1. Packages
  2. Fortios
  3. API Docs
  4. system
  5. Global
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.system.Global

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure global attributes.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.system.Global("trname", {
        adminSport: 443,
        alias: "FGVM02TM20003062",
        hostname: "ste11",
        timezone: "04",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.system.Global("trname",
        admin_sport=443,
        alias="FGVM02TM20003062",
        hostname="ste11",
        timezone="04")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/system"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := system.NewGlobal(ctx, "trname", &system.GlobalArgs{
    			AdminSport: pulumi.Int(443),
    			Alias:      pulumi.String("FGVM02TM20003062"),
    			Hostname:   pulumi.String("ste11"),
    			Timezone:   pulumi.String("04"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.System.Global("trname", new()
        {
            AdminSport = 443,
            Alias = "FGVM02TM20003062",
            Hostname = "ste11",
            Timezone = "04",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.system.Global;
    import com.pulumi.fortios.system.GlobalArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Global("trname", GlobalArgs.builder()
                .adminSport(443)
                .alias("FGVM02TM20003062")
                .hostname("ste11")
                .timezone("04")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:system:Global
        properties:
          adminSport: 443
          alias: FGVM02TM20003062
          hostname: ste11
          timezone: '04'
    

    Create Global Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Global(name: string, args?: GlobalArgs, opts?: CustomResourceOptions);
    @overload
    def Global(resource_name: str,
               args: Optional[GlobalArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Global(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               admin_concurrent: Optional[str] = None,
               admin_console_timeout: Optional[int] = None,
               admin_forticloud_sso_default_profile: Optional[str] = None,
               admin_forticloud_sso_login: Optional[str] = None,
               admin_host: Optional[str] = None,
               admin_hsts_max_age: Optional[int] = None,
               admin_https_pki_required: Optional[str] = None,
               admin_https_redirect: Optional[str] = None,
               admin_https_ssl_banned_ciphers: Optional[str] = None,
               admin_https_ssl_ciphersuites: Optional[str] = None,
               admin_https_ssl_versions: Optional[str] = None,
               admin_lockout_duration: Optional[int] = None,
               admin_lockout_threshold: Optional[int] = None,
               admin_login_max: Optional[int] = None,
               admin_maintainer: Optional[str] = None,
               admin_port: Optional[int] = None,
               admin_restrict_local: Optional[str] = None,
               admin_scp: Optional[str] = None,
               admin_server_cert: Optional[str] = None,
               admin_sport: Optional[int] = None,
               admin_ssh_grace_time: Optional[int] = None,
               admin_ssh_password: Optional[str] = None,
               admin_ssh_port: Optional[int] = None,
               admin_ssh_v1: Optional[str] = None,
               admin_telnet: Optional[str] = None,
               admin_telnet_port: Optional[int] = None,
               admintimeout: Optional[int] = None,
               alias: Optional[str] = None,
               allow_traffic_redirect: Optional[str] = None,
               anti_replay: Optional[str] = None,
               arp_max_entry: Optional[int] = None,
               asymroute: Optional[str] = None,
               auth_cert: Optional[str] = None,
               auth_http_port: Optional[int] = None,
               auth_https_port: Optional[int] = None,
               auth_ike_saml_port: Optional[int] = None,
               auth_keepalive: Optional[str] = None,
               auth_session_limit: Optional[str] = None,
               auto_auth_extension_device: Optional[str] = None,
               autorun_log_fsck: Optional[str] = None,
               av_affinity: Optional[str] = None,
               av_failopen: Optional[str] = None,
               av_failopen_session: Optional[str] = None,
               batch_cmdb: Optional[str] = None,
               bfd_affinity: Optional[str] = None,
               block_session_timer: Optional[int] = None,
               br_fdb_max_entry: Optional[int] = None,
               cert_chain_max: Optional[int] = None,
               cfg_revert_timeout: Optional[int] = None,
               cfg_save: Optional[str] = None,
               check_protocol_header: Optional[str] = None,
               check_reset_range: Optional[str] = None,
               cli_audit_log: Optional[str] = None,
               cloud_communication: Optional[str] = None,
               clt_cert_req: Optional[str] = None,
               cmdbsvr_affinity: Optional[str] = None,
               compliance_check: Optional[str] = None,
               compliance_check_time: Optional[str] = None,
               cpu_use_threshold: Optional[int] = None,
               csr_ca_attribute: Optional[str] = None,
               daily_restart: Optional[str] = None,
               default_service_source_port: Optional[str] = None,
               device_identification_active_scan_delay: Optional[int] = None,
               device_idle_timeout: Optional[int] = None,
               dh_params: Optional[str] = None,
               dhcp_lease_backup_interval: Optional[int] = None,
               dnsproxy_worker_count: Optional[int] = None,
               dst: Optional[str] = None,
               dynamic_sort_subtable: Optional[str] = None,
               early_tcp_npu_session: Optional[str] = None,
               edit_vdom_prompt: Optional[str] = None,
               endpoint_control_fds_access: Optional[str] = None,
               endpoint_control_portal_port: Optional[int] = None,
               extender_controller_reserved_network: Optional[str] = None,
               failtime: Optional[int] = None,
               faz_disk_buffer_size: Optional[int] = None,
               fds_statistics: Optional[str] = None,
               fds_statistics_period: Optional[int] = None,
               fec_port: Optional[int] = None,
               fgd_alert_subscription: Optional[str] = None,
               forticonverter_config_upload: Optional[str] = None,
               forticonverter_integration: Optional[str] = None,
               fortiextender: Optional[str] = None,
               fortiextender_data_port: Optional[int] = None,
               fortiextender_discovery_lockdown: Optional[str] = None,
               fortiextender_provision_on_authorization: Optional[str] = None,
               fortiextender_vlan_mode: Optional[str] = None,
               fortigslb_integration: Optional[str] = None,
               fortiipam_integration: Optional[str] = None,
               fortiservice_port: Optional[int] = None,
               fortitoken_cloud: Optional[str] = None,
               fortitoken_cloud_push_status: Optional[str] = None,
               fortitoken_cloud_sync_interval: Optional[int] = None,
               get_all_tables: Optional[str] = None,
               gui_allow_default_hostname: Optional[str] = None,
               gui_allow_incompatible_fabric_fgt: Optional[str] = None,
               gui_app_detection_sdwan: Optional[str] = None,
               gui_auto_upgrade_setup_warning: Optional[str] = None,
               gui_cdn_domain_override: Optional[str] = None,
               gui_cdn_usage: Optional[str] = None,
               gui_certificates: Optional[str] = None,
               gui_custom_language: Optional[str] = None,
               gui_date_format: Optional[str] = None,
               gui_date_time_source: Optional[str] = None,
               gui_device_latitude: Optional[str] = None,
               gui_device_longitude: Optional[str] = None,
               gui_display_hostname: Optional[str] = None,
               gui_firmware_upgrade_setup_warning: Optional[str] = None,
               gui_firmware_upgrade_warning: Optional[str] = None,
               gui_forticare_registration_setup_warning: Optional[str] = None,
               gui_fortigate_cloud_sandbox: Optional[str] = None,
               gui_fortiguard_resource_fetch: Optional[str] = None,
               gui_fortisandbox_cloud: Optional[str] = None,
               gui_ipv6: Optional[str] = None,
               gui_lines_per_page: Optional[int] = None,
               gui_local_out: Optional[str] = None,
               gui_replacement_message_groups: Optional[str] = None,
               gui_rest_api_cache: Optional[str] = None,
               gui_theme: Optional[str] = None,
               gui_wireless_opensecurity: Optional[str] = None,
               gui_workflow_management: Optional[str] = None,
               ha_affinity: Optional[str] = None,
               honor_df: Optional[str] = None,
               hostname: Optional[str] = None,
               igmp_state_limit: Optional[int] = None,
               ike_embryonic_limit: Optional[int] = None,
               interface_subnet_usage: Optional[str] = None,
               internet_service_database: Optional[str] = None,
               internet_service_download_lists: Optional[Sequence[GlobalInternetServiceDownloadListArgs]] = None,
               interval: Optional[int] = None,
               ip_fragment_mem_thresholds: Optional[int] = None,
               ip_src_port_range: Optional[str] = None,
               ips_affinity: Optional[str] = None,
               ipsec_asic_offload: Optional[str] = None,
               ipsec_ha_seqjump_rate: Optional[int] = None,
               ipsec_hmac_offload: Optional[str] = None,
               ipsec_qat_offload: Optional[str] = None,
               ipsec_round_robin: Optional[str] = None,
               ipsec_soft_dec_async: Optional[str] = None,
               ipv6_accept_dad: Optional[int] = None,
               ipv6_allow_anycast_probe: Optional[str] = None,
               ipv6_allow_local_in_silent_drop: Optional[str] = None,
               ipv6_allow_local_in_slient_drop: Optional[str] = None,
               ipv6_allow_multicast_probe: Optional[str] = None,
               ipv6_allow_traffic_redirect: Optional[str] = None,
               irq_time_accounting: Optional[str] = None,
               language: Optional[str] = None,
               ldapconntimeout: Optional[int] = None,
               lldp_reception: Optional[str] = None,
               lldp_transmission: Optional[str] = None,
               log_single_cpu_high: Optional[str] = None,
               log_ssl_connection: Optional[str] = None,
               log_uuid_address: Optional[str] = None,
               log_uuid_policy: Optional[str] = None,
               login_timestamp: Optional[str] = None,
               long_vdom_name: Optional[str] = None,
               management_ip: Optional[str] = None,
               management_port: Optional[int] = None,
               management_port_use_admin_sport: Optional[str] = None,
               management_vdom: Optional[str] = None,
               max_dlpstat_memory: Optional[int] = None,
               max_route_cache_size: Optional[int] = None,
               mc_ttl_notchange: Optional[str] = None,
               memory_use_threshold_extreme: Optional[int] = None,
               memory_use_threshold_green: Optional[int] = None,
               memory_use_threshold_red: Optional[int] = None,
               miglog_affinity: Optional[str] = None,
               miglogd_children: Optional[int] = None,
               multi_factor_authentication: Optional[str] = None,
               multicast_forward: Optional[str] = None,
               ndp_max_entry: Optional[int] = None,
               npu_neighbor_update: Optional[str] = None,
               per_user_bal: Optional[str] = None,
               per_user_bwl: Optional[str] = None,
               pmtu_discovery: Optional[str] = None,
               policy_auth_concurrent: Optional[int] = None,
               post_login_banner: Optional[str] = None,
               pre_login_banner: Optional[str] = None,
               private_data_encryption: Optional[str] = None,
               proxy_auth_lifetime: Optional[str] = None,
               proxy_auth_lifetime_timeout: Optional[int] = None,
               proxy_auth_timeout: Optional[int] = None,
               proxy_cert_use_mgmt_vdom: Optional[str] = None,
               proxy_cipher_hardware_acceleration: Optional[str] = None,
               proxy_hardware_acceleration: Optional[str] = None,
               proxy_keep_alive_mode: Optional[str] = None,
               proxy_kxp_hardware_acceleration: Optional[str] = None,
               proxy_re_authentication_mode: Optional[str] = None,
               proxy_re_authentication_time: Optional[int] = None,
               proxy_resource_mode: Optional[str] = None,
