1. Packages
  2. Fortios
  3. API Docs
  4. system
  5. getGlobal
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.system.getGlobal

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Use this data source to get information on fortios system global

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumi/fortios";
    
    const sample1 = fortios.system.getGlobal({});
    export const output1 = sample1.then(sample1 => sample1.hostname);
    
    import pulumi
    import pulumi_fortios as fortios
    
    sample1 = fortios.system.get_global()
    pulumi.export("output1", sample1.hostname)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/system"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		sample1, err := system.LookupGlobal(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("output1", sample1.Hostname)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumi.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var sample1 = Fortios.System.GetGlobal.Invoke();
    
        return new Dictionary<string, object?>
        {
            ["output1"] = sample1.Apply(getGlobalResult => getGlobalResult.Hostname),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.system.SystemFunctions;
    import com.pulumi.fortios.system.inputs.GetGlobalArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var sample1 = SystemFunctions.getGlobal();
    
            ctx.export("output1", sample1.applyValue(getGlobalResult -> getGlobalResult.hostname()));
        }
    }
    
    variables:
      sample1:
        fn::invoke:
          Function: fortios:system:getGlobal
          Arguments: {}
    outputs:
      output1: ${sample1.hostname}
    

    Using getGlobal

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getGlobal(args: GetGlobalArgs, opts?: InvokeOptions): Promise<GetGlobalResult>
    function getGlobalOutput(args: GetGlobalOutputArgs, opts?: InvokeOptions): Output<GetGlobalResult>
    def get_global(vdomparam: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetGlobalResult
    def get_global_output(vdomparam: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetGlobalResult]
    func LookupGlobal(ctx *Context, args *LookupGlobalArgs, opts ...InvokeOption) (*LookupGlobalResult, error)
    func LookupGlobalOutput(ctx *Context, args *LookupGlobalOutputArgs, opts ...InvokeOption) LookupGlobalResultOutput

    > Note: This function is named LookupGlobal in the Go SDK.

    public static class GetGlobal 
    {
        public static Task<GetGlobalResult> InvokeAsync(GetGlobalArgs args, InvokeOptions? opts = null)
        public static Output<GetGlobalResult> Invoke(GetGlobalInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetGlobalResult> getGlobal(GetGlobalArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: fortios:system/getGlobal:getGlobal
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Vdomparam string
    Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    Vdomparam string
    Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vdomparam String
    Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vdomparam string
    Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vdomparam str
    Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vdomparam String
    Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    getGlobal Result

    The following output properties are available:

    AdminConcurrent string
    Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)
    AdminConsoleTimeout int
    Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.
    AdminForticloudSsoDefaultProfile string
    Override access profile.
    AdminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO.
    AdminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    AdminHstsMaxAge int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    AdminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.
    AdminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS.
    AdminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.
    AdminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.
    AdminHttpsSslVersions string
    Allowed TLS versions for web administration.
    AdminLockoutDuration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    AdminLockoutThreshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    AdminLoginMax int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    AdminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login.
    AdminPort int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    AdminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable)
    AdminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.
    AdminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    AdminSport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    AdminSshGraceTime int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    AdminSshPassword string
    Enable/disable password authentication for SSH admin access.
    AdminSshPort int
    Administrative access port for SSH. (1 - 65535, default = 22).
    AdminSshV1 string
    Enable/disable SSH v1 compatibility.
    AdminTelnet string
    Enable/disable TELNET service.
    AdminTelnetPort int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    Admintimeout int
    Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.
    Alias string
    Alias for your FortiGate unit.
    AllowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface.
    AntiReplay string
    Level of checking for packet replay and TCP sequence checking.
    ArpMaxEntry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    Asymroute string
    Enable/disable asymmetric route.
    AuthCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    AuthHttpPort int
    User authentication HTTP port. (1 - 65535, default = 80).
    AuthHttpsPort int
    User authentication HTTPS port. (1 - 65535, default = 443).
    AuthIkeSamlPort int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    AuthKeepalive string
    Enable to prevent user authentication sessions from timing out when idle.
    AuthSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached.
    AutoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices.
    AutorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown.
    AvAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    AvFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.
    AvFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.
    BatchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.
    BfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    BlockSessionTimer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    BrFdbMaxEntry int
    Maximum number of bridge forwarding database (FDB) entries.
    CertChainMax int
    Maximum number of certificates that can be traversed in a certificate chain.
    CfgRevertTimeout int
    Time-out for reverting to the last saved configuration.
    CfgSave string
    Configuration file save mode for CLI changes.
    CheckProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases.
    CheckResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it.
    CliAuditLog string
    Enable/disable CLI audit log.
    CloudCommunication string
    Enable/disable all cloud communication.
    CltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.
    CmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    ComplianceCheck string
    Enable/disable global PCI DSS compliance check.
    ComplianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    CpuUseThreshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    CsrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.
    DailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.
    DefaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    DeviceIdentificationActiveScanDelay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    DeviceIdleTimeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    DhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.
    DhcpLeaseBackupInterval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    DnsproxyWorkerCount int
    DNS proxy worker count.
    Dst string
    Enable/disable daylight saving time.
    EarlyTcpNpuSession string
    Enable/disable early TCP NPU session.
    EditVdomPrompt string
    Enable/disable edit new VDOM prompt.
    EndpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints.
    EndpointControlPortalPort int
    Endpoint control portal port (1 - 65535).
    ExtenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    Failtime int
    Fail-time for server lost.
    FazDiskBufferSize int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    FdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.
    FdsStatisticsPeriod int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    FecPort int
    Local UDP port for Forward Error Correction (49152 - 65535).
    FgdAlertSubscription string
    Type of alert to retrieve from FortiGuard.
    ForticonverterConfigUpload string
    Enable/disable config upload to FortiConverter.
    ForticonverterIntegration string
    Enable/disable FortiConverter integration service.
    Fortiextender string
    Enable/disable FortiExtender.
    FortiextenderDataPort int
    FortiExtender data port (1024 - 49150, default = 25246).
    FortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown.
    FortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.
    FortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode.
    FortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service.
    FortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service.
    FortiservicePort int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    FortitokenCloud string
    Enable/disable FortiToken Cloud service.
    FortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud.
    FortitokenCloudSyncInterval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    GuiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname
    GuiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.
    GuiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN.
    GuiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI.
    GuiCdnDomainOverride string
    Domain of CDN server.
    GuiCdnUsage string
    Enable/disable Load GUI static files from a CDN.
    GuiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.
    GuiCustomLanguage string
    Enable/disable custom languages in GUI.
    GuiDateFormat string
    Default date format used throughout GUI.
    GuiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries.
    GuiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    GuiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    GuiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page.
    GuiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard.
    GuiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI.
    GuiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI.
    GuiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI.
    GuiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments.
    GuiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI.
    GuiIpv6 string
    Enable/disable IPv6 settings on the GUI.
    GuiLinesPerPage int
    Number of lines to display per page for web administration.
    GuiLocalOut string
    Enable/disable Local-out traffic on the GUI.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI.
    GuiRestApiCache string
    Enable/disable REST API result caching on FortiGate.
    GuiTheme string
    Color scheme for the administration GUI.
    GuiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI.
    GuiWorkflowManagement string
    Enable/disable Workflow management features on the GUI.
    HaAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    HonorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag.
    Hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    Id string
    The provider-assigned unique ID for this managed resource.
    IgmpStateLimit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    IkeEmbryonicLimit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    InterfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable).
    InternetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    InternetServiceDownloadLists List<Pulumiverse.Fortios.System.Outputs.GetGlobalInternetServiceDownloadList>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    Interval int
    Dead gateway detection interval.
    IpFragmentMemThresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    IpSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    IpsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    IpsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.
    IpsecHaSeqjumpRate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    IpsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.
    IpsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption.
    IpsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.
    IpsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.
    Ipv6AcceptDad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    Ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast.
    Ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic.
    Ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic.
    Ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast.
    Ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.
    IrqTimeAccounting string
    Configure CPU IRQ time accounting mode.
    Language string
    GUI display language.
    Ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
    LogSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold.
    LogSslConnection string
    Enable/disable logging of SSL connection events.
    LogUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs.
    LogUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs.
    LoginTimestamp string
    Enable/disable login time recording.
    LongVdomName string
    Enable/disable long VDOM name support.
    ManagementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    ManagementPort int
    Overriding port for management connection (Overrides admin port).
    ManagementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.
    ManagementVdom string
    Management virtual domain name.
    MaxDlpstatMemory int
    Maximum DLP stat memory (0 - 4294967295).
    MaxRouteCacheSize int
    Maximum number of IP route cache entries (0 - 2147483647).
    McTtlNotchange string
    Enable/disable no modification of multicast TTL.
    MemoryUseThresholdExtreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    MemoryUseThresholdGreen int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    MemoryUseThresholdRed int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    MiglogAffinity string
    Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx).
    MiglogdChildren int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.
    MultiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional).
    MulticastForward string
    Enable/disable multicast forwarding.
    NdpMaxEntry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    NpuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions.
    PerUserBal string
    Enable/disable per-user block/allow list filter.
    PerUserBwl string
    Enable/disable per-user black/white list filter.
    PmtuDiscovery string
    Enable/disable path MTU discovery.
    PolicyAuthConcurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    PostLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.
    PreLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.
    PrivateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key.
    ProxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.
    ProxyAuthLifetimeTimeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    ProxyAuthTimeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    ProxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests.
    ProxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic.
    ProxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration.
    ProxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.
    ProxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic.
    ProxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created.
    ProxyReAuthenticationTime int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    ProxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.
    ProxyWorkerCount int
    Proxy worker count.
    PurdueLevel string
    Purdue Level of this FortiGate.
    QuicAckThresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    QuicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic).
    QuicMaxDatagramSize int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    QuicPmtud string
    Enable/disable path MTU discovery (default = enable).
    QuicTlsHandshakeTimeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    QuicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable).
    RadiusPort int
    RADIUS service port number.
    RebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration.
    Refresh int
    Statistics refresh interval in GUI.
    Remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).
    ResetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.
    RestartTime string
    Daily restart time (hh:mm).
    RevisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.
    RevisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded.
    ScanunitCount int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    SecurityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard.
    SecurityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating.
    SendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.
    SflowdMaxChildrenNum int
    Maximum number of sflowd child processes allowed to run.
    SnatRouteChange string
    Enable/disable the ability to change the static NAT route.
    SpecialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection.
    SpeedtestServer string
    Enable/disable speed test server.
    SpeedtestdCtrlPort int
    Speedtest server controller port number.
    SpeedtestdServerPort int
    Speedtest server port number.
    SplitPort string
    Split port(s) to multiple 10Gbps ports.
    SsdTrimDate int
    Date within a month to run ssd trim.
    SsdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.
    SsdTrimHour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    SsdTrimMin int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    SsdTrimWeekday string
    Day of week to run SSD Trim.
    SshCbcCipher string
    Enable/disable CBC cipher for SSH access.
    SshEncAlgo string
    Select one or more SSH ciphers.
    SshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access.
    SshHostkey string
    Config SSH host key.
    SshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    SshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon.
    SshHostkeyPassword string
    Password for ssh-hostkey.
    SshKexAlgo string
    Select one or more SSH kex algorithms.
    SshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access.
    SshMacAlgo string
    Select one or more SSH MAC algorithms.
    SshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    SslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
    SslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration.
    SslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection.
    SslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration.
    SslvpnMaxWorkerCount int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    SslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN.
    SslvpnWebMode string
    Enable/disable SSL-VPN web mode.
    StrictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.
    StrongCrypto string
    Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.
    SwitchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.
    SwitchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    SysPerfLogInterval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    SyslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    TcpHalfcloseTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    TcpHalfopenTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    TcpOption string
    Enable SACK, timestamp and MSS TCP options.
    TcpRstTimer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    TcpTimewaitTimer int
    Length of the TCP TIME-WAIT state in seconds.
    Tftp string
    Enable/disable TFTP.
    Timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    TpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through.
    TrafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.
    TrafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization.
    TwoFactorEmailExpiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    TwoFactorFacExpiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    TwoFactorFtkExpiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    TwoFactorFtmExpiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    TwoFactorSmsExpiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    UdpIdleTimer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    UrlFilterAffinity string
    URL filter CPU affinity.
    UrlFilterCount int
    URL filter daemon count.
    UserDeviceStoreMaxDevices int
    Maximum number of devices allowed in user device store.
    UserDeviceStoreMaxUnifiedMem int
    Maximum unified memory allowed in user device store.
    UserDeviceStoreMaxUsers int
    Maximum number of users allowed in user device store.
    UserServerCert string
    Certificate to use for https user authentication.
    VdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs).
    VdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs).
    VipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.
    VirtualServerCount int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    VirtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration.
    VirtualSwitchVlan string
    Enable/disable virtual switch VLAN.
    VpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection.
    WadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    WadCsvcCsCount int
    Number of concurrent WAD-cache-service object-cache processes.
    WadCsvcDbCount int
    Number of concurrent WAD-cache-service byte-cache processes.
    WadMemoryChangeGranularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    WadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    WadRestartMode string
    WAD worker restart mode (default = none).
    WadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    WadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity.
    WadWorkerCount int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    WifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    WifiCertificate string
    Certificate to use for WiFi authentication.
    Wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices.
    WirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.
    WirelessControllerPort int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    Vdomparam string
    AdminConcurrent string
    Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)
    AdminConsoleTimeout int
    Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.
    AdminForticloudSsoDefaultProfile string
    Override access profile.
    AdminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO.
    AdminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    AdminHstsMaxAge int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    AdminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.
    AdminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS.
    AdminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.
    AdminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.
    AdminHttpsSslVersions string
    Allowed TLS versions for web administration.
    AdminLockoutDuration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    AdminLockoutThreshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    AdminLoginMax int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    AdminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login.
    AdminPort int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    AdminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable)
    AdminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.
    AdminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    AdminSport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    AdminSshGraceTime int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    AdminSshPassword string
    Enable/disable password authentication for SSH admin access.
    AdminSshPort int
    Administrative access port for SSH. (1 - 65535, default = 22).
    AdminSshV1 string
    Enable/disable SSH v1 compatibility.
    AdminTelnet string
    Enable/disable TELNET service.
    AdminTelnetPort int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    Admintimeout int
    Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.
    Alias string
    Alias for your FortiGate unit.
    AllowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface.
    AntiReplay string
    Level of checking for packet replay and TCP sequence checking.
    ArpMaxEntry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    Asymroute string
    Enable/disable asymmetric route.
    AuthCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    AuthHttpPort int
    User authentication HTTP port. (1 - 65535, default = 80).
    AuthHttpsPort int
    User authentication HTTPS port. (1 - 65535, default = 443).
    AuthIkeSamlPort int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    AuthKeepalive string
    Enable to prevent user authentication sessions from timing out when idle.
    AuthSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached.
    AutoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices.
    AutorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown.
    AvAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    AvFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.
    AvFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.
    BatchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.
    BfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    BlockSessionTimer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    BrFdbMaxEntry int
    Maximum number of bridge forwarding database (FDB) entries.
    CertChainMax int
    Maximum number of certificates that can be traversed in a certificate chain.
    CfgRevertTimeout int
    Time-out for reverting to the last saved configuration.
    CfgSave string
    Configuration file save mode for CLI changes.
    CheckProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases.
    CheckResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it.
    CliAuditLog string
    Enable/disable CLI audit log.
    CloudCommunication string
    Enable/disable all cloud communication.
    CltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.
    CmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    ComplianceCheck string
    Enable/disable global PCI DSS compliance check.
    ComplianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    CpuUseThreshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    CsrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.
    DailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.
    DefaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    DeviceIdentificationActiveScanDelay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    DeviceIdleTimeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    DhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.
    DhcpLeaseBackupInterval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    DnsproxyWorkerCount int
    DNS proxy worker count.
    Dst string
    Enable/disable daylight saving time.
    EarlyTcpNpuSession string
    Enable/disable early TCP NPU session.
    EditVdomPrompt string
    Enable/disable edit new VDOM prompt.
    EndpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints.
    EndpointControlPortalPort int
    Endpoint control portal port (1 - 65535).
    ExtenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    Failtime int
    Fail-time for server lost.
    FazDiskBufferSize int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    FdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.
    FdsStatisticsPeriod int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    FecPort int
    Local UDP port for Forward Error Correction (49152 - 65535).
    FgdAlertSubscription string
    Type of alert to retrieve from FortiGuard.
    ForticonverterConfigUpload string
    Enable/disable config upload to FortiConverter.
    ForticonverterIntegration string
    Enable/disable FortiConverter integration service.
    Fortiextender string
    Enable/disable FortiExtender.
    FortiextenderDataPort int
    FortiExtender data port (1024 - 49150, default = 25246).
    FortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown.
    FortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.
    FortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode.
    FortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service.
    FortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service.
    FortiservicePort int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    FortitokenCloud string
    Enable/disable FortiToken Cloud service.
    FortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud.
    FortitokenCloudSyncInterval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    GuiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname
    GuiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.
    GuiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN.
    GuiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI.
    GuiCdnDomainOverride string
    Domain of CDN server.
    GuiCdnUsage string
    Enable/disable Load GUI static files from a CDN.
    GuiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.
    GuiCustomLanguage string
    Enable/disable custom languages in GUI.
    GuiDateFormat string
    Default date format used throughout GUI.
    GuiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries.
    GuiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    GuiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    GuiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page.
    GuiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard.
    GuiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI.
    GuiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI.
    GuiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI.
    GuiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments.
    GuiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI.
    GuiIpv6 string
    Enable/disable IPv6 settings on the GUI.
    GuiLinesPerPage int
    Number of lines to display per page for web administration.
    GuiLocalOut string
    Enable/disable Local-out traffic on the GUI.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI.
    GuiRestApiCache string
    Enable/disable REST API result caching on FortiGate.
    GuiTheme string
    Color scheme for the administration GUI.
    GuiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI.
    GuiWorkflowManagement string
    Enable/disable Workflow management features on the GUI.
    HaAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    HonorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag.
    Hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    Id string
    The provider-assigned unique ID for this managed resource.
    IgmpStateLimit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    IkeEmbryonicLimit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    InterfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable).
    InternetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    InternetServiceDownloadLists []GetGlobalInternetServiceDownloadList
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    Interval int
    Dead gateway detection interval.
    IpFragmentMemThresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    IpSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    IpsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    IpsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.
    IpsecHaSeqjumpRate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    IpsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.
    IpsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption.
    IpsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.
    IpsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.
    Ipv6AcceptDad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    Ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast.
    Ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic.
    Ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic.
    Ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast.
    Ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.
    IrqTimeAccounting string
    Configure CPU IRQ time accounting mode.
    Language string
    GUI display language.
    Ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
    LogSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold.
    LogSslConnection string
    Enable/disable logging of SSL connection events.
    LogUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs.
    LogUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs.
    LoginTimestamp string
    Enable/disable login time recording.
    LongVdomName string
    Enable/disable long VDOM name support.
    ManagementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    ManagementPort int
    Overriding port for management connection (Overrides admin port).
    ManagementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.
    ManagementVdom string
    Management virtual domain name.
    MaxDlpstatMemory int
    Maximum DLP stat memory (0 - 4294967295).
    MaxRouteCacheSize int
    Maximum number of IP route cache entries (0 - 2147483647).
    McTtlNotchange string
    Enable/disable no modification of multicast TTL.
    MemoryUseThresholdExtreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    MemoryUseThresholdGreen int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    MemoryUseThresholdRed int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    MiglogAffinity string
    Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx).
    MiglogdChildren int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.
    MultiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional).
    MulticastForward string
    Enable/disable multicast forwarding.
    NdpMaxEntry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    NpuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions.
    PerUserBal string
    Enable/disable per-user block/allow list filter.
    PerUserBwl string
    Enable/disable per-user black/white list filter.
    PmtuDiscovery string
    Enable/disable path MTU discovery.
    PolicyAuthConcurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    PostLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.
    PreLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.
    PrivateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key.
    ProxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.
    ProxyAuthLifetimeTimeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    ProxyAuthTimeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    ProxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests.
    ProxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic.
    ProxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration.
    ProxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.
    ProxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic.
    ProxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created.
    ProxyReAuthenticationTime int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    ProxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.
    ProxyWorkerCount int
    Proxy worker count.
    PurdueLevel string
    Purdue Level of this FortiGate.
    QuicAckThresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    QuicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic).
    QuicMaxDatagramSize int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    QuicPmtud string
    Enable/disable path MTU discovery (default = enable).
    QuicTlsHandshakeTimeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    QuicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable).
    RadiusPort int
    RADIUS service port number.
    RebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration.
    Refresh int
    Statistics refresh interval in GUI.
    Remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).
    ResetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.
    RestartTime string
    Daily restart time (hh:mm).
    RevisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.
    RevisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded.
    ScanunitCount int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    SecurityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard.
    SecurityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating.
    SendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.
    SflowdMaxChildrenNum int
    Maximum number of sflowd child processes allowed to run.
    SnatRouteChange string
    Enable/disable the ability to change the static NAT route.
    SpecialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection.
    SpeedtestServer string
    Enable/disable speed test server.
    SpeedtestdCtrlPort int
    Speedtest server controller port number.
    SpeedtestdServerPort int
    Speedtest server port number.
    SplitPort string
    Split port(s) to multiple 10Gbps ports.
    SsdTrimDate int
    Date within a month to run ssd trim.
    SsdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.
    SsdTrimHour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    SsdTrimMin int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    SsdTrimWeekday string
    Day of week to run SSD Trim.
    SshCbcCipher string
    Enable/disable CBC cipher for SSH access.
    SshEncAlgo string
    Select one or more SSH ciphers.
    SshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access.
    SshHostkey string
    Config SSH host key.
    SshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    SshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon.
    SshHostkeyPassword string
    Password for ssh-hostkey.
    SshKexAlgo string
    Select one or more SSH kex algorithms.
    SshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access.
    SshMacAlgo string
    Select one or more SSH MAC algorithms.
    SshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    SslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
    SslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration.
    SslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection.
    SslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration.
    SslvpnMaxWorkerCount int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    SslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN.
    SslvpnWebMode string
    Enable/disable SSL-VPN web mode.
    StrictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.
    StrongCrypto string
    Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.
    SwitchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.
    SwitchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    SysPerfLogInterval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    SyslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    TcpHalfcloseTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    TcpHalfopenTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    TcpOption string
    Enable SACK, timestamp and MSS TCP options.
    TcpRstTimer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    TcpTimewaitTimer int
    Length of the TCP TIME-WAIT state in seconds.
    Tftp string
    Enable/disable TFTP.
    Timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    TpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through.
    TrafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.
    TrafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization.
    TwoFactorEmailExpiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    TwoFactorFacExpiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    TwoFactorFtkExpiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    TwoFactorFtmExpiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    TwoFactorSmsExpiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    UdpIdleTimer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    UrlFilterAffinity string
    URL filter CPU affinity.
    UrlFilterCount int
    URL filter daemon count.
    UserDeviceStoreMaxDevices int
    Maximum number of devices allowed in user device store.
    UserDeviceStoreMaxUnifiedMem int
    Maximum unified memory allowed in user device store.
    UserDeviceStoreMaxUsers int
    Maximum number of users allowed in user device store.
    UserServerCert string
    Certificate to use for https user authentication.
    VdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs).
    VdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs).
    VipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.
    VirtualServerCount int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    VirtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration.
    VirtualSwitchVlan string
    Enable/disable virtual switch VLAN.
    VpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection.
    WadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    WadCsvcCsCount int
    Number of concurrent WAD-cache-service object-cache processes.
    WadCsvcDbCount int
    Number of concurrent WAD-cache-service byte-cache processes.
    WadMemoryChangeGranularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    WadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    WadRestartMode string
    WAD worker restart mode (default = none).
    WadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    WadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity.
    WadWorkerCount int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    WifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    WifiCertificate string
    Certificate to use for WiFi authentication.
    Wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices.
    WirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.
    WirelessControllerPort int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    Vdomparam string
    adminConcurrent String
    Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)
    adminConsoleTimeout Integer
    Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.
    adminForticloudSsoDefaultProfile String
    Override access profile.
    adminForticloudSsoLogin String
    Enable/disable FortiCloud admin login via SSO.
    adminHost String
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge Integer
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired String
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.
    adminHttpsRedirect String
    Enable/disable redirection of HTTP administration access to HTTPS.
    adminHttpsSslBannedCiphers String
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.
    adminHttpsSslCiphersuites String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.
    adminHttpsSslVersions String
    Allowed TLS versions for web administration.
    adminLockoutDuration Integer
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold Integer
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax Integer
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer String
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login.
    adminPort Integer
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal String
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable)
    adminScp String
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.
    adminServerCert String
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport Integer
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime Integer
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword String
    Enable/disable password authentication for SSH admin access.
    adminSshPort Integer
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 String
    Enable/disable SSH v1 compatibility.
    adminTelnet String
    Enable/disable TELNET service.
    adminTelnetPort Integer
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout Integer
    Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.
    alias String
    Alias for your FortiGate unit.
    allowTrafficRedirect String
    Disable to allow traffic to be routed back on a different interface.
    antiReplay String
    Level of checking for packet replay and TCP sequence checking.
    arpMaxEntry Integer
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute String
    Enable/disable asymmetric route.
    authCert String
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort Integer
    User authentication HTTP port. (1 - 65535, default = 80).
    authHttpsPort Integer
    User authentication HTTPS port. (1 - 65535, default = 443).
    authIkeSamlPort Integer
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive String
    Enable to prevent user authentication sessions from timing out when idle.
    authSessionLimit String
    Action to take when the number of allowed user authenticated sessions is reached.
    autoAuthExtensionDevice String
    Enable/disable automatic authorization of dedicated Fortinet extension devices.
    autorunLogFsck String
    Enable/disable automatic log partition check after ungraceful shutdown.
    avAffinity String
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen String
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.
    avFailopenSession String
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.
    batchCmdb String
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.
    bfdAffinity String
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer Integer
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry Integer
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax Integer
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout Integer
    Time-out for reverting to the last saved configuration.
    cfgSave String
    Configuration file save mode for CLI changes.
    checkProtocolHeader String
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases.
    checkResetRange String
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it.
    cliAuditLog String
    Enable/disable CLI audit log.
    cloudCommunication String
    Enable/disable all cloud communication.
    cltCertReq String
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.
    cmdbsvrAffinity String
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck String
    Enable/disable global PCI DSS compliance check.
    complianceCheckTime String
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold Integer
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute String
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.
    dailyRestart String
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.
    defaultServiceSourcePort String
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay Integer
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout Integer
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams String
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.
    dhcpLeaseBackupInterval Integer
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount Integer
    DNS proxy worker count.
    dst String
    Enable/disable daylight saving time.
    earlyTcpNpuSession String
    Enable/disable early TCP NPU session.
    editVdomPrompt String
    Enable/disable edit new VDOM prompt.
    endpointControlFdsAccess String
    Enable/disable access to the FortiGuard network for non-compliant endpoints.
    endpointControlPortalPort Integer
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork String
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime Integer
    Fail-time for server lost.
    fazDiskBufferSize Integer
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics String
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.
    fdsStatisticsPeriod Integer
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort Integer
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription String
    Type of alert to retrieve from FortiGuard.
    forticonverterConfigUpload String
    Enable/disable config upload to FortiConverter.
    forticonverterIntegration String
    Enable/disable FortiConverter integration service.
    fortiextender String
    Enable/disable FortiExtender.
    fortiextenderDataPort Integer
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown String
    Enable/disable FortiExtender CAPWAP lockdown.
    fortiextenderProvisionOnAuthorization String
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.
    fortiextenderVlanMode String
    Enable/disable FortiExtender VLAN mode.
    fortigslbIntegration String
    Enable/disable integration with the FortiGSLB cloud service.
    fortiipamIntegration String
    Enable/disable integration with the FortiIPAM cloud service.
    fortiservicePort Integer
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud String
    Enable/disable FortiToken Cloud service.
    fortitokenCloudPushStatus String
    Enable/disable FTM push service of FortiToken Cloud.
    fortitokenCloudSyncInterval Integer
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    guiAllowDefaultHostname String
    Enable/disable the GUI warning about using a default hostname
    guiAllowIncompatibleFabricFgt String
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.
    guiAppDetectionSdwan String
    Enable/disable Allow app-detection based SD-WAN.
    guiAutoUpgradeSetupWarning String
    Enable/disable the automatic patch upgrade setup prompt on the GUI.
    guiCdnDomainOverride String
    Domain of CDN server.
    guiCdnUsage String
    Enable/disable Load GUI static files from a CDN.
    guiCertificates String
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.
    guiCustomLanguage String
    Enable/disable custom languages in GUI.
    guiDateFormat String
    Default date format used throughout GUI.
    guiDateTimeSource String
    Source from which the FortiGate GUI uses to display date and time entries.
    guiDeviceLatitude String
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude String
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname String
    Enable/disable displaying the FortiGate's hostname on the GUI login page.
    guiFirmwareUpgradeSetupWarning String
    Enable/disable the firmware upgrade warning on GUI setup wizard.
    guiFirmwareUpgradeWarning String
    Enable/disable the firmware upgrade warning on the GUI.
    guiForticareRegistrationSetupWarning String
    Enable/disable the FortiCare registration setup warning on the GUI.
    guiFortigateCloudSandbox String
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI.
    guiFortiguardResourceFetch String
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments.
    guiFortisandboxCloud String
    Enable/disable displaying FortiSandbox Cloud on the GUI.
    guiIpv6 String
    Enable/disable IPv6 settings on the GUI.
    guiLinesPerPage Integer
    Number of lines to display per page for web administration.
    guiLocalOut String
    Enable/disable Local-out traffic on the GUI.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI.
    guiRestApiCache String
    Enable/disable REST API result caching on FortiGate.
    guiTheme String
    Color scheme for the administration GUI.
    guiWirelessOpensecurity String
    Enable/disable wireless open security option on the GUI.
    guiWorkflowManagement String
    Enable/disable Workflow management features on the GUI.
    haAffinity String
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf String
    Enable/disable honoring of Don't-Fragment (DF) flag.
    hostname String
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    id String
    The provider-assigned unique ID for this managed resource.
    igmpStateLimit Integer
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit Integer
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage String
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable).
    internetServiceDatabase String
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists List<GetGlobalInternetServiceDownloadList>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval Integer
    Dead gateway detection interval.
    ipFragmentMemThresholds Integer
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange String
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity String
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload String
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.
    ipsecHaSeqjumpRate Integer
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload String
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.
    ipsecQatOffload String
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption.
    ipsecRoundRobin String
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.
    ipsecSoftDecAsync String
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.
    ipv6AcceptDad Integer
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe String
    Enable/disable IPv6 address probe through Anycast.
    ipv6AllowLocalInSilentDrop String
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6AllowLocalInSlientDrop String
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6AllowMulticastProbe String
    Enable/disable IPv6 address probe through Multicast.
    ipv6AllowTrafficRedirect String
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.
    irqTimeAccounting String
    Configure CPU IRQ time accounting mode.
    language String
    GUI display language.
    ldapconntimeout Integer
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
    logSingleCpuHigh String
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold.
    logSslConnection String
    Enable/disable logging of SSL connection events.
    logUuidAddress String
    Enable/disable insertion of address UUIDs to traffic logs.
    logUuidPolicy String
    Enable/disable insertion of policy UUIDs to traffic logs.
    loginTimestamp String
    Enable/disable login time recording.
    longVdomName String
    Enable/disable long VDOM name support.
    managementIp String
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort Integer
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport String
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.
    managementVdom String
    Management virtual domain name.
    maxDlpstatMemory Integer
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize Integer
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange String
    Enable/disable no modification of multicast TTL.
    memoryUseThresholdExtreme Integer
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen Integer
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed Integer
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity String
    Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx).
    miglogdChildren Integer
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.
    multiFactorAuthentication String
    Enforce all login methods to require an additional authentication factor (default = optional).
    multicastForward String
    Enable/disable multicast forwarding.
    ndpMaxEntry Integer
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate String
    Enable/disable sending of probing packets to update neighbors for offloaded sessions.
    perUserBal String
    Enable/disable per-user block/allow list filter.
    perUserBwl String
    Enable/disable per-user black/white list filter.
    pmtuDiscovery String
    Enable/disable path MTU discovery.
    policyAuthConcurrent Integer
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner String
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.
    preLoginBanner String
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.
    privateDataEncryption String
    Enable/disable private data encryption using an AES 128-bit key.
    proxyAuthLifetime String
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.
    proxyAuthLifetimeTimeout Integer
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout Integer
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom String
    Enable/disable using management VDOM to send requests.
    proxyCipherHardwareAcceleration String
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic.
    proxyHardwareAcceleration String
    Enable/disable email proxy hardware acceleration.
    proxyKeepAliveMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.
    proxyKxpHardwareAcceleration String
    Enable/disable using the content processor to accelerate KXP traffic.
    proxyReAuthenticationMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created.
    proxyReAuthenticationTime Integer
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode String
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.
    proxyWorkerCount Integer
    Proxy worker count.
    purdueLevel String
    Purdue Level of this FortiGate.
    quicAckThresold Integer
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo String
    QUIC congestion control algorithm (default = cubic).
    quicMaxDatagramSize Integer
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud String
    Enable/disable path MTU discovery (default = enable).
    quicTlsHandshakeTimeout Integer
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid String
    Enable/disable UDP payload size shaping per connection ID (default = enable).
    radiusPort Integer
    RADIUS service port number.
    rebootUponConfigRestore String
    Enable/disable reboot of system upon restoring configuration.
    refresh Integer
    Statistics refresh interval in GUI.
    remoteauthtimeout Integer
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).
    resetSessionlessTcp String
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.
    restartTime String
    Daily restart time (hh:mm).
    revisionBackupOnLogout String
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.
    revisionImageAutoBackup String
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded.
    scanunitCount Integer
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission String
    Enable/disable the submission of Security Rating results to FortiGuard.
    securityRatingRunOnSchedule String
    Enable/disable scheduled runs of Security Rating.
    sendPmtuIcmp String
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.
    sflowdMaxChildrenNum Integer
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange String
    Enable/disable the ability to change the static NAT route.
    specialFile23Support String
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection.
    speedtestServer String
    Enable/disable speed test server.
    speedtestdCtrlPort Integer
    Speedtest server controller port number.
    speedtestdServerPort Integer
    Speedtest server port number.
    splitPort String
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate Integer
    Date within a month to run ssd trim.
    ssdTrimFreq String
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.
    ssdTrimHour Integer
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin Integer
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday String
    Day of week to run SSD Trim.
    sshCbcCipher String
    Enable/disable CBC cipher for SSH access.
    sshEncAlgo String
    Select one or more SSH ciphers.
    sshHmacMd5 String
    Enable/disable HMAC-MD5 for SSH access.
    sshHostkey String
    Config SSH host key.
    sshHostkeyAlgo String
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride String
    Enable/disable SSH host key override in SSH daemon.
    sshHostkeyPassword String
    Password for ssh-hostkey.
    sshKexAlgo String
    Select one or more SSH kex algorithms.
    sshKexSha1 String
    Enable/disable SHA1 key exchange for SSH access.
    sshMacAlgo String
    Select one or more SSH MAC algorithms.
    sshMacWeak String
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers String
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
    sslvpnCipherHardwareAcceleration String
    Enable/disable SSL VPN hardware acceleration.
    sslvpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN connection.
    sslvpnKxpHardwareAcceleration String
    Enable/disable SSL VPN KXP hardware acceleration.
    sslvpnMaxWorkerCount Integer
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck String
    Enable/disable checking browser's plugin version by SSL VPN.
    sslvpnWebMode String
    Enable/disable SSL-VPN web mode.
    strictDirtySessionCheck String
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.
    strongCrypto String
    Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.
    switchController String
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.
    switchControllerReservedNetwork String
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval Integer
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity String
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer Integer
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer Integer
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption String
    Enable SACK, timestamp and MSS TCP options.
    tcpRstTimer Integer
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer Integer
    Length of the TCP TIME-WAIT state in seconds.
    tftp String
    Enable/disable TFTP.
    timezone String
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy String
    Enable/disable skip policy check and allow multicast through.
    trafficPriority String
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.
    trafficPriorityLevel String
    Default system-wide level of priority for traffic prioritization.
    twoFactorEmailExpiry Integer
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry Integer
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry Integer
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry Integer
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry Integer
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer Integer
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity String
    URL filter CPU affinity.
    urlFilterCount Integer
    URL filter daemon count.
    userDeviceStoreMaxDevices Integer
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem Integer
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers Integer
    Maximum number of users allowed in user device store.
    userServerCert String
    Certificate to use for https user authentication.
    vdomAdmin String
    Enable/disable support for multiple virtual domains (VDOMs).
    vdomMode String
    Enable/disable support for split/multiple virtual domains (VDOMs).
    vipArpRange String
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.
    virtualServerCount Integer
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration String
    Enable/disable virtual server hardware acceleration.
    virtualSwitchVlan String
    Enable/disable virtual switch VLAN.
    vpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection.
    wadAffinity String
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount Integer
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount Integer
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity Integer
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime String
    WAD workers daily restart end time (hh:mm).
    wadRestartMode String
    WAD worker restart mode (default = none).
    wadRestartStartTime String
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity String
    Enable/disable dispatching traffic to WAD workers based on source affinity.
    wadWorkerCount Integer
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate String
    CA certificate that verifies the WiFi certificate.
    wifiCertificate String
    Certificate to use for WiFi authentication.
    wimax4gUsb String
    Enable/disable comparability with WiMAX 4G USB devices.
    wirelessController String
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.
    wirelessControllerPort Integer
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    vdomparam String
    adminConcurrent string
    Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)
    adminConsoleTimeout number
    Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.
    adminForticloudSsoDefaultProfile string
    Override access profile.
    adminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO.
    adminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge number
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.
    adminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS.
    adminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.
    adminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.
    adminHttpsSslVersions string
    Allowed TLS versions for web administration.
    adminLockoutDuration number
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold number
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax number
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login.
    adminPort number
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable)
    adminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.
    adminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport number
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime number
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword string
    Enable/disable password authentication for SSH admin access.
    adminSshPort number
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 string
    Enable/disable SSH v1 compatibility.
    adminTelnet string
    Enable/disable TELNET service.
    adminTelnetPort number
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout number
    Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.
    alias string
    Alias for your FortiGate unit.
    allowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface.
    antiReplay string
    Level of checking for packet replay and TCP sequence checking.
    arpMaxEntry number
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute string
    Enable/disable asymmetric route.
    authCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort number
    User authentication HTTP port. (1 - 65535, default = 80).
    authHttpsPort number
    User authentication HTTPS port. (1 - 65535, default = 443).
    authIkeSamlPort number
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive string
    Enable to prevent user authentication sessions from timing out when idle.
    authSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached.
    autoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices.
    autorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown.
    avAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.
    avFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.
    batchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.
    bfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer number
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry number
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax number
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout number
    Time-out for reverting to the last saved configuration.
    cfgSave string
    Configuration file save mode for CLI changes.
    checkProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases.
    checkResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it.
    cliAuditLog string
    Enable/disable CLI audit log.
    cloudCommunication string
    Enable/disable all cloud communication.
    cltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.
    cmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck string
    Enable/disable global PCI DSS compliance check.
    complianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold number
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.
    dailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.
    defaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay number
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout number
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.
    dhcpLeaseBackupInterval number
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount number
    DNS proxy worker count.
    dst string
    Enable/disable daylight saving time.
    earlyTcpNpuSession string
    Enable/disable early TCP NPU session.
    editVdomPrompt string
    Enable/disable edit new VDOM prompt.
    endpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints.
    endpointControlPortalPort number
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime number
    Fail-time for server lost.
    fazDiskBufferSize number
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.
    fdsStatisticsPeriod number
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort number
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription string
    Type of alert to retrieve from FortiGuard.
    forticonverterConfigUpload string
    Enable/disable config upload to FortiConverter.
    forticonverterIntegration string
    Enable/disable FortiConverter integration service.
    fortiextender string
    Enable/disable FortiExtender.
    fortiextenderDataPort number
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown.
    fortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.
    fortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode.
    fortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service.
    fortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service.
    fortiservicePort number
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud string
    Enable/disable FortiToken Cloud service.
    fortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud.
    fortitokenCloudSyncInterval number
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    guiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname
    guiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.
    guiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN.
    guiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI.
    guiCdnDomainOverride string
    Domain of CDN server.
    guiCdnUsage string
    Enable/disable Load GUI static files from a CDN.
    guiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.
    guiCustomLanguage string
    Enable/disable custom languages in GUI.
    guiDateFormat string
    Default date format used throughout GUI.
    guiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries.
    guiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page.
    guiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard.
    guiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI.
    guiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI.
    guiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI.
    guiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments.
    guiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI.
    guiIpv6 string
    Enable/disable IPv6 settings on the GUI.
    guiLinesPerPage number
    Number of lines to display per page for web administration.
    guiLocalOut string
    Enable/disable Local-out traffic on the GUI.
    guiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI.
    guiRestApiCache string
    Enable/disable REST API result caching on FortiGate.
    guiTheme string
    Color scheme for the administration GUI.
    guiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI.
    guiWorkflowManagement string
    Enable/disable Workflow management features on the GUI.
    haAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag.
    hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    id string
    The provider-assigned unique ID for this managed resource.
    igmpStateLimit number
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit number
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable).
    internetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists GetGlobalInternetServiceDownloadList[]
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval number
    Dead gateway detection interval.
    ipFragmentMemThresholds number
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.
    ipsecHaSeqjumpRate number
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.
    ipsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption.
    ipsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.
    ipsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.
    ipv6AcceptDad number
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast.
    ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast.
    ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.
    irqTimeAccounting string
    Configure CPU IRQ time accounting mode.
    language string
    GUI display language.
    ldapconntimeout number
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception.
    lldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
    logSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold.
    logSslConnection string
    Enable/disable logging of SSL connection events.
    logUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs.
    logUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs.
    loginTimestamp string
    Enable/disable login time recording.
    longVdomName string
    Enable/disable long VDOM name support.
    managementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort number
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.
    managementVdom string
    Management virtual domain name.
    maxDlpstatMemory number
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize number
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange string
    Enable/disable no modification of multicast TTL.
    memoryUseThresholdExtreme number
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen number
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed number
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity string
    Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx).
    miglogdChildren number
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.
    multiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional).
    multicastForward string
    Enable/disable multicast forwarding.
    ndpMaxEntry number
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions.
    perUserBal string
    Enable/disable per-user block/allow list filter.
    perUserBwl string
    Enable/disable per-user black/white list filter.
    pmtuDiscovery string
    Enable/disable path MTU discovery.
    policyAuthConcurrent number
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.
    preLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.
    privateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key.
    proxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.
    proxyAuthLifetimeTimeout number
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout number
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests.
    proxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic.
    proxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration.
    proxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.
    proxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic.
    proxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created.
    proxyReAuthenticationTime number
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.
    proxyWorkerCount number
    Proxy worker count.
    purdueLevel string
    Purdue Level of this FortiGate.
    quicAckThresold number
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic).
    quicMaxDatagramSize number
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud string
    Enable/disable path MTU discovery (default = enable).
    quicTlsHandshakeTimeout number
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable).
    radiusPort number
    RADIUS service port number.
    rebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration.
    refresh number
    Statistics refresh interval in GUI.
    remoteauthtimeout number
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).
    resetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.
    restartTime string
    Daily restart time (hh:mm).
    revisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.
    revisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded.
    scanunitCount number
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard.
    securityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating.
    sendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.
    sflowdMaxChildrenNum number
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange string
    Enable/disable the ability to change the static NAT route.
    specialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection.
    speedtestServer string
    Enable/disable speed test server.
    speedtestdCtrlPort number
    Speedtest server controller port number.
    speedtestdServerPort number
    Speedtest server port number.
    splitPort string
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate number
    Date within a month to run ssd trim.
    ssdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.
    ssdTrimHour number
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin number
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday string
    Day of week to run SSD Trim.
    sshCbcCipher string
    Enable/disable CBC cipher for SSH access.
    sshEncAlgo string
    Select one or more SSH ciphers.
    sshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access.
    sshHostkey string
    Config SSH host key.
    sshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon.
    sshHostkeyPassword string
    Password for ssh-hostkey.
    sshKexAlgo string
    Select one or more SSH kex algorithms.
    sshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access.
    sshMacAlgo string
    Select one or more SSH MAC algorithms.
    sshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.
    sslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
    sslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration.
    sslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection.
    sslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration.
    sslvpnMaxWorkerCount number
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN.
    sslvpnWebMode string
    Enable/disable SSL-VPN web mode.
    strictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.
    strongCrypto string
    Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.
    switchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.
    switchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval number
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption string
    Enable SACK, timestamp and MSS TCP options.
    tcpRstTimer number
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer number
    Length of the TCP TIME-WAIT state in seconds.
    tftp string
    Enable/disable TFTP.
    timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through.
    trafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.
    trafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization.
    twoFactorEmailExpiry number
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry number
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry number
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry number
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry number
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer number
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity string
    URL filter CPU affinity.
    urlFilterCount number
    URL filter daemon count.
    userDeviceStoreMaxDevices number
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem number
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers number
    Maximum number of users allowed in user device store.
    userServerCert string
    Certificate to use for https user authentication.
    vdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs).
    vdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs).
    vipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.
    virtualServerCount number
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration.
    virtualSwitchVlan string
    Enable/disable virtual switch VLAN.
    vpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection.
    wadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount number
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount number
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity number
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    wadRestartMode string
    WAD worker restart mode (default = none).
    wadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity.
    wadWorkerCount number
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    wifiCertificate string
    Certificate to use for WiFi authentication.
    wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices.
    wirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.
    wirelessControllerPort number
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    vdomparam string
    admin_concurrent str
    Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)
    admin_console_timeout int
    Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.
    admin_forticloud_sso_default_profile str
    Override access profile.
    admin_forticloud_sso_login str
    Enable/disable FortiCloud admin login via SSO.
    admin_host str
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    admin_hsts_max_age int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    admin_https_pki_required str
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.
    admin_https_redirect str
    Enable/disable redirection of HTTP administration access to HTTPS.
    admin_https_ssl_banned_ciphers str
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.
    admin_https_ssl_ciphersuites str
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.
    admin_https_ssl_versions str
    Allowed TLS versions for web administration.
    admin_lockout_duration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    admin_lockout_threshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    admin_login_max int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    admin_maintainer str
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login.
    admin_port int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    admin_restrict_local str
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable)
    admin_scp str
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.
    admin_server_cert str
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    admin_sport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    admin_ssh_grace_time int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    admin_ssh_password str
    Enable/disable password authentication for SSH admin access.
    admin_ssh_port int
    Administrative access port for SSH. (1 - 65535, default = 22).
    admin_ssh_v1 str
    Enable/disable SSH v1 compatibility.
    admin_telnet str
    Enable/disable TELNET service.
    admin_telnet_port int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout int
    Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.
    alias str
    Alias for your FortiGate unit.
    allow_traffic_redirect str
    Disable to allow traffic to be routed back on a different interface.
    anti_replay str
    Level of checking for packet replay and TCP sequence checking.
    arp_max_entry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute str
    Enable/disable asymmetric route.
    auth_cert str
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    auth_http_port int
    User authentication HTTP port. (1 - 65535, default = 80).
    auth_https_port int
    User authentication HTTPS port. (1 - 65535, default = 443).
    auth_ike_saml_port int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    auth_keepalive str
    Enable to prevent user authentication sessions from timing out when idle.
    auth_session_limit str
    Action to take when the number of allowed user authenticated sessions is reached.
    auto_auth_extension_device str
    Enable/disable automatic authorization of dedicated Fortinet extension devices.
    autorun_log_fsck str
    Enable/disable automatic log partition check after ungraceful shutdown.
    av_affinity str
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    av_failopen str
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.
    av_failopen_session str
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.
    batch_cmdb str
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.
    bfd_affinity str
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    block_session_timer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    br_fdb_max_entry int
    Maximum number of bridge forwarding database (FDB) entries.
    cert_chain_max int
    Maximum number of certificates that can be traversed in a certificate chain.
    cfg_revert_timeout int
    Time-out for reverting to the last saved configuration.
    cfg_save str
    Configuration file save mode for CLI changes.
    check_protocol_header str
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases.
    check_reset_range str
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it.
    cli_audit_log str
    Enable/disable CLI audit log.
    cloud_communication str
    Enable/disable all cloud communication.
    clt_cert_req str
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.
    cmdbsvr_affinity str
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    compliance_check str
    Enable/disable global PCI DSS compliance check.
    compliance_check_time str
    Time of day to run scheduled PCI DSS compliance checks.
    cpu_use_threshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csr_ca_attribute str
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.
    daily_restart str
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.
    default_service_source_port str
    Default service source port range. (default=1-65535)
    device_identification_active_scan_delay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    device_idle_timeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dh_params str
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.
    dhcp_lease_backup_interval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxy_worker_count int
    DNS proxy worker count.
    dst str
    Enable/disable daylight saving time.
    early_tcp_npu_session str
    Enable/disable early TCP NPU session.
    edit_vdom_prompt str
    Enable/disable edit new VDOM prompt.
    endpoint_control_fds_access str
    Enable/disable access to the FortiGuard network for non-compliant endpoints.
    endpoint_control_portal_port int
    Endpoint control portal port (1 - 65535).
    extender_controller_reserved_network str
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime int
    Fail-time for server lost.
    faz_disk_buffer_size int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fds_statistics str
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.
    fds_statistics_period int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fec_port int
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgd_alert_subscription str
    Type of alert to retrieve from FortiGuard.
    forticonverter_config_upload str
    Enable/disable config upload to FortiConverter.
    forticonverter_integration str
    Enable/disable FortiConverter integration service.
    fortiextender str
    Enable/disable FortiExtender.
    fortiextender_data_port int
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextender_discovery_lockdown str
    Enable/disable FortiExtender CAPWAP lockdown.
    fortiextender_provision_on_authorization str
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.
    fortiextender_vlan_mode str
    Enable/disable FortiExtender VLAN mode.
    fortigslb_integration str
    Enable/disable integration with the FortiGSLB cloud service.
    fortiipam_integration str
    Enable/disable integration with the FortiIPAM cloud service.
    fortiservice_port int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitoken_cloud str
    Enable/disable FortiToken Cloud service.
    fortitoken_cloud_push_status str
    Enable/disable FTM push service of FortiToken Cloud.
    fortitoken_cloud_sync_interval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    gui_allow_default_hostname str
    Enable/disable the GUI warning about using a default hostname
    gui_allow_incompatible_fabric_fgt str
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.
    gui_app_detection_sdwan str
    Enable/disable Allow app-detection based SD-WAN.
    gui_auto_upgrade_setup_warning str
    Enable/disable the automatic patch upgrade setup prompt on the GUI.
    gui_cdn_domain_override str
    Domain of CDN server.
    gui_cdn_usage str
    Enable/disable Load GUI static files from a CDN.
    gui_certificates str
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.
    gui_custom_language str
    Enable/disable custom languages in GUI.
    gui_date_format str
    Default date format used throughout GUI.
    gui_date_time_source str
    Source from which the FortiGate GUI uses to display date and time entries.
    gui_device_latitude str
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    gui_device_longitude str
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    gui_display_hostname str
    Enable/disable displaying the FortiGate's hostname on the GUI login page.
    gui_firmware_upgrade_setup_warning str
    Enable/disable the firmware upgrade warning on GUI setup wizard.
    gui_firmware_upgrade_warning str
    Enable/disable the firmware upgrade warning on the GUI.
    gui_forticare_registration_setup_warning str
    Enable/disable the FortiCare registration setup warning on the GUI.
    gui_fortigate_cloud_sandbox str
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI.
    gui_fortiguard_resource_fetch str
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments.
    gui_fortisandbox_cloud str
    Enable/disable displaying FortiSandbox Cloud on the GUI.
    gui_ipv6 str
    Enable/disable IPv6 settings on the GUI.
    gui_lines_per_page int
    Number of lines to display per page for web administration.
    gui_local_out str
    Enable/disable Local-out traffic on the GUI.
    gui_replacement_message_groups str
    Enable/disable replacement message groups on the GUI.
    gui_rest_api_cache str
    Enable/disable REST API result caching on FortiGate.
    gui_theme str
    Color scheme for the administration GUI.
    gui_wireless_opensecurity str
    Enable/disable wireless open security option on the GUI.
    gui_workflow_management str
    Enable/disable Workflow management features on the GUI.
    ha_affinity str
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honor_df str
    Enable/disable honoring of Don't-Fragment (DF) flag.
    hostname str
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    id str
    The provider-assigned unique ID for this managed resource.
    igmp_state_limit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ike_embryonic_limit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interface_subnet_usage str
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable).
    internet_service_database str
    Configure which Internet Service database size to download from FortiGuard and use.
    internet_service_download_lists Sequence[GetGlobalInternetServiceDownloadList]
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval int
    Dead gateway detection interval.
    ip_fragment_mem_thresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ip_src_port_range str
    IP source port range used for traffic originating from the FortiGate unit.
    ips_affinity str
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsec_asic_offload str
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.
    ipsec_ha_seqjump_rate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsec_hmac_offload str
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.
    ipsec_qat_offload str
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption.
    ipsec_round_robin str
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.
    ipsec_soft_dec_async str
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.
    ipv6_accept_dad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6_allow_anycast_probe str
    Enable/disable IPv6 address probe through Anycast.
    ipv6_allow_local_in_silent_drop str
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6_allow_local_in_slient_drop str
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6_allow_multicast_probe str
    Enable/disable IPv6 address probe through Multicast.
    ipv6_allow_traffic_redirect str
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.
    irq_time_accounting str
    Configure CPU IRQ time accounting mode.
    language str
    GUI display language.
    ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldp_reception str
    Enable/disable Link Layer Discovery Protocol (LLDP) reception.
    lldp_transmission str
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
    log_single_cpu_high str
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold.
    log_ssl_connection str
    Enable/disable logging of SSL connection events.
    log_uuid_address str
    Enable/disable insertion of address UUIDs to traffic logs.
    log_uuid_policy str
    Enable/disable insertion of policy UUIDs to traffic logs.
    login_timestamp str
    Enable/disable login time recording.
    long_vdom_name str
    Enable/disable long VDOM name support.
    management_ip str
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    management_port int
    Overriding port for management connection (Overrides admin port).
    management_port_use_admin_sport str
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.
    management_vdom str
    Management virtual domain name.
    max_dlpstat_memory int
    Maximum DLP stat memory (0 - 4294967295).
    max_route_cache_size int
    Maximum number of IP route cache entries (0 - 2147483647).
    mc_ttl_notchange str
    Enable/disable no modification of multicast TTL.
    memory_use_threshold_extreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memory_use_threshold_green int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memory_use_threshold_red int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglog_affinity str
    Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx).
    miglogd_children int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.
    multi_factor_authentication str
    Enforce all login methods to require an additional authentication factor (default = optional).
    multicast_forward str
    Enable/disable multicast forwarding.
    ndp_max_entry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npu_neighbor_update str
    Enable/disable sending of probing packets to update neighbors for offloaded sessions.
    per_user_bal str
    Enable/disable per-user block/allow list filter.
    per_user_bwl str
    Enable/disable per-user black/white list filter.
    pmtu_discovery str
    Enable/disable path MTU discovery.
    policy_auth_concurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    post_login_banner str
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.
    pre_login_banner str
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.
    private_data_encryption str
    Enable/disable private data encryption using an AES 128-bit key.
    proxy_auth_lifetime str
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.
    proxy_auth_lifetime_timeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxy_auth_timeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxy_cert_use_mgmt_vdom str
    Enable/disable using management VDOM to send requests.
    proxy_cipher_hardware_acceleration str
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic.
    proxy_hardware_acceleration str
    Enable/disable email proxy hardware acceleration.
    proxy_keep_alive_mode str
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.
    proxy_kxp_hardware_acceleration str
    Enable/disable using the content processor to accelerate KXP traffic.
    proxy_re_authentication_mode str
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created.
    proxy_re_authentication_time int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxy_resource_mode str
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.
    proxy_worker_count int
    Proxy worker count.
    purdue_level str
    Purdue Level of this FortiGate.
    quic_ack_thresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quic_congestion_control_algo str
    QUIC congestion control algorithm (default = cubic).
    quic_max_datagram_size int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quic_pmtud str
    Enable/disable path MTU discovery (default = enable).
    quic_tls_handshake_timeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quic_udp_payload_size_shaping_per_cid str
    Enable/disable UDP payload size shaping per connection ID (default = enable).
    radius_port int
    RADIUS service port number.
    reboot_upon_config_restore str
    Enable/disable reboot of system upon restoring configuration.
    refresh int
    Statistics refresh interval in GUI.
    remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).
    reset_sessionless_tcp str
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.
    restart_time str
    Daily restart time (hh:mm).
    revision_backup_on_logout str
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.
    revision_image_auto_backup str
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded.
    scanunit_count int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    security_rating_result_submission str
    Enable/disable the submission of Security Rating results to FortiGuard.
    security_rating_run_on_schedule str
    Enable/disable scheduled runs of Security Rating.
    send_pmtu_icmp str
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.
    sflowd_max_children_num int
    Maximum number of sflowd child processes allowed to run.
    snat_route_change str
    Enable/disable the ability to change the static NAT route.
    special_file23_support str
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection.
    speedtest_server str
    Enable/disable speed test server.
    speedtestd_ctrl_port int
    Speedtest server controller port number.
    speedtestd_server_port int
    Speedtest server port number.
    split_port str
    Split port(s) to multiple 10Gbps ports.
    ssd_trim_date int
    Date within a month to run ssd trim.
    ssd_trim_freq str
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.
    ssd_trim_hour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssd_trim_min int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssd_trim_weekday str
    Day of week to run SSD Trim.
    ssh_cbc_cipher str
    Enable/disable CBC cipher for SSH access.
    ssh_enc_algo str
    Select one or more SSH ciphers.
    ssh_hmac_md5 str
    Enable/disable HMAC-MD5 for SSH access.
    ssh_hostkey str
    Config SSH host key.
    ssh_hostkey_algo str
    Select one or more SSH hostkey algorithms.
    ssh_hostkey_override str
    Enable/disable SSH host key override in SSH daemon.
    ssh_hostkey_password str
    Password for ssh-hostkey.
    ssh_kex_algo str
    Select one or more SSH kex algorithms.
    ssh_kex_sha1 str
    Enable/disable SHA1 key exchange for SSH access.
    ssh_mac_algo str
    Select one or more SSH MAC algorithms.
    ssh_mac_weak str
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.
    ssl_min_proto_version str
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    ssl_static_key_ciphers str
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
    sslvpn_cipher_hardware_acceleration str
    Enable/disable SSL VPN hardware acceleration.
    sslvpn_ems_sn_check str
    Enable/disable verification of EMS serial number in SSL-VPN connection.
    sslvpn_kxp_hardware_acceleration str
    Enable/disable SSL VPN KXP hardware acceleration.
    sslvpn_max_worker_count int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpn_plugin_version_check str
    Enable/disable checking browser's plugin version by SSL VPN.
    sslvpn_web_mode str
    Enable/disable SSL-VPN web mode.
    strict_dirty_session_check str
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.
    strong_crypto str
    Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.
    switch_controller str
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.
    switch_controller_reserved_network str
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sys_perf_log_interval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslog_affinity str
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcp_halfclose_timer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcp_halfopen_timer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcp_option str
    Enable SACK, timestamp and MSS TCP options.
    tcp_rst_timer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcp_timewait_timer int
    Length of the TCP TIME-WAIT state in seconds.
    tftp str
    Enable/disable TFTP.
    timezone str
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tp_mc_skip_policy str
    Enable/disable skip policy check and allow multicast through.
    traffic_priority str
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.
    traffic_priority_level str
    Default system-wide level of priority for traffic prioritization.
    two_factor_email_expiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    two_factor_fac_expiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    two_factor_ftk_expiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    two_factor_ftm_expiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    two_factor_sms_expiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udp_idle_timer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    url_filter_affinity str
    URL filter CPU affinity.
    url_filter_count int
    URL filter daemon count.
    user_device_store_max_devices int
    Maximum number of devices allowed in user device store.
    user_device_store_max_unified_mem int
    Maximum unified memory allowed in user device store.
    user_device_store_max_users int
    Maximum number of users allowed in user device store.
    user_server_cert str
    Certificate to use for https user authentication.
    vdom_admin str
    Enable/disable support for multiple virtual domains (VDOMs).
    vdom_mode str
    Enable/disable support for split/multiple virtual domains (VDOMs).
    vip_arp_range str
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.
    virtual_server_count int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtual_server_hardware_acceleration str
    Enable/disable virtual server hardware acceleration.
    virtual_switch_vlan str
    Enable/disable virtual switch VLAN.
    vpn_ems_sn_check str
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection.
    wad_affinity str
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wad_csvc_cs_count int
    Number of concurrent WAD-cache-service object-cache processes.
    wad_csvc_db_count int
    Number of concurrent WAD-cache-service byte-cache processes.
    wad_memory_change_granularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wad_restart_end_time str
    WAD workers daily restart end time (hh:mm).
    wad_restart_mode str
    WAD worker restart mode (default = none).
    wad_restart_start_time str
    WAD workers daily restart time (hh:mm).
    wad_source_affinity str
    Enable/disable dispatching traffic to WAD workers based on source affinity.
    wad_worker_count int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifi_ca_certificate str
    CA certificate that verifies the WiFi certificate.
    wifi_certificate str
    Certificate to use for WiFi authentication.
    wimax4g_usb str
    Enable/disable comparability with WiMAX 4G USB devices.
    wireless_controller str
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.
    wireless_controller_port int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    vdomparam str
    adminConcurrent String
    Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)
    adminConsoleTimeout Number
    Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.
    adminForticloudSsoDefaultProfile String
    Override access profile.
    adminForticloudSsoLogin String
    Enable/disable FortiCloud admin login via SSO.
    adminHost String
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge Number
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired String
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.
    adminHttpsRedirect String
    Enable/disable redirection of HTTP administration access to HTTPS.
    adminHttpsSslBannedCiphers String
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.
    adminHttpsSslCiphersuites String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.
    adminHttpsSslVersions String
    Allowed TLS versions for web administration.
    adminLockoutDuration Number
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold Number
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax Number
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer String
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login.
    adminPort Number
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal String
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable)
    adminScp String
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.
    adminServerCert String
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport Number
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime Number
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword String
    Enable/disable password authentication for SSH admin access.
    adminSshPort Number
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 String
    Enable/disable SSH v1 compatibility.
    adminTelnet String
    Enable/disable TELNET service.
    adminTelnetPort Number
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout Number
    Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.
    alias String
    Alias for your FortiGate unit.
    allowTrafficRedirect String
    Disable to allow traffic to be routed back on a different interface.
    antiReplay String
    Level of checking for packet replay and TCP sequence checking.
    arpMaxEntry Number
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute String
    Enable/disable asymmetric route.
    authCert String
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort Number
    User authentication HTTP port. (1 - 65535, default = 80).
    authHttpsPort Number
    User authentication HTTPS port. (1 - 65535, default = 443).
    authIkeSamlPort Number
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive String
    Enable to prevent user authentication sessions from timing out when idle.
    authSessionLimit String
    Action to take when the number of allowed user authenticated sessions is reached.
    autoAuthExtensionDevice String
    Enable/disable automatic authorization of dedicated Fortinet extension devices.
    autorunLogFsck String
    Enable/disable automatic log partition check after ungraceful shutdown.
    avAffinity String
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen String
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.
    avFailopenSession String
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.
    batchCmdb String
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.
    bfdAffinity String
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer Number
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry Number
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax Number
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout Number
    Time-out for reverting to the last saved configuration.
    cfgSave String
    Configuration file save mode for CLI changes.
    checkProtocolHeader String
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases.
    checkResetRange String
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it.
    cliAuditLog String
    Enable/disable CLI audit log.
    cloudCommunication String
    Enable/disable all cloud communication.
    cltCertReq String
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.
    cmdbsvrAffinity String
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck String
    Enable/disable global PCI DSS compliance check.
    complianceCheckTime String
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold Number
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute String
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.
    dailyRestart String
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.
    defaultServiceSourcePort String
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay Number
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout Number
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams String
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.
    dhcpLeaseBackupInterval Number
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount Number
    DNS proxy worker count.
    dst String
    Enable/disable daylight saving time.
    earlyTcpNpuSession String
    Enable/disable early TCP NPU session.
    editVdomPrompt String
    Enable/disable edit new VDOM prompt.
    endpointControlFdsAccess String
    Enable/disable access to the FortiGuard network for non-compliant endpoints.
    endpointControlPortalPort Number
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork String
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime Number
    Fail-time for server lost.
    fazDiskBufferSize Number
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics String
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.
    fdsStatisticsPeriod Number
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort Number
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription String
    Type of alert to retrieve from FortiGuard.
    forticonverterConfigUpload String
    Enable/disable config upload to FortiConverter.
    forticonverterIntegration String
    Enable/disable FortiConverter integration service.
    fortiextender String
    Enable/disable FortiExtender.
    fortiextenderDataPort Number
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown String
    Enable/disable FortiExtender CAPWAP lockdown.
    fortiextenderProvisionOnAuthorization String
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.
    fortiextenderVlanMode String
    Enable/disable FortiExtender VLAN mode.
    fortigslbIntegration String
    Enable/disable integration with the FortiGSLB cloud service.
    fortiipamIntegration String
    Enable/disable integration with the FortiIPAM cloud service.
    fortiservicePort Number
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud String
    Enable/disable FortiToken Cloud service.
    fortitokenCloudPushStatus String
    Enable/disable FTM push service of FortiToken Cloud.
    fortitokenCloudSyncInterval Number
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    guiAllowDefaultHostname String
    Enable/disable the GUI warning about using a default hostname
    guiAllowIncompatibleFabricFgt String
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.
    guiAppDetectionSdwan String
    Enable/disable Allow app-detection based SD-WAN.
    guiAutoUpgradeSetupWarning String
    Enable/disable the automatic patch upgrade setup prompt on the GUI.
    guiCdnDomainOverride String
    Domain of CDN server.
    guiCdnUsage String
    Enable/disable Load GUI static files from a CDN.
    guiCertificates String
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.
    guiCustomLanguage String
    Enable/disable custom languages in GUI.
    guiDateFormat String
    Default date format used throughout GUI.
    guiDateTimeSource String
    Source from which the FortiGate GUI uses to display date and time entries.
    guiDeviceLatitude String
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude String
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname String
    Enable/disable displaying the FortiGate's hostname on the GUI login page.
    guiFirmwareUpgradeSetupWarning String
    Enable/disable the firmware upgrade warning on GUI setup wizard.
    guiFirmwareUpgradeWarning String
    Enable/disable the firmware upgrade warning on the GUI.
    guiForticareRegistrationSetupWarning String
    Enable/disable the FortiCare registration setup warning on the GUI.
    guiFortigateCloudSandbox String
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI.
    guiFortiguardResourceFetch String
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments.
    guiFortisandboxCloud String
    Enable/disable displaying FortiSandbox Cloud on the GUI.
    guiIpv6 String
    Enable/disable IPv6 settings on the GUI.
    guiLinesPerPage Number
    Number of lines to display per page for web administration.
    guiLocalOut String
    Enable/disable Local-out traffic on the GUI.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI.
    guiRestApiCache String
    Enable/disable REST API result caching on FortiGate.
    guiTheme String
    Color scheme for the administration GUI.
    guiWirelessOpensecurity String
    Enable/disable wireless open security option on the GUI.
    guiWorkflowManagement String
    Enable/disable Workflow management features on the GUI.
    haAffinity String
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf String
    Enable/disable honoring of Don't-Fragment (DF) flag.
    hostname String
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    id String
    The provider-assigned unique ID for this managed resource.
    igmpStateLimit Number
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit Number
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage String
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable).
    internetServiceDatabase String
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists List<Property Map>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval Number
    Dead gateway detection interval.
    ipFragmentMemThresholds Number
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange String
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity String
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload String
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.
    ipsecHaSeqjumpRate Number
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload String
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.
    ipsecQatOffload String
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption.
    ipsecRoundRobin String
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic.
    ipsecSoftDecAsync String
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.
    ipv6AcceptDad Number
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe String
    Enable/disable IPv6 address probe through Anycast.
    ipv6AllowLocalInSilentDrop String
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6AllowLocalInSlientDrop String
    Enable/disable silent drop of IPv6 local-in traffic.
    ipv6AllowMulticastProbe String
    Enable/disable IPv6 address probe through Multicast.
    ipv6AllowTrafficRedirect String
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.
    irqTimeAccounting String
    Configure CPU IRQ time accounting mode.
    language String
    GUI display language.
    ldapconntimeout Number
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
    logSingleCpuHigh String
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold.
    logSslConnection String
    Enable/disable logging of SSL connection events.
    logUuidAddress String
    Enable/disable insertion of address UUIDs to traffic logs.
    logUuidPolicy String
    Enable/disable insertion of policy UUIDs to traffic logs.
    loginTimestamp String
    Enable/disable login time recording.
    longVdomName String
    Enable/disable long VDOM name support.
    managementIp String
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort Number
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport String
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.
    managementVdom String
    Management virtual domain name.
    maxDlpstatMemory Number
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize Number
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange String
    Enable/disable no modification of multicast TTL.
    memoryUseThresholdExtreme Number
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen Number
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed Number
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity String
    Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx).
    miglogdChildren Number
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.
    multiFactorAuthentication String
    Enforce all login methods to require an additional authentication factor (default = optional).
    multicastForward String
    Enable/disable multicast forwarding.
    ndpMaxEntry Number
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate String
    Enable/disable sending of probing packets to update neighbors for offloaded sessions.
    perUserBal String
    Enable/disable per-user block/allow list filter.
    perUserBwl String
    Enable/disable per-user black/white list filter.
    pmtuDiscovery String
    Enable/disable path MTU discovery.
    policyAuthConcurrent Number
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner String
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.
    preLoginBanner String
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.
    privateDataEncryption String
    Enable/disable private data encryption using an AES 128-bit key.
    proxyAuthLifetime String
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.
    proxyAuthLifetimeTimeout Number
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout Number
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom String
    Enable/disable using management VDOM to send requests.
    proxyCipherHardwareAcceleration String
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic.
    proxyHardwareAcceleration String
    Enable/disable email proxy hardware acceleration.
    proxyKeepAliveMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.
    proxyKxpHardwareAcceleration String
    Enable/disable using the content processor to accelerate KXP traffic.
    proxyReAuthenticationMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created.
    proxyReAuthenticationTime Number
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode String
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.
    proxyWorkerCount Number
    Proxy worker count.
    purdueLevel String
    Purdue Level of this FortiGate.
    quicAckThresold Number
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo String
    QUIC congestion control algorithm (default = cubic).
    quicMaxDatagramSize Number
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud String
    Enable/disable path MTU discovery (default = enable).
    quicTlsHandshakeTimeout Number
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid String
    Enable/disable UDP payload size shaping per connection ID (default = enable).
    radiusPort Number
    RADIUS service port number.
    rebootUponConfigRestore String
    Enable/disable reboot of system upon restoring configuration.
    refresh Number
    Statistics refresh interval in GUI.
    remoteauthtimeout Number
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).
    resetSessionlessTcp String
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.
    restartTime String
    Daily restart time (hh:mm).
    revisionBackupOnLogout String
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.
    revisionImageAutoBackup String
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded.
    scanunitCount Number
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission String
    Enable/disable the submission of Security Rating results to FortiGuard.
    securityRatingRunOnSchedule String
    Enable/disable scheduled runs of Security Rating.
    sendPmtuIcmp String
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.
    sflowdMaxChildrenNum Number
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange String
    Enable/disable the ability to change the static NAT route.
    specialFile23Support String
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection.
    speedtestServer String
    Enable/disable speed test server.
    speedtestdCtrlPort Number
    Speedtest server controller port number.
    speedtestdServerPort Number
    Speedtest server port number.
    splitPort String
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate Number
    Date within a month to run ssd trim.
    ssdTrimFreq String
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.
    ssdTrimHour Number
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin Number
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday String
    Day of week to run SSD Trim.
    sshCbcCipher String
    Enable/disable CBC cipher for SSH access.
    sshEncAlgo String
    Select one or more SSH ciphers.
    sshHmacMd5 String
    Enable/disable HMAC-MD5 for SSH access.
    sshHostkey String
    Config SSH host key.
    sshHostkeyAlgo String
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride String
    Enable/disable SSH host key override in SSH daemon.
    sshHostkeyPassword String
    Password for ssh-hostkey.
    sshKexAlgo String
    Select one or more SSH kex algorithms.
    sshKexSha1 String
    Enable/disable SHA1 key exchange for SSH access.
    sshMacAlgo String
    Select one or more SSH MAC algorithms.
    sshMacWeak String
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers String
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
    sslvpnCipherHardwareAcceleration String
    Enable/disable SSL VPN hardware acceleration.
    sslvpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN connection.
    sslvpnKxpHardwareAcceleration String
    Enable/disable SSL VPN KXP hardware acceleration.
    sslvpnMaxWorkerCount Number
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck String
    Enable/disable checking browser's plugin version by SSL VPN.
    sslvpnWebMode String
    Enable/disable SSL-VPN web mode.
    strictDirtySessionCheck String
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.
    strongCrypto String
    Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.
    switchController String
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.
    switchControllerReservedNetwork String
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval Number
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity String
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer Number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer Number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption String
    Enable SACK, timestamp and MSS TCP options.
    tcpRstTimer Number
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer Number
    Length of the TCP TIME-WAIT state in seconds.
    tftp String
    Enable/disable TFTP.
    timezone String
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy String
    Enable/disable skip policy check and allow multicast through.
    trafficPriority String
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.
    trafficPriorityLevel String
    Default system-wide level of priority for traffic prioritization.
    twoFactorEmailExpiry Number
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry Number
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry Number
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry Number
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry Number
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer Number
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity String
    URL filter CPU affinity.
    urlFilterCount Number
    URL filter daemon count.
    userDeviceStoreMaxDevices Number
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem Number
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers Number
    Maximum number of users allowed in user device store.
    userServerCert String
    Certificate to use for https user authentication.
    vdomAdmin String
    Enable/disable support for multiple virtual domains (VDOMs).
    vdomMode String
    Enable/disable support for split/multiple virtual domains (VDOMs).
    vipArpRange String
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.
    virtualServerCount Number
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration String
    Enable/disable virtual server hardware acceleration.
    virtualSwitchVlan String
    Enable/disable virtual switch VLAN.
    vpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection.
    wadAffinity String
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount Number
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount Number
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity Number
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime String
    WAD workers daily restart end time (hh:mm).
    wadRestartMode String
    WAD worker restart mode (default = none).
    wadRestartStartTime String
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity String
    Enable/disable dispatching traffic to WAD workers based on source affinity.
    wadWorkerCount Number
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate String
    CA certificate that verifies the WiFi certificate.
    wifiCertificate String
    Certificate to use for WiFi authentication.
    wimax4gUsb String
    Enable/disable comparability with WiMAX 4G USB devices.
    wirelessController String
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.
    wirelessControllerPort Number
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    vdomparam String

    Supporting Types

    GetGlobalInternetServiceDownloadList

    Id int
    Internet Service ID.
    Id int
    Internet Service ID.
    id Integer
    Internet Service ID.
    id number
    Internet Service ID.
    id int
    Internet Service ID.
    id Number
    Internet Service ID.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse