source:	fortios_system_global.py
orphan:

fortios_system_global -- Configure global attributes in Fortinet's FortiOS and FortiGate.

.. versionadded:: 2.0.0

Synopsis
Requirements
Tips
FortiOS Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.14

Tips

Using member operation to add an element to an existing object.

FortiOS Version Compatibility

	Supported Version Ranges
fortios_system_global	`v6.0.0 -> latest`

Parameters

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
system_global - Configure global attributes. type: dict more...

Supported Version Ranges

system_global v6.0.0 -> latest

admin_concurrent - Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. type: str choices: enable, disable more...

Supported Version Ranges

admin_concurrent v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_console_timeout - Console login timeout that overrides the admin timeout value (15 - 300 seconds). type: int more...

Supported Version Ranges

admin_console_timeout v6.0.0 -> latest
admin_forticloud_sso_default_profile - Override access profile. Source system.accprofile.name. type: str more...

Supported Version Ranges

admin_forticloud_sso_default_profile v7.2.4 -> latest
admin_forticloud_sso_login - Enable/disable FortiCloud admin login via SSO. type: str choices: enable, disable more...

Supported Version Ranges

admin_forticloud_sso_login v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_host - Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client"s Host header for any redirection. type: str more...

Supported Version Ranges

admin_host v7.0.6 -> v7.0.12 v7.2.1 -> latest
admin_hsts_max_age - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. type: int more...

Supported Version Ranges

admin_hsts_max_age v6.0.0 -> latest
admin_https_pki_required - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. type: str choices: enable, disable more...

Supported Version Ranges

admin_https_pki_required v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_https_redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str choices: enable, disable more...

Supported Version Ranges

admin_https_redirect v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

admin_https_ssl_banned_ciphers - Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. type: list choices: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM more...

	Supported Version Ranges
admin_https_ssl_banned_ciphers	`v7.0.2 -> latest`
[RSA]	`v6.0.0 -> latest`
[DHE]	`v6.0.0 -> latest`
[ECDHE]	`v6.0.0 -> latest`
[DSS]	`v6.0.0 -> latest`
[ECDSA]	`v6.0.0 -> latest`
[AES]	`v6.0.0 -> latest`
[AESGCM]	`v6.0.0 -> latest`
[CAMELLIA]	`v6.0.0 -> latest`
[3DES]	`v6.0.0 -> latest`
[SHA1]	`v6.0.0 -> latest`
[SHA256]	`v6.0.0 -> latest`
[SHA384]	`v6.0.0 -> latest`
[STATIC]	`v6.0.0 -> latest`
[CHACHA20]	`v6.0.0 -> latest`
[ARIA]	`v6.0.0 -> latest`
[AESCCM]	`v6.0.0 -> latest`

admin_https_ssl_ciphersuites - Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. type: list choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256 more...

	Supported Version Ranges
admin_https_ssl_ciphersuites	`v7.0.2 -> latest`
[TLS-AES-128-GCM-SHA256]	`v6.0.0 -> latest`
[TLS-AES-256-GCM-SHA384]	`v6.0.0 -> latest`
[TLS-CHACHA20-POLY1305-SHA256]	`v6.0.0 -> latest`
[TLS-AES-128-CCM-SHA256]	`v6.0.0 -> latest`
[TLS-AES-128-CCM-8-SHA256]	`v6.0.0 -> latest`

admin_https_ssl_versions - Allowed TLS versions for web administration. type: list choices: tlsv1-1, tlsv1-2, tlsv1-3, tlsv1-0 more...

Supported Version Ranges

admin_https_ssl_versions v6.0.0 -> latest

[tlsv1-1] v6.0.0 -> latest
[tlsv1-2] v6.0.0 -> latest
[tlsv1-3] v6.2.0 -> latest

[tlsv1-0] v6.0.0 -> v6.0.11
admin_lockout_duration - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int more...

Supported Version Ranges

admin_lockout_duration v6.0.0 -> latest
admin_lockout_threshold - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int more...

Supported Version Ranges

admin_lockout_threshold v6.0.0 -> latest
admin_login_max - Maximum number of administrators who can be logged in at the same time (1 - 100). type: int more...

Supported Version Ranges

admin_login_max v6.0.0 -> latest
admin_maintainer - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. type: str choices: enable, disable more...

Supported Version Ranges

admin_maintainer v6.0.0 -> v7.2.2

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_port - Administrative access port for HTTP. (1 - 65535). type: int more...

Supported Version Ranges

admin_port v6.0.0 -> latest
admin_restrict_local - Enable/disable local admin authentication restriction when remote authenticator is up and running . type: str choices: enable, disable more...

Supported Version Ranges

admin_restrict_local v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_scp - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. type: str choices: enable, disable more...

Supported Version Ranges

admin_scp v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_server_cert - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. type: str more...

Supported Version Ranges

admin_server_cert v6.0.0 -> latest
admin_sport - Administrative access port for HTTPS. (1 - 65535). type: int more...

Supported Version Ranges

admin_sport v6.0.0 -> latest
admin_ssh_grace_time - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). type: int more...

Supported Version Ranges

admin_ssh_grace_time v6.0.0 -> latest
admin_ssh_password - Enable/disable password authentication for SSH admin access. type: str choices: enable, disable more...

Supported Version Ranges

admin_ssh_password v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_ssh_port - Administrative access port for SSH. (1 - 65535). type: int more...

Supported Version Ranges

admin_ssh_port v6.0.0 -> latest
admin_ssh_v1 - Enable/disable SSH v1 compatibility. type: str choices: enable, disable more...

Supported Version Ranges

admin_ssh_v1 v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_telnet - Enable/disable TELNET service. type: str choices: enable, disable more...

Supported Version Ranges

admin_telnet v6.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
admin_telnet_port - Administrative access port for TELNET. (1 - 65535). type: int more...

Supported Version Ranges

admin_telnet_port v6.0.0 -> latest
admintimeout - Number of minutes before an idle administrator session times out (1 - 480 minutes (8 hours)). A shorter idle timeout is more secure. type: int more...

Supported Version Ranges

admintimeout v6.0.0 -> latest
alias - Alias for your FortiGate unit. type: str more...

Supported Version Ranges

alias v6.0.0 -> latest
allow_traffic_redirect - Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable more...

Supported Version Ranges

allow_traffic_redirect v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
anti_replay - Level of checking for packet replay and TCP sequence checking. type: str choices: disable, loose, strict more...

Supported Version Ranges

anti_replay v6.0.0 -> latest

[disable] v6.0.0 -> latest
[loose] v6.0.0 -> latest
[strict] v6.0.0 -> latest
arp_max_entry - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). type: int more...

Supported Version Ranges

arp_max_entry v6.0.0 -> latest
asymroute - Enable/disable asymmetric route. type: str choices: enable, disable more...

Supported Version Ranges

asymroute v6.0.0 -> v6.0.11

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
auth_cert - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. type: str more...

Supported Version Ranges

auth_cert v6.0.0 -> latest
auth_http_port - User authentication HTTP port. (1 - 65535). type: int more...

Supported Version Ranges

auth_http_port v6.0.0 -> latest
auth_https_port - User authentication HTTPS port. (1 - 65535). type: int more...

Supported Version Ranges

auth_https_port v6.0.0 -> latest
auth_ike_saml_port - User IKE SAML authentication port (0 - 65535). type: int more...

Supported Version Ranges

auth_ike_saml_port v7.2.0 -> latest
auth_keepalive - Enable to prevent user authentication sessions from timing out when idle. type: str choices: enable, disable more...

Supported Version Ranges

auth_keepalive v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
auth_session_limit - Action to take when the number of allowed user authenticated sessions is reached. type: str choices: block-new, logout-inactive more...

Supported Version Ranges

auth_session_limit v6.0.0 -> latest

[block-new] v6.0.0 -> latest
[logout-inactive] v6.0.0 -> latest
auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension devices. type: str choices: enable, disable more...

Supported Version Ranges

auto_auth_extension_device v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
autorun_log_fsck - Enable/disable automatic log partition check after ungraceful shutdown. type: str choices: enable, disable more...

Supported Version Ranges

autorun_log_fsck v6.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
av_affinity - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...

Supported Version Ranges

av_affinity v6.0.0 -> latest
av_failopen - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. type: str choices: pass, off, one-shot more...

Supported Version Ranges

av_failopen v6.0.0 -> latest

[pass] v6.0.0 -> latest
[off] v6.0.0 -> latest
[one-shot] v6.0.0 -> latest
av_failopen_session - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str choices: enable, disable more...

Supported Version Ranges

av_failopen_session v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
batch_cmdb - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. type: str choices: enable, disable more...

Supported Version Ranges

batch_cmdb v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
block_session_timer - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). type: int more...

Supported Version Ranges

block_session_timer v6.0.0 -> latest
br_fdb_max_entry - Maximum number of bridge forwarding database (FDB) entries. type: int more...

Supported Version Ranges

br_fdb_max_entry v6.0.0 -> latest
cert_chain_max - Maximum number of certificates that can be traversed in a certificate chain. type: int more...

Supported Version Ranges

cert_chain_max v6.0.0 -> latest
cfg_revert_timeout - Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds). type: int more...

Supported Version Ranges

cfg_revert_timeout v6.0.0 -> latest
cfg_save - Configuration file save mode for CLI changes. type: str choices: automatic, manual, revert more...

Supported Version Ranges

cfg_save v6.0.0 -> latest

[automatic] v6.0.0 -> latest
[manual] v6.0.0 -> latest
[revert] v6.0.0 -> latest
check_protocol_header - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is OK in most cases. type: str choices: loose, strict more...

Supported Version Ranges

check_protocol_header v6.0.0 -> latest

[loose] v6.0.0 -> latest
[strict] v6.0.0 -> latest
check_reset_range - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. type: str choices: strict, disable more...

Supported Version Ranges

check_reset_range v6.0.0 -> latest

[strict] v6.0.0 -> latest
[disable] v6.0.0 -> latest
cli_audit_log - Enable/disable CLI audit log. type: str choices: enable, disable more...

Supported Version Ranges

cli_audit_log v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
cloud_communication - Enable/disable all cloud communication. type: str choices: enable, disable more...

Supported Version Ranges

cloud_communication v6.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
clt_cert_req - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. type: str choices: enable, disable more...

Supported Version Ranges

clt_cert_req v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
cmdbsvr_affinity - Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...

Supported Version Ranges

cmdbsvr_affinity v7.0.1 -> latest
compliance_check - Enable/disable global PCI DSS compliance check. type: str choices: enable, disable more...

Supported Version Ranges

compliance_check v6.0.0 -> v6.0.11

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
compliance_check_time - Time of day to run scheduled PCI DSS compliance checks. type: str more...

Supported Version Ranges

compliance_check_time v6.0.0 -> v6.0.11
cpu_use_threshold - Threshold at which CPU usage is reported (% of total CPU). type: int more...

Supported Version Ranges

cpu_use_threshold v6.0.0 -> latest
csr_ca_attribute - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. type: str choices: enable, disable more...

Supported Version Ranges

csr_ca_attribute v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
daily_restart - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. type: str choices: enable, disable more...

Supported Version Ranges

daily_restart v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
default_service_source_port - Default service source port range . type: str more...

Supported Version Ranges

default_service_source_port v6.2.0 -> latest
device_identification_active_scan_delay - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). type: int more...

Supported Version Ranges

device_identification_active_scan_delay v6.0.0 -> v6.2.7
device_idle_timeout - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). type: int more...

Supported Version Ranges

device_idle_timeout v6.0.0 -> latest

dh_params - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. type: str choices: 1024, 1536, 2048, 3072, 4096, 6144, 8192 more...

	Supported Version Ranges
dh_params	`v6.0.0 -> latest`
[1024]	`v6.0.0 -> latest`
[1536]	`v6.0.0 -> latest`
[2048]	`v6.0.0 -> latest`
[3072]	`v6.0.0 -> latest`
[4096]	`v6.0.0 -> latest`
[6144]	`v6.0.0 -> latest`
[8192]	`v6.0.0 -> latest`

dnsproxy_worker_count - DNS proxy worker count. For a FortiGate with multiple logical CPUs, you can set the DNS process number from 1 to the number of logical CPUs. type: int more...

Supported Version Ranges

dnsproxy_worker_count v6.0.0 -> latest
dst - Enable/disable daylight saving time. type: str choices: enable, disable more...

Supported Version Ranges

dst v6.0.0 -> v7.2.0

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
early_tcp_npu_session - Enable/disable early TCP NPU session. type: str choices: enable, disable more...

Supported Version Ranges

early_tcp_npu_session v7.0.6 -> v7.0.12 v7.2.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
edit_vdom_prompt - Enable/disable edit new VDOM prompt. type: str choices: enable, disable more...

Supported Version Ranges

edit_vdom_prompt v6.4.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
endpoint_control_fds_access - Enable/disable access to the FortiGuard network for non-compliant endpoints. type: str choices: enable, disable more...

Supported Version Ranges

endpoint_control_fds_access v6.0.0 -> v6.0.11

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
endpoint_control_portal_port - Endpoint control portal port (1 - 65535). type: int more...

Supported Version Ranges

endpoint_control_portal_port v6.0.0 -> v6.0.11
extender_controller_reserved_network - Configure reserved network subnet for managed LAN extension FortiExtender units. This is available when the FortiExtender daemon is running. type: str more...

Supported Version Ranges

extender_controller_reserved_network v7.0.2 -> latest
failtime - Fail-time for server lost. type: int more...

Supported Version Ranges

failtime v6.0.0 -> latest
faz_disk_buffer_size - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailable. type: int more...

Supported Version Ranges

faz_disk_buffer_size v6.4.0 -> latest
fds_statistics - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet"s privacy policy. type: str choices: enable, disable more...

Supported Version Ranges

fds_statistics v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fds_statistics_period - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). type: int more...

Supported Version Ranges

fds_statistics_period v6.0.0 -> latest
fec_port - Local UDP port for Forward Error Correction (49152 - 65535). type: int more...

Supported Version Ranges

fec_port v6.2.0 -> v7.0.1

fgd_alert_subscription - Type of alert to retrieve from FortiGuard. type: list choices: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db more...

	Supported Version Ranges
fgd_alert_subscription	`v6.0.0 -> latest`
[advisory]	`v6.0.0 -> latest`
[latest-threat]	`v6.0.0 -> latest`
[latest-virus]	`v6.0.0 -> latest`
[latest-attack]	`v6.0.0 -> latest`
[new-antivirus-db]	`v6.0.0 -> latest`
[new-attack-db]	`v6.0.0 -> latest`

forticarrier_bypass - Enable/disable forticarrier-bypass. type: str choices: enable, disable more...

Supported Version Ranges

forticarrier_bypass v7.0.4 -> v7.0.5 v7.2.0 -> v7.2.0

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
forticonverter_config_upload - Enable/disable config upload to FortiConverter. type: str choices: once, disable more...

Supported Version Ranges

forticonverter_config_upload v7.4.0 -> latest

[once] v6.0.0 -> latest
[disable] v6.0.0 -> latest
forticonverter_integration - Enable/disable FortiConverter integration service. type: str choices: enable, disable more...

Supported Version Ranges

forticonverter_integration v7.4.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fortiextender - Enable/disable FortiExtender. type: str choices: disable, enable more...

Supported Version Ranges

fortiextender v6.0.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
fortiextender_data_port - FortiExtender data port (1024 - 49150). type: int more...

Supported Version Ranges

fortiextender_data_port v6.0.0 -> latest
fortiextender_discovery_lockdown - Enable/disable FortiExtender CAPWAP lockdown. type: str choices: disable, enable more...

Supported Version Ranges

fortiextender_discovery_lockdown v7.0.2 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
fortiextender_provision_on_authorization - Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. type: str choices: enable, disable more...

Supported Version Ranges

fortiextender_provision_on_authorization v7.2.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fortiextender_vlan_mode - Enable/disable FortiExtender VLAN mode. type: str choices: enable, disable more...

Supported Version Ranges

fortiextender_vlan_mode v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fortiipam_integration - Enable/disable integration with the FortiIPAM cloud service. type: str choices: enable, disable more...

Supported Version Ranges

fortiipam_integration v6.4.4 -> v7.0.1

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fortiservice_port - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int more...

Supported Version Ranges

fortiservice_port v6.0.0 -> latest
fortitoken_cloud - Enable/disable FortiToken Cloud service. type: str choices: enable, disable more...

Supported Version Ranges

fortitoken_cloud v6.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fortitoken_cloud_push_status - Enable/disable FTM push service of FortiToken Cloud. type: str choices: enable, disable more...

Supported Version Ranges

fortitoken_cloud_push_status v7.4.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
fortitoken_cloud_sync_interval - Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days)). type: int more...

Supported Version Ranges

fortitoken_cloud_sync_interval v7.4.1 -> latest
gui_allow_default_hostname - Enable/disable the factory default hostname warning on the GUI setup wizard. type: str choices: enable, disable more...

Supported Version Ranges

gui_allow_default_hostname v6.2.0 -> v7.4.0

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_allow_incompatible_fabric_fgt - Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. type: str choices: enable, disable more...

Supported Version Ranges

gui_allow_incompatible_fabric_fgt v7.0.12 -> v7.0.12 v7.2.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_app_detection_sdwan - Enable/disable Allow app-detection based SD-WAN. type: str choices: enable, disable more...

Supported Version Ranges

gui_app_detection_sdwan v7.2.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_auto_upgrade_setup_warning - Enable/disable the automatic patch upgrade setup prompt on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_auto_upgrade_setup_warning v7.4.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_cdn_domain_override - Domain of CDN server. type: str more...

Supported Version Ranges

gui_cdn_domain_override v7.0.12 -> v7.0.12 v7.2.1 -> latest
gui_cdn_usage - Enable/disable Load GUI static files from a CDN. type: str choices: enable, disable more...

Supported Version Ranges

gui_cdn_usage v7.0.4 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_certificates - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_certificates v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_custom_language - Enable/disable custom languages in GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_custom_language v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

gui_date_format - Default date format used throughout GUI. type: str choices: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy more...

	Supported Version Ranges
gui_date_format	`v6.0.0 -> latest`
[yyyy/MM/dd]	`v6.0.0 -> latest`
[dd/MM/yyyy]	`v6.0.0 -> latest`
[MM/dd/yyyy]	`v6.0.0 -> latest`
[yyyy-MM-dd]	`v6.0.0 -> latest`
[dd-MM-yyyy]	`v6.0.0 -> latest`
[MM-dd-yyyy]	`v6.0.0 -> latest`

gui_date_time_source - Source from which the FortiGate GUI uses to display date and time entries. type: str choices: system, browser more...

Supported Version Ranges

gui_date_time_source v6.2.0 -> latest

[system] v6.0.0 -> latest
[browser] v6.0.0 -> latest
gui_device_latitude - Add the latitude of the location of this FortiGate to position it on the Threat Map. type: str more...

Supported Version Ranges

gui_device_latitude v6.0.0 -> latest
gui_device_longitude - Add the longitude of the location of this FortiGate to position it on the Threat Map. type: str more...

Supported Version Ranges

gui_device_longitude v6.0.0 -> latest
gui_display_hostname - Enable/disable displaying the FortiGate"s hostname on the GUI login page. type: str choices: enable, disable more...

Supported Version Ranges

gui_display_hostname v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_firmware_upgrade_warning - Enable/disable the firmware upgrade warning on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_firmware_upgrade_warning v6.4.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_forticare_registration_setup_warning - Enable/disable the FortiCare registration setup warning on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_forticare_registration_setup_warning v6.4.4 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_fortigate_cloud_sandbox - Enable/disable displaying FortiGate Cloud Sandbox on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_fortigate_cloud_sandbox v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_fortiguard_resource_fetch - Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. type: str choices: enable, disable more...

Supported Version Ranges

gui_fortiguard_resource_fetch v7.0.6 -> v7.0.12

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_fortisandbox_cloud - Enable/disable displaying FortiSandbox Cloud on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_fortisandbox_cloud v6.2.0 -> v6.4.4

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_ipv6 - Enable/disable IPv6 settings on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_ipv6 v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_lines_per_page - Number of lines to display per page for web administration. type: int more...

Supported Version Ranges

gui_lines_per_page v6.0.0 -> v6.2.7 v6.4.1 -> v6.4.1
gui_local_out - Enable/disable Local-out traffic on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_local_out v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_replacement_message_groups v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_rest_api_cache - Enable/disable REST API result caching on FortiGate. type: str choices: enable, disable more...

Supported Version Ranges

gui_rest_api_cache v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

gui_theme - Color scheme for the administration GUI. type: str choices: jade, neutrino, mariner, graphite, melongene, jet-stream, security-fabric, retro, dark-matter, onyx, eclipse, green, blue, red more...

	Supported Version Ranges
gui_theme	`v6.0.0 -> latest`
[jade]	`v7.0.0 -> latest`
[neutrino]	`v6.2.0 -> latest`
[mariner]	`v6.0.0 -> latest`
[graphite]	`v7.0.0 -> latest`
[melongene]	`v6.0.0 -> latest`
[jet-stream]	`v7.4.0 -> latest`
[security-fabric]	`v7.4.0 -> latest`
[retro]	`v7.0.0 -> latest`
[dark-matter]	`v7.0.0 -> latest`
[onyx]	`v7.0.0 -> latest`
[eclipse]	`v7.0.0 -> latest`
[green]	`v6.0.0 -> v6.4.4`
[blue]	`v6.0.0 -> v6.4.4`
[red]	`v6.0.0 -> v6.0.11`

gui_wireless_opensecurity - Enable/disable wireless open security option on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_wireless_opensecurity v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
gui_workflow_management - Enable/disable Workflow management features on the GUI. type: str choices: enable, disable more...

Supported Version Ranges

gui_workflow_management v7.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ha_affinity - Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...

Supported Version Ranges

ha_affinity v7.0.1 -> latest
honor_df - Enable/disable honoring of Don"t-Fragment (DF) flag. type: str choices: enable, disable more...

Supported Version Ranges

honor_df v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
hostname - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. type: str more...

Supported Version Ranges

hostname v6.0.0 -> latest
igmp_state_limit - Maximum number of IGMP memberships (96 - 64000). type: int more...

Supported Version Ranges

igmp_state_limit v6.0.0 -> latest
interface_subnet_usage - Enable/disable allowing use of interface-subnet setting in firewall addresses . type: str choices: disable, enable more...

Supported Version Ranges

interface_subnet_usage v7.2.4 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
internet_service_database - Configure which Internet Service database size to download from FortiGuard and use. type: str choices: mini, standard, full, on-demand more...

Supported Version Ranges

internet_service_database v7.0.4 -> latest

[mini] v6.0.0 -> latest
[standard] v6.0.0 -> latest
[full] v6.0.0 -> latest
[on-demand] v7.2.4 -> latest
internet_service_download_list - Configure which on-demand Internet Service IDs are to be downloaded. type: list member_path: internet_service_download_list:id more...

Supported Version Ranges

internet_service_download_list v7.4.0 -> latest

id - Internet Service ID. see Notes. Source firewall.internet-service.id. type: int required: true more...

Supported Version Ranges

id v7.4.0 -> latest

interval - Dead gateway detection interval. type: int more...

Supported Version Ranges

interval v6.0.0 -> latest
ip_fragment_mem_thresholds - Maximum memory (MB) used to reassemble IPv4/IPv6 fragments. type: int more...

Supported Version Ranges

ip_fragment_mem_thresholds v7.0.8 -> v7.0.12 v7.2.4 -> latest
ip_src_port_range - IP source port range used for traffic originating from the FortiGate unit. type: str more...

Supported Version Ranges

ip_src_port_range v6.0.0 -> latest
ips_affinity - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). type: str more...

Supported Version Ranges

ips_affinity v6.0.0 -> latest
ipsec_asic_offload - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. type: str choices: enable, disable more...

Supported Version Ranges

ipsec_asic_offload v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ipsec_ha_seqjump_rate - ESP jump ahead rate (1G - 10G pps equivalent). type: int more...

Supported Version Ranges

ipsec_ha_seqjump_rate v7.0.0 -> latest
ipsec_hmac_offload - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. type: str choices: enable, disable more...

Supported Version Ranges

ipsec_hmac_offload v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ipsec_round_robin - Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. type: str choices: enable, disable more...

Supported Version Ranges

ipsec_round_robin v7.4.0 -> latest

[enable] v7.0.6 -> v7.0.12 v7.2.1 -> v7.2.2 v7.4.0 -> latest

[disable] v7.0.6 -> v7.0.12 v7.2.1 -> v7.2.2 v7.4.0 -> latest
ipsec_soft_dec_async - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. type: str choices: enable, disable more...

Supported Version Ranges

ipsec_soft_dec_async v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ipv6_accept_dad - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). type: int more...

Supported Version Ranges

ipv6_accept_dad v6.0.0 -> latest
ipv6_allow_anycast_probe - Enable/disable IPv6 address probe through Anycast. type: str choices: enable, disable more...

Supported Version Ranges

ipv6_allow_anycast_probe v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ipv6_allow_local_in_slient_drop - Enable/disable silent drop of IPv6 local-in traffic. type: str choices: enable, disable more...

Supported Version Ranges

ipv6_allow_local_in_slient_drop v7.0.6 -> v7.0.12 v7.2.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ipv6_allow_multicast_probe - Enable/disable IPv6 address probe through Multicast. type: str choices: enable, disable more...

Supported Version Ranges

ipv6_allow_multicast_probe v7.0.6 -> v7.0.12 v7.2.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ipv6_allow_traffic_redirect - Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable more...

Supported Version Ranges

ipv6_allow_traffic_redirect v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
irq_time_accounting - Configure CPU IRQ time accounting mode. type: str choices: auto, force more...

Supported Version Ranges

irq_time_accounting v6.4.0 -> latest

[auto] v6.0.0 -> latest
[force] v6.0.0 -> latest

language - GUI display language. type: str choices: english, french, spanish, portuguese, japanese, trach, simch, korean more...

	Supported Version Ranges
language	`v6.0.0 -> latest`
[english]	`v6.0.0 -> latest`
[french]	`v6.0.0 -> latest`
[spanish]	`v6.0.0 -> latest`
[portuguese]	`v6.0.0 -> latest`
[japanese]	`v6.0.0 -> latest`
[trach]	`v6.0.0 -> latest`
[simch]	`v6.0.0 -> latest`
[korean]	`v6.0.0 -> latest`

ldapconntimeout - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). type: int more...

Supported Version Ranges

ldapconntimeout v6.0.0 -> latest
lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: enable, disable more...

Supported Version Ranges

lldp_reception v6.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable more...

Supported Version Ranges

lldp_transmission v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
log_single_cpu_high - Enable/disable logging the event of a single CPU core reaching CPU usage threshold. type: str choices: enable, disable more...

Supported Version Ranges

log_single_cpu_high v7.2.4 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
log_ssl_connection - Enable/disable logging of SSL connection events. type: str choices: enable, disable more...

Supported Version Ranges

log_ssl_connection v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
log_uuid - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. type: str choices: disable, policy-only, extended more...

Supported Version Ranges

log_uuid v6.0.0 -> v6.0.11

[disable] v6.0.0 -> latest
[policy-only] v6.0.0 -> latest
[extended] v6.0.0 -> latest
log_uuid_address - Enable/disable insertion of address UUIDs to traffic logs. type: str choices: enable, disable more...

Supported Version Ranges

log_uuid_address v6.2.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
log_uuid_policy - Enable/disable insertion of policy UUIDs to traffic logs. type: str choices: enable, disable more...

Supported Version Ranges

log_uuid_policy v6.2.0 -> v6.2.7 v6.4.1 -> v6.4.1

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
login_timestamp - Enable/disable login time recording. type: str choices: enable, disable more...

Supported Version Ranges

login_timestamp v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
long_vdom_name - Enable/disable long VDOM name support. type: str choices: enable, disable more...

Supported Version Ranges

long_vdom_name v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str more...

Supported Version Ranges

management_ip v7.0.0 -> latest
management_port - Overriding port for management connection (Overrides admin port). type: int more...

Supported Version Ranges

management_port v7.0.0 -> latest
management_port_use_admin_sport - Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. type: str choices: enable, disable more...

Supported Version Ranges

management_port_use_admin_sport v7.0.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
management_vdom - Management virtual domain name. Source system.vdom.name. type: str more...

Supported Version Ranges

management_vdom v6.0.0 -> latest
max_dlpstat_memory - Maximum DLP stat memory (0 - 4294967295). type: int more...

Supported Version Ranges

max_dlpstat_memory v6.0.0 -> v6.2.7
max_route_cache_size - Maximum number of IP route cache entries (0 - 2147483647). type: int more...

Supported Version Ranges

max_route_cache_size v6.0.0 -> latest
mc_ttl_notchange - Enable/disable no modification of multicast TTL. type: str choices: enable, disable more...

Supported Version Ranges

mc_ttl_notchange v6.0.0 -> v6.0.11

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
memory_use_threshold_extreme - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). type: int more...

Supported Version Ranges

memory_use_threshold_extreme v6.0.0 -> latest
memory_use_threshold_green - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). type: int more...

Supported Version Ranges

memory_use_threshold_green v6.0.0 -> latest
memory_use_threshold_red - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). type: int more...

Supported Version Ranges

memory_use_threshold_red v6.0.0 -> latest
miglog_affinity - Affinity setting for logging (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...

Supported Version Ranges

miglog_affinity v6.0.0 -> latest
miglogd_children - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. type: int more...

Supported Version Ranges

miglogd_children v6.0.0 -> latest
multi_factor_authentication - Enforce all login methods to require an additional authentication factor . type: str choices: optional, mandatory more...

Supported Version Ranges

multi_factor_authentication v6.0.0 -> latest

[optional] v6.0.0 -> latest
[mandatory] v6.0.0 -> latest
multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable more...

Supported Version Ranges

multicast_forward v6.0.0 -> v6.0.11

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
ndp_max_entry - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int more...

Supported Version Ranges

ndp_max_entry v6.0.0 -> latest
per_user_bal - Enable/disable per-user block/allow list filter. type: str choices: enable, disable more...

Supported Version Ranges

per_user_bal v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
per_user_bwl - Enable/disable per-user black/white list filter. type: str choices: enable, disable more...

Supported Version Ranges

per_user_bwl v6.0.0 -> v6.4.4

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
pmtu_discovery - Enable/disable path MTU discovery. type: str choices: enable, disable more...

Supported Version Ranges

pmtu_discovery v7.0.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
policy_auth_concurrent - Number of concurrent firewall use logins from the same user (1 - 100). type: int more...

Supported Version Ranges

policy_auth_concurrent v6.0.0 -> latest
post_login_banner - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str choices: disable, enable more...

Supported Version Ranges

post_login_banner v6.0.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
pre_login_banner - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str choices: enable, disable more...

Supported Version Ranges

pre_login_banner v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
private_data_encryption - Enable/disable private data encryption using an AES 128-bit key or passpharse. type: str choices: disable, enable more...

Supported Version Ranges

private_data_encryption v6.0.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
proxy_auth_lifetime - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. type: str choices: enable, disable more...

Supported Version Ranges

proxy_auth_lifetime v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
proxy_auth_lifetime_timeout - Lifetime timeout in minutes for authenticated users (5 - 65535 min). type: int more...

Supported Version Ranges

proxy_auth_lifetime_timeout v6.0.0 -> latest
proxy_auth_timeout - Authentication timeout in minutes for authenticated users (1 - 300 min). type: int more...

Supported Version Ranges

proxy_auth_timeout v6.0.0 -> latest
proxy_cert_use_mgmt_vdom - Enable/disable using management VDOM to send requests. type: str choices: enable, disable more...

Supported Version Ranges

proxy_cert_use_mgmt_vdom v7.0.4 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
proxy_cipher_hardware_acceleration - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. type: str choices: disable, enable more...

Supported Version Ranges

proxy_cipher_hardware_acceleration v6.0.0 -> v6.2.7

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
proxy_hardware_acceleration - Enable/disable email proxy hardware acceleration. type: str choices: disable, enable more...

Supported Version Ranges

proxy_hardware_acceleration v6.4.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
proxy_keep_alive_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. type: str choices: session, traffic, re-authentication more...

Supported Version Ranges

proxy_keep_alive_mode v7.2.4 -> latest

[session] v6.0.0 -> latest
[traffic] v6.0.0 -> latest
[re-authentication] v6.0.0 -> latest
proxy_kxp_hardware_acceleration - Enable/disable using the content processor to accelerate KXP traffic. type: str choices: disable, enable more...

Supported Version Ranges

proxy_kxp_hardware_acceleration v6.0.0 -> v6.2.7

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
proxy_re_authentication_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str choices: session, traffic, absolute more...

Supported Version Ranges

proxy_re_authentication_mode v6.0.0 -> v7.2.2

[session] v6.0.0 -> latest
[traffic] v6.0.0 -> latest
[absolute] v6.0.0 -> latest
proxy_re_authentication_time - The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s. type: int more...

Supported Version Ranges

proxy_re_authentication_time v7.2.4 -> latest
proxy_resource_mode - Enable/disable use of the maximum memory usage on the FortiGate unit"s proxy processing of resources, such as block lists, allow lists, and external resources. type: str choices: enable, disable more...

Supported Version Ranges

proxy_resource_mode v7.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
proxy_worker_count - Proxy worker count. type: int more...

Supported Version Ranges

proxy_worker_count v6.0.0 -> latest
quic_ack_thresold - Maximum number of unacknowledged packets before sending ACK (2 - 5). type: int more...

Supported Version Ranges

quic_ack_thresold v7.4.1 -> latest
quic_congestion_control_algo - QUIC congestion control algorithm . type: str choices: cubic, bbr, bbr2, reno more...

Supported Version Ranges

quic_congestion_control_algo v7.4.1 -> latest

[cubic] v6.0.0 -> latest
[bbr] v6.0.0 -> latest
[bbr2] v6.0.0 -> latest
[reno] v6.0.0 -> latest
quic_max_datagram_size - Maximum transmit datagram size (1200 - 1500). type: int more...

Supported Version Ranges

quic_max_datagram_size v7.4.1 -> latest
quic_pmtud - Enable/disable path MTU discovery . type: str choices: enable, disable more...

Supported Version Ranges

quic_pmtud v7.4.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
quic_tls_handshake_timeout - Time-to-live (TTL) for TLS handshake in seconds (1 - 60). type: int more...

Supported Version Ranges

quic_tls_handshake_timeout v7.4.1 -> latest
quic_udp_payload_size_shaping_per_cid - Enable/disable UDP payload size shaping per connection ID . type: str choices: enable, disable more...

Supported Version Ranges

quic_udp_payload_size_shaping_per_cid v7.4.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
radius_port - RADIUS service port number. type: int more...

Supported Version Ranges

radius_port v6.0.0 -> latest
reboot_upon_config_restore - Enable/disable reboot of system upon restoring configuration. type: str choices: enable, disable more...

Supported Version Ranges

reboot_upon_config_restore v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
refresh - Statistics refresh interval second(s) in GUI. type: int more...

Supported Version Ranges

refresh v6.0.0 -> latest
remoteauthtimeout - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (1-300 sec). type: int more...

Supported Version Ranges

remoteauthtimeout v6.0.0 -> latest
reset_sessionless_tcp - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. type: str choices: enable, disable more...

Supported Version Ranges

reset_sessionless_tcp v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
restart_time - Daily restart time (hh:mm). type: str more...

Supported Version Ranges

restart_time v6.0.0 -> latest
revision_backup_on_logout - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. type: str choices: enable, disable more...

Supported Version Ranges

revision_backup_on_logout v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
revision_image_auto_backup - Enable/disable back-up of the latest image revision after the firmware is upgraded. type: str choices: enable, disable more...

Supported Version Ranges

revision_image_auto_backup v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
scanunit_count - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. type: int more...

Supported Version Ranges

scanunit_count v6.0.0 -> latest
security_rating_result_submission - Enable/disable the submission of Security Rating results to FortiGuard. type: str choices: enable, disable more...

Supported Version Ranges

security_rating_result_submission v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
security_rating_run_on_schedule - Enable/disable scheduled runs of Security Rating. type: str choices: enable, disable more...

Supported Version Ranges

security_rating_run_on_schedule v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
send_pmtu_icmp - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. type: str choices: enable, disable more...

Supported Version Ranges

send_pmtu_icmp v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
sflowd_max_children_num - Maximum number of sflowd child processes allowed to run. type: int more...

Supported Version Ranges

sflowd_max_children_num v7.2.4 -> latest
snat_route_change - Enable/disable the ability to change the source NAT route. type: str choices: enable, disable more...

Supported Version Ranges

snat_route_change v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
special_file_23_support - Enable/disable detection of those special format files when using Data Leak Prevention. type: str choices: disable, enable more...

Supported Version Ranges

special_file_23_support v6.0.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
speedtest_server - Enable/disable speed test server. type: str choices: enable, disable more...

Supported Version Ranges

speedtest_server v7.0.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
split_port - Split port(s) to multiple 10Gbps ports. type: list
ssd_trim_date - Date within a month to run ssd trim. type: int more...

Supported Version Ranges

ssd_trim_date v6.0.0 -> latest
ssd_trim_freq - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. type: str choices: never, hourly, daily, weekly, monthly more...

Supported Version Ranges

ssd_trim_freq v6.0.0 -> latest

[never] v6.0.0 -> latest
[hourly] v6.0.0 -> latest
[daily] v6.0.0 -> latest
[weekly] v6.0.0 -> latest
[monthly] v6.0.0 -> latest
ssd_trim_hour - Hour of the day on which to run SSD Trim (0 - 23). type: int more...

Supported Version Ranges

ssd_trim_hour v6.0.0 -> latest
ssd_trim_min - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). type: int more...

Supported Version Ranges

ssd_trim_min v6.0.0 -> latest

ssd_trim_weekday - Day of week to run SSD Trim. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday more...

	Supported Version Ranges
ssd_trim_weekday	`v6.0.0 -> latest`
[sunday]	`v6.0.0 -> latest`
[monday]	`v6.0.0 -> latest`
[tuesday]	`v6.0.0 -> latest`
[wednesday]	`v6.0.0 -> latest`
[thursday]	`v6.0.0 -> latest`
[friday]	`v6.0.0 -> latest`
[saturday]	`v6.0.0 -> latest`

ssh_cbc_cipher - Enable/disable CBC cipher for SSH access. type: str choices: enable, disable more...

Supported Version Ranges

ssh_cbc_cipher v6.0.0 -> v7.0.1

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

ssh_enc_algo - Select one or more SSH ciphers. type: list choices: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com more...

	Supported Version Ranges
ssh_enc_algo	`v7.0.2 -> latest`
[chacha20-poly1305@openssh.com]	`v6.0.0 -> latest`
[aes128-ctr]	`v6.0.0 -> latest`
[aes192-ctr]	`v6.0.0 -> latest`
[aes256-ctr]	`v6.0.0 -> latest`
[arcfour256]	`v6.0.0 -> latest`
[arcfour128]	`v6.0.0 -> latest`
[aes128-cbc]	`v6.0.0 -> latest`
[3des-cbc]	`v6.0.0 -> latest`
[blowfish-cbc]	`v6.0.0 -> latest`
[cast128-cbc]	`v6.0.0 -> latest`
[aes192-cbc]	`v6.0.0 -> latest`
[aes256-cbc]	`v6.0.0 -> latest`
[arcfour]	`v6.0.0 -> latest`
[rijndael-cbc@lysator.liu.se]	`v6.0.0 -> latest`
[aes128-gcm@openssh.com]	`v6.0.0 -> latest`
[aes256-gcm@openssh.com]	`v6.0.0 -> latest`

ssh_hmac_md5 - Enable/disable HMAC-MD5 for SSH access. type: str choices: enable, disable more...

Supported Version Ranges

ssh_hmac_md5 v6.0.0 -> v7.0.1

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

ssh_hostkey_algo - Select one or more SSH hostkey algorithms. type: list choices: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519 more...

	Supported Version Ranges
ssh_hostkey_algo	`v7.4.0 -> latest`
[ssh-rsa]	`v6.0.0 -> latest`
[ecdsa-sha2-nistp521]	`v6.0.0 -> latest`
[rsa-sha2-256]	`v6.0.0 -> latest`
[rsa-sha2-512]	`v6.0.0 -> latest`
[ssh-ed25519]	`v6.0.0 -> latest`

ssh_kex_algo - Select one or more SSH kex algorithms. type: list choices: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521 more...

	Supported Version Ranges
ssh_kex_algo	`v7.0.2 -> latest`
[diffie-hellman-group1-sha1]	`v6.0.0 -> latest`
[diffie-hellman-group14-sha1]	`v6.0.0 -> latest`
[diffie-hellman-group14-sha256]	`v7.4.1 -> latest`
[diffie-hellman-group16-sha512]	`v7.4.1 -> latest`
[diffie-hellman-group18-sha512]	`v7.4.1 -> latest`
[diffie-hellman-group-exchange-sha1]	`v6.0.0 -> latest`
[diffie-hellman-group-exchange-sha256]	`v6.0.0 -> latest`
[curve25519-sha256@libssh.org]	`v6.0.0 -> latest`
[ecdh-sha2-nistp256]	`v6.0.0 -> latest`
[ecdh-sha2-nistp384]	`v6.0.0 -> latest`
[ecdh-sha2-nistp521]	`v6.0.0 -> latest`

ssh_kex_sha1 - Enable/disable SHA1 key exchange for SSH access. type: str choices: enable, disable more...

Supported Version Ranges

ssh_kex_sha1 v6.0.0 -> v7.0.1

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

ssh_mac_algo - Select one or more SSH MAC algorithms. type: list choices: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com more...

	Supported Version Ranges
ssh_mac_algo	`v7.0.2 -> latest`
[hmac-md5]	`v6.0.0 -> latest`
[hmac-md5-etm@openssh.com]	`v6.0.0 -> latest`
[hmac-md5-96]	`v6.0.0 -> latest`
[hmac-md5-96-etm@openssh.com]	`v6.0.0 -> latest`
[hmac-sha1]	`v6.0.0 -> latest`
[hmac-sha1-etm@openssh.com]	`v6.0.0 -> latest`
[hmac-sha2-256]	`v6.0.0 -> latest`
[hmac-sha2-256-etm@openssh.com]	`v6.0.0 -> latest`
[hmac-sha2-512]	`v6.0.0 -> latest`
[hmac-sha2-512-etm@openssh.com]	`v6.0.0 -> latest`
[hmac-ripemd160]	`v6.0.0 -> latest`
[hmac-ripemd160@openssh.com]	`v6.0.0 -> latest`
[hmac-ripemd160-etm@openssh.com]	`v6.0.0 -> latest`
[umac-64@openssh.com]	`v6.0.0 -> latest`
[umac-128@openssh.com]	`v6.0.0 -> latest`
[umac-64-etm@openssh.com]	`v6.0.0 -> latest`
[umac-128-etm@openssh.com]	`v6.0.0 -> latest`

ssh_mac_weak - Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. type: str choices: enable, disable more...

Supported Version Ranges

ssh_mac_weak v6.2.0 -> v7.0.1

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: SSLv3, TLSv1, TLSv1-1, TLSv1-2, TLSv1-3 more...

	Supported Version Ranges
ssl_min_proto_version	`v6.0.0 -> latest`
[SSLv3]	`v6.0.0 -> latest`
[TLSv1]	`v6.0.0 -> latest`
[TLSv1-1]	`v6.0.0 -> latest`
[TLSv1-2]	`v6.0.0 -> latest`
[TLSv1-3]	`v6.2.0 -> latest`

ssl_static_key_ciphers - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). type: str choices: enable, disable more...

Supported Version Ranges

ssl_static_key_ciphers v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
sslvpn_cipher_hardware_acceleration - sslvpn-cipher-hardware-acceleration type: str choices: enable, disable more...

Supported Version Ranges

sslvpn_cipher_hardware_acceleration v6.0.0 -> v7.2.2

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
sslvpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN connection. type: str choices: enable, disable more...

Supported Version Ranges

sslvpn_ems_sn_check v6.4.0 -> v6.4.0 v6.4.4 -> v7.2.4

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
sslvpn_kxp_hardware_acceleration - sslvpn-kxp-hardware-acceleration type: str choices: enable, disable more...

Supported Version Ranges

sslvpn_kxp_hardware_acceleration v6.0.0 -> v7.2.2

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
sslvpn_max_worker_count - Maximum number of SSL-VPN processes. Upper limit for this value is the number of CPUs and depends on the model. Default value of zero means the SSLVPN daemon decides the number of worker processes. type: int more...

Supported Version Ranges

sslvpn_max_worker_count v6.0.0 -> latest
sslvpn_plugin_version_check - sslvpn-plugin-version-check type: str choices: enable, disable more...

Supported Version Ranges

sslvpn_plugin_version_check v6.0.0 -> v7.2.2

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
sslvpn_web_mode - Enable/disable SSL-VPN web mode. type: str choices: enable, disable more...

Supported Version Ranges

sslvpn_web_mode v7.4.1 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
strict_dirty_session_check - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. type: str choices: enable, disable more...

Supported Version Ranges

strict_dirty_session_check v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
strong_crypto - Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. type: str choices: enable, disable more...

Supported Version Ranges

strong_crypto v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
switch_controller - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. type: str choices: disable, enable more...

Supported Version Ranges

switch_controller v6.0.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
switch_controller_reserved_network - Configure reserved network subnet for managed switches. This is available when the switch controller is enabled. type: str more...

Supported Version Ranges

switch_controller_reserved_network v6.0.0 -> latest
sys_perf_log_interval - Time in minutes between updates of performance statistics logging. (1 - 15 min). type: int more...

Supported Version Ranges

sys_perf_log_interval v6.0.0 -> latest
syslog_affinity - Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...

Supported Version Ranges

syslog_affinity v7.2.4 -> latest
tcp_halfclose_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). type: int more...

Supported Version Ranges

tcp_halfclose_timer v6.0.0 -> latest
tcp_halfopen_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). type: int more...

Supported Version Ranges

tcp_halfopen_timer v6.0.0 -> latest
tcp_option - Enable SACK, timestamp and MSS TCP options. type: str choices: enable, disable more...

Supported Version Ranges

tcp_option v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
tcp_rst_timer - Length of the TCP CLOSE state in seconds (5 - 300 sec). type: int more...

Supported Version Ranges

tcp_rst_timer v7.0.0 -> latest
tcp_timewait_timer - Length of the TCP TIME-WAIT state in seconds (1 - 300 sec). type: int more...

Supported Version Ranges

tcp_timewait_timer v6.0.0 -> latest
tftp - Enable/disable TFTP. type: str choices: enable, disable more...

Supported Version Ranges

tftp v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest

timezone - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. type: str choices: 01, 02, 03, 04, 05, 81, 06, 07, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 39, 41, 42, 43, 44, 45, 46, 47, 51, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 00, 82, 73, 86, 76 more...

	Supported Version Ranges
timezone	`v6.0.0 -> latest`
[01]	`v6.0.0 -> latest`
[02]	`v6.0.0 -> latest`
[03]	`v6.0.0 -> latest`
[04]	`v6.0.0 -> latest`
[05]	`v6.0.0 -> latest`
[81]	`v6.0.0 -> latest`
[06]	`v6.0.0 -> latest`
[07]	`v6.0.0 -> latest`
[08]	`v6.0.0 -> latest`
[09]	`v6.0.0 -> latest`
[10]	`v6.0.0 -> latest`
[11]	`v6.0.0 -> latest`
[12]	`v6.0.0 -> latest`
[13]	`v6.0.0 -> latest`
[74]	`v6.0.0 -> latest`
[14]	`v6.0.0 -> latest`
[77]	`v6.0.0 -> latest`
[15]	`v6.0.0 -> latest`
[87]	`v6.0.0 -> latest`
[16]	`v6.0.0 -> latest`
[17]	`v6.0.0 -> latest`
[18]	`v6.0.0 -> latest`
[19]	`v6.0.0 -> latest`
[20]	`v6.0.0 -> latest`
[75]	`v6.0.0 -> latest`
[21]	`v6.0.0 -> latest`
[22]	`v6.0.0 -> latest`
[23]	`v6.0.0 -> latest`
[24]	`v6.0.0 -> latest`
[80]	`v6.0.0 -> latest`
[79]	`v6.0.0 -> latest`
[25]	`v6.0.0 -> latest`
[26]	`v6.0.0 -> latest`
[27]	`v6.0.0 -> latest`
[28]	`v6.0.0 -> latest`
[78]	`v6.0.0 -> latest`
[29]	`v6.0.0 -> latest`
[30]	`v6.0.0 -> latest`
[31]	`v6.0.0 -> latest`
[32]	`v6.0.0 -> latest`
[33]	`v6.0.0 -> latest`
[34]	`v6.0.0 -> latest`
[35]	`v6.0.0 -> latest`
[36]	`v6.0.0 -> latest`
[37]	`v6.0.0 -> latest`
[38]	`v6.0.0 -> latest`
[83]	`v6.0.0 -> latest`
[84]	`v6.0.0 -> latest`
[40]	`v6.0.0 -> latest`
[85]	`v6.0.0 -> latest`
[39]	`v6.0.0 -> latest`
[41]	`v6.0.0 -> latest`
[42]	`v6.0.0 -> latest`
[43]	`v6.0.0 -> latest`
[44]	`v6.0.0 -> latest`
[45]	`v6.0.0 -> latest`
[46]	`v6.0.0 -> latest`
[47]	`v6.0.0 -> latest`
[51]	`v6.0.0 -> latest`
[48]	`v6.0.0 -> latest`
[49]	`v6.0.0 -> latest`
[50]	`v6.0.0 -> latest`
[52]	`v6.0.0 -> latest`
[53]	`v6.0.0 -> latest`
[54]	`v6.0.0 -> latest`
[55]	`v6.0.0 -> latest`
[56]	`v6.0.0 -> latest`
[57]	`v6.0.0 -> latest`
[58]	`v6.0.0 -> latest`
[59]	`v6.0.0 -> latest`
[60]	`v6.0.0 -> latest`
[61]	`v6.0.0 -> latest`
[62]	`v6.0.0 -> latest`
[63]	`v6.0.0 -> latest`
[64]	`v6.0.0 -> latest`
[65]	`v6.0.0 -> latest`
[66]	`v6.0.0 -> latest`
[67]	`v6.0.0 -> latest`
[68]	`v6.0.0 -> latest`
[69]	`v6.0.0 -> latest`
[70]	`v6.0.0 -> latest`
[71]	`v6.0.0 -> latest`
[72]	`v6.0.0 -> latest`
[00]	`v6.0.0 -> latest`
[82]	`v6.0.0 -> latest`
[73]	`v6.0.0 -> latest`
[86]	`v6.0.0 -> latest`
[76]	`v6.0.0 -> latest`

tp_mc_skip_policy - Enable/disable skip policy check and allow multicast through. type: str choices: enable, disable more...

Supported Version Ranges

tp_mc_skip_policy v6.0.0 -> v6.0.11

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
traffic_priority - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. type: str choices: tos, dscp more...

Supported Version Ranges

traffic_priority v6.0.0 -> latest

[tos] v6.0.0 -> latest
[dscp] v6.0.0 -> latest
traffic_priority_level - Default system-wide level of priority for traffic prioritization. type: str choices: low, medium, high more...

Supported Version Ranges

traffic_priority_level v6.0.0 -> latest

[low] v6.0.0 -> latest
[medium] v6.0.0 -> latest
[high] v6.0.0 -> latest
two_factor_email_expiry - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). type: int more...

Supported Version Ranges

two_factor_email_expiry v6.0.0 -> latest
two_factor_fac_expiry - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). type: int more...

Supported Version Ranges

two_factor_fac_expiry v6.0.0 -> latest
two_factor_ftk_expiry - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). type: int more...

Supported Version Ranges

two_factor_ftk_expiry v6.0.0 -> latest
two_factor_ftm_expiry - FortiToken Mobile session timeout (1 - 168 hours (7 days)). type: int more...

Supported Version Ranges

two_factor_ftm_expiry v6.0.0 -> latest
two_factor_sms_expiry - SMS-based two-factor authentication session timeout (30 - 300 sec). type: int more...

Supported Version Ranges

two_factor_sms_expiry v6.0.0 -> latest
udp_idle_timer - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). type: int more...

Supported Version Ranges

udp_idle_timer v6.0.0 -> latest
url_filter_affinity - URL filter CPU affinity. type: str more...

Supported Version Ranges

url_filter_affinity v6.2.0 -> latest
url_filter_count - URL filter daemon count. type: int more...

Supported Version Ranges

url_filter_count v6.2.0 -> latest
user_device_store_max_devices - Maximum number of devices allowed in user device store. type: int more...

Supported Version Ranges

user_device_store_max_devices v6.4.4 -> latest
user_device_store_max_unified_mem - Maximum unified memory allowed in user device store. type: int more...

Supported Version Ranges

user_device_store_max_unified_mem v7.0.2 -> latest
user_device_store_max_users - Maximum number of users allowed in user device store. type: int more...

Supported Version Ranges

user_device_store_max_users v6.4.4 -> latest
user_server_cert - Certificate to use for https user authentication. Source certificate.local.name. type: str more...

Supported Version Ranges

user_server_cert v6.0.0 -> v7.2.0
vdom_admin - vdom-admin type: str choices: enable, disable more...

Supported Version Ranges

vdom_admin v6.0.0 -> v6.0.11 v6.2.3 -> v6.2.3

[enable] v6.0.0 -> v6.0.11

[disable] v6.0.0 -> v6.0.11
vdom_mode - Enable/disable support for multiple virtual domains (VDOMs). type: str choices: no-vdom, multi-vdom, split-vdom more...

Supported Version Ranges

vdom_mode v6.2.0 -> latest

[no-vdom] v6.0.0 -> latest
[multi-vdom] v6.0.0 -> latest
[split-vdom] v6.2.0 -> v7.0.12
vip_arp_range - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. type: str choices: unlimited, restricted more...

Supported Version Ranges

vip_arp_range v6.0.0 -> latest

[unlimited] v6.0.0 -> latest
[restricted] v6.0.0 -> latest
virtual_server_count - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. type: int more...

Supported Version Ranges

virtual_server_count v6.0.0 -> v6.0.11 v6.2.3 -> v6.2.3
virtual_server_hardware_acceleration - Enable/disable virtual server hardware acceleration. type: str choices: disable, enable more...

Supported Version Ranges

virtual_server_hardware_acceleration v6.0.0 -> v6.0.11 v6.2.3 -> v6.2.3

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
vpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. type: str choices: enable, disable more...

Supported Version Ranges

vpn_ems_sn_check v7.4.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
wad_affinity - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...

Supported Version Ranges

wad_affinity v6.0.0 -> latest
wad_csvc_cs_count - Number of concurrent WAD-cache-service object-cache processes. type: int more...

Supported Version Ranges

wad_csvc_cs_count v6.0.0 -> latest
wad_csvc_db_count - Number of concurrent WAD-cache-service byte-cache processes. type: int more...

Supported Version Ranges

wad_csvc_db_count v6.0.0 -> latest
wad_memory_change_granularity - Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection. type: int more...

Supported Version Ranges

wad_memory_change_granularity v6.2.0 -> latest
wad_restart_end_time - WAD workers daily restart end time (hh:mm). type: str more...

Supported Version Ranges

wad_restart_end_time v7.2.4 -> latest
wad_restart_mode - WAD worker restart mode . type: str choices: none, time, memory more...

Supported Version Ranges

wad_restart_mode v7.2.4 -> latest

[none] v6.0.0 -> latest
[time] v6.0.0 -> latest
[memory] v6.0.0 -> latest
wad_restart_start_time - WAD workers daily restart time (hh:mm). type: str more...

Supported Version Ranges

wad_restart_start_time v7.2.4 -> latest
wad_source_affinity - Enable/disable dispatching traffic to WAD workers based on source affinity. type: str choices: disable, enable more...

Supported Version Ranges

wad_source_affinity v6.0.0 -> latest

[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
wad_worker_count - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. type: int more...

Supported Version Ranges

wad_worker_count v6.0.0 -> latest
wifi_ca_certificate - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. type: str more...

Supported Version Ranges

wifi_ca_certificate v6.0.0 -> latest
wifi_certificate - Certificate to use for WiFi authentication. Source certificate.local.name. type: str more...

Supported Version Ranges

wifi_certificate v6.0.0 -> latest
wimax_4g_usb - Enable/disable comparability with WiMAX 4G USB devices. type: str choices: enable, disable more...

Supported Version Ranges

wimax_4g_usb v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
wireless_controller - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. type: str choices: enable, disable more...

Supported Version Ranges

wireless_controller v6.0.0 -> latest

[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
wireless_controller_port - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). type: int more...

Supported Version Ranges

wireless_controller_port v6.0.0 -> latest

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- name: Configure global attributes.
  fortinet.fortios.fortios_system_global:
      vdom: "{{ vdom }}"
      system_global:
          admin_concurrent: "enable"
          admin_console_timeout: "0"
          admin_forticloud_sso_default_profile: "<your_own_value> (source system.accprofile.name)"
          admin_forticloud_sso_login: "enable"
          admin_host: "myhostname"
          admin_hsts_max_age: "15552000"
          admin_https_pki_required: "enable"
          admin_https_redirect: "enable"
          admin_https_ssl_banned_ciphers: "RSA"
          admin_https_ssl_ciphersuites: "TLS-AES-128-GCM-SHA256"
          admin_https_ssl_versions: "tlsv1-1"
          admin_lockout_duration: "60"
          admin_lockout_threshold: "3"
          admin_login_max: "100"
          admin_maintainer: "enable"
          admin_port: "80"
          admin_restrict_local: "enable"
          admin_scp: "enable"
          admin_server_cert: "<your_own_value> (source certificate.local.name)"
          admin_sport: "443"
          admin_ssh_grace_time: "120"
          admin_ssh_password: "enable"
          admin_ssh_port: "22"
          admin_ssh_v1: "enable"
          admin_telnet: "enable"
          admin_telnet_port: "23"
          admintimeout: "5"
          alias: "<your_own_value>"
          allow_traffic_redirect: "enable"
          anti_replay: "disable"
          arp_max_entry: "131072"
          asymroute: "enable"
          auth_cert: "<your_own_value> (source certificate.local.name)"
          auth_http_port: "1000"
          auth_https_port: "1003"
          auth_ike_saml_port: "1001"
          auth_keepalive: "enable"
          auth_session_limit: "block-new"
          auto_auth_extension_device: "enable"
          autorun_log_fsck: "enable"
          av_affinity: "<your_own_value>"
          av_failopen: "pass"
          av_failopen_session: "enable"
          batch_cmdb: "enable"
          block_session_timer: "30"
          br_fdb_max_entry: "8192"
          cert_chain_max: "8"
          cfg_revert_timeout: "600"
          cfg_save: "automatic"
          check_protocol_header: "loose"
          check_reset_range: "strict"
          cli_audit_log: "enable"
          cloud_communication: "enable"
          clt_cert_req: "enable"
          cmdbsvr_affinity: "<your_own_value>"
          compliance_check: "enable"
          compliance_check_time: "<your_own_value>"
          cpu_use_threshold: "90"
          csr_ca_attribute: "enable"
          daily_restart: "enable"
          default_service_source_port: "<your_own_value>"
          device_identification_active_scan_delay: "1800"
          device_idle_timeout: "300"
          dh_params: "1024"
          dnsproxy_worker_count: "1"
          dst: "enable"
          early_tcp_npu_session: "enable"
          edit_vdom_prompt: "enable"
          endpoint_control_fds_access: "enable"
          endpoint_control_portal_port: "32767"
          extender_controller_reserved_network: "<your_own_value>"
          failtime: "5"
          faz_disk_buffer_size: "0"
          fds_statistics: "enable"
          fds_statistics_period: "60"
          fec_port: "50000"
          fgd_alert_subscription: "advisory"
          forticarrier_bypass: "enable"
          forticonverter_config_upload: "once"
          forticonverter_integration: "enable"
          fortiextender: "disable"
          fortiextender_data_port: "25246"
          fortiextender_discovery_lockdown: "disable"
          fortiextender_provision_on_authorization: "enable"
          fortiextender_vlan_mode: "enable"
          fortiipam_integration: "enable"
          fortiservice_port: "8013"
          fortitoken_cloud: "enable"
          fortitoken_cloud_push_status: "enable"
          fortitoken_cloud_sync_interval: "24"
          gui_allow_default_hostname: "enable"
          gui_allow_incompatible_fabric_fgt: "enable"
          gui_app_detection_sdwan: "enable"
          gui_auto_upgrade_setup_warning: "enable"
          gui_cdn_domain_override: "<your_own_value>"
          gui_cdn_usage: "enable"
          gui_certificates: "enable"
          gui_custom_language: "enable"
          gui_date_format: "yyyy/MM/dd"
          gui_date_time_source: "system"
          gui_device_latitude: "<your_own_value>"
          gui_device_longitude: "<your_own_value>"
          gui_display_hostname: "enable"
          gui_firmware_upgrade_warning: "enable"
          gui_forticare_registration_setup_warning: "enable"
          gui_fortigate_cloud_sandbox: "enable"
          gui_fortiguard_resource_fetch: "enable"
          gui_fortisandbox_cloud: "enable"
          gui_ipv6: "enable"
          gui_lines_per_page: "500"
          gui_local_out: "enable"
          gui_replacement_message_groups: "enable"
          gui_rest_api_cache: "enable"
          gui_theme: "jade"
          gui_wireless_opensecurity: "enable"
          gui_workflow_management: "enable"
          ha_affinity: "<your_own_value>"
          honor_df: "enable"
          hostname: "myhostname"
          igmp_state_limit: "3200"
          interface_subnet_usage: "disable"
          internet_service_database: "mini"
          internet_service_download_list:
              -
                  id: "126 (source firewall.internet-service.id)"
          interval: "5"
          ip_fragment_mem_thresholds: "32"
          ip_src_port_range: "<your_own_value>"
          ips_affinity: "<your_own_value>"
          ipsec_asic_offload: "enable"
          ipsec_ha_seqjump_rate: "10"
          ipsec_hmac_offload: "enable"
          ipsec_round_robin: "enable"
          ipsec_soft_dec_async: "enable"
          ipv6_accept_dad: "1"
          ipv6_allow_anycast_probe: "enable"
          ipv6_allow_local_in_slient_drop: "enable"
          ipv6_allow_multicast_probe: "enable"
          ipv6_allow_traffic_redirect: "enable"
          irq_time_accounting: "auto"
          language: "english"
          ldapconntimeout: "500"
          lldp_reception: "enable"
          lldp_transmission: "enable"
          log_single_cpu_high: "enable"
          log_ssl_connection: "enable"
          log_uuid: "disable"
          log_uuid_address: "enable"
          log_uuid_policy: "enable"
          login_timestamp: "enable"
          long_vdom_name: "enable"
          management_ip: "<your_own_value>"
          management_port: "443"
          management_port_use_admin_sport: "enable"
          management_vdom: "<your_own_value> (source system.vdom.name)"
          max_dlpstat_memory: "157"
          max_route_cache_size: "0"
          mc_ttl_notchange: "enable"
          memory_use_threshold_extreme: "95"
          memory_use_threshold_green: "82"
          memory_use_threshold_red: "88"
          miglog_affinity: "<your_own_value>"
          miglogd_children: "0"
          multi_factor_authentication: "optional"
          multicast_forward: "enable"
          ndp_max_entry: "0"
          per_user_bal: "enable"
          per_user_bwl: "enable"
          pmtu_discovery: "enable"
          policy_auth_concurrent: "0"
          post_login_banner: "disable"
          pre_login_banner: "enable"
          private_data_encryption: "disable"
          proxy_auth_lifetime: "enable"
          proxy_auth_lifetime_timeout: "480"
          proxy_auth_timeout: "10"
          proxy_cert_use_mgmt_vdom: "enable"
          proxy_cipher_hardware_acceleration: "disable"
          proxy_hardware_acceleration: "disable"
          proxy_keep_alive_mode: "session"
          proxy_kxp_hardware_acceleration: "disable"
          proxy_re_authentication_mode: "session"
          proxy_re_authentication_time: "30"
          proxy_resource_mode: "enable"
          proxy_worker_count: "0"
          quic_ack_thresold: "3"
          quic_congestion_control_algo: "cubic"
          quic_max_datagram_size: "1500"
          quic_pmtud: "enable"
          quic_tls_handshake_timeout: "5"
          quic_udp_payload_size_shaping_per_cid: "enable"
          radius_port: "1812"
          reboot_upon_config_restore: "enable"
          refresh: "0"
          remoteauthtimeout: "5"
          reset_sessionless_tcp: "enable"
          restart_time: "<your_own_value>"
          revision_backup_on_logout: "enable"
          revision_image_auto_backup: "enable"
          scanunit_count: "0"
          security_rating_result_submission: "enable"
          security_rating_run_on_schedule: "enable"
          send_pmtu_icmp: "enable"
          sflowd_max_children_num: "6"
          snat_route_change: "enable"
          special_file_23_support: "disable"
          speedtest_server: "enable"
          split_port: "<your_own_value>"
          ssd_trim_date: "1"
          ssd_trim_freq: "never"
          ssd_trim_hour: "1"
          ssd_trim_min: "60"
          ssd_trim_weekday: "sunday"
          ssh_cbc_cipher: "enable"
          ssh_enc_algo: "chacha20-poly1305@openssh.com"
          ssh_hmac_md5: "enable"
          ssh_hostkey_algo: "ssh-rsa"
          ssh_kex_algo: "diffie-hellman-group1-sha1"
          ssh_kex_sha1: "enable"
          ssh_mac_algo: "hmac-md5"
          ssh_mac_weak: "enable"
          ssl_min_proto_version: "SSLv3"
          ssl_static_key_ciphers: "enable"
          sslvpn_cipher_hardware_acceleration: "enable"
          sslvpn_ems_sn_check: "enable"
          sslvpn_kxp_hardware_acceleration: "enable"
          sslvpn_max_worker_count: "0"
          sslvpn_plugin_version_check: "enable"
          sslvpn_web_mode: "enable"
          strict_dirty_session_check: "enable"
          strong_crypto: "enable"
          switch_controller: "disable"
          switch_controller_reserved_network: "<your_own_value>"
          sys_perf_log_interval: "5"
          syslog_affinity: "<your_own_value>"
          tcp_halfclose_timer: "120"
          tcp_halfopen_timer: "10"
          tcp_option: "enable"
          tcp_rst_timer: "5"
          tcp_timewait_timer: "1"
          tftp: "enable"
          timezone: "01"
          tp_mc_skip_policy: "enable"
          traffic_priority: "tos"
          traffic_priority_level: "low"
          two_factor_email_expiry: "60"
          two_factor_fac_expiry: "60"
          two_factor_ftk_expiry: "60"
          two_factor_ftm_expiry: "72"
          two_factor_sms_expiry: "60"
          udp_idle_timer: "180"
          url_filter_affinity: "<your_own_value>"
          url_filter_count: "1"
          user_device_store_max_devices: "20921"
          user_device_store_max_unified_mem: "104609177"
          user_device_store_max_users: "20921"
          user_server_cert: "<your_own_value> (source certificate.local.name)"
          vdom_admin: "enable"
          vdom_mode: "no-vdom"
          vip_arp_range: "unlimited"
          virtual_server_count: "20"
          virtual_server_hardware_acceleration: "disable"
          vpn_ems_sn_check: "enable"
          wad_affinity: "<your_own_value>"
          wad_csvc_cs_count: "1"
          wad_csvc_db_count: "0"
          wad_memory_change_granularity: "10"
          wad_restart_end_time: "<your_own_value>"
          wad_restart_mode: "none"
          wad_restart_start_time: "<your_own_value>"
          wad_source_affinity: "disable"
          wad_worker_count: "0"
          wifi_ca_certificate: "<your_own_value> (source certificate.ca.name)"
          wifi_certificate: "<your_own_value> (source certificate.local.name)"
          wimax_4g_usb: "enable"
          wireless_controller: "enable"
          wireless_controller_port: "5246"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

This module is not guaranteed to have a backwards compatible interface.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fortios_system_global.rst

fortios_system_global.rst

fortios_system_global -- Configure global attributes in Fortinet's FortiOS and FortiGate.

Synopsis

Requirements

Tips

FortiOS Version Compatibility

Parameters

Notes

Examples

Return Values

Status

Authors

	Supported Version Ranges
admin_concurrent	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_console_timeout	`v6.0.0 -> latest`

	Supported Version Ranges
admin_forticloud_sso_default_profile	`v7.2.4 -> latest`

	Supported Version Ranges
admin_forticloud_sso_login	`v7.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_host	`v7.0.6 -> v7.0.12`	`v7.2.1 -> latest`

	Supported Version Ranges
admin_hsts_max_age	`v6.0.0 -> latest`

	Supported Version Ranges
admin_https_pki_required	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_https_redirect	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_https_ssl_versions	`v6.0.0 -> latest`
[tlsv1-1]	`v6.0.0 -> latest`
[tlsv1-2]	`v6.0.0 -> latest`
[tlsv1-3]	`v6.2.0 -> latest`
[tlsv1-0]	`v6.0.0 -> v6.0.11`

	Supported Version Ranges
admin_lockout_duration	`v6.0.0 -> latest`

	Supported Version Ranges
admin_lockout_threshold	`v6.0.0 -> latest`

	Supported Version Ranges
admin_maintainer	`v6.0.0 -> v7.2.2`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_restrict_local	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_scp	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_ssh_grace_time	`v6.0.0 -> latest`

	Supported Version Ranges
admin_ssh_password	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_ssh_v1	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
admin_telnet	`v6.2.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
allow_traffic_redirect	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
anti_replay	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`
[loose]	`v6.0.0 -> latest`
[strict]	`v6.0.0 -> latest`

Files

fortios_system_global.rst

Latest commit

History

fortios_system_global.rst

File metadata and controls

fortios_system_global -- Configure global attributes in Fortinet's FortiOS and FortiGate.

	Supported Version Ranges
asymroute	`v6.0.0 -> v6.0.11`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
auth_ike_saml_port	`v7.2.0 -> latest`

	Supported Version Ranges
auth_keepalive	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
auth_session_limit	`v6.0.0 -> latest`
[block-new]	`v6.0.0 -> latest`
[logout-inactive]	`v6.0.0 -> latest`

	Supported Version Ranges
auto_auth_extension_device	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
autorun_log_fsck	`v6.2.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
av_failopen	`v6.0.0 -> latest`
[pass]	`v6.0.0 -> latest`
[off]	`v6.0.0 -> latest`
[one-shot]	`v6.0.0 -> latest`

	Supported Version Ranges
av_failopen_session	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
batch_cmdb	`v6.0.0 -> latest`
[enable]	`v6.0.0 -> latest`
[disable]	`v6.0.0 -> latest`

	Supported Version Ranges
block_session_timer	`v6.0.0 -> latest`