               proxy_worker_count: Optional[int] = None,
               purdue_level: Optional[str] = None,
               quic_ack_thresold: Optional[int] = None,
               quic_congestion_control_algo: Optional[str] = None,
               quic_max_datagram_size: Optional[int] = None,
               quic_pmtud: Optional[str] = None,
               quic_tls_handshake_timeout: Optional[int] = None,
               quic_udp_payload_size_shaping_per_cid: Optional[str] = None,
               radius_port: Optional[int] = None,
               reboot_upon_config_restore: Optional[str] = None,
               refresh: Optional[int] = None,
               remoteauthtimeout: Optional[int] = None,
               reset_sessionless_tcp: Optional[str] = None,
               restart_time: Optional[str] = None,
               revision_backup_on_logout: Optional[str] = None,
               revision_image_auto_backup: Optional[str] = None,
               scanunit_count: Optional[int] = None,
               security_rating_result_submission: Optional[str] = None,
               security_rating_run_on_schedule: Optional[str] = None,
               send_pmtu_icmp: Optional[str] = None,
               sflowd_max_children_num: Optional[int] = None,
               snat_route_change: Optional[str] = None,
               special_file23_support: Optional[str] = None,
               speedtest_server: Optional[str] = None,
               speedtestd_ctrl_port: Optional[int] = None,
               speedtestd_server_port: Optional[int] = None,
               split_port: Optional[str] = None,
               ssd_trim_date: Optional[int] = None,
               ssd_trim_freq: Optional[str] = None,
               ssd_trim_hour: Optional[int] = None,
               ssd_trim_min: Optional[int] = None,
               ssd_trim_weekday: Optional[str] = None,
               ssh_cbc_cipher: Optional[str] = None,
               ssh_enc_algo: Optional[str] = None,
               ssh_hmac_md5: Optional[str] = None,
               ssh_hostkey: Optional[str] = None,
               ssh_hostkey_algo: Optional[str] = None,
               ssh_hostkey_override: Optional[str] = None,
               ssh_hostkey_password: Optional[str] = None,
               ssh_kex_algo: Optional[str] = None,
               ssh_kex_sha1: Optional[str] = None,
               ssh_mac_algo: Optional[str] = None,
               ssh_mac_weak: Optional[str] = None,
               ssl_min_proto_version: Optional[str] = None,
               ssl_static_key_ciphers: Optional[str] = None,
               sslvpn_cipher_hardware_acceleration: Optional[str] = None,
               sslvpn_ems_sn_check: Optional[str] = None,
               sslvpn_kxp_hardware_acceleration: Optional[str] = None,
               sslvpn_max_worker_count: Optional[int] = None,
               sslvpn_plugin_version_check: Optional[str] = None,
               sslvpn_web_mode: Optional[str] = None,
               strict_dirty_session_check: Optional[str] = None,
               strong_crypto: Optional[str] = None,
               switch_controller: Optional[str] = None,
               switch_controller_reserved_network: Optional[str] = None,
               sys_perf_log_interval: Optional[int] = None,
               syslog_affinity: Optional[str] = None,
               tcp_halfclose_timer: Optional[int] = None,
               tcp_halfopen_timer: Optional[int] = None,
               tcp_option: Optional[str] = None,
               tcp_rst_timer: Optional[int] = None,
               tcp_timewait_timer: Optional[int] = None,
               tftp: Optional[str] = None,
               timezone: Optional[str] = None,
               tp_mc_skip_policy: Optional[str] = None,
               traffic_priority: Optional[str] = None,
               traffic_priority_level: Optional[str] = None,
               two_factor_email_expiry: Optional[int] = None,
               two_factor_fac_expiry: Optional[int] = None,
               two_factor_ftk_expiry: Optional[int] = None,
               two_factor_ftm_expiry: Optional[int] = None,
               two_factor_sms_expiry: Optional[int] = None,
               udp_idle_timer: Optional[int] = None,
               url_filter_affinity: Optional[str] = None,
               url_filter_count: Optional[int] = None,
               user_device_store_max_devices: Optional[int] = None,
               user_device_store_max_unified_mem: Optional[int] = None,
               user_device_store_max_users: Optional[int] = None,
               user_server_cert: Optional[str] = None,
               vdom_admin: Optional[str] = None,
               vdom_mode: Optional[str] = None,
               vdomparam: Optional[str] = None,
               vip_arp_range: Optional[str] = None,
               virtual_server_count: Optional[int] = None,
               virtual_server_hardware_acceleration: Optional[str] = None,
               virtual_switch_vlan: Optional[str] = None,
               vpn_ems_sn_check: Optional[str] = None,
               wad_affinity: Optional[str] = None,
               wad_csvc_cs_count: Optional[int] = None,
               wad_csvc_db_count: Optional[int] = None,
               wad_memory_change_granularity: Optional[int] = None,
               wad_restart_end_time: Optional[str] = None,
               wad_restart_mode: Optional[str] = None,
               wad_restart_start_time: Optional[str] = None,
               wad_source_affinity: Optional[str] = None,
               wad_worker_count: Optional[int] = None,
               wifi_ca_certificate: Optional[str] = None,
               wifi_certificate: Optional[str] = None,
               wimax4g_usb: Optional[str] = None,
               wireless_controller: Optional[str] = None,
               wireless_controller_port: Optional[int] = None)
    func NewGlobal(ctx *Context, name string, args *GlobalArgs, opts ...ResourceOption) (*Global, error)
    public Global(string name, GlobalArgs? args = null, CustomResourceOptions? opts = null)
    public Global(String name, GlobalArgs args)
    public Global(String name, GlobalArgs args, CustomResourceOptions options)
    
    type: fortios:system:Global
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args GlobalArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args GlobalArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args GlobalArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args GlobalArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args GlobalArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var exampleglobalResourceResourceFromSystemglobal = new Fortios.System.Global("exampleglobalResourceResourceFromSystemglobal", new()
    {
        AdminConcurrent = "string",
        AdminConsoleTimeout = 0,
        AdminForticloudSsoDefaultProfile = "string",
        AdminForticloudSsoLogin = "string",
        AdminHost = "string",
        AdminHstsMaxAge = 0,
        AdminHttpsPkiRequired = "string",
        AdminHttpsRedirect = "string",
        AdminHttpsSslBannedCiphers = "string",
        AdminHttpsSslCiphersuites = "string",
        AdminHttpsSslVersions = "string",
        AdminLockoutDuration = 0,
        AdminLockoutThreshold = 0,
        AdminLoginMax = 0,
        AdminMaintainer = "string",
        AdminPort = 0,
        AdminRestrictLocal = "string",
        AdminScp = "string",
        AdminServerCert = "string",
        AdminSport = 0,
        AdminSshGraceTime = 0,
        AdminSshPassword = "string",
        AdminSshPort = 0,
        AdminSshV1 = "string",
        AdminTelnet = "string",
        AdminTelnetPort = 0,
        Admintimeout = 0,
        Alias = "string",
        AllowTrafficRedirect = "string",
        AntiReplay = "string",
        ArpMaxEntry = 0,
        Asymroute = "string",
        AuthCert = "string",
        AuthHttpPort = 0,
        AuthHttpsPort = 0,
        AuthIkeSamlPort = 0,
        AuthKeepalive = "string",
        AuthSessionLimit = "string",
        AutoAuthExtensionDevice = "string",
        AutorunLogFsck = "string",
        AvAffinity = "string",
        AvFailopen = "string",
        AvFailopenSession = "string",
        BatchCmdb = "string",
        BfdAffinity = "string",
        BlockSessionTimer = 0,
        BrFdbMaxEntry = 0,
        CertChainMax = 0,
        CfgRevertTimeout = 0,
        CfgSave = "string",
        CheckProtocolHeader = "string",
        CheckResetRange = "string",
        CliAuditLog = "string",
        CloudCommunication = "string",
        CltCertReq = "string",
        CmdbsvrAffinity = "string",
        ComplianceCheck = "string",
        ComplianceCheckTime = "string",
        CpuUseThreshold = 0,
        CsrCaAttribute = "string",
        DailyRestart = "string",
        DefaultServiceSourcePort = "string",
        DeviceIdentificationActiveScanDelay = 0,
        DeviceIdleTimeout = 0,
        DhParams = "string",
        DhcpLeaseBackupInterval = 0,
        DnsproxyWorkerCount = 0,
        Dst = "string",
        DynamicSortSubtable = "string",
        EarlyTcpNpuSession = "string",
        EditVdomPrompt = "string",
        EndpointControlFdsAccess = "string",
        EndpointControlPortalPort = 0,
        ExtenderControllerReservedNetwork = "string",
        Failtime = 0,
        FazDiskBufferSize = 0,
        FdsStatistics = "string",
        FdsStatisticsPeriod = 0,
        FecPort = 0,
        FgdAlertSubscription = "string",
        ForticonverterConfigUpload = "string",
        ForticonverterIntegration = "string",
        Fortiextender = "string",
        FortiextenderDataPort = 0,
        FortiextenderDiscoveryLockdown = "string",
        FortiextenderProvisionOnAuthorization = "string",
        FortiextenderVlanMode = "string",
        FortigslbIntegration = "string",
        FortiipamIntegration = "string",
        FortiservicePort = 0,
        FortitokenCloud = "string",
        FortitokenCloudPushStatus = "string",
        FortitokenCloudSyncInterval = 0,
        GetAllTables = "string",
        GuiAllowDefaultHostname = "string",
        GuiAllowIncompatibleFabricFgt = "string",
        GuiAppDetectionSdwan = "string",
        GuiAutoUpgradeSetupWarning = "string",
        GuiCdnDomainOverride = "string",
        GuiCdnUsage = "string",
        GuiCertificates = "string",
        GuiCustomLanguage = "string",
        GuiDateFormat = "string",
        GuiDateTimeSource = "string",
        GuiDeviceLatitude = "string",
        GuiDeviceLongitude = "string",
        GuiDisplayHostname = "string",
        GuiFirmwareUpgradeSetupWarning = "string",
        GuiFirmwareUpgradeWarning = "string",
        GuiForticareRegistrationSetupWarning = "string",
        GuiFortigateCloudSandbox = "string",
        GuiFortiguardResourceFetch = "string",
        GuiFortisandboxCloud = "string",
        GuiIpv6 = "string",
        GuiLinesPerPage = 0,
        GuiLocalOut = "string",
        GuiReplacementMessageGroups = "string",
        GuiRestApiCache = "string",
        GuiTheme = "string",
        GuiWirelessOpensecurity = "string",
        GuiWorkflowManagement = "string",
        HaAffinity = "string",
        HonorDf = "string",
        Hostname = "string",
        IgmpStateLimit = 0,
        IkeEmbryonicLimit = 0,
        InterfaceSubnetUsage = "string",
        InternetServiceDatabase = "string",
        InternetServiceDownloadLists = new[]
        {
            new Fortios.System.Inputs.GlobalInternetServiceDownloadListArgs
            {
                Id = 0,
            },
        },
        Interval = 0,
        IpFragmentMemThresholds = 0,
        IpSrcPortRange = "string",
        IpsAffinity = "string",
        IpsecAsicOffload = "string",
        IpsecHaSeqjumpRate = 0,
        IpsecHmacOffload = "string",
        IpsecQatOffload = "string",
        IpsecRoundRobin = "string",
        IpsecSoftDecAsync = "string",
        Ipv6AcceptDad = 0,
        Ipv6AllowAnycastProbe = "string",
        Ipv6AllowLocalInSilentDrop = "string",
        Ipv6AllowLocalInSlientDrop = "string",
        Ipv6AllowMulticastProbe = "string",
        Ipv6AllowTrafficRedirect = "string",
        IrqTimeAccounting = "string",
        Language = "string",
        Ldapconntimeout = 0,
        LldpReception = "string",
        LldpTransmission = "string",
        LogSingleCpuHigh = "string",
        LogSslConnection = "string",
        LogUuidAddress = "string",
        LogUuidPolicy = "string",
        LoginTimestamp = "string",
        LongVdomName = "string",
        ManagementIp = "string",
        ManagementPort = 0,
        ManagementPortUseAdminSport = "string",
        ManagementVdom = "string",
        MaxDlpstatMemory = 0,
        MaxRouteCacheSize = 0,
        McTtlNotchange = "string",
        MemoryUseThresholdExtreme = 0,
        MemoryUseThresholdGreen = 0,
        MemoryUseThresholdRed = 0,
        MiglogAffinity = "string",
        MiglogdChildren = 0,
        MultiFactorAuthentication = "string",
        MulticastForward = "string",
        NdpMaxEntry = 0,
        NpuNeighborUpdate = "string",
        PerUserBal = "string",
        PerUserBwl = "string",
        PmtuDiscovery = "string",
        PolicyAuthConcurrent = 0,
        PostLoginBanner = "string",
        PreLoginBanner = "string",
        PrivateDataEncryption = "string",
        ProxyAuthLifetime = "string",
        ProxyAuthLifetimeTimeout = 0,
        ProxyAuthTimeout = 0,
        ProxyCertUseMgmtVdom = "string",
        ProxyCipherHardwareAcceleration = "string",
        ProxyHardwareAcceleration = "string",
        ProxyKeepAliveMode = "string",
        ProxyKxpHardwareAcceleration = "string",
        ProxyReAuthenticationMode = "string",
        ProxyReAuthenticationTime = 0,
        ProxyResourceMode = "string",
        ProxyWorkerCount = 0,
        PurdueLevel = "string",
        QuicAckThresold = 0,
        QuicCongestionControlAlgo = "string",
        QuicMaxDatagramSize = 0,
        QuicPmtud = "string",
        QuicTlsHandshakeTimeout = 0,
        QuicUdpPayloadSizeShapingPerCid = "string",
        RadiusPort = 0,
        RebootUponConfigRestore = "string",
        Refresh = 0,
        Remoteauthtimeout = 0,
        ResetSessionlessTcp = "string",
        RestartTime = "string",
        RevisionBackupOnLogout = "string",
        RevisionImageAutoBackup = "string",
        ScanunitCount = 0,
        SecurityRatingResultSubmission = "string",
        SecurityRatingRunOnSchedule = "string",
        SendPmtuIcmp = "string",
        SflowdMaxChildrenNum = 0,
        SnatRouteChange = "string",
        SpecialFile23Support = "string",
        SpeedtestServer = "string",
        SpeedtestdCtrlPort = 0,
        SpeedtestdServerPort = 0,
        SplitPort = "string",
        SsdTrimDate = 0,
        SsdTrimFreq = "string",
        SsdTrimHour = 0,
        SsdTrimMin = 0,
        SsdTrimWeekday = "string",
        SshCbcCipher = "string",
        SshEncAlgo = "string",
        SshHmacMd5 = "string",
        SshHostkey = "string",
        SshHostkeyAlgo = "string",
        SshHostkeyOverride = "string",
        SshHostkeyPassword = "string",
        SshKexAlgo = "string",
        SshKexSha1 = "string",
        SshMacAlgo = "string",
        SshMacWeak = "string",
        SslMinProtoVersion = "string",
        SslStaticKeyCiphers = "string",
        SslvpnCipherHardwareAcceleration = "string",
        SslvpnEmsSnCheck = "string",
        SslvpnKxpHardwareAcceleration = "string",
        SslvpnMaxWorkerCount = 0,
        SslvpnPluginVersionCheck = "string",
        SslvpnWebMode = "string",
        StrictDirtySessionCheck = "string",
        StrongCrypto = "string",
        SwitchController = "string",
        SwitchControllerReservedNetwork = "string",
        SysPerfLogInterval = 0,
        SyslogAffinity = "string",
        TcpHalfcloseTimer = 0,
        TcpHalfopenTimer = 0,
        TcpOption = "string",
        TcpRstTimer = 0,
        TcpTimewaitTimer = 0,
        Tftp = "string",
        Timezone = "string",
        TpMcSkipPolicy = "string",
        TrafficPriority = "string",
        TrafficPriorityLevel = "string",
        TwoFactorEmailExpiry = 0,
        TwoFactorFacExpiry = 0,
        TwoFactorFtkExpiry = 0,
        TwoFactorFtmExpiry = 0,
        TwoFactorSmsExpiry = 0,
        UdpIdleTimer = 0,
        UrlFilterAffinity = "string",
        UrlFilterCount = 0,
        UserDeviceStoreMaxDevices = 0,
        UserDeviceStoreMaxUnifiedMem = 0,
        UserDeviceStoreMaxUsers = 0,
        UserServerCert = "string",
        VdomAdmin = "string",
        VdomMode = "string",
        Vdomparam = "string",
        VipArpRange = "string",
        VirtualServerCount = 0,
        VirtualServerHardwareAcceleration = "string",
        VirtualSwitchVlan = "string",
        VpnEmsSnCheck = "string",
        WadAffinity = "string",
        WadCsvcCsCount = 0,
        WadCsvcDbCount = 0,
        WadMemoryChangeGranularity = 0,
        WadRestartEndTime = "string",
        WadRestartMode = "string",
        WadRestartStartTime = "string",
        WadSourceAffinity = "string",
        WadWorkerCount = 0,
        WifiCaCertificate = "string",
        WifiCertificate = "string",
        Wimax4gUsb = "string",
        WirelessController = "string",
        WirelessControllerPort = 0,
    });
    
    example, err := system.NewGlobal(ctx, "exampleglobalResourceResourceFromSystemglobal", &system.GlobalArgs{
    	AdminConcurrent:                       pulumi.String("string"),
    	AdminConsoleTimeout:                   pulumi.Int(0),
    	AdminForticloudSsoDefaultProfile:      pulumi.String("string"),
    	AdminForticloudSsoLogin:               pulumi.String("string"),
    	AdminHost:                             pulumi.String("string"),
    	AdminHstsMaxAge:                       pulumi.Int(0),
    	AdminHttpsPkiRequired:                 pulumi.String("string"),
    	AdminHttpsRedirect:                    pulumi.String("string"),
    	AdminHttpsSslBannedCiphers:            pulumi.String("string"),
    	AdminHttpsSslCiphersuites:             pulumi.String("string"),
    	AdminHttpsSslVersions:                 pulumi.String("string"),
    	AdminLockoutDuration:                  pulumi.Int(0),
    	AdminLockoutThreshold:                 pulumi.Int(0),
    	AdminLoginMax:                         pulumi.Int(0),
    	AdminMaintainer:                       pulumi.String("string"),
    	AdminPort:                             pulumi.Int(0),
    	AdminRestrictLocal:                    pulumi.String("string"),
    	AdminScp:                              pulumi.String("string"),
    	AdminServerCert:                       pulumi.String("string"),
    	AdminSport:                            pulumi.Int(0),
    	AdminSshGraceTime:                     pulumi.Int(0),
    	AdminSshPassword:                      pulumi.String("string"),
    	AdminSshPort:                          pulumi.Int(0),
    	AdminSshV1:                            pulumi.String("string"),
    	AdminTelnet:                           pulumi.String("string"),
    	AdminTelnetPort:                       pulumi.Int(0),
    	Admintimeout:                          pulumi.Int(0),
    	Alias:                                 pulumi.String("string"),
    	AllowTrafficRedirect:                  pulumi.String("string"),
    	AntiReplay:                            pulumi.String("string"),
    	ArpMaxEntry:                           pulumi.Int(0),
    	Asymroute:                             pulumi.String("string"),
    	AuthCert:                              pulumi.String("string"),
    	AuthHttpPort:                          pulumi.Int(0),
    	AuthHttpsPort:                         pulumi.Int(0),
    	AuthIkeSamlPort:                       pulumi.Int(0),
    	AuthKeepalive:                         pulumi.String("string"),
    	AuthSessionLimit:                      pulumi.String("string"),
    	AutoAuthExtensionDevice:               pulumi.String("string"),
    	AutorunLogFsck:                        pulumi.String("string"),
    	AvAffinity:                            pulumi.String("string"),
    	AvFailopen:                            pulumi.String("string"),
    	AvFailopenSession:                     pulumi.String("string"),
    	BatchCmdb:                             pulumi.String("string"),
    	BfdAffinity:                           pulumi.String("string"),
    	BlockSessionTimer:                     pulumi.Int(0),
    	BrFdbMaxEntry:                         pulumi.Int(0),
    	CertChainMax:                          pulumi.Int(0),
    	CfgRevertTimeout:                      pulumi.Int(0),
    	CfgSave:                               pulumi.String("string"),
    	CheckProtocolHeader:                   pulumi.String("string"),
    	CheckResetRange:                       pulumi.String("string"),
    	CliAuditLog:                           pulumi.String("string"),
    	CloudCommunication:                    pulumi.String("string"),
    	CltCertReq:                            pulumi.String("string"),
    	CmdbsvrAffinity:                       pulumi.String("string"),
    	ComplianceCheck:                       pulumi.String("string"),
    	ComplianceCheckTime:                   pulumi.String("string"),
    	CpuUseThreshold:                       pulumi.Int(0),
    	CsrCaAttribute:                        pulumi.String("string"),
    	DailyRestart:                          pulumi.String("string"),
    	DefaultServiceSourcePort:              pulumi.String("string"),
    	DeviceIdentificationActiveScanDelay:   pulumi.Int(0),
    	DeviceIdleTimeout:                     pulumi.Int(0),
    	DhParams:                              pulumi.String("string"),
    	DhcpLeaseBackupInterval:               pulumi.Int(0),
    	DnsproxyWorkerCount:                   pulumi.Int(0),
    	Dst:                                   pulumi.String("string"),
    	DynamicSortSubtable:                   pulumi.String("string"),
    	EarlyTcpNpuSession:                    pulumi.String("string"),
    	EditVdomPrompt:                        pulumi.String("string"),
    	EndpointControlFdsAccess:              pulumi.String("string"),
    	EndpointControlPortalPort:             pulumi.Int(0),
    	ExtenderControllerReservedNetwork:     pulumi.String("string"),
    	Failtime:                              pulumi.Int(0),
    	FazDiskBufferSize:                     pulumi.Int(0),
    	FdsStatistics:                         pulumi.String("string"),
    	FdsStatisticsPeriod:                   pulumi.Int(0),
    	FecPort:                               pulumi.Int(0),
    	FgdAlertSubscription:                  pulumi.String("string"),
    	ForticonverterConfigUpload:            pulumi.String("string"),
    	ForticonverterIntegration:             pulumi.String("string"),
    	Fortiextender:                         pulumi.String("string"),
    	FortiextenderDataPort:                 pulumi.Int(0),
    	FortiextenderDiscoveryLockdown:        pulumi.String("string"),
    	FortiextenderProvisionOnAuthorization: pulumi.String("string"),
    	FortiextenderVlanMode:                 pulumi.String("string"),
    	FortigslbIntegration:                  pulumi.String("string"),
    	FortiipamIntegration:                  pulumi.String("string"),
    	FortiservicePort:                      pulumi.Int(0),
    	FortitokenCloud:                       pulumi.String("string"),
    	FortitokenCloudPushStatus:             pulumi.String("string"),
    	FortitokenCloudSyncInterval:           pulumi.Int(0),
    	GetAllTables:                          pulumi.String("string"),
    	GuiAllowDefaultHostname:               pulumi.String("string"),
    	GuiAllowIncompatibleFabricFgt:         pulumi.String("string"),
    	GuiAppDetectionSdwan:                  pulumi.String("string"),
    	GuiAutoUpgradeSetupWarning:            pulumi.String("string"),
    	GuiCdnDomainOverride:                  pulumi.String("string"),
    	GuiCdnUsage:                           pulumi.String("string"),
    	GuiCertificates:                       pulumi.String("string"),
    	GuiCustomLanguage:                     pulumi.String("string"),
    	GuiDateFormat:                         pulumi.String("string"),
    	GuiDateTimeSource:                     pulumi.String("string"),
    	GuiDeviceLatitude:                     pulumi.String("string"),
    	GuiDeviceLongitude:                    pulumi.String("string"),
    	GuiDisplayHostname:                    pulumi.String("string"),
    	GuiFirmwareUpgradeSetupWarning:        pulumi.String("string"),
    	GuiFirmwareUpgradeWarning:             pulumi.String("string"),
    	GuiForticareRegistrationSetupWarning:  pulumi.String("string"),
    	GuiFortigateCloudSandbox:              pulumi.String("string"),
    	GuiFortiguardResourceFetch:            pulumi.String("string"),
    	GuiFortisandboxCloud:                  pulumi.String("string"),
    	GuiIpv6:                               pulumi.String("string"),
    	GuiLinesPerPage:                       pulumi.Int(0),
    	GuiLocalOut:                           pulumi.String("string"),
    	GuiReplacementMessageGroups:           pulumi.String("string"),
    	GuiRestApiCache:                       pulumi.String("string"),
    	GuiTheme:                              pulumi.String("string"),
    	GuiWirelessOpensecurity:               pulumi.String("string"),
    	GuiWorkflowManagement:                 pulumi.String("string"),
    	HaAffinity:                            pulumi.String("string"),
    	HonorDf:                               pulumi.String("string"),
    	Hostname:                              pulumi.String("string"),
    	IgmpStateLimit:                        pulumi.Int(0),
    	IkeEmbryonicLimit:                     pulumi.Int(0),
    	InterfaceSubnetUsage:                  pulumi.String("string"),
    	InternetServiceDatabase:               pulumi.String("string"),
    	InternetServiceDownloadLists: system.GlobalInternetServiceDownloadListArray{
    		&system.GlobalInternetServiceDownloadListArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	Interval:                          pulumi.Int(0),
    	IpFragmentMemThresholds:           pulumi.Int(0),
    	IpSrcPortRange:                    pulumi.String("string"),
    	IpsAffinity:                       pulumi.String("string"),
    	IpsecAsicOffload:                  pulumi.String("string"),
    	IpsecHaSeqjumpRate:                pulumi.Int(0),
    	IpsecHmacOffload:                  pulumi.String("string"),
    	IpsecQatOffload:                   pulumi.String("string"),
    	IpsecRoundRobin:                   pulumi.String("string"),
    	IpsecSoftDecAsync:                 pulumi.String("string"),
    	Ipv6AcceptDad:                     pulumi.Int(0),
    	Ipv6AllowAnycastProbe:             pulumi.String("string"),
    	Ipv6AllowLocalInSilentDrop:        pulumi.String("string"),
    	Ipv6AllowLocalInSlientDrop:        pulumi.String("string"),
    	Ipv6AllowMulticastProbe:           pulumi.String("string"),
    	Ipv6AllowTrafficRedirect:          pulumi.String("string"),
    	IrqTimeAccounting:                 pulumi.String("string"),
    	Language:                          pulumi.String("string"),
    	Ldapconntimeout:                   pulumi.Int(0),
    	LldpReception:                     pulumi.String("string"),
    	LldpTransmission:                  pulumi.String("string"),
    	LogSingleCpuHigh:                  pulumi.String("string"),
    	LogSslConnection:                  pulumi.String("string"),
    	LogUuidAddress:                    pulumi.String("string"),
    	LogUuidPolicy:                     pulumi.String("string"),
    	LoginTimestamp:                    pulumi.String("string"),
    	LongVdomName:                      pulumi.String("string"),
    	ManagementIp:                      pulumi.String("string"),
    	ManagementPort:                    pulumi.Int(0),
    	ManagementPortUseAdminSport:       pulumi.String("string"),
    	ManagementVdom:                    pulumi.String("string"),
    	MaxDlpstatMemory:                  pulumi.Int(0),
    	MaxRouteCacheSize:                 pulumi.Int(0),
    	McTtlNotchange:                    pulumi.String("string"),
    	MemoryUseThresholdExtreme:         pulumi.Int(0),
    	MemoryUseThresholdGreen:           pulumi.Int(0),
    	MemoryUseThresholdRed:             pulumi.Int(0),
    	MiglogAffinity:                    pulumi.String("string"),
    	MiglogdChildren:                   pulumi.Int(0),
    	MultiFactorAuthentication:         pulumi.String("string"),
    	MulticastForward:                  pulumi.String("string"),
    	NdpMaxEntry:                       pulumi.Int(0),
    	NpuNeighborUpdate:                 pulumi.String("string"),
    	PerUserBal:                        pulumi.String("string"),
    	PerUserBwl:                        pulumi.String("string"),
    	PmtuDiscovery:                     pulumi.String("string"),
    	PolicyAuthConcurrent:              pulumi.Int(0),
    	PostLoginBanner:                   pulumi.String("string"),
    	PreLoginBanner:                    pulumi.String("string"),
    	PrivateDataEncryption:             pulumi.String("string"),
    	ProxyAuthLifetime:                 pulumi.String("string"),
    	ProxyAuthLifetimeTimeout:          pulumi.Int(0),
    	ProxyAuthTimeout:                  pulumi.Int(0),
    	ProxyCertUseMgmtVdom:              pulumi.String("string"),
    	ProxyCipherHardwareAcceleration:   pulumi.String("string"),
    	ProxyHardwareAcceleration:         pulumi.String("string"),
    	ProxyKeepAliveMode:                pulumi.String("string"),
    	ProxyKxpHardwareAcceleration:      pulumi.String("string"),
    	ProxyReAuthenticationMode:         pulumi.String("string"),
    	ProxyReAuthenticationTime:         pulumi.Int(0),
    	ProxyResourceMode:                 pulumi.String("string"),
    	ProxyWorkerCount:                  pulumi.Int(0),
    	PurdueLevel:                       pulumi.String("string"),
    	QuicAckThresold:                   pulumi.Int(0),
    	QuicCongestionControlAlgo:         pulumi.String("string"),
    	QuicMaxDatagramSize:               pulumi.Int(0),
    	QuicPmtud:                         pulumi.String("string"),
    	QuicTlsHandshakeTimeout:           pulumi.Int(0),
    	QuicUdpPayloadSizeShapingPerCid:   pulumi.String("string"),
    	RadiusPort:                        pulumi.Int(0),
    	RebootUponConfigRestore:           pulumi.String("string"),
    	Refresh:                           pulumi.Int(0),
    	Remoteauthtimeout:                 pulumi.Int(0),
    	ResetSessionlessTcp:               pulumi.String("string"),
    	RestartTime:                       pulumi.String("string"),
    	RevisionBackupOnLogout:            pulumi.String("string"),
    	RevisionImageAutoBackup:           pulumi.String("string"),
    	ScanunitCount:                     pulumi.Int(0),
    	SecurityRatingResultSubmission:    pulumi.String("string"),
    	SecurityRatingRunOnSchedule:       pulumi.String("string"),
    	SendPmtuIcmp:                      pulumi.String("string"),
    	SflowdMaxChildrenNum:              pulumi.Int(0),
    	SnatRouteChange:                   pulumi.String("string"),
    	SpecialFile23Support:              pulumi.String("string"),
    	SpeedtestServer:                   pulumi.String("string"),
    	SpeedtestdCtrlPort:                pulumi.Int(0),
    	SpeedtestdServerPort:              pulumi.Int(0),
    	SplitPort:                         pulumi.String("string"),
    	SsdTrimDate:                       pulumi.Int(0),
    	SsdTrimFreq:                       pulumi.String("string"),
    	SsdTrimHour:                       pulumi.Int(0),
    	SsdTrimMin:                        pulumi.Int(0),
    	SsdTrimWeekday:                    pulumi.String("string"),
    	SshCbcCipher:                      pulumi.String("string"),
    	SshEncAlgo:                        pulumi.String("string"),
    	SshHmacMd5:                        pulumi.String("string"),
    	SshHostkey:                        pulumi.String("string"),
    	SshHostkeyAlgo:                    pulumi.String("string"),
    	SshHostkeyOverride:                pulumi.String("string"),
    	SshHostkeyPassword:                pulumi.String("string"),
    	SshKexAlgo:                        pulumi.String("string"),
    	SshKexSha1:                        pulumi.String("string"),
    	SshMacAlgo:                        pulumi.String("string"),
    	SshMacWeak:                        pulumi.String("string"),
    	SslMinProtoVersion:                pulumi.String("string"),
    	SslStaticKeyCiphers:               pulumi.String("string"),
    	SslvpnCipherHardwareAcceleration:  pulumi.String("string"),
    	SslvpnEmsSnCheck:                  pulumi.String("string"),
    	SslvpnKxpHardwareAcceleration:     pulumi.String("string"),
    	SslvpnMaxWorkerCount:              pulumi.Int(0),
    	SslvpnPluginVersionCheck:          pulumi.String("string"),
    	SslvpnWebMode:                     pulumi.String("string"),
    	StrictDirtySessionCheck:           pulumi.String("string"),
    	StrongCrypto:                      pulumi.String("string"),
    	SwitchController:                  pulumi.String("string"),
    	SwitchControllerReservedNetwork:   pulumi.String("string"),
    	SysPerfLogInterval:                pulumi.Int(0),
    	SyslogAffinity:                    pulumi.String("string"),
    	TcpHalfcloseTimer:                 pulumi.Int(0),
    	TcpHalfopenTimer:                  pulumi.Int(0),
    	TcpOption:                         pulumi.String("string"),
    	TcpRstTimer:                       pulumi.Int(0),
    	TcpTimewaitTimer:                  pulumi.Int(0),
    	Tftp:                              pulumi.String("string"),
    	Timezone:                          pulumi.String("string"),
    	TpMcSkipPolicy:                    pulumi.String("string"),
    	TrafficPriority:                   pulumi.String("string"),
    	TrafficPriorityLevel:              pulumi.String("string"),
    	TwoFactorEmailExpiry:              pulumi.Int(0),
    	TwoFactorFacExpiry:                pulumi.Int(0),
    	TwoFactorFtkExpiry:                pulumi.Int(0),
    	TwoFactorFtmExpiry:                pulumi.Int(0),
    	TwoFactorSmsExpiry:                pulumi.Int(0),
    	UdpIdleTimer:                      pulumi.Int(0),
    	UrlFilterAffinity:                 pulumi.String("string"),
    	UrlFilterCount:                    pulumi.Int(0),
    	UserDeviceStoreMaxDevices:         pulumi.Int(0),
    	UserDeviceStoreMaxUnifiedMem:      pulumi.Int(0),
    	UserDeviceStoreMaxUsers:           pulumi.Int(0),
    	UserServerCert:                    pulumi.String("string"),
    	VdomAdmin:                         pulumi.String("string"),
    	VdomMode:                          pulumi.String("string"),
    	Vdomparam:                         pulumi.String("string"),
    	VipArpRange:                       pulumi.String("string"),
    	VirtualServerCount:                pulumi.Int(0),
    	VirtualServerHardwareAcceleration: pulumi.String("string"),
    	VirtualSwitchVlan:                 pulumi.String("string"),
    	VpnEmsSnCheck:                     pulumi.String("string"),
    	WadAffinity:                       pulumi.String("string"),
    	WadCsvcCsCount:                    pulumi.Int(0),
    	WadCsvcDbCount:                    pulumi.Int(0),
    	WadMemoryChangeGranularity:        pulumi.Int(0),
    	WadRestartEndTime:                 pulumi.String("string"),
    	WadRestartMode:                    pulumi.String("string"),
    	WadRestartStartTime:               pulumi.String("string"),
    	WadSourceAffinity:                 pulumi.String("string"),
    	WadWorkerCount:                    pulumi.Int(0),
    	WifiCaCertificate:                 pulumi.String("string"),
    	WifiCertificate:                   pulumi.String("string"),
    	Wimax4gUsb:                        pulumi.String("string"),
    	WirelessController:                pulumi.String("string"),
    	WirelessControllerPort:            pulumi.Int(0),
    })
    
    var exampleglobalResourceResourceFromSystemglobal = new Global("exampleglobalResourceResourceFromSystemglobal", GlobalArgs.builder()
        .adminConcurrent("string")
        .adminConsoleTimeout(0)
        .adminForticloudSsoDefaultProfile("string")
        .adminForticloudSsoLogin("string")
        .adminHost("string")
        .adminHstsMaxAge(0)
        .adminHttpsPkiRequired("string")
        .adminHttpsRedirect("string")
        .adminHttpsSslBannedCiphers("string")
        .adminHttpsSslCiphersuites("string")
        .adminHttpsSslVersions("string")
        .adminLockoutDuration(0)
        .adminLockoutThreshold(0)
        .adminLoginMax(0)
        .adminMaintainer("string")
        .adminPort(0)
        .adminRestrictLocal("string")
        .adminScp("string")
        .adminServerCert("string")
        .adminSport(0)
        .adminSshGraceTime(0)
        .adminSshPassword("string")
        .adminSshPort(0)
        .adminSshV1("string")
        .adminTelnet("string")
        .adminTelnetPort(0)
        .admintimeout(0)
        .alias("string")
        .allowTrafficRedirect("string")
        .antiReplay("string")
        .arpMaxEntry(0)
        .asymroute("string")
        .authCert("string")
        .authHttpPort(0)
        .authHttpsPort(0)
        .authIkeSamlPort(0)
        .authKeepalive("string")
        .authSessionLimit("string")
        .autoAuthExtensionDevice("string")
        .autorunLogFsck("string")
        .avAffinity("string")
        .avFailopen("string")
        .avFailopenSession("string")
        .batchCmdb("string")
        .bfdAffinity("string")
        .blockSessionTimer(0)
        .brFdbMaxEntry(0)
        .certChainMax(0)
        .cfgRevertTimeout(0)
        .cfgSave("string")
        .checkProtocolHeader("string")
        .checkResetRange("string")
        .cliAuditLog("string")
        .cloudCommunication("string")
        .cltCertReq("string")
        .cmdbsvrAffinity("string")
        .complianceCheck("string")
        .complianceCheckTime("string")
        .cpuUseThreshold(0)
        .csrCaAttribute("string")
        .dailyRestart("string")
        .defaultServiceSourcePort("string")
        .deviceIdentificationActiveScanDelay(0)
        .deviceIdleTimeout(0)
        .dhParams("string")
        .dhcpLeaseBackupInterval(0)
        .dnsproxyWorkerCount(0)
        .dst("string")
        .dynamicSortSubtable("string")
        .earlyTcpNpuSession("string")
        .editVdomPrompt("string")
        .endpointControlFdsAccess("string")
        .endpointControlPortalPort(0)
        .extenderControllerReservedNetwork("string")
        .failtime(0)
        .fazDiskBufferSize(0)
        .fdsStatistics("string")
        .fdsStatisticsPeriod(0)
        .fecPort(0)
        .fgdAlertSubscription("string")
        .forticonverterConfigUpload("string")
        .forticonverterIntegration("string")
        .fortiextender("string")
        .fortiextenderDataPort(0)
        .fortiextenderDiscoveryLockdown("string")
        .fortiextenderProvisionOnAuthorization("string")
        .fortiextenderVlanMode("string")
        .fortigslbIntegration("string")
        .fortiipamIntegration("string")
        .fortiservicePort(0)
        .fortitokenCloud("string")
        .fortitokenCloudPushStatus("string")
        .fortitokenCloudSyncInterval(0)
        .getAllTables("string")
        .guiAllowDefaultHostname("string")
        .guiAllowIncompatibleFabricFgt("string")
        .guiAppDetectionSdwan("string")
        .guiAutoUpgradeSetupWarning("string")
        .guiCdnDomainOverride("string")
        .guiCdnUsage("string")
        .guiCertificates("string")
        .guiCustomLanguage("string")
        .guiDateFormat("string")
        .guiDateTimeSource("string")
        .guiDeviceLatitude("string")
        .guiDeviceLongitude("string")
        .guiDisplayHostname("string")
        .guiFirmwareUpgradeSetupWarning("string")
        .guiFirmwareUpgradeWarning("string")
        .guiForticareRegistrationSetupWarning("string")
        .guiFortigateCloudSandbox("string")
        .guiFortiguardResourceFetch("string")
        .guiFortisandboxCloud("string")
        .guiIpv6("string")
        .guiLinesPerPage(0)
        .guiLocalOut("string")
        .guiReplacementMessageGroups("string")
        .guiRestApiCache("string")
        .guiTheme("string")
        .guiWirelessOpensecurity("string")
        .guiWorkflowManagement("string")
        .haAffinity("string")
        .honorDf("string")
        .hostname("string")
        .igmpStateLimit(0)
        .ikeEmbryonicLimit(0)
        .interfaceSubnetUsage("string")
        .internetServiceDatabase("string")
        .internetServiceDownloadLists(GlobalInternetServiceDownloadListArgs.builder()
            .id(0)
            .build())
        .interval(0)
        .ipFragmentMemThresholds(0)
        .ipSrcPortRange("string")
        .ipsAffinity("string")
        .ipsecAsicOffload("string")
        .ipsecHaSeqjumpRate(0)
        .ipsecHmacOffload("string")
        .ipsecQatOffload("string")
        .ipsecRoundRobin("string")
        .ipsecSoftDecAsync("string")
        .ipv6AcceptDad(0)
        .ipv6AllowAnycastProbe("string")
        .ipv6AllowLocalInSilentDrop("string")
        .ipv6AllowLocalInSlientDrop("string")
        .ipv6AllowMulticastProbe("string")
        .ipv6AllowTrafficRedirect("string")
        .irqTimeAccounting("string")
        .language("string")
        .ldapconntimeout(0)
        .lldpReception("string")
        .lldpTransmission("string")
        .logSingleCpuHigh("string")
        .logSslConnection("string")
        .logUuidAddress("string")
        .logUuidPolicy("string")
        .loginTimestamp("string")
        .longVdomName("string")
        .managementIp("string")
        .managementPort(0)
        .managementPortUseAdminSport("string")
        .managementVdom("string")
        .maxDlpstatMemory(0)
        .maxRouteCacheSize(0)
        .mcTtlNotchange("string")
        .memoryUseThresholdExtreme(0)
        .memoryUseThresholdGreen(0)
        .memoryUseThresholdRed(0)
        .miglogAffinity("string")
        .miglogdChildren(0)
        .multiFactorAuthentication("string")
        .multicastForward("string")
        .ndpMaxEntry(0)
        .npuNeighborUpdate("string")
        .perUserBal("string")
        .perUserBwl("string")
        .pmtuDiscovery("string")
        .policyAuthConcurrent(0)
        .postLoginBanner("string")
        .preLoginBanner("string")
        .privateDataEncryption("string")
        .proxyAuthLifetime("string")
        .proxyAuthLifetimeTimeout(0)
        .proxyAuthTimeout(0)
        .proxyCertUseMgmtVdom("string")
        .proxyCipherHardwareAcceleration("string")
        .proxyHardwareAcceleration("string")
        .proxyKeepAliveMode("string")
        .proxyKxpHardwareAcceleration("string")
        .proxyReAuthenticationMode("string")
        .proxyReAuthenticationTime(0)
        .proxyResourceMode("string")
        .proxyWorkerCount(0)
        .purdueLevel("string")
        .quicAckThresold(0)
        .quicCongestionControlAlgo("string")
        .quicMaxDatagramSize(0)
        .quicPmtud("string")
        .quicTlsHandshakeTimeout(0)
        .quicUdpPayloadSizeShapingPerCid("string")
        .radiusPort(0)
        .rebootUponConfigRestore("string")
        .refresh(0)
        .remoteauthtimeout(0)
        .resetSessionlessTcp("string")
        .restartTime("string")
        .revisionBackupOnLogout("string")
        .revisionImageAutoBackup("string")
        .scanunitCount(0)
        .securityRatingResultSubmission("string")
        .securityRatingRunOnSchedule("string")
        .sendPmtuIcmp("string")
        .sflowdMaxChildrenNum(0)
        .snatRouteChange("string")
        .specialFile23Support("string")
        .speedtestServer("string")
        .speedtestdCtrlPort(0)
        .speedtestdServerPort(0)
        .splitPort("string")
        .ssdTrimDate(0)
        .ssdTrimFreq("string")
        .ssdTrimHour(0)
        .ssdTrimMin(0)
        .ssdTrimWeekday("string")
        .sshCbcCipher("string")
        .sshEncAlgo("string")
        .sshHmacMd5("string")
        .sshHostkey("string")
        .sshHostkeyAlgo("string")
        .sshHostkeyOverride("string")
        .sshHostkeyPassword("string")
        .sshKexAlgo("string")
        .sshKexSha1("string")
        .sshMacAlgo("string")
        .sshMacWeak("string")
        .sslMinProtoVersion("string")
        .sslStaticKeyCiphers("string")
        .sslvpnCipherHardwareAcceleration("string")
        .sslvpnEmsSnCheck("string")
        .sslvpnKxpHardwareAcceleration("string")
        .sslvpnMaxWorkerCount(0)
        .sslvpnPluginVersionCheck("string")
        .sslvpnWebMode("string")
        .strictDirtySessionCheck("string")
        .strongCrypto("string")
        .switchController("string")
        .switchControllerReservedNetwork("string")
        .sysPerfLogInterval(0)
        .syslogAffinity("string")
        .tcpHalfcloseTimer(0)
        .tcpHalfopenTimer(0)
        .tcpOption("string")
        .tcpRstTimer(0)
        .tcpTimewaitTimer(0)
        .tftp("string")
        .timezone("string")
        .tpMcSkipPolicy("string")
        .trafficPriority("string")
        .trafficPriorityLevel("string")
        .twoFactorEmailExpiry(0)
        .twoFactorFacExpiry(0)
        .twoFactorFtkExpiry(0)
        .twoFactorFtmExpiry(0)
        .twoFactorSmsExpiry(0)
        .udpIdleTimer(0)
        .urlFilterAffinity("string")
        .urlFilterCount(0)
        .userDeviceStoreMaxDevices(0)
        .userDeviceStoreMaxUnifiedMem(0)
        .userDeviceStoreMaxUsers(0)
        .userServerCert("string")
        .vdomAdmin("string")
        .vdomMode("string")
        .vdomparam("string")
        .vipArpRange("string")
        .virtualServerCount(0)
        .virtualServerHardwareAcceleration("string")
        .virtualSwitchVlan("string")
        .vpnEmsSnCheck("string")
        .wadAffinity("string")
        .wadCsvcCsCount(0)
        .wadCsvcDbCount(0)
        .wadMemoryChangeGranularity(0)
        .wadRestartEndTime("string")
        .wadRestartMode("string")
        .wadRestartStartTime("string")
        .wadSourceAffinity("string")
        .wadWorkerCount(0)
        .wifiCaCertificate("string")
        .wifiCertificate("string")
        .wimax4gUsb("string")
        .wirelessController("string")
        .wirelessControllerPort(0)
        .build());
    
    exampleglobal_resource_resource_from_systemglobal = fortios.system.Global("exampleglobalResourceResourceFromSystemglobal",
        admin_concurrent="string",
        admin_console_timeout=0,
        admin_forticloud_sso_default_profile="string",
        admin_forticloud_sso_login="string",
        admin_host="string",
        admin_hsts_max_age=0,
        admin_https_pki_required="string",
        admin_https_redirect="string",
        admin_https_ssl_banned_ciphers="string",
        admin_https_ssl_ciphersuites="string",
        admin_https_ssl_versions="string",
        admin_lockout_duration=0,
        admin_lockout_threshold=0,
        admin_login_max=0,
        admin_maintainer="string",
        admin_port=0,
        admin_restrict_local="string",
        admin_scp="string",
        admin_server_cert="string",
        admin_sport=0,
        admin_ssh_grace_time=0,
        admin_ssh_password="string",
        admin_ssh_port=0,
        admin_ssh_v1="string",
        admin_telnet="string",
        admin_telnet_port=0,
        admintimeout=0,
        alias="string",
        allow_traffic_redirect="string",
        anti_replay="string",
        arp_max_entry=0,
        asymroute="string",
        auth_cert="string",
        auth_http_port=0,
        auth_https_port=0,
        auth_ike_saml_port=0,
        auth_keepalive="string",
        auth_session_limit="string",
        auto_auth_extension_device="string",
        autorun_log_fsck="string",
        av_affinity="string",
        av_failopen="string",
        av_failopen_session="string",
        batch_cmdb="string",
        bfd_affinity="string",
        block_session_timer=0,
        br_fdb_max_entry=0,
        cert_chain_max=0,
        cfg_revert_timeout=0,
        cfg_save="string",
        check_protocol_header="string",
        check_reset_range="string",
        cli_audit_log="string",
        cloud_communication="string",
        clt_cert_req="string",
        cmdbsvr_affinity="string",
        compliance_check="string",
        compliance_check_time="string",
        cpu_use_threshold=0,
        csr_ca_attribute="string",
        daily_restart="string",
        default_service_source_port="string",
        device_identification_active_scan_delay=0,
        device_idle_timeout=0,
        dh_params="string",
        dhcp_lease_backup_interval=0,
        dnsproxy_worker_count=0,
        dst="string",
        dynamic_sort_subtable="string",
        early_tcp_npu_session="string",
        edit_vdom_prompt="string",
        endpoint_control_fds_access="string",
        endpoint_control_portal_port=0,
        extender_controller_reserved_network="string",
        failtime=0,
        faz_disk_buffer_size=0,
        fds_statistics="string",
        fds_statistics_period=0,
        fec_port=0,
        fgd_alert_subscription="string",
        forticonverter_config_upload="string",
        forticonverter_integration="string",
        fortiextender="string",
        fortiextender_data_port=0,
        fortiextender_discovery_lockdown="string",
        fortiextender_provision_on_authorization="string",
        fortiextender_vlan_mode="string",
        fortigslb_integration="string",
        fortiipam_integration="string",
        fortiservice_port=0,
        fortitoken_cloud="string",
        fortitoken_cloud_push_status="string",
        fortitoken_cloud_sync_interval=0,
        get_all_tables="string",
        gui_allow_default_hostname="string",
        gui_allow_incompatible_fabric_fgt="string",
        gui_app_detection_sdwan="string",
        gui_auto_upgrade_setup_warning="string",
        gui_cdn_domain_override="string",
        gui_cdn_usage="string",
        gui_certificates="string",
        gui_custom_language="string",
        gui_date_format="string",
        gui_date_time_source="string",
        gui_device_latitude="string",
        gui_device_longitude="string",
        gui_display_hostname="string",
        gui_firmware_upgrade_setup_warning="string",
        gui_firmware_upgrade_warning="string",
        gui_forticare_registration_setup_warning="string",
        gui_fortigate_cloud_sandbox="string",
        gui_fortiguard_resource_fetch="string",
        gui_fortisandbox_cloud="string",
        gui_ipv6="string",
        gui_lines_per_page=0,
        gui_local_out="string",
        gui_replacement_message_groups="string",
        gui_rest_api_cache="string",
        gui_theme="string",
        gui_wireless_opensecurity="string",
        gui_workflow_management="string",
        ha_affinity="string",
        honor_df="string",
        hostname="string",
        igmp_state_limit=0,
        ike_embryonic_limit=0,
        interface_subnet_usage="string",
        internet_service_database="string",
        internet_service_download_lists=[{
            "id": 0,
        }],
        interval=0,
        ip_fragment_mem_thresholds=0,
        ip_src_port_range="string",
        ips_affinity="string",
        ipsec_asic_offload="string",
        ipsec_ha_seqjump_rate=0,
        ipsec_hmac_offload="string",
        ipsec_qat_offload="string",
        ipsec_round_robin="string",
        ipsec_soft_dec_async="string",
        ipv6_accept_dad=0,
        ipv6_allow_anycast_probe="string",
        ipv6_allow_local_in_silent_drop="string",
        ipv6_allow_local_in_slient_drop="string",
        ipv6_allow_multicast_probe="string",
        ipv6_allow_traffic_redirect="string",
        irq_time_accounting="string",
        language="string",
        ldapconntimeout=0,
        lldp_reception="string",
        lldp_transmission="string",
        log_single_cpu_high="string",
        log_ssl_connection="string",
        log_uuid_address="string",
        log_uuid_policy="string",
        login_timestamp="string",
        long_vdom_name="string",
        management_ip="string",
        management_port=0,
        management_port_use_admin_sport="string",
        management_vdom="string",
        max_dlpstat_memory=0,
        max_route_cache_size=0,
        mc_ttl_notchange="string",
        memory_use_threshold_extreme=0,
        memory_use_threshold_green=0,
        memory_use_threshold_red=0,
        miglog_affinity="string",
        miglogd_children=0,
        multi_factor_authentication="string",
        multicast_forward="string",
        ndp_max_entry=0,
        npu_neighbor_update="string",
        per_user_bal="string",
        per_user_bwl="string",
        pmtu_discovery="string",
        policy_auth_concurrent=0,
        post_login_banner="string",
        pre_login_banner="string",
        private_data_encryption="string",
        proxy_auth_lifetime="string",
        proxy_auth_lifetime_timeout=0,
        proxy_auth_timeout=0,
        proxy_cert_use_mgmt_vdom="string",
        proxy_cipher_hardware_acceleration="string",
        proxy_hardware_acceleration="string",
        proxy_keep_alive_mode="string",
        proxy_kxp_hardware_acceleration="string",
        proxy_re_authentication_mode="string",
        proxy_re_authentication_time=0,
        proxy_resource_mode="string",
        proxy_worker_count=0,
        purdue_level="string",
        quic_ack_thresold=0,
        quic_congestion_control_algo="string",
        quic_max_datagram_size=0,
        quic_pmtud="string",
        quic_tls_handshake_timeout=0,
        quic_udp_payload_size_shaping_per_cid="string",
        radius_port=0,
        reboot_upon_config_restore="string",
        refresh=0,
        remoteauthtimeout=0,
        reset_sessionless_tcp="string",
        restart_time="string",
        revision_backup_on_logout="string",
        revision_image_auto_backup="string",
        scanunit_count=0,
        security_rating_result_submission="string",
        security_rating_run_on_schedule="string",
        send_pmtu_icmp="string",
        sflowd_max_children_num=0,
        snat_route_change="string",
        special_file23_support="string",
        speedtest_server="string",
        speedtestd_ctrl_port=0,
        speedtestd_server_port=0,
        split_port="string",
        ssd_trim_date=0,
        ssd_trim_freq="string",
        ssd_trim_hour=0,
        ssd_trim_min=0,
        ssd_trim_weekday="string",
        ssh_cbc_cipher="string",
        ssh_enc_algo="string",
        ssh_hmac_md5="string",
        ssh_hostkey="string",
        ssh_hostkey_algo="string",
        ssh_hostkey_override="string",
        ssh_hostkey_password="string",
        ssh_kex_algo="string",
        ssh_kex_sha1="string",
        ssh_mac_algo="string",
        ssh_mac_weak="string",
        ssl_min_proto_version="string",
        ssl_static_key_ciphers="string",
        sslvpn_cipher_hardware_acceleration="string",
        sslvpn_ems_sn_check="string",
        sslvpn_kxp_hardware_acceleration="string",
        sslvpn_max_worker_count=0,
        sslvpn_plugin_version_check="string",
        sslvpn_web_mode="string",
        strict_dirty_session_check="string",
        strong_crypto="string",
        switch_controller="string",
        switch_controller_reserved_network="string",
        sys_perf_log_interval=0,
        syslog_affinity="string",
        tcp_halfclose_timer=0,
        tcp_halfopen_timer=0,
        tcp_option="string",
        tcp_rst_timer=0,
        tcp_timewait_timer=0,
        tftp="string",
        timezone="string",
        tp_mc_skip_policy="string",
        traffic_priority="string",
        traffic_priority_level="string",
        two_factor_email_expiry=0,
        two_factor_fac_expiry=0,
        two_factor_ftk_expiry=0,
        two_factor_ftm_expiry=0,
        two_factor_sms_expiry=0,
        udp_idle_timer=0,
        url_filter_affinity="string",
        url_filter_count=0,
        user_device_store_max_devices=0,
        user_device_store_max_unified_mem=0,
        user_device_store_max_users=0,
        user_server_cert="string",
        vdom_admin="string",
        vdom_mode="string",
        vdomparam="string",
        vip_arp_range="string",
        virtual_server_count=0,
        virtual_server_hardware_acceleration="string",
        virtual_switch_vlan="string",
        vpn_ems_sn_check="string",
        wad_affinity="string",
        wad_csvc_cs_count=0,
        wad_csvc_db_count=0,
        wad_memory_change_granularity=0,
        wad_restart_end_time="string",
        wad_restart_mode="string",
        wad_restart_start_time="string",
        wad_source_affinity="string",
        wad_worker_count=0,
        wifi_ca_certificate="string",
        wifi_certificate="string",
        wimax4g_usb="string",
        wireless_controller="string",
        wireless_controller_port=0)
    
    const exampleglobalResourceResourceFromSystemglobal = new fortios.system.Global("exampleglobalResourceResourceFromSystemglobal", {
        adminConcurrent: "string",
        adminConsoleTimeout: 0,
        adminForticloudSsoDefaultProfile: "string",
        adminForticloudSsoLogin: "string",
        adminHost: "string",
        adminHstsMaxAge: 0,
        adminHttpsPkiRequired: "string",
        adminHttpsRedirect: "string",
        adminHttpsSslBannedCiphers: "string",
        adminHttpsSslCiphersuites: "string",
        adminHttpsSslVersions: "string",
        adminLockoutDuration: 0,
        adminLockoutThreshold: 0,
        adminLoginMax: 0,
        adminMaintainer: "string",
        adminPort: 0,
        adminRestrictLocal: "string",
        adminScp: "string",
        adminServerCert: "string",
        adminSport: 0,
        adminSshGraceTime: 0,
        adminSshPassword: "string",
        adminSshPort: 0,
        adminSshV1: "string",
        adminTelnet: "string",
        adminTelnetPort: 0,
        admintimeout: 0,
        alias: "string",
        allowTrafficRedirect: "string",
        antiReplay: "string",
        arpMaxEntry: 0,
        asymroute: "string",
        authCert: "string",
        authHttpPort: 0,
        authHttpsPort: 0,
        authIkeSamlPort: 0,
        authKeepalive: "string",
        authSessionLimit: "string",
        autoAuthExtensionDevice: "string",
        autorunLogFsck: "string",
        avAffinity: "string",
        avFailopen: "string",
        avFailopenSession: "string",
        batchCmdb: "string",
        bfdAffinity: "string",
        blockSessionTimer: 0,
        brFdbMaxEntry: 0,
        certChainMax: 0,
        cfgRevertTimeout: 0,
        cfgSave: "string",
        checkProtocolHeader: "string",
        checkResetRange: "string",
        cliAuditLog: "string",
        cloudCommunication: "string",
        cltCertReq: "string",
        cmdbsvrAffinity: "string",
        complianceCheck: "string",
        complianceCheckTime: "string",
        cpuUseThreshold: 0,
        csrCaAttribute: "string",
        dailyRestart: "string",
        defaultServiceSourcePort: "string",
        deviceIdentificationActiveScanDelay: 0,
        deviceIdleTimeout: 0,
        dhParams: "string",
        dhcpLeaseBackupInterval: 0,
        dnsproxyWorkerCount: 0,
        dst: "string",
        dynamicSortSubtable: "string",
        earlyTcpNpuSession: "string",
        editVdomPrompt: "string",
        endpointControlFdsAccess: "string",
        endpointControlPortalPort: 0,
        extenderControllerReservedNetwork: "string",
        failtime: 0,
        fazDiskBufferSize: 0,
        fdsStatistics: "string",
        fdsStatisticsPeriod: 0,
        fecPort: 0,
        fgdAlertSubscription: "string",
        forticonverterConfigUpload: "string",
        forticonverterIntegration: "string",
        fortiextender: "string",
        fortiextenderDataPort: 0,
        fortiextenderDiscoveryLockdown: "string",
        fortiextenderProvisionOnAuthorization: "string",
        fortiextenderVlanMode: "string",
        fortigslbIntegration: "string",
        fortiipamIntegration: "string",
        fortiservicePort: 0,
        fortitokenCloud: "string",
        fortitokenCloudPushStatus: "string",
        fortitokenCloudSyncInterval: 0,
        getAllTables: "string",
        guiAllowDefaultHostname: "string",
        guiAllowIncompatibleFabricFgt: "string",
        guiAppDetectionSdwan: "string",
        guiAutoUpgradeSetupWarning: "string",
        guiCdnDomainOverride: "string",
        guiCdnUsage: "string",
        guiCertificates: "string",
        guiCustomLanguage: "string",
        guiDateFormat: "string",
        guiDateTimeSource: "string",
        guiDeviceLatitude: "string",
        guiDeviceLongitude: "string",
        guiDisplayHostname: "string",
        guiFirmwareUpgradeSetupWarning: "string",
        guiFirmwareUpgradeWarning: "string",
        guiForticareRegistrationSetupWarning: "string",
        guiFortigateCloudSandbox: "string",
        guiFortiguardResourceFetch: "string",
        guiFortisandboxCloud: "string",
        guiIpv6: "string",
        guiLinesPerPage: 0,
        guiLocalOut: "string",
        guiReplacementMessageGroups: "string",
        guiRestApiCache: "string",
        guiTheme: "string",
        guiWirelessOpensecurity: "string",
        guiWorkflowManagement: "string",
        haAffinity: "string",
        honorDf: "string",
        hostname: "string",
        igmpStateLimit: 0,
        ikeEmbryonicLimit: 0,
        interfaceSubnetUsage: "string",
        internetServiceDatabase: "string",
        internetServiceDownloadLists: [{
            id: 0,
        }],
        interval: 0,
        ipFragmentMemThresholds: 0,
        ipSrcPortRange: "string",
        ipsAffinity: "string",
        ipsecAsicOffload: "string",
        ipsecHaSeqjumpRate: 0,
        ipsecHmacOffload: "string",
        ipsecQatOffload: "string",
        ipsecRoundRobin: "string",
        ipsecSoftDecAsync: "string",
        ipv6AcceptDad: 0,
        ipv6AllowAnycastProbe: "string",
        ipv6AllowLocalInSilentDrop: "string",
        ipv6AllowLocalInSlientDrop: "string",
        ipv6AllowMulticastProbe: "string",
        ipv6AllowTrafficRedirect: "string",
        irqTimeAccounting: "string",
        language: "string",
        ldapconntimeout: 0,
        lldpReception: "string",
        lldpTransmission: "string",
        logSingleCpuHigh: "string",
        logSslConnection: "string",
        logUuidAddress: "string",
        logUuidPolicy: "string",
        loginTimestamp: "string",
        longVdomName: "string",
        managementIp: "string",
        managementPort: 0,
        managementPortUseAdminSport: "string",
        managementVdom: "string",
        maxDlpstatMemory: 0,
        maxRouteCacheSize: 0,
        mcTtlNotchange: "string",
        memoryUseThresholdExtreme: 0,
        memoryUseThresholdGreen: 0,
        memoryUseThresholdRed: 0,
        miglogAffinity: "string",
        miglogdChildren: 0,
        multiFactorAuthentication: "string",
        multicastForward: "string",
        ndpMaxEntry: 0,
        npuNeighborUpdate: "string",
        perUserBal: "string",
        perUserBwl: "string",
        pmtuDiscovery: "string",
        policyAuthConcurrent: 0,
        postLoginBanner: "string",
        preLoginBanner: "string",
        privateDataEncryption: "string",
        proxyAuthLifetime: "string",
        proxyAuthLifetimeTimeout: 0,
        proxyAuthTimeout: 0,
        proxyCertUseMgmtVdom: "string",
        proxyCipherHardwareAcceleration: "string",
        proxyHardwareAcceleration: "string",
        proxyKeepAliveMode: "string",
        proxyKxpHardwareAcceleration: "string",
        proxyReAuthenticationMode: "string",
        proxyReAuthenticationTime: 0,
        proxyResourceMode: "string",
        proxyWorkerCount: 0,
        purdueLevel: "string",
        quicAckThresold: 0,
        quicCongestionControlAlgo: "string",
        quicMaxDatagramSize: 0,
        quicPmtud: "string",
        quicTlsHandshakeTimeout: 0,
        quicUdpPayloadSizeShapingPerCid: "string",
        radiusPort: 0,
        rebootUponConfigRestore: "string",
        refresh: 0,
        remoteauthtimeout: 0,
        resetSessionlessTcp: "string",
        restartTime: "string",
        revisionBackupOnLogout: "string",
        revisionImageAutoBackup: "string",
        scanunitCount: 0,
        securityRatingResultSubmission: "string",
        securityRatingRunOnSchedule: "string",
        sendPmtuIcmp: "string",
        sflowdMaxChildrenNum: 0,
        snatRouteChange: "string",
        specialFile23Support: "string",
        speedtestServer: "string",
        speedtestdCtrlPort: 0,
        speedtestdServerPort: 0,
        splitPort: "string",
        ssdTrimDate: 0,
        ssdTrimFreq: "string",
        ssdTrimHour: 0,
        ssdTrimMin: 0,
        ssdTrimWeekday: "string",
        sshCbcCipher: "string",
        sshEncAlgo: "string",
        sshHmacMd5: "string",
        sshHostkey: "string",
        sshHostkeyAlgo: "string",
        sshHostkeyOverride: "string",
        sshHostkeyPassword: "string",
        sshKexAlgo: "string",
        sshKexSha1: "string",
        sshMacAlgo: "string",
        sshMacWeak: "string",
        sslMinProtoVersion: "string",
        sslStaticKeyCiphers: "string",
        sslvpnCipherHardwareAcceleration: "string",
        sslvpnEmsSnCheck: "string",
        sslvpnKxpHardwareAcceleration: "string",
        sslvpnMaxWorkerCount: 0,
        sslvpnPluginVersionCheck: "string",
        sslvpnWebMode: "string",
        strictDirtySessionCheck: "string",
        strongCrypto: "string",
        switchController: "string",
        switchControllerReservedNetwork: "string",
        sysPerfLogInterval: 0,
        syslogAffinity: "string",
        tcpHalfcloseTimer: 0,
        tcpHalfopenTimer: 0,
        tcpOption: "string",
        tcpRstTimer: 0,
        tcpTimewaitTimer: 0,
        tftp: "string",
        timezone: "string",
        tpMcSkipPolicy: "string",
        trafficPriority: "string",
        trafficPriorityLevel: "string",
        twoFactorEmailExpiry: 0,
        twoFactorFacExpiry: 0,
        twoFactorFtkExpiry: 0,
        twoFactorFtmExpiry: 0,
        twoFactorSmsExpiry: 0,
        udpIdleTimer: 0,
        urlFilterAffinity: "string",
        urlFilterCount: 0,
        userDeviceStoreMaxDevices: 0,
        userDeviceStoreMaxUnifiedMem: 0,
        userDeviceStoreMaxUsers: 0,
        userServerCert: "string",
        vdomAdmin: "string",
        vdomMode: "string",
        vdomparam: "string",
        vipArpRange: "string",
        virtualServerCount: 0,
        virtualServerHardwareAcceleration: "string",
        virtualSwitchVlan: "string",
        vpnEmsSnCheck: "string",
        wadAffinity: "string",
        wadCsvcCsCount: 0,
        wadCsvcDbCount: 0,
        wadMemoryChangeGranularity: 0,
        wadRestartEndTime: "string",
        wadRestartMode: "string",
        wadRestartStartTime: "string",
        wadSourceAffinity: "string",
        wadWorkerCount: 0,
        wifiCaCertificate: "string",
        wifiCertificate: "string",
        wimax4gUsb: "string",
        wirelessController: "string",
        wirelessControllerPort: 0,
    });
    
    type: fortios:system:Global
    properties:
        adminConcurrent: string
        adminConsoleTimeout: 0
        adminForticloudSsoDefaultProfile: string
        adminForticloudSsoLogin: string
        adminHost: string
        adminHstsMaxAge: 0
        adminHttpsPkiRequired: string
        adminHttpsRedirect: string
        adminHttpsSslBannedCiphers: string
        adminHttpsSslCiphersuites: string
        adminHttpsSslVersions: string
        adminLockoutDuration: 0
        adminLockoutThreshold: 0
        adminLoginMax: 0
        adminMaintainer: string
        adminPort: 0
        adminRestrictLocal: string
        adminScp: string
        adminServerCert: string
        adminSport: 0
        adminSshGraceTime: 0
        adminSshPassword: string
        adminSshPort: 0
        adminSshV1: string
        adminTelnet: string
        adminTelnetPort: 0
        admintimeout: 0
        alias: string
        allowTrafficRedirect: string
        antiReplay: string
        arpMaxEntry: 0
        asymroute: string
        authCert: string
        authHttpPort: 0
        authHttpsPort: 0
        authIkeSamlPort: 0
        authKeepalive: string
        authSessionLimit: string
        autoAuthExtensionDevice: string
        autorunLogFsck: string
        avAffinity: string
        avFailopen: string
        avFailopenSession: string
        batchCmdb: string
        bfdAffinity: string
        blockSessionTimer: 0
        brFdbMaxEntry: 0
        certChainMax: 0
        cfgRevertTimeout: 0
        cfgSave: string
        checkProtocolHeader: string
        checkResetRange: string
        cliAuditLog: string
        cloudCommunication: string
        cltCertReq: string
        cmdbsvrAffinity: string
        complianceCheck: string
        complianceCheckTime: string
        cpuUseThreshold: 0
        csrCaAttribute: string
        dailyRestart: string
        defaultServiceSourcePort: string
        deviceIdentificationActiveScanDelay: 0
        deviceIdleTimeout: 0
        dhParams: string
        dhcpLeaseBackupInterval: 0
        dnsproxyWorkerCount: 0
        dst: string
        dynamicSortSubtable: string
        earlyTcpNpuSession: string
        editVdomPrompt: string
        endpointControlFdsAccess: string
        endpointControlPortalPort: 0
        extenderControllerReservedNetwork: string
        failtime: 0
        fazDiskBufferSize: 0
        fdsStatistics: string
        fdsStatisticsPeriod: 0
        fecPort: 0
        fgdAlertSubscription: string
        forticonverterConfigUpload: string
        forticonverterIntegration: string
        fortiextender: string
        fortiextenderDataPort: 0
        fortiextenderDiscoveryLockdown: string
        fortiextenderProvisionOnAuthorization: string
        fortiextenderVlanMode: string
        fortigslbIntegration: string
        fortiipamIntegration: string
        fortiservicePort: 0
        fortitokenCloud: string
        fortitokenCloudPushStatus: string
        fortitokenCloudSyncInterval: 0
        getAllTables: string
        guiAllowDefaultHostname: string
        guiAllowIncompatibleFabricFgt: string
        guiAppDetectionSdwan: string
        guiAutoUpgradeSetupWarning: string
        guiCdnDomainOverride: string
        guiCdnUsage: string
        guiCertificates: string
        guiCustomLanguage: string
        guiDateFormat: string
        guiDateTimeSource: string
        guiDeviceLatitude: string
        guiDeviceLongitude: string
        guiDisplayHostname: string
        guiFirmwareUpgradeSetupWarning: string
        guiFirmwareUpgradeWarning: string
        guiForticareRegistrationSetupWarning: string
        guiFortigateCloudSandbox: string
        guiFortiguardResourceFetch: string
        guiFortisandboxCloud: string
        guiIpv6: string
        guiLinesPerPage: 0
        guiLocalOut: string
        guiReplacementMessageGroups: string
        guiRestApiCache: string
        guiTheme: string
        guiWirelessOpensecurity: string
        guiWorkflowManagement: string
        haAffinity: string
        honorDf: string
        hostname: string
        igmpStateLimit: 0
        ikeEmbryonicLimit: 0
        interfaceSubnetUsage: string
        internetServiceDatabase: string
        internetServiceDownloadLists:
            - id: 0
        interval: 0
        ipFragmentMemThresholds: 0
        ipSrcPortRange: string
        ipsAffinity: string
        ipsecAsicOffload: string
        ipsecHaSeqjumpRate: 0
        ipsecHmacOffload: string
        ipsecQatOffload: string
        ipsecRoundRobin: string
        ipsecSoftDecAsync: string
        ipv6AcceptDad: 0
        ipv6AllowAnycastProbe: string
        ipv6AllowLocalInSilentDrop: string
        ipv6AllowLocalInSlientDrop: string
        ipv6AllowMulticastProbe: string
        ipv6AllowTrafficRedirect: string
        irqTimeAccounting: string
        language: string
        ldapconntimeout: 0
        lldpReception: string
        lldpTransmission: string
        logSingleCpuHigh: string
        logSslConnection: string
        logUuidAddress: string
        logUuidPolicy: string
        loginTimestamp: string
        longVdomName: string
        managementIp: string
        managementPort: 0
        managementPortUseAdminSport: string
        managementVdom: string
        maxDlpstatMemory: 0
        maxRouteCacheSize: 0
        mcTtlNotchange: string
        memoryUseThresholdExtreme: 0
        memoryUseThresholdGreen: 0
        memoryUseThresholdRed: 0
        miglogAffinity: string
        miglogdChildren: 0
        multiFactorAuthentication: string
        multicastForward: string
        ndpMaxEntry: 0
        npuNeighborUpdate: string
        perUserBal: string
        perUserBwl: string
        pmtuDiscovery: string
        policyAuthConcurrent: 0
        postLoginBanner: string
        preLoginBanner: string
        privateDataEncryption: string
        proxyAuthLifetime: string
        proxyAuthLifetimeTimeout: 0
        proxyAuthTimeout: 0
        proxyCertUseMgmtVdom: string
        proxyCipherHardwareAcceleration: string
        proxyHardwareAcceleration: string
        proxyKeepAliveMode: string
        proxyKxpHardwareAcceleration: string
        proxyReAuthenticationMode: string
        proxyReAuthenticationTime: 0
        proxyResourceMode: string
        proxyWorkerCount: 0
        purdueLevel: string
        quicAckThresold: 0
        quicCongestionControlAlgo: string
        quicMaxDatagramSize: 0
        quicPmtud: string
        quicTlsHandshakeTimeout: 0
        quicUdpPayloadSizeShapingPerCid: string
        radiusPort: 0
        rebootUponConfigRestore: string
        refresh: 0
        remoteauthtimeout: 0
        resetSessionlessTcp: string
        restartTime: string
        revisionBackupOnLogout: string
        revisionImageAutoBackup: string
        scanunitCount: 0
        securityRatingResultSubmission: string
        securityRatingRunOnSchedule: string
        sendPmtuIcmp: string
        sflowdMaxChildrenNum: 0
        snatRouteChange: string
        specialFile23Support: string
        speedtestServer: string
        speedtestdCtrlPort: 0
        speedtestdServerPort: 0
        splitPort: string
        ssdTrimDate: 0
        ssdTrimFreq: string
        ssdTrimHour: 0
        ssdTrimMin: 0
        ssdTrimWeekday: string
        sshCbcCipher: string
        sshEncAlgo: string
        sshHmacMd5: string
        sshHostkey: string
        sshHostkeyAlgo: string
        sshHostkeyOverride: string
        sshHostkeyPassword: string
        sshKexAlgo: string
        sshKexSha1: string
        sshMacAlgo: string
        sshMacWeak: string
        sslMinProtoVersion: string
        sslStaticKeyCiphers: string
        sslvpnCipherHardwareAcceleration: string
        sslvpnEmsSnCheck: string
        sslvpnKxpHardwareAcceleration: string
        sslvpnMaxWorkerCount: 0
        sslvpnPluginVersionCheck: string
        sslvpnWebMode: string
        strictDirtySessionCheck: string
        strongCrypto: string
        switchController: string
        switchControllerReservedNetwork: string
        sysPerfLogInterval: 0
        syslogAffinity: string
        tcpHalfcloseTimer: 0
        tcpHalfopenTimer: 0
        tcpOption: string
        tcpRstTimer: 0
        tcpTimewaitTimer: 0
        tftp: string
        timezone: string
        tpMcSkipPolicy: string
        trafficPriority: string
        trafficPriorityLevel: string
        twoFactorEmailExpiry: 0
        twoFactorFacExpiry: 0
        twoFactorFtkExpiry: 0
        twoFactorFtmExpiry: 0
        twoFactorSmsExpiry: 0
        udpIdleTimer: 0
        urlFilterAffinity: string
        urlFilterCount: 0
        userDeviceStoreMaxDevices: 0
        userDeviceStoreMaxUnifiedMem: 0
        userDeviceStoreMaxUsers: 0
        userServerCert: string
        vdomAdmin: string
        vdomMode: string
        vdomparam: string
        vipArpRange: string
        virtualServerCount: 0
        virtualServerHardwareAcceleration: string
        virtualSwitchVlan: string
        vpnEmsSnCheck: string
        wadAffinity: string
        wadCsvcCsCount: 0
        wadCsvcDbCount: 0
        wadMemoryChangeGranularity: 0
        wadRestartEndTime: string
        wadRestartMode: string
        wadRestartStartTime: string
        wadSourceAffinity: string
        wadWorkerCount: 0
        wifiCaCertificate: string
        wifiCertificate: string
        wimax4gUsb: string
        wirelessController: string
        wirelessControllerPort: 0
    

    Global Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Global resource accepts the following input properties:

    AdminConcurrent string
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    AdminConsoleTimeout int
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    AdminForticloudSsoDefaultProfile string
    Override access profile.
    AdminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    AdminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    AdminHstsMaxAge int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    AdminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    AdminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    AdminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    AdminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    AdminHttpsSslVersions string
    Allowed TLS versions for web administration.
    AdminLockoutDuration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    AdminLockoutThreshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    AdminLoginMax int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    AdminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    AdminPort int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    AdminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    AdminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    AdminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    AdminSport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    AdminSshGraceTime int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    AdminSshPassword string
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    AdminSshPort int
    Administrative access port for SSH. (1 - 65535, default = 22).
    AdminSshV1 string
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    AdminTelnet string
    Enable/disable TELNET service. Valid values: enable, disable.
    AdminTelnetPort int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    Admintimeout int
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    Alias string
    Alias for your FortiGate unit.
    AllowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    AntiReplay string
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    ArpMaxEntry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    Asymroute string
    Enable/disable asymmetric route. Valid values: enable, disable.
    AuthCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    AuthHttpPort int
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    AuthHttpsPort int
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    AuthIkeSamlPort int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    AuthKeepalive string
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    AuthSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    AutoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    AutorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    AvAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    AvFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    AvFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    BatchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    BfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    BlockSessionTimer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    BrFdbMaxEntry int
    Maximum number of bridge forwarding database (FDB) entries.
    CertChainMax int
    Maximum number of certificates that can be traversed in a certificate chain.
    CfgRevertTimeout int
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    CfgSave string
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    CheckProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    CheckResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    CliAuditLog string
    Enable/disable CLI audit log. Valid values: enable, disable.
    CloudCommunication string
    Enable/disable all cloud communication. Valid values: enable, disable.
    CltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    CmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    ComplianceCheck string
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    ComplianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    CpuUseThreshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    CsrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    DailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    DefaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    DeviceIdentificationActiveScanDelay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    DeviceIdleTimeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    DhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    DhcpLeaseBackupInterval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    DnsproxyWorkerCount int
    DNS proxy worker count.
    Dst string
    Enable/disable daylight saving time. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EarlyTcpNpuSession string
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    EditVdomPrompt string
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    EndpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    EndpointControlPortalPort int
    Endpoint control portal port (1 - 65535).
    ExtenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    Failtime int
    Fail-time for server lost.
    FazDiskBufferSize int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    FdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    FdsStatisticsPeriod int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    FecPort int
    Local UDP port for Forward Error Correction (49152 - 65535).
    FgdAlertSubscription string
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    ForticonverterConfigUpload string
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    ForticonverterIntegration string
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    Fortiextender string
    Enable/disable FortiExtender. Valid values: enable, disable.
    FortiextenderDataPort int
    FortiExtender data port (1024 - 49150, default = 25246).
    FortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    FortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    FortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    FortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    FortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    FortiservicePort int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    FortitokenCloud string
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    FortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    FortitokenCloudSyncInterval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    GuiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    GuiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    GuiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    GuiCdnDomainOverride string
    Domain of CDN server.
    GuiCdnUsage string
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    GuiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    GuiCustomLanguage string
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    GuiDateFormat string
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    GuiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    GuiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    GuiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    GuiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    GuiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    GuiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    GuiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    GuiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    GuiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    GuiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    GuiIpv6 string
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    GuiLinesPerPage int
    Number of lines to display per page for web administration.
    GuiLocalOut string
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRestApiCache string
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    GuiTheme string
    Color scheme for the administration GUI.
    GuiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    GuiWorkflowManagement string
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    HaAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    HonorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    Hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    IgmpStateLimit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    IkeEmbryonicLimit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    InterfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    InternetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    InternetServiceDownloadLists List<Pulumiverse.Fortios.System.Inputs.GlobalInternetServiceDownloadList>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    Interval int
    Dead gateway detection interval.
    IpFragmentMemThresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    IpSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    IpsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    IpsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    IpsecHaSeqjumpRate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    IpsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    IpsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    IpsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    IpsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    Ipv6AcceptDad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    Ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    Ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    Ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    IrqTimeAccounting string
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    Language string
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    Ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    LogSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    LogSslConnection string
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    LogUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    LogUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    LoginTimestamp string
    Enable/disable login time recording. Valid values: enable, disable.
    LongVdomName string
    Enable/disable long VDOM name support. Valid values: enable, disable.
    ManagementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    ManagementPort int
    Overriding port for management connection (Overrides admin port).
    ManagementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    ManagementVdom string
    Management virtual domain name.
    MaxDlpstatMemory int
    Maximum DLP stat memory (0 - 4294967295).
    MaxRouteCacheSize int
    Maximum number of IP route cache entries (0 - 2147483647).
    McTtlNotchange string
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    MemoryUseThresholdExtreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    MemoryUseThresholdGreen int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    MemoryUseThresholdRed int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    MiglogAffinity string
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    MiglogdChildren int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    MultiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    NdpMaxEntry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    NpuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    PerUserBal string
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    PerUserBwl string
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    PmtuDiscovery string
    Enable/disable path MTU discovery. Valid values: enable, disable.
    PolicyAuthConcurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    PostLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    PreLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    PrivateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    ProxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    ProxyAuthLifetimeTimeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    ProxyAuthTimeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    ProxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    ProxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    ProxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    ProxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    ProxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    ProxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    ProxyReAuthenticationTime int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    ProxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    ProxyWorkerCount int
    Proxy worker count.
    PurdueLevel string
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    QuicAckThresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    QuicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    QuicMaxDatagramSize int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    QuicPmtud string
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    QuicTlsHandshakeTimeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    QuicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    RebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    Refresh int
    Statistics refresh interval second(s) in GUI.
    Remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    ResetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    RestartTime string
    Daily restart time (hh:mm).
    RevisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    RevisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    ScanunitCount int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    SecurityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    SecurityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    SendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    SflowdMaxChildrenNum int
    Maximum number of sflowd child processes allowed to run.
    SnatRouteChange string
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    SpecialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    SpeedtestServer string
    Enable/disable speed test server. Valid values: enable, disable.
    SpeedtestdCtrlPort int
    Speedtest server controller port number.
    SpeedtestdServerPort int
    Speedtest server port number.
    SplitPort string
    Split port(s) to multiple 10Gbps ports.
    SsdTrimDate int
    Date within a month to run ssd trim.
    SsdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    SsdTrimHour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    SsdTrimMin int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    SsdTrimWeekday string
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    SshCbcCipher string
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    SshEncAlgo string
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    SshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    SshHostkey string
    Config SSH host key.
    SshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    SshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    SshHostkeyPassword string
    Password for ssh-hostkey.
    SshKexAlgo string
    Select one or more SSH kex algorithms.
    SshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    SshMacAlgo string
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    SshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    SslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    SslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    SslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    SslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    SslvpnMaxWorkerCount int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    SslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    SslvpnWebMode string
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    StrictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    StrongCrypto string
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    SwitchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    SwitchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    SysPerfLogInterval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    SyslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    TcpHalfcloseTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    TcpHalfopenTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    TcpOption string
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    TcpRstTimer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    TcpTimewaitTimer int
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    Tftp string
    Enable/disable TFTP. Valid values: enable, disable.
    Timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    TpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    TrafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    TrafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    TwoFactorEmailExpiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    TwoFactorFacExpiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    TwoFactorFtkExpiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    TwoFactorFtmExpiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    TwoFactorSmsExpiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    UdpIdleTimer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    UrlFilterAffinity string
    URL filter CPU affinity.
    UrlFilterCount int
    URL filter daemon count.
    UserDeviceStoreMaxDevices int
    Maximum number of devices allowed in user device store.
    UserDeviceStoreMaxUnifiedMem int
    Maximum unified memory allowed in user device store.
    UserDeviceStoreMaxUsers int
    Maximum number of users allowed in user device store.
    UserServerCert string
    Certificate to use for https user authentication.
    VdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    VdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    VirtualServerCount int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    VirtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    VirtualSwitchVlan string
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    VpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    WadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    WadCsvcCsCount int
    Number of concurrent WAD-cache-service object-cache processes.
    WadCsvcDbCount int
    Number of concurrent WAD-cache-service byte-cache processes.
    WadMemoryChangeGranularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    WadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    WadRestartMode string
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    WadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    WadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    WadWorkerCount int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    WifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    WifiCertificate string
    Certificate to use for WiFi authentication.
    Wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    WirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    WirelessControllerPort int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    AdminConcurrent string
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    AdminConsoleTimeout int
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    AdminForticloudSsoDefaultProfile string
    Override access profile.
    AdminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    AdminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    AdminHstsMaxAge int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    AdminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    AdminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    AdminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    AdminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    AdminHttpsSslVersions string
    Allowed TLS versions for web administration.
    AdminLockoutDuration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    AdminLockoutThreshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    AdminLoginMax int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    AdminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    AdminPort int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    AdminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    AdminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    AdminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    AdminSport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    AdminSshGraceTime int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    AdminSshPassword string
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    AdminSshPort int
    Administrative access port for SSH. (1 - 65535, default = 22).
    AdminSshV1 string
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    AdminTelnet string
    Enable/disable TELNET service. Valid values: enable, disable.
    AdminTelnetPort int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    Admintimeout int
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    Alias string
    Alias for your FortiGate unit.
    AllowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    AntiReplay string
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    ArpMaxEntry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    Asymroute string
    Enable/disable asymmetric route. Valid values: enable, disable.
    AuthCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    AuthHttpPort int
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    AuthHttpsPort int
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    AuthIkeSamlPort int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    AuthKeepalive string
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    AuthSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    AutoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    AutorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    AvAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    AvFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    AvFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    BatchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    BfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    BlockSessionTimer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    BrFdbMaxEntry int
    Maximum number of bridge forwarding database (FDB) entries.
    CertChainMax int
    Maximum number of certificates that can be traversed in a certificate chain.
    CfgRevertTimeout int
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    CfgSave string
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    CheckProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    CheckResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    CliAuditLog string
    Enable/disable CLI audit log. Valid values: enable, disable.
    CloudCommunication string
    Enable/disable all cloud communication. Valid values: enable, disable.
    CltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    CmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    ComplianceCheck string
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    ComplianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    CpuUseThreshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    CsrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    DailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    DefaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    DeviceIdentificationActiveScanDelay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    DeviceIdleTimeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    DhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    DhcpLeaseBackupInterval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    DnsproxyWorkerCount int
    DNS proxy worker count.
    Dst string
    Enable/disable daylight saving time. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EarlyTcpNpuSession string
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    EditVdomPrompt string
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    EndpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    EndpointControlPortalPort int
    Endpoint control portal port (1 - 65535).
    ExtenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    Failtime int
    Fail-time for server lost.
    FazDiskBufferSize int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    FdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    FdsStatisticsPeriod int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    FecPort int
    Local UDP port for Forward Error Correction (49152 - 65535).
    FgdAlertSubscription string
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    ForticonverterConfigUpload string
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    ForticonverterIntegration string
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    Fortiextender string
    Enable/disable FortiExtender. Valid values: enable, disable.
    FortiextenderDataPort int
    FortiExtender data port (1024 - 49150, default = 25246).
    FortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    FortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    FortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    FortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    FortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    FortiservicePort int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    FortitokenCloud string
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    FortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    FortitokenCloudSyncInterval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    GuiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    GuiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    GuiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    GuiCdnDomainOverride string
    Domain of CDN server.
    GuiCdnUsage string
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    GuiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    GuiCustomLanguage string
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    GuiDateFormat string
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    GuiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    GuiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    GuiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    GuiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    GuiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    GuiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    GuiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    GuiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    GuiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    GuiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    GuiIpv6 string
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    GuiLinesPerPage int
    Number of lines to display per page for web administration.
    GuiLocalOut string
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRestApiCache string
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    GuiTheme string
    Color scheme for the administration GUI.
    GuiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    GuiWorkflowManagement string
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    HaAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    HonorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    Hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    IgmpStateLimit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    IkeEmbryonicLimit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    InterfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    InternetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    InternetServiceDownloadLists []GlobalInternetServiceDownloadListArgs
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    Interval int
    Dead gateway detection interval.
    IpFragmentMemThresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    IpSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    IpsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    IpsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    IpsecHaSeqjumpRate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    IpsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    IpsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    IpsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    IpsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    Ipv6AcceptDad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    Ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    Ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    Ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    IrqTimeAccounting string
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    Language string
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    Ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    LogSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    LogSslConnection string
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    LogUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    LogUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    LoginTimestamp string
    Enable/disable login time recording. Valid values: enable, disable.
    LongVdomName string
    Enable/disable long VDOM name support. Valid values: enable, disable.
    ManagementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    ManagementPort int
    Overriding port for management connection (Overrides admin port).
    ManagementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    ManagementVdom string
    Management virtual domain name.
    MaxDlpstatMemory int
    Maximum DLP stat memory (0 - 4294967295).
    MaxRouteCacheSize int
    Maximum number of IP route cache entries (0 - 2147483647).
    McTtlNotchange string
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    MemoryUseThresholdExtreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    MemoryUseThresholdGreen int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    MemoryUseThresholdRed int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    MiglogAffinity string
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    MiglogdChildren int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    MultiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    NdpMaxEntry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    NpuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    PerUserBal string
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    PerUserBwl string
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    PmtuDiscovery string
    Enable/disable path MTU discovery. Valid values: enable, disable.
    PolicyAuthConcurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    PostLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    PreLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    PrivateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    ProxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    ProxyAuthLifetimeTimeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    ProxyAuthTimeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    ProxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    ProxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    ProxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    ProxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    ProxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    ProxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    ProxyReAuthenticationