entry: "0"
per_user_bal: "enable"
per_user_bwl: "enable"
pmtu_discovery: "enable"
policy_auth_concurrent: "0"
post_login_banner: "disable"
pre_login_banner: "enable"
private_data_encryption: "disable"
proxy_auth_lifetime: "enable"
proxy_auth_lifetime_timeout: "480"
proxy_auth_timeout: "10"
proxy_cert_use_mgmt_vdom: "enable"
proxy_cipher_hardware_acceleration: "disable"
proxy_hardware_acceleration: "disable"
proxy_keep_alive_mode: "session"
proxy_kxp_hardware_acceleration: "disable"
proxy_re_authentication_mode: "session"
proxy_re_authentication_time: "30"
proxy_resource_mode: "enable"
proxy_worker_count: "0"
radius_port: "1812"
reboot_upon_config_restore: "enable"
refresh: "0"
remoteauthtimeout: "5"
reset_sessionless_tcp: "enable"
restart_time: "<your_own_value>"
revision_backup_on_logout: "enable"
revision_image_auto_backup: "enable"
scanunit_count: "0"
security_rating_result_submission: "enable"
security_rating_run_on_schedule: "enable"
send_pmtu_icmp: "enable"
sflowd_max_children_num: "6"
snat_route_change: "enable"
special_file_23_support: "disable"
speedtest_server: "enable"
split_port: "<your_own_value>"
ssd_trim_date: "1"
ssd_trim_freq: "never"
ssd_trim_hour: "1"
ssd_trim_min: "60"
ssd_trim_weekday: "sunday"
ssh_cbc_cipher: "enable"
ssh_enc_algo: "chacha20-poly1305@openssh.com"
ssh_hmac_md5: "enable"
ssh_hostkey_algo: "ssh-rsa"
ssh_kex_algo: "diffie-hellman-group1-sha1"
ssh_kex_sha1: "enable"
ssh_mac_algo: "hmac-md5"
ssh_mac_weak: "enable"
ssl_min_proto_version: "SSLv3"
ssl_static_key_ciphers: "enable"
sslvpn_cipher_hardware_acceleration: "enable"
sslvpn_ems_sn_check: "enable"
sslvpn_kxp_hardware_acceleration: "enable"
sslvpn_max_worker_count: "0"
sslvpn_plugin_version_check: "enable"
strict_dirty_session_check: "enable"
strong_crypto: "enable"
switch_controller: "disable"
switch_controller_reserved_network: "<your_own_value>"
sys_perf_log_interval: "5"
syslog_affinity: "<your_own_value>"
tcp_halfclose_timer: "120"
tcp_halfopen_timer: "10"
tcp_option: "enable"
tcp_rst_timer: "5"
tcp_timewait_timer: "1"
tftp: "enable"
timezone: "01"
tp_mc_skip_policy: "enable"
traffic_priority: "tos"
traffic_priority_level: "low"
two_factor_email_expiry: "60"
two_factor_fac_expiry: "60"
two_factor_ftk_expiry: "60"
two_factor_ftm_expiry: "72"
two_factor_sms_expiry: "60"
udp_idle_timer: "180"
url_filter_affinity: "<your_own_value>"
url_filter_count: "1"
user_device_store_max_devices: "20912"
user_device_store_max_unified_mem: "104562073"
user_device_store_max_users: "20912"
user_server_cert: "<your_own_value> (source certificate.local.name)"
vdom_admin: "enable"
vdom_mode: "no-vdom"
vip_arp_range: "unlimited"
virtual_server_count: "20"
virtual_server_hardware_acceleration: "disable"
vpn_ems_sn_check: "enable"
wad_affinity: "<your_own_value>"
wad_csvc_cs_count: "1"
wad_csvc_db_count: "0"
wad_memory_change_granularity: "10"
wad_restart_end_time: "<your_own_value>"
wad_restart_mode: "none"
wad_restart_start_time: "<your_own_value>"
wad_source_affinity: "disable"
wad_worker_count: "0"
wifi_ca_certificate: "<your_own_value> (source certificate.ca.name)"
wifi_certificate: "<your_own_value> (source certificate.local.name)"
wimax_4g_usb: "enable"
wireless_controller: "enable"
wireless_controller_port: "5246"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.