source: | fortios_system_global.py |
---|---|
orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.14
Using member operation to add an element to an existing object.
Supported Version Ranges | |
fortios_system_global | v6.0.0 -> latest |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- system_global - Configure global attributes. type: dict
more...
Supported Version Ranges system_global v6.0.0 -> latest
- admin_concurrent - Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. type: str choices: enable, disable
more...
Supported Version Ranges admin_concurrent v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_console_timeout - Console login timeout that overrides the admin timeout value (15 - 300 seconds). type: int
more...
Supported Version Ranges admin_console_timeout v6.0.0 -> latest
- admin_forticloud_sso_default_profile - Override access profile. Source system.accprofile.name. type: str
more...
Supported Version Ranges admin_forticloud_sso_default_profile v7.2.4 -> latest
- admin_forticloud_sso_login - Enable/disable FortiCloud admin login via SSO. type: str choices: enable, disable
more...
Supported Version Ranges admin_forticloud_sso_login v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_host - Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client"s Host header for any redirection. type: str
more...
Supported Version Ranges admin_host v7.0.6 -> v7.0.12
v7.2.1 -> latest
- admin_hsts_max_age - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. type: int
more...
Supported Version Ranges admin_hsts_max_age v6.0.0 -> latest
- admin_https_pki_required - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. type: str choices: enable, disable
more...
Supported Version Ranges admin_https_pki_required v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_https_redirect - Enable/disable redirection of HTTP administration access to HTTPS. type: str choices: enable, disable
more...
Supported Version Ranges admin_https_redirect v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_https_ssl_banned_ciphers - Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. type: list choices: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM
more...
Supported Version Ranges admin_https_ssl_banned_ciphers v7.0.2 -> latest
[RSA] v6.0.0 -> latest
[DHE] v6.0.0 -> latest
[ECDHE] v6.0.0 -> latest
[DSS] v6.0.0 -> latest
[ECDSA] v6.0.0 -> latest
[AES] v6.0.0 -> latest
[AESGCM] v6.0.0 -> latest
[CAMELLIA] v6.0.0 -> latest
[3DES] v6.0.0 -> latest
[SHA1] v6.0.0 -> latest
[SHA256] v6.0.0 -> latest
[SHA384] v6.0.0 -> latest
[STATIC] v6.0.0 -> latest
[CHACHA20] v6.0.0 -> latest
[ARIA] v6.0.0 -> latest
[AESCCM] v6.0.0 -> latest
- admin_https_ssl_ciphersuites - Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. type: list choices: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256
more...
Supported Version Ranges admin_https_ssl_ciphersuites v7.0.2 -> latest
[TLS-AES-128-GCM-SHA256] v6.0.0 -> latest
[TLS-AES-256-GCM-SHA384] v6.0.0 -> latest
[TLS-CHACHA20-POLY1305-SHA256] v6.0.0 -> latest
[TLS-AES-128-CCM-SHA256] v6.0.0 -> latest
[TLS-AES-128-CCM-8-SHA256] v6.0.0 -> latest
- admin_https_ssl_versions - Allowed TLS versions for web administration. type: list choices: tlsv1-1, tlsv1-2, tlsv1-3, tlsv1-0
more...
Supported Version Ranges admin_https_ssl_versions v6.0.0 -> latest
[tlsv1-1] v6.0.0 -> latest
[tlsv1-2] v6.0.0 -> latest
[tlsv1-3] v6.2.0 -> latest
[tlsv1-0] v6.0.0 -> v6.0.11
- admin_lockout_duration - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int
more...
Supported Version Ranges admin_lockout_duration v6.0.0 -> latest
- admin_lockout_threshold - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int
more...
Supported Version Ranges admin_lockout_threshold v6.0.0 -> latest
- admin_login_max - Maximum number of administrators who can be logged in at the same time (1 - 100). type: int
more...
Supported Version Ranges admin_login_max v6.0.0 -> latest
- admin_maintainer - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. type: str choices: enable, disable
more...
Supported Version Ranges admin_maintainer v6.0.0 -> v7.2.2
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_port - Administrative access port for HTTP. (1 - 65535). type: int
more...
Supported Version Ranges admin_port v6.0.0 -> latest
- admin_restrict_local - Enable/disable local admin authentication restriction when remote authenticator is up and running . type: str choices: enable, disable
more...
Supported Version Ranges admin_restrict_local v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_scp - Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. type: str choices: enable, disable
more...
Supported Version Ranges admin_scp v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_server_cert - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. type: str
more...
Supported Version Ranges admin_server_cert v6.0.0 -> latest
- admin_sport - Administrative access port for HTTPS. (1 - 65535). type: int
more...
Supported Version Ranges admin_sport v6.0.0 -> latest
- admin_ssh_grace_time - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). type: int
more...
Supported Version Ranges admin_ssh_grace_time v6.0.0 -> latest
- admin_ssh_password - Enable/disable password authentication for SSH admin access. type: str choices: enable, disable
more...
Supported Version Ranges admin_ssh_password v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_ssh_port - Administrative access port for SSH. (1 - 65535). type: int
more...
Supported Version Ranges admin_ssh_port v6.0.0 -> latest
- admin_ssh_v1 - Enable/disable SSH v1 compatibility. type: str choices: enable, disable
more...
Supported Version Ranges admin_ssh_v1 v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_telnet - Enable/disable TELNET service. type: str choices: enable, disable
more...
Supported Version Ranges admin_telnet v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- admin_telnet_port - Administrative access port for TELNET. (1 - 65535). type: int
more...
Supported Version Ranges admin_telnet_port v6.0.0 -> latest
- admintimeout - Number of minutes before an idle administrator session times out (1 - 480 minutes (8 hours)). A shorter idle timeout is more secure. type: int
more...
Supported Version Ranges admintimeout v6.0.0 -> latest
- alias - Alias for your FortiGate unit. type: str
more...
Supported Version Ranges alias v6.0.0 -> latest
- allow_traffic_redirect - Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable
more...
Supported Version Ranges allow_traffic_redirect v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- anti_replay - Level of checking for packet replay and TCP sequence checking. type: str choices: disable, loose, strict
more...
Supported Version Ranges anti_replay v6.0.0 -> latest
[disable] v6.0.0 -> latest
[loose] v6.0.0 -> latest
[strict] v6.0.0 -> latest
- arp_max_entry - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). type: int
more...
Supported Version Ranges arp_max_entry v6.0.0 -> latest
- asymroute - Enable/disable asymmetric route. type: str choices: enable, disable
more...
Supported Version Ranges asymroute v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- auth_cert - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. type: str
more...
Supported Version Ranges auth_cert v6.0.0 -> latest
- auth_http_port - User authentication HTTP port. (1 - 65535). type: int
more...
Supported Version Ranges auth_http_port v6.0.0 -> latest
- auth_https_port - User authentication HTTPS port. (1 - 65535). type: int
more...
Supported Version Ranges auth_https_port v6.0.0 -> latest
- auth_ike_saml_port - User IKE SAML authentication port (0 - 65535). type: int
more...
Supported Version Ranges auth_ike_saml_port v7.2.0 -> latest
- auth_keepalive - Enable to prevent user authentication sessions from timing out when idle. type: str choices: enable, disable
more...
Supported Version Ranges auth_keepalive v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- auth_session_limit - Action to take when the number of allowed user authenticated sessions is reached. type: str choices: block-new, logout-inactive
more...
Supported Version Ranges auth_session_limit v6.0.0 -> latest
[block-new] v6.0.0 -> latest
[logout-inactive] v6.0.0 -> latest
- auto_auth_extension_device - Enable/disable automatic authorization of dedicated Fortinet extension devices. type: str choices: enable, disable
more...
Supported Version Ranges auto_auth_extension_device v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- autorun_log_fsck - Enable/disable automatic log partition check after ungraceful shutdown. type: str choices: enable, disable
more...
Supported Version Ranges autorun_log_fsck v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- av_affinity - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
Supported Version Ranges av_affinity v6.0.0 -> latest
- av_failopen - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. type: str choices: pass, off, one-shot
more...
Supported Version Ranges av_failopen v6.0.0 -> latest
[pass] v6.0.0 -> latest
[off] v6.0.0 -> latest
[one-shot] v6.0.0 -> latest
- av_failopen_session - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str choices: enable, disable
more...
Supported Version Ranges av_failopen_session v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- batch_cmdb - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. type: str choices: enable, disable
more...
Supported Version Ranges batch_cmdb v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- block_session_timer - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). type: int
more...
Supported Version Ranges block_session_timer v6.0.0 -> latest
- br_fdb_max_entry - Maximum number of bridge forwarding database (FDB) entries. type: int
more...
Supported Version Ranges br_fdb_max_entry v6.0.0 -> latest
- cert_chain_max - Maximum number of certificates that can be traversed in a certificate chain. type: int
more...
Supported Version Ranges cert_chain_max v6.0.0 -> latest
- cfg_revert_timeout - Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds). type: int
more...
Supported Version Ranges cfg_revert_timeout v6.0.0 -> latest
- cfg_save - Configuration file save mode for CLI changes. type: str choices: automatic, manual, revert
more...
Supported Version Ranges cfg_save v6.0.0 -> latest
[automatic] v6.0.0 -> latest
[manual] v6.0.0 -> latest
[revert] v6.0.0 -> latest
- check_protocol_header - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is OK in most cases. type: str choices: loose, strict
more...
Supported Version Ranges check_protocol_header v6.0.0 -> latest
[loose] v6.0.0 -> latest
[strict] v6.0.0 -> latest
- check_reset_range - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. type: str choices: strict, disable
more...
Supported Version Ranges check_reset_range v6.0.0 -> latest
[strict] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- cli_audit_log - Enable/disable CLI audit log. type: str choices: enable, disable
more...
Supported Version Ranges cli_audit_log v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- cloud_communication - Enable/disable all cloud communication. type: str choices: enable, disable
more...
Supported Version Ranges cloud_communication v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- clt_cert_req - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. type: str choices: enable, disable
more...
Supported Version Ranges clt_cert_req v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- cmdbsvr_affinity - Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
Supported Version Ranges cmdbsvr_affinity v7.0.1 -> latest
- compliance_check - Enable/disable global PCI DSS compliance check. type: str choices: enable, disable
more...
Supported Version Ranges compliance_check v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- compliance_check_time - Time of day to run scheduled PCI DSS compliance checks. type: str
more...
Supported Version Ranges compliance_check_time v6.0.0 -> v6.0.11
- cpu_use_threshold - Threshold at which CPU usage is reported (% of total CPU). type: int
more...
Supported Version Ranges cpu_use_threshold v6.0.0 -> latest
- csr_ca_attribute - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. type: str choices: enable, disable
more...
Supported Version Ranges csr_ca_attribute v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- daily_restart - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. type: str choices: enable, disable
more...
Supported Version Ranges daily_restart v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- default_service_source_port - Default service source port range . type: str
more...
Supported Version Ranges default_service_source_port v6.2.0 -> latest
- device_identification_active_scan_delay - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). type: int
more...
Supported Version Ranges device_identification_active_scan_delay v6.0.0 -> v6.2.7
- device_idle_timeout - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). type: int
more...
Supported Version Ranges device_idle_timeout v6.0.0 -> latest
- dh_params - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. type: str choices: 1024, 1536, 2048, 3072, 4096, 6144, 8192
more...
Supported Version Ranges dh_params v6.0.0 -> latest
[1024] v6.0.0 -> latest
[1536] v6.0.0 -> latest
[2048] v6.0.0 -> latest
[3072] v6.0.0 -> latest
[4096] v6.0.0 -> latest
[6144] v6.0.0 -> latest
[8192] v6.0.0 -> latest
- dnsproxy_worker_count - DNS proxy worker count. For a FortiGate with multiple logical CPUs, you can set the DNS process number from 1 to the number of logical CPUs. type: int
more...
Supported Version Ranges dnsproxy_worker_count v6.0.0 -> latest
- dst - Enable/disable daylight saving time. type: str choices: enable, disable
more...
Supported Version Ranges dst v6.0.0 -> v7.2.0
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- early_tcp_npu_session - Enable/disable early TCP NPU session. type: str choices: enable, disable
more...
Supported Version Ranges early_tcp_npu_session v7.0.6 -> v7.0.12
v7.2.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- edit_vdom_prompt - Enable/disable edit new VDOM prompt. type: str choices: enable, disable
more...
Supported Version Ranges edit_vdom_prompt v6.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- endpoint_control_fds_access - Enable/disable access to the FortiGuard network for non-compliant endpoints. type: str choices: enable, disable
more...
Supported Version Ranges endpoint_control_fds_access v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- endpoint_control_portal_port - Endpoint control portal port (1 - 65535). type: int
more...
Supported Version Ranges endpoint_control_portal_port v6.0.0 -> v6.0.11
- extender_controller_reserved_network - Configure reserved network subnet for managed LAN extension FortiExtender units. This is available when the FortiExtender daemon is running. type: str
more...
Supported Version Ranges extender_controller_reserved_network v7.0.2 -> latest
- failtime - Fail-time for server lost. type: int
more...
Supported Version Ranges failtime v6.0.0 -> latest
- faz_disk_buffer_size - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailable. type: int
more...
Supported Version Ranges faz_disk_buffer_size v6.4.0 -> latest
- fds_statistics - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet"s privacy policy. type: str choices: enable, disable
more...
Supported Version Ranges fds_statistics v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fds_statistics_period - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). type: int
more...
Supported Version Ranges fds_statistics_period v6.0.0 -> latest
- fec_port - Local UDP port for Forward Error Correction (49152 - 65535). type: int
more...
Supported Version Ranges fec_port v6.2.0 -> v7.0.1
- fgd_alert_subscription - Type of alert to retrieve from FortiGuard. type: list choices: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db
more...
Supported Version Ranges fgd_alert_subscription v6.0.0 -> latest
[advisory] v6.0.0 -> latest
[latest-threat] v6.0.0 -> latest
[latest-virus] v6.0.0 -> latest
[latest-attack] v6.0.0 -> latest
[new-antivirus-db] v6.0.0 -> latest
[new-attack-db] v6.0.0 -> latest
- forticarrier_bypass - Enable/disable forticarrier-bypass. type: str choices: enable, disable
more...
Supported Version Ranges forticarrier_bypass v7.0.4 -> v7.0.5
v7.2.0 -> v7.2.0
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- forticonverter_config_upload - Enable/disable config upload to FortiConverter. type: str choices: once, disable
more...
Supported Version Ranges forticonverter_config_upload v7.4.0 -> latest
[once] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- forticonverter_integration - Enable/disable FortiConverter integration service. type: str choices: enable, disable
more...
Supported Version Ranges forticonverter_integration v7.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fortiextender - Enable/disable FortiExtender. type: str choices: disable, enable
more...
Supported Version Ranges fortiextender v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- fortiextender_data_port - FortiExtender data port (1024 - 49150). type: int
more...
Supported Version Ranges fortiextender_data_port v6.0.0 -> latest
- fortiextender_discovery_lockdown - Enable/disable FortiExtender CAPWAP lockdown. type: str choices: disable, enable
more...
Supported Version Ranges fortiextender_discovery_lockdown v7.0.2 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- fortiextender_provision_on_authorization - Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. type: str choices: enable, disable
more...
Supported Version Ranges fortiextender_provision_on_authorization v7.2.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fortiextender_vlan_mode - Enable/disable FortiExtender VLAN mode. type: str choices: enable, disable
more...
Supported Version Ranges fortiextender_vlan_mode v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fortiipam_integration - Enable/disable integration with the FortiIPAM cloud service. type: str choices: enable, disable
more...
Supported Version Ranges fortiipam_integration v6.4.4 -> v7.0.1
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fortiservice_port - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int
more...
Supported Version Ranges fortiservice_port v6.0.0 -> latest
- fortitoken_cloud - Enable/disable FortiToken Cloud service. type: str choices: enable, disable
more...
Supported Version Ranges fortitoken_cloud v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fortitoken_cloud_push_status - Enable/disable FTM push service of FortiToken Cloud. type: str choices: enable, disable
more...
Supported Version Ranges fortitoken_cloud_push_status v7.4.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- fortitoken_cloud_sync_interval - Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days)). type: int
more...
Supported Version Ranges fortitoken_cloud_sync_interval v7.4.1 -> latest
- gui_allow_default_hostname - Enable/disable the factory default hostname warning on the GUI setup wizard. type: str choices: enable, disable
more...
Supported Version Ranges gui_allow_default_hostname v6.2.0 -> v7.4.0
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_allow_incompatible_fabric_fgt - Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. type: str choices: enable, disable
more...
Supported Version Ranges gui_allow_incompatible_fabric_fgt v7.0.12 -> v7.0.12
v7.2.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_app_detection_sdwan - Enable/disable Allow app-detection based SD-WAN. type: str choices: enable, disable
more...
Supported Version Ranges gui_app_detection_sdwan v7.2.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_auto_upgrade_setup_warning - Enable/disable the automatic patch upgrade setup prompt on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_auto_upgrade_setup_warning v7.4.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_cdn_domain_override - Domain of CDN server. type: str
more...
Supported Version Ranges gui_cdn_domain_override v7.0.12 -> v7.0.12
v7.2.1 -> latest
- gui_cdn_usage - Enable/disable Load GUI static files from a CDN. type: str choices: enable, disable
more...
Supported Version Ranges gui_cdn_usage v7.0.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_certificates - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_certificates v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_custom_language - Enable/disable custom languages in GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_custom_language v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_date_format - Default date format used throughout GUI. type: str choices: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy
more...
Supported Version Ranges gui_date_format v6.0.0 -> latest
[yyyy/MM/dd] v6.0.0 -> latest
[dd/MM/yyyy] v6.0.0 -> latest
[MM/dd/yyyy] v6.0.0 -> latest
[yyyy-MM-dd] v6.0.0 -> latest
[dd-MM-yyyy] v6.0.0 -> latest
[MM-dd-yyyy] v6.0.0 -> latest
- gui_date_time_source - Source from which the FortiGate GUI uses to display date and time entries. type: str choices: system, browser
more...
Supported Version Ranges gui_date_time_source v6.2.0 -> latest
[system] v6.0.0 -> latest
[browser] v6.0.0 -> latest
- gui_device_latitude - Add the latitude of the location of this FortiGate to position it on the Threat Map. type: str
more...
Supported Version Ranges gui_device_latitude v6.0.0 -> latest
- gui_device_longitude - Add the longitude of the location of this FortiGate to position it on the Threat Map. type: str
more...
Supported Version Ranges gui_device_longitude v6.0.0 -> latest
- gui_display_hostname - Enable/disable displaying the FortiGate"s hostname on the GUI login page. type: str choices: enable, disable
more...
Supported Version Ranges gui_display_hostname v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_firmware_upgrade_warning - Enable/disable the firmware upgrade warning on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_firmware_upgrade_warning v6.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_forticare_registration_setup_warning - Enable/disable the FortiCare registration setup warning on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_forticare_registration_setup_warning v6.4.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_fortigate_cloud_sandbox - Enable/disable displaying FortiGate Cloud Sandbox on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_fortigate_cloud_sandbox v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_fortiguard_resource_fetch - Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. type: str choices: enable, disable
more...
Supported Version Ranges gui_fortiguard_resource_fetch v7.0.6 -> v7.0.12
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_fortisandbox_cloud - Enable/disable displaying FortiSandbox Cloud on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_fortisandbox_cloud v6.2.0 -> v6.4.4
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_ipv6 - Enable/disable IPv6 settings on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_ipv6 v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_lines_per_page - Number of lines to display per page for web administration. type: int
more...
Supported Version Ranges gui_lines_per_page v6.0.0 -> v6.2.7
v6.4.1 -> v6.4.1
- gui_local_out - Enable/disable Local-out traffic on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_local_out v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_replacement_message_groups - Enable/disable replacement message groups on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_replacement_message_groups v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_rest_api_cache - Enable/disable REST API result caching on FortiGate. type: str choices: enable, disable
more...
Supported Version Ranges gui_rest_api_cache v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_theme - Color scheme for the administration GUI. type: str choices: jade, neutrino, mariner, graphite, melongene, jet-stream, security-fabric, retro, dark-matter, onyx, eclipse, green, blue, red
more...
Supported Version Ranges gui_theme v6.0.0 -> latest
[jade] v7.0.0 -> latest
[neutrino] v6.2.0 -> latest
[mariner] v6.0.0 -> latest
[graphite] v7.0.0 -> latest
[melongene] v6.0.0 -> latest
[jet-stream] v7.4.0 -> latest
[security-fabric] v7.4.0 -> latest
[retro] v7.0.0 -> latest
[dark-matter] v7.0.0 -> latest
[onyx] v7.0.0 -> latest
[eclipse] v7.0.0 -> latest
[green] v6.0.0 -> v6.4.4
[blue] v6.0.0 -> v6.4.4
[red] v6.0.0 -> v6.0.11
- gui_wireless_opensecurity - Enable/disable wireless open security option on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_wireless_opensecurity v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- gui_workflow_management - Enable/disable Workflow management features on the GUI. type: str choices: enable, disable
more...
Supported Version Ranges gui_workflow_management v7.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ha_affinity - Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
Supported Version Ranges ha_affinity v7.0.1 -> latest
- honor_df - Enable/disable honoring of Don"t-Fragment (DF) flag. type: str choices: enable, disable
more...
Supported Version Ranges honor_df v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- hostname - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. type: str
more...
Supported Version Ranges hostname v6.0.0 -> latest
- igmp_state_limit - Maximum number of IGMP memberships (96 - 64000). type: int
more...
Supported Version Ranges igmp_state_limit v6.0.0 -> latest
- interface_subnet_usage - Enable/disable allowing use of interface-subnet setting in firewall addresses . type: str choices: disable, enable
more...
Supported Version Ranges interface_subnet_usage v7.2.4 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- internet_service_database - Configure which Internet Service database size to download from FortiGuard and use. type: str choices: mini, standard, full, on-demand
more...
Supported Version Ranges internet_service_database v7.0.4 -> latest
[mini] v6.0.0 -> latest
[standard] v6.0.0 -> latest
[full] v6.0.0 -> latest
[on-demand] v7.2.4 -> latest
- internet_service_download_list - Configure which on-demand Internet Service IDs are to be downloaded. type: list member_path: internet_service_download_list:id
more...
Supported Version Ranges internet_service_download_list v7.4.0 -> latest
- id - Internet Service ID. see Notes. Source firewall.internet-service.id. type: int required: true
more...
Supported Version Ranges id v7.4.0 -> latest
- interval - Dead gateway detection interval. type: int
more...
Supported Version Ranges interval v6.0.0 -> latest
- ip_fragment_mem_thresholds - Maximum memory (MB) used to reassemble IPv4/IPv6 fragments. type: int
more...
Supported Version Ranges ip_fragment_mem_thresholds v7.0.8 -> v7.0.12
v7.2.4 -> latest
- ip_src_port_range - IP source port range used for traffic originating from the FortiGate unit. type: str
more...
Supported Version Ranges ip_src_port_range v6.0.0 -> latest
- ips_affinity - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). type: str
more...
Supported Version Ranges ips_affinity v6.0.0 -> latest
- ipsec_asic_offload - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. type: str choices: enable, disable
more...
Supported Version Ranges ipsec_asic_offload v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipsec_ha_seqjump_rate - ESP jump ahead rate (1G - 10G pps equivalent). type: int
more...
Supported Version Ranges ipsec_ha_seqjump_rate v7.0.0 -> latest
- ipsec_hmac_offload - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. type: str choices: enable, disable
more...
Supported Version Ranges ipsec_hmac_offload v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipsec_round_robin - Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. type: str choices: enable, disable
more...
Supported Version Ranges ipsec_round_robin v7.4.0 -> latest
[enable] v7.0.6 -> v7.0.12
v7.2.1 -> v7.2.2
v7.4.0 -> latest
[disable] v7.0.6 -> v7.0.12
v7.2.1 -> v7.2.2
v7.4.0 -> latest
- ipsec_soft_dec_async - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. type: str choices: enable, disable
more...
Supported Version Ranges ipsec_soft_dec_async v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_accept_dad - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). type: int
more...
Supported Version Ranges ipv6_accept_dad v6.0.0 -> latest
- ipv6_allow_anycast_probe - Enable/disable IPv6 address probe through Anycast. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_allow_anycast_probe v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_allow_local_in_slient_drop - Enable/disable silent drop of IPv6 local-in traffic. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_allow_local_in_slient_drop v7.0.6 -> v7.0.12
v7.2.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_allow_multicast_probe - Enable/disable IPv6 address probe through Multicast. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_allow_multicast_probe v7.0.6 -> v7.0.12
v7.2.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ipv6_allow_traffic_redirect - Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. type: str choices: enable, disable
more...
Supported Version Ranges ipv6_allow_traffic_redirect v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- irq_time_accounting - Configure CPU IRQ time accounting mode. type: str choices: auto, force
more...
Supported Version Ranges irq_time_accounting v6.4.0 -> latest
[auto] v6.0.0 -> latest
[force] v6.0.0 -> latest
- language - GUI display language. type: str choices: english, french, spanish, portuguese, japanese, trach, simch, korean
more...
Supported Version Ranges language v6.0.0 -> latest
[english] v6.0.0 -> latest
[french] v6.0.0 -> latest
[spanish] v6.0.0 -> latest
[portuguese] v6.0.0 -> latest
[japanese] v6.0.0 -> latest
[trach] v6.0.0 -> latest
[simch] v6.0.0 -> latest
[korean] v6.0.0 -> latest
- ldapconntimeout - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). type: int
more...
Supported Version Ranges ldapconntimeout v6.0.0 -> latest
- lldp_reception - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str choices: enable, disable
more...
Supported Version Ranges lldp_reception v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- lldp_transmission - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str choices: enable, disable
more...
Supported Version Ranges lldp_transmission v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- log_single_cpu_high - Enable/disable logging the event of a single CPU core reaching CPU usage threshold. type: str choices: enable, disable
more...
Supported Version Ranges log_single_cpu_high v7.2.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- log_ssl_connection - Enable/disable logging of SSL connection events. type: str choices: enable, disable
more...
Supported Version Ranges log_ssl_connection v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- log_uuid - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. type: str choices: disable, policy-only, extended
more...
Supported Version Ranges log_uuid v6.0.0 -> v6.0.11
[disable] v6.0.0 -> latest
[policy-only] v6.0.0 -> latest
[extended] v6.0.0 -> latest
- log_uuid_address - Enable/disable insertion of address UUIDs to traffic logs. type: str choices: enable, disable
more...
Supported Version Ranges log_uuid_address v6.2.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- log_uuid_policy - Enable/disable insertion of policy UUIDs to traffic logs. type: str choices: enable, disable
more...
Supported Version Ranges log_uuid_policy v6.2.0 -> v6.2.7
v6.4.1 -> v6.4.1
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- login_timestamp - Enable/disable login time recording. type: str choices: enable, disable
more...
Supported Version Ranges login_timestamp v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- long_vdom_name - Enable/disable long VDOM name support. type: str choices: enable, disable
more...
Supported Version Ranges long_vdom_name v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- management_ip - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str
more...
Supported Version Ranges management_ip v7.0.0 -> latest
- management_port - Overriding port for management connection (Overrides admin port). type: int
more...
Supported Version Ranges management_port v7.0.0 -> latest
- management_port_use_admin_sport - Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. type: str choices: enable, disable
more...
Supported Version Ranges management_port_use_admin_sport v7.0.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- management_vdom - Management virtual domain name. Source system.vdom.name. type: str
more...
Supported Version Ranges management_vdom v6.0.0 -> latest
- max_dlpstat_memory - Maximum DLP stat memory (0 - 4294967295). type: int
more...
Supported Version Ranges max_dlpstat_memory v6.0.0 -> v6.2.7
- max_route_cache_size - Maximum number of IP route cache entries (0 - 2147483647). type: int
more...
Supported Version Ranges max_route_cache_size v6.0.0 -> latest
- mc_ttl_notchange - Enable/disable no modification of multicast TTL. type: str choices: enable, disable
more...
Supported Version Ranges mc_ttl_notchange v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- memory_use_threshold_extreme - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). type: int
more...
Supported Version Ranges memory_use_threshold_extreme v6.0.0 -> latest
- memory_use_threshold_green - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). type: int
more...
Supported Version Ranges memory_use_threshold_green v6.0.0 -> latest
- memory_use_threshold_red - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). type: int
more...
Supported Version Ranges memory_use_threshold_red v6.0.0 -> latest
- miglog_affinity - Affinity setting for logging (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
Supported Version Ranges miglog_affinity v6.0.0 -> latest
- miglogd_children - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. type: int
more...
Supported Version Ranges miglogd_children v6.0.0 -> latest
- multi_factor_authentication - Enforce all login methods to require an additional authentication factor . type: str choices: optional, mandatory
more...
Supported Version Ranges multi_factor_authentication v6.0.0 -> latest
[optional] v6.0.0 -> latest
[mandatory] v6.0.0 -> latest
- multicast_forward - Enable/disable multicast forwarding. type: str choices: enable, disable
more...
Supported Version Ranges multicast_forward v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ndp_max_entry - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int
more...
Supported Version Ranges ndp_max_entry v6.0.0 -> latest
- per_user_bal - Enable/disable per-user block/allow list filter. type: str choices: enable, disable
more...
Supported Version Ranges per_user_bal v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- per_user_bwl - Enable/disable per-user black/white list filter. type: str choices: enable, disable
more...
Supported Version Ranges per_user_bwl v6.0.0 -> v6.4.4
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- pmtu_discovery - Enable/disable path MTU discovery. type: str choices: enable, disable
more...
Supported Version Ranges pmtu_discovery v7.0.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- policy_auth_concurrent - Number of concurrent firewall use logins from the same user (1 - 100). type: int
more...
Supported Version Ranges policy_auth_concurrent v6.0.0 -> latest
- post_login_banner - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str choices: disable, enable
more...
Supported Version Ranges post_login_banner v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- pre_login_banner - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str choices: enable, disable
more...
Supported Version Ranges pre_login_banner v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- private_data_encryption - Enable/disable private data encryption using an AES 128-bit key or passpharse. type: str choices: disable, enable
more...
Supported Version Ranges private_data_encryption v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- proxy_auth_lifetime - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. type: str choices: enable, disable
more...
Supported Version Ranges proxy_auth_lifetime v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- proxy_auth_lifetime_timeout - Lifetime timeout in minutes for authenticated users (5 - 65535 min). type: int
more...
Supported Version Ranges proxy_auth_lifetime_timeout v6.0.0 -> latest
- proxy_auth_timeout - Authentication timeout in minutes for authenticated users (1 - 300 min). type: int
more...
Supported Version Ranges proxy_auth_timeout v6.0.0 -> latest
- proxy_cert_use_mgmt_vdom - Enable/disable using management VDOM to send requests. type: str choices: enable, disable
more...
Supported Version Ranges proxy_cert_use_mgmt_vdom v7.0.4 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- proxy_cipher_hardware_acceleration - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. type: str choices: disable, enable
more...
Supported Version Ranges proxy_cipher_hardware_acceleration v6.0.0 -> v6.2.7
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- proxy_hardware_acceleration - Enable/disable email proxy hardware acceleration. type: str choices: disable, enable
more...
Supported Version Ranges proxy_hardware_acceleration v6.4.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- proxy_keep_alive_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. type: str choices: session, traffic, re-authentication
more...
Supported Version Ranges proxy_keep_alive_mode v7.2.4 -> latest
[session] v6.0.0 -> latest
[traffic] v6.0.0 -> latest
[re-authentication] v6.0.0 -> latest
- proxy_kxp_hardware_acceleration - Enable/disable using the content processor to accelerate KXP traffic. type: str choices: disable, enable
more...
Supported Version Ranges proxy_kxp_hardware_acceleration v6.0.0 -> v6.2.7
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- proxy_re_authentication_mode - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str choices: session, traffic, absolute
more...
Supported Version Ranges proxy_re_authentication_mode v6.0.0 -> v7.2.2
[session] v6.0.0 -> latest
[traffic] v6.0.0 -> latest
[absolute] v6.0.0 -> latest
- proxy_re_authentication_time - The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s. type: int
more...
Supported Version Ranges proxy_re_authentication_time v7.2.4 -> latest
- proxy_resource_mode - Enable/disable use of the maximum memory usage on the FortiGate unit"s proxy processing of resources, such as block lists, allow lists, and external resources. type: str choices: enable, disable
more...
Supported Version Ranges proxy_resource_mode v7.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- proxy_worker_count - Proxy worker count. type: int
more...
Supported Version Ranges proxy_worker_count v6.0.0 -> latest
- quic_ack_thresold - Maximum number of unacknowledged packets before sending ACK (2 - 5). type: int
more...
Supported Version Ranges quic_ack_thresold v7.4.1 -> latest
- quic_congestion_control_algo - QUIC congestion control algorithm . type: str choices: cubic, bbr, bbr2, reno
more...
Supported Version Ranges quic_congestion_control_algo v7.4.1 -> latest
[cubic] v6.0.0 -> latest
[bbr] v6.0.0 -> latest
[bbr2] v6.0.0 -> latest
[reno] v6.0.0 -> latest
- quic_max_datagram_size - Maximum transmit datagram size (1200 - 1500). type: int
more...
Supported Version Ranges quic_max_datagram_size v7.4.1 -> latest
- quic_pmtud - Enable/disable path MTU discovery . type: str choices: enable, disable
more...
Supported Version Ranges quic_pmtud v7.4.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- quic_tls_handshake_timeout - Time-to-live (TTL) for TLS handshake in seconds (1 - 60). type: int
more...
Supported Version Ranges quic_tls_handshake_timeout v7.4.1 -> latest
- quic_udp_payload_size_shaping_per_cid - Enable/disable UDP payload size shaping per connection ID . type: str choices: enable, disable
more...
Supported Version Ranges quic_udp_payload_size_shaping_per_cid v7.4.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- radius_port - RADIUS service port number. type: int
more...
Supported Version Ranges radius_port v6.0.0 -> latest
- reboot_upon_config_restore - Enable/disable reboot of system upon restoring configuration. type: str choices: enable, disable
more...
Supported Version Ranges reboot_upon_config_restore v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- refresh - Statistics refresh interval second(s) in GUI. type: int
more...
Supported Version Ranges refresh v6.0.0 -> latest
- remoteauthtimeout - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (1-300 sec). type: int
more...
Supported Version Ranges remoteauthtimeout v6.0.0 -> latest
- reset_sessionless_tcp - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. type: str choices: enable, disable
more...
Supported Version Ranges reset_sessionless_tcp v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- restart_time - Daily restart time (hh:mm). type: str
more...
Supported Version Ranges restart_time v6.0.0 -> latest
- revision_backup_on_logout - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. type: str choices: enable, disable
more...
Supported Version Ranges revision_backup_on_logout v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- revision_image_auto_backup - Enable/disable back-up of the latest image revision after the firmware is upgraded. type: str choices: enable, disable
more...
Supported Version Ranges revision_image_auto_backup v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- scanunit_count - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. type: int
more...
Supported Version Ranges scanunit_count v6.0.0 -> latest
- security_rating_result_submission - Enable/disable the submission of Security Rating results to FortiGuard. type: str choices: enable, disable
more...
Supported Version Ranges security_rating_result_submission v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- security_rating_run_on_schedule - Enable/disable scheduled runs of Security Rating. type: str choices: enable, disable
more...
Supported Version Ranges security_rating_run_on_schedule v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- send_pmtu_icmp - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. type: str choices: enable, disable
more...
Supported Version Ranges send_pmtu_icmp v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sflowd_max_children_num - Maximum number of sflowd child processes allowed to run. type: int
more...
Supported Version Ranges sflowd_max_children_num v7.2.4 -> latest
- snat_route_change - Enable/disable the ability to change the source NAT route. type: str choices: enable, disable
more...
Supported Version Ranges snat_route_change v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- special_file_23_support - Enable/disable detection of those special format files when using Data Leak Prevention. type: str choices: disable, enable
more...
Supported Version Ranges special_file_23_support v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- speedtest_server - Enable/disable speed test server. type: str choices: enable, disable
more...
Supported Version Ranges speedtest_server v7.0.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- split_port - Split port(s) to multiple 10Gbps ports. type: list
- ssd_trim_date - Date within a month to run ssd trim. type: int
more...
Supported Version Ranges ssd_trim_date v6.0.0 -> latest
- ssd_trim_freq - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. type: str choices: never, hourly, daily, weekly, monthly
more...
Supported Version Ranges ssd_trim_freq v6.0.0 -> latest
[never] v6.0.0 -> latest
[hourly] v6.0.0 -> latest
[daily] v6.0.0 -> latest
[weekly] v6.0.0 -> latest
[monthly] v6.0.0 -> latest
- ssd_trim_hour - Hour of the day on which to run SSD Trim (0 - 23). type: int
more...
Supported Version Ranges ssd_trim_hour v6.0.0 -> latest
- ssd_trim_min - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). type: int
more...
Supported Version Ranges ssd_trim_min v6.0.0 -> latest
- ssd_trim_weekday - Day of week to run SSD Trim. type: str choices: sunday, monday, tuesday, wednesday, thursday, friday, saturday
more...
Supported Version Ranges ssd_trim_weekday v6.0.0 -> latest
[sunday] v6.0.0 -> latest
[monday] v6.0.0 -> latest
[tuesday] v6.0.0 -> latest
[wednesday] v6.0.0 -> latest
[thursday] v6.0.0 -> latest
[friday] v6.0.0 -> latest
[saturday] v6.0.0 -> latest
- ssh_cbc_cipher - Enable/disable CBC cipher for SSH access. type: str choices: enable, disable
more...
Supported Version Ranges ssh_cbc_cipher v6.0.0 -> v7.0.1
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssh_enc_algo - Select one or more SSH ciphers. type: list choices: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com
more...
Supported Version Ranges ssh_enc_algo v7.0.2 -> latest
[chacha20-poly1305@openssh.com] v6.0.0 -> latest
[aes128-ctr] v6.0.0 -> latest
[aes192-ctr] v6.0.0 -> latest
[aes256-ctr] v6.0.0 -> latest
[arcfour256] v6.0.0 -> latest
[arcfour128] v6.0.0 -> latest
[aes128-cbc] v6.0.0 -> latest
[3des-cbc] v6.0.0 -> latest
[blowfish-cbc] v6.0.0 -> latest
[cast128-cbc] v6.0.0 -> latest
[aes192-cbc] v6.0.0 -> latest
[aes256-cbc] v6.0.0 -> latest
[arcfour] v6.0.0 -> latest
[rijndael-cbc@lysator.liu.se] v6.0.0 -> latest
[aes128-gcm@openssh.com] v6.0.0 -> latest
[aes256-gcm@openssh.com] v6.0.0 -> latest
- ssh_hmac_md5 - Enable/disable HMAC-MD5 for SSH access. type: str choices: enable, disable
more...
Supported Version Ranges ssh_hmac_md5 v6.0.0 -> v7.0.1
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssh_hostkey_algo - Select one or more SSH hostkey algorithms. type: list choices: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519
more...
Supported Version Ranges ssh_hostkey_algo v7.4.0 -> latest
[ssh-rsa] v6.0.0 -> latest
[ecdsa-sha2-nistp521] v6.0.0 -> latest
[rsa-sha2-256] v6.0.0 -> latest
[rsa-sha2-512] v6.0.0 -> latest
[ssh-ed25519] v6.0.0 -> latest
- ssh_kex_algo - Select one or more SSH kex algorithms. type: list choices: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
more...
Supported Version Ranges ssh_kex_algo v7.0.2 -> latest
[diffie-hellman-group1-sha1] v6.0.0 -> latest
[diffie-hellman-group14-sha1] v6.0.0 -> latest
[diffie-hellman-group14-sha256] v7.4.1 -> latest
[diffie-hellman-group16-sha512] v7.4.1 -> latest
[diffie-hellman-group18-sha512] v7.4.1 -> latest
[diffie-hellman-group-exchange-sha1] v6.0.0 -> latest
[diffie-hellman-group-exchange-sha256] v6.0.0 -> latest
[curve25519-sha256@libssh.org] v6.0.0 -> latest
[ecdh-sha2-nistp256] v6.0.0 -> latest
[ecdh-sha2-nistp384] v6.0.0 -> latest
[ecdh-sha2-nistp521] v6.0.0 -> latest
- ssh_kex_sha1 - Enable/disable SHA1 key exchange for SSH access. type: str choices: enable, disable
more...
Supported Version Ranges ssh_kex_sha1 v6.0.0 -> v7.0.1
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssh_mac_algo - Select one or more SSH MAC algorithms. type: list choices: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com
more...
Supported Version Ranges ssh_mac_algo v7.0.2 -> latest
[hmac-md5] v6.0.0 -> latest
[hmac-md5-etm@openssh.com] v6.0.0 -> latest
[hmac-md5-96] v6.0.0 -> latest
[hmac-md5-96-etm@openssh.com] v6.0.0 -> latest
[hmac-sha1] v6.0.0 -> latest
[hmac-sha1-etm@openssh.com] v6.0.0 -> latest
[hmac-sha2-256] v6.0.0 -> latest
[hmac-sha2-256-etm@openssh.com] v6.0.0 -> latest
[hmac-sha2-512] v6.0.0 -> latest
[hmac-sha2-512-etm@openssh.com] v6.0.0 -> latest
[hmac-ripemd160] v6.0.0 -> latest
[hmac-ripemd160@openssh.com] v6.0.0 -> latest
[hmac-ripemd160-etm@openssh.com] v6.0.0 -> latest
[umac-64@openssh.com] v6.0.0 -> latest
[umac-128@openssh.com] v6.0.0 -> latest
[umac-64-etm@openssh.com] v6.0.0 -> latest
[umac-128-etm@openssh.com] v6.0.0 -> latest
- ssh_mac_weak - Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. type: str choices: enable, disable
more...
Supported Version Ranges ssh_mac_weak v6.2.0 -> v7.0.1
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- ssl_min_proto_version - Minimum supported protocol version for SSL/TLS connections . type: str choices: SSLv3, TLSv1, TLSv1-1, TLSv1-2, TLSv1-3
more...
Supported Version Ranges ssl_min_proto_version v6.0.0 -> latest
[SSLv3] v6.0.0 -> latest
[TLSv1] v6.0.0 -> latest
[TLSv1-1] v6.0.0 -> latest
[TLSv1-2] v6.0.0 -> latest
[TLSv1-3] v6.2.0 -> latest
- ssl_static_key_ciphers - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). type: str choices: enable, disable
more...
Supported Version Ranges ssl_static_key_ciphers v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sslvpn_cipher_hardware_acceleration - sslvpn-cipher-hardware-acceleration type: str choices: enable, disable
more...
Supported Version Ranges sslvpn_cipher_hardware_acceleration v6.0.0 -> v7.2.2
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sslvpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN connection. type: str choices: enable, disable
more...
Supported Version Ranges sslvpn_ems_sn_check v6.4.0 -> v6.4.0
v6.4.4 -> v7.2.4
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sslvpn_kxp_hardware_acceleration - sslvpn-kxp-hardware-acceleration type: str choices: enable, disable
more...
Supported Version Ranges sslvpn_kxp_hardware_acceleration v6.0.0 -> v7.2.2
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sslvpn_max_worker_count - Maximum number of SSL-VPN processes. Upper limit for this value is the number of CPUs and depends on the model. Default value of zero means the SSLVPN daemon decides the number of worker processes. type: int
more...
Supported Version Ranges sslvpn_max_worker_count v6.0.0 -> latest
- sslvpn_plugin_version_check - sslvpn-plugin-version-check type: str choices: enable, disable
more...
Supported Version Ranges sslvpn_plugin_version_check v6.0.0 -> v7.2.2
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- sslvpn_web_mode - Enable/disable SSL-VPN web mode. type: str choices: enable, disable
more...
Supported Version Ranges sslvpn_web_mode v7.4.1 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- strict_dirty_session_check - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. type: str choices: enable, disable
more...
Supported Version Ranges strict_dirty_session_check v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- strong_crypto - Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. type: str choices: enable, disable
more...
Supported Version Ranges strong_crypto v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- switch_controller - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. type: str choices: disable, enable
more...
Supported Version Ranges switch_controller v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- switch_controller_reserved_network - Configure reserved network subnet for managed switches. This is available when the switch controller is enabled. type: str
more...
Supported Version Ranges switch_controller_reserved_network v6.0.0 -> latest
- sys_perf_log_interval - Time in minutes between updates of performance statistics logging. (1 - 15 min). type: int
more...
Supported Version Ranges sys_perf_log_interval v6.0.0 -> latest
- syslog_affinity - Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
Supported Version Ranges syslog_affinity v7.2.4 -> latest
- tcp_halfclose_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). type: int
more...
Supported Version Ranges tcp_halfclose_timer v6.0.0 -> latest
- tcp_halfopen_timer - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). type: int
more...
Supported Version Ranges tcp_halfopen_timer v6.0.0 -> latest
- tcp_option - Enable SACK, timestamp and MSS TCP options. type: str choices: enable, disable
more...
Supported Version Ranges tcp_option v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- tcp_rst_timer - Length of the TCP CLOSE state in seconds (5 - 300 sec). type: int
more...
Supported Version Ranges tcp_rst_timer v7.0.0 -> latest
- tcp_timewait_timer - Length of the TCP TIME-WAIT state in seconds (1 - 300 sec). type: int
more...
Supported Version Ranges tcp_timewait_timer v6.0.0 -> latest
- tftp - Enable/disable TFTP. type: str choices: enable, disable
more...
Supported Version Ranges tftp v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- timezone - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. type: str choices: 01, 02, 03, 04, 05, 81, 06, 07, 08, 09, 10, 11, 12, 13, 74, 14, 77, 15, 87, 16, 17, 18, 19, 20, 75, 21, 22, 23, 24, 80, 79, 25, 26, 27, 28, 78, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 83, 84, 40, 85, 39, 41, 42, 43, 44, 45, 46, 47, 51, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 00, 82, 73, 86, 76
more...
Supported Version Ranges timezone v6.0.0 -> latest
[01] v6.0.0 -> latest
[02] v6.0.0 -> latest
[03] v6.0.0 -> latest
[04] v6.0.0 -> latest
[05] v6.0.0 -> latest
[81] v6.0.0 -> latest
[06] v6.0.0 -> latest
[07] v6.0.0 -> latest
[08] v6.0.0 -> latest
[09] v6.0.0 -> latest
[10] v6.0.0 -> latest
[11] v6.0.0 -> latest
[12] v6.0.0 -> latest
[13] v6.0.0 -> latest
[74] v6.0.0 -> latest
[14] v6.0.0 -> latest
[77] v6.0.0 -> latest
[15] v6.0.0 -> latest
[87] v6.0.0 -> latest
[16] v6.0.0 -> latest
[17] v6.0.0 -> latest
[18] v6.0.0 -> latest
[19] v6.0.0 -> latest
[20] v6.0.0 -> latest
[75] v6.0.0 -> latest
[21] v6.0.0 -> latest
[22] v6.0.0 -> latest
[23] v6.0.0 -> latest
[24] v6.0.0 -> latest
[80] v6.0.0 -> latest
[79] v6.0.0 -> latest
[25] v6.0.0 -> latest
[26] v6.0.0 -> latest
[27] v6.0.0 -> latest
[28] v6.0.0 -> latest
[78] v6.0.0 -> latest
[29] v6.0.0 -> latest
[30] v6.0.0 -> latest
[31] v6.0.0 -> latest
[32] v6.0.0 -> latest
[33] v6.0.0 -> latest
[34] v6.0.0 -> latest
[35] v6.0.0 -> latest
[36] v6.0.0 -> latest
[37] v6.0.0 -> latest
[38] v6.0.0 -> latest
[83] v6.0.0 -> latest
[84] v6.0.0 -> latest
[40] v6.0.0 -> latest
[85] v6.0.0 -> latest
[39] v6.0.0 -> latest
[41] v6.0.0 -> latest
[42] v6.0.0 -> latest
[43] v6.0.0 -> latest
[44] v6.0.0 -> latest
[45] v6.0.0 -> latest
[46] v6.0.0 -> latest
[47] v6.0.0 -> latest
[51] v6.0.0 -> latest
[48] v6.0.0 -> latest
[49] v6.0.0 -> latest
[50] v6.0.0 -> latest
[52] v6.0.0 -> latest
[53] v6.0.0 -> latest
[54] v6.0.0 -> latest
[55] v6.0.0 -> latest
[56] v6.0.0 -> latest
[57] v6.0.0 -> latest
[58] v6.0.0 -> latest
[59] v6.0.0 -> latest
[60] v6.0.0 -> latest
[61] v6.0.0 -> latest
[62] v6.0.0 -> latest
[63] v6.0.0 -> latest
[64] v6.0.0 -> latest
[65] v6.0.0 -> latest
[66] v6.0.0 -> latest
[67] v6.0.0 -> latest
[68] v6.0.0 -> latest
[69] v6.0.0 -> latest
[70] v6.0.0 -> latest
[71] v6.0.0 -> latest
[72] v6.0.0 -> latest
[00] v6.0.0 -> latest
[82] v6.0.0 -> latest
[73] v6.0.0 -> latest
[86] v6.0.0 -> latest
[76] v6.0.0 -> latest
- tp_mc_skip_policy - Enable/disable skip policy check and allow multicast through. type: str choices: enable, disable
more...
Supported Version Ranges tp_mc_skip_policy v6.0.0 -> v6.0.11
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- traffic_priority - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. type: str choices: tos, dscp
more...
Supported Version Ranges traffic_priority v6.0.0 -> latest
[tos] v6.0.0 -> latest
[dscp] v6.0.0 -> latest
- traffic_priority_level - Default system-wide level of priority for traffic prioritization. type: str choices: low, medium, high
more...
Supported Version Ranges traffic_priority_level v6.0.0 -> latest
[low] v6.0.0 -> latest
[medium] v6.0.0 -> latest
[high] v6.0.0 -> latest
- two_factor_email_expiry - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). type: int
more...
Supported Version Ranges two_factor_email_expiry v6.0.0 -> latest
- two_factor_fac_expiry - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). type: int
more...
Supported Version Ranges two_factor_fac_expiry v6.0.0 -> latest
- two_factor_ftk_expiry - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). type: int
more...
Supported Version Ranges two_factor_ftk_expiry v6.0.0 -> latest
- two_factor_ftm_expiry - FortiToken Mobile session timeout (1 - 168 hours (7 days)). type: int
more...
Supported Version Ranges two_factor_ftm_expiry v6.0.0 -> latest
- two_factor_sms_expiry - SMS-based two-factor authentication session timeout (30 - 300 sec). type: int
more...
Supported Version Ranges two_factor_sms_expiry v6.0.0 -> latest
- udp_idle_timer - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). type: int
more...
Supported Version Ranges udp_idle_timer v6.0.0 -> latest
- url_filter_affinity - URL filter CPU affinity. type: str
more...
Supported Version Ranges url_filter_affinity v6.2.0 -> latest
- url_filter_count - URL filter daemon count. type: int
more...
Supported Version Ranges url_filter_count v6.2.0 -> latest
- user_device_store_max_devices - Maximum number of devices allowed in user device store. type: int
more...
Supported Version Ranges user_device_store_max_devices v6.4.4 -> latest
- user_device_store_max_unified_mem - Maximum unified memory allowed in user device store. type: int
more...
Supported Version Ranges user_device_store_max_unified_mem v7.0.2 -> latest
- user_device_store_max_users - Maximum number of users allowed in user device store. type: int
more...
Supported Version Ranges user_device_store_max_users v6.4.4 -> latest
- user_server_cert - Certificate to use for https user authentication. Source certificate.local.name. type: str
more...
Supported Version Ranges user_server_cert v6.0.0 -> v7.2.0
- vdom_admin - vdom-admin type: str choices: enable, disable
more...
Supported Version Ranges vdom_admin v6.0.0 -> v6.0.11
v6.2.3 -> v6.2.3
[enable] v6.0.0 -> v6.0.11
[disable] v6.0.0 -> v6.0.11
- vdom_mode - Enable/disable support for multiple virtual domains (VDOMs). type: str choices: no-vdom, multi-vdom, split-vdom
more...
Supported Version Ranges vdom_mode v6.2.0 -> latest
[no-vdom] v6.0.0 -> latest
[multi-vdom] v6.0.0 -> latest
[split-vdom] v6.2.0 -> v7.0.12
- vip_arp_range - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. type: str choices: unlimited, restricted
more...
Supported Version Ranges vip_arp_range v6.0.0 -> latest
[unlimited] v6.0.0 -> latest
[restricted] v6.0.0 -> latest
- virtual_server_count - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. type: int
more...
Supported Version Ranges virtual_server_count v6.0.0 -> v6.0.11
v6.2.3 -> v6.2.3
- virtual_server_hardware_acceleration - Enable/disable virtual server hardware acceleration. type: str choices: disable, enable
more...
Supported Version Ranges virtual_server_hardware_acceleration v6.0.0 -> v6.0.11
v6.2.3 -> v6.2.3
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- vpn_ems_sn_check - Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. type: str choices: enable, disable
more...
Supported Version Ranges vpn_ems_sn_check v7.4.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- wad_affinity - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str
more...
Supported Version Ranges wad_affinity v6.0.0 -> latest
- wad_csvc_cs_count - Number of concurrent WAD-cache-service object-cache processes. type: int
more...
Supported Version Ranges wad_csvc_cs_count v6.0.0 -> latest
- wad_csvc_db_count - Number of concurrent WAD-cache-service byte-cache processes. type: int
more...
Supported Version Ranges wad_csvc_db_count v6.0.0 -> latest
- wad_memory_change_granularity - Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection. type: int
more...
Supported Version Ranges wad_memory_change_granularity v6.2.0 -> latest
- wad_restart_end_time - WAD workers daily restart end time (hh:mm). type: str
more...
Supported Version Ranges wad_restart_end_time v7.2.4 -> latest
- wad_restart_mode - WAD worker restart mode . type: str choices: none, time, memory
more...
Supported Version Ranges wad_restart_mode v7.2.4 -> latest
[none] v6.0.0 -> latest
[time] v6.0.0 -> latest
[memory] v6.0.0 -> latest
- wad_restart_start_time - WAD workers daily restart time (hh:mm). type: str
more...
Supported Version Ranges wad_restart_start_time v7.2.4 -> latest
- wad_source_affinity - Enable/disable dispatching traffic to WAD workers based on source affinity. type: str choices: disable, enable
more...
Supported Version Ranges wad_source_affinity v6.0.0 -> latest
[disable] v6.0.0 -> latest
[enable] v6.0.0 -> latest
- wad_worker_count - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. type: int
more...
Supported Version Ranges wad_worker_count v6.0.0 -> latest
- wifi_ca_certificate - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. type: str
more...
Supported Version Ranges wifi_ca_certificate v6.0.0 -> latest
- wifi_certificate - Certificate to use for WiFi authentication. Source certificate.local.name. type: str
more...
Supported Version Ranges wifi_certificate v6.0.0 -> latest
- wimax_4g_usb - Enable/disable comparability with WiMAX 4G USB devices. type: str choices: enable, disable
more...
Supported Version Ranges wimax_4g_usb v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- wireless_controller - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. type: str choices: enable, disable
more...
Supported Version Ranges wireless_controller v6.0.0 -> latest
[enable] v6.0.0 -> latest
[disable] v6.0.0 -> latest
- wireless_controller_port - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). type: int
more...
Supported Version Ranges wireless_controller_port v6.0.0 -> latest
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- name: Configure global attributes.
fortinet.fortios.fortios_system_global:
vdom: "{{ vdom }}"
system_global:
admin_concurrent: "enable"
admin_console_timeout: "0"
admin_forticloud_sso_default_profile: "<your_own_value> (source system.accprofile.name)"
admin_forticloud_sso_login: "enable"
admin_host: "myhostname"
admin_hsts_max_age: "15552000"
admin_https_pki_required: "enable"
admin_https_redirect: "enable"
admin_https_ssl_banned_ciphers: "RSA"
admin_https_ssl_ciphersuites: "TLS-AES-128-GCM-SHA256"
admin_https_ssl_versions: "tlsv1-1"
admin_lockout_duration: "60"
admin_lockout_threshold: "3"
admin_login_max: "100"
admin_maintainer: "enable"
admin_port: "80"
admin_restrict_local: "enable"
admin_scp: "enable"
admin_server_cert: "<your_own_value> (source certificate.local.name)"
admin_sport: "443"
admin_ssh_grace_time: "120"
admin_ssh_password: "enable"
admin_ssh_port: "22"
admin_ssh_v1: "enable"
admin_telnet: "enable"
admin_telnet_port: "23"
admintimeout: "5"
alias: "<your_own_value>"
allow_traffic_redirect: "enable"
anti_replay: "disable"
arp_max_entry: "131072"
asymroute: "enable"
auth_cert: "<your_own_value> (source certificate.local.name)"
auth_http_port: "1000"
auth_https_port: "1003"
auth_ike_saml_port: "1001"
auth_keepalive: "enable"
auth_session_limit: "block-new"
auto_auth_extension_device: "enable"
autorun_log_fsck: "enable"
av_affinity: "<your_own_value>"
av_failopen: "pass"
av_failopen_session: "enable"
batch_cmdb: "enable"
block_session_timer: "30"
br_fdb_max_entry: "8192"
cert_chain_max: "8"
cfg_revert_timeout: "600"
cfg_save: "automatic"
check_protocol_header: "loose"
check_reset_range: "strict"
cli_audit_log: "enable"
cloud_communication: "enable"
clt_cert_req: "enable"
cmdbsvr_affinity: "<your_own_value>"
compliance_check: "enable"
compliance_check_time: "<your_own_value>"
cpu_use_threshold: "90"
csr_ca_attribute: "enable"
daily_restart: "enable"
default_service_source_port: "<your_own_value>"
device_identification_active_scan_delay: "1800"
device_idle_timeout: "300"
dh_params: "1024"
dnsproxy_worker_count: "1"
dst: "enable"
early_tcp_npu_session: "enable"
edit_vdom_prompt: "enable"
endpoint_control_fds_access: "enable"
endpoint_control_portal_port: "32767"
extender_controller_reserved_network: "<your_own_value>"
failtime: "5"
faz_disk_buffer_size: "0"
fds_statistics: "enable"
fds_statistics_period: "60"
fec_port: "50000"
fgd_alert_subscription: "advisory"
forticarrier_bypass: "enable"
forticonverter_config_upload: "once"
forticonverter_integration: "enable"
fortiextender: "disable"
fortiextender_data_port: "25246"
fortiextender_discovery_lockdown: "disable"
fortiextender_provision_on_authorization: "enable"
fortiextender_vlan_mode: "enable"
fortiipam_integration: "enable"
fortiservice_port: "8013"
fortitoken_cloud: "enable"
fortitoken_cloud_push_status: "enable"
fortitoken_cloud_sync_interval: "24"
gui_allow_default_hostname: "enable"
gui_allow_incompatible_fabric_fgt: "enable"
gui_app_detection_sdwan: "enable"
gui_auto_upgrade_setup_warning: "enable"
gui_cdn_domain_override: "<your_own_value>"
gui_cdn_usage: "enable"
gui_certificates: "enable"
gui_custom_language: "enable"
gui_date_format: "yyyy/MM/dd"
gui_date_time_source: "system"
gui_device_latitude: "<your_own_value>"
gui_device_longitude: "<your_own_value>"
gui_display_hostname: "enable"
gui_firmware_upgrade_warning: "enable"
gui_forticare_registration_setup_warning: "enable"
gui_fortigate_cloud_sandbox: "enable"
gui_fortiguard_resource_fetch: "enable"
gui_fortisandbox_cloud: "enable"
gui_ipv6: "enable"
gui_lines_per_page: "500"
gui_local_out: "enable"
gui_replacement_message_groups: "enable"
gui_rest_api_cache: "enable"
gui_theme: "jade"
gui_wireless_opensecurity: "enable"
gui_workflow_management: "enable"
ha_affinity: "<your_own_value>"
honor_df: "enable"
hostname: "myhostname"
igmp_state_limit: "3200"
interface_subnet_usage: "disable"
internet_service_database: "mini"
internet_service_download_list:
-
id: "126 (source firewall.internet-service.id)"
interval: "5"
ip_fragment_mem_thresholds: "32"
ip_src_port_range: "<your_own_value>"
ips_affinity: "<your_own_value>"
ipsec_asic_offload: "enable"
ipsec_ha_seqjump_rate: "10"
ipsec_hmac_offload: "enable"
ipsec_round_robin: "enable"
ipsec_soft_dec_async: "enable"
ipv6_accept_dad: "1"
ipv6_allow_anycast_probe: "enable"
ipv6_allow_local_in_slient_drop: "enable"
ipv6_allow_multicast_probe: "enable"
ipv6_allow_traffic_redirect: "enable"
irq_time_accounting: "auto"
language: "english"
ldapconntimeout: "500"
lldp_reception: "enable"
lldp_transmission: "enable"
log_single_cpu_high: "enable"
log_ssl_connection: "enable"
log_uuid: "disable"
log_uuid_address: "enable"
log_uuid_policy: "enable"
login_timestamp: "enable"
long_vdom_name: "enable"
management_ip: "<your_own_value>"
management_port: "443"
management_port_use_admin_sport: "enable"
management_vdom: "<your_own_value> (source system.vdom.name)"
max_dlpstat_memory: "157"
max_route_cache_size: "0"
mc_ttl_notchange: "enable"
memory_use_threshold_extreme: "95"
memory_use_threshold_green: "82"
memory_use_threshold_red: "88"
miglog_affinity: "<your_own_value>"
miglogd_children: "0"
multi_factor_authentication: "optional"
multicast_forward: "enable"
ndp_max_entry: "0"
per_user_bal: "enable"
per_user_bwl: "enable"
pmtu_discovery: "enable"
policy_auth_concurrent: "0"
post_login_banner: "disable"
pre_login_banner: "enable"
private_data_encryption: "disable"
proxy_auth_lifetime: "enable"
proxy_auth_lifetime_timeout: "480"
proxy_auth_timeout: "10"
proxy_cert_use_mgmt_vdom: "enable"
proxy_cipher_hardware_acceleration: "disable"
proxy_hardware_acceleration: "disable"
proxy_keep_alive_mode: "session"
proxy_kxp_hardware_acceleration: "disable"
proxy_re_authentication_mode: "session"
proxy_re_authentication_time: "30"
proxy_resource_mode: "enable"
proxy_worker_count: "0"
quic_ack_thresold: "3"
quic_congestion_control_algo: "cubic"
quic_max_datagram_size: "1500"
quic_pmtud: "enable"
quic_tls_handshake_timeout: "5"
quic_udp_payload_size_shaping_per_cid: "enable"
radius_port: "1812"
reboot_upon_config_restore: "enable"
refresh: "0"
remoteauthtimeout: "5"
reset_sessionless_tcp: "enable"
restart_time: "<your_own_value>"
revision_backup_on_logout: "enable"
revision_image_auto_backup: "enable"
scanunit_count: "0"
security_rating_result_submission: "enable"
security_rating_run_on_schedule: "enable"
send_pmtu_icmp: "enable"
sflowd_max_children_num: "6"
snat_route_change: "enable"
special_file_23_support: "disable"
speedtest_server: "enable"
split_port: "<your_own_value>"
ssd_trim_date: "1"
ssd_trim_freq: "never"
ssd_trim_hour: "1"
ssd_trim_min: "60"
ssd_trim_weekday: "sunday"
ssh_cbc_cipher: "enable"
ssh_enc_algo: "chacha20-poly1305@openssh.com"
ssh_hmac_md5: "enable"
ssh_hostkey_algo: "ssh-rsa"
ssh_kex_algo: "diffie-hellman-group1-sha1"
ssh_kex_sha1: "enable"
ssh_mac_algo: "hmac-md5"
ssh_mac_weak: "enable"
ssl_min_proto_version: "SSLv3"
ssl_static_key_ciphers: "enable"
sslvpn_cipher_hardware_acceleration: "enable"
sslvpn_ems_sn_check: "enable"
sslvpn_kxp_hardware_acceleration: "enable"
sslvpn_max_worker_count: "0"
sslvpn_plugin_version_check: "enable"
sslvpn_web_mode: "enable"
strict_dirty_session_check: "enable"
strong_crypto: "enable"
switch_controller: "disable"
switch_controller_reserved_network: "<your_own_value>"
sys_perf_log_interval: "5"
syslog_affinity: "<your_own_value>"
tcp_halfclose_timer: "120"
tcp_halfopen_timer: "10"
tcp_option: "enable"
tcp_rst_timer: "5"
tcp_timewait_timer: "1"
tftp: "enable"
timezone: "01"
tp_mc_skip_policy: "enable"
traffic_priority: "tos"
traffic_priority_level: "low"
two_factor_email_expiry: "60"
two_factor_fac_expiry: "60"
two_factor_ftk_expiry: "60"
two_factor_ftm_expiry: "72"
two_factor_sms_expiry: "60"
udp_idle_timer: "180"
url_filter_affinity: "<your_own_value>"
url_filter_count: "1"
user_device_store_max_devices: "20921"
user_device_store_max_unified_mem: "104609177"
user_device_store_max_users: "20921"
user_server_cert: "<your_own_value> (source certificate.local.name)"
vdom_admin: "enable"
vdom_mode: "no-vdom"
vip_arp_range: "unlimited"
virtual_server_count: "20"
virtual_server_hardware_acceleration: "disable"
vpn_ems_sn_check: "enable"
wad_affinity: "<your_own_value>"
wad_csvc_cs_count: "1"
wad_csvc_db_count: "0"
wad_memory_change_granularity: "10"
wad_restart_end_time: "<your_own_value>"
wad_restart_mode: "none"
wad_restart_start_time: "<your_own_value>"
wad_source_affinity: "disable"
wad_worker_count: "0"
wifi_ca_certificate: "<your_own_value> (source certificate.ca.name)"
wifi_certificate: "<your_own_value> (source certificate.local.name)"
wimax_4g_usb: "enable"
wireless_controller: "enable"
wireless_controller_port: "5246"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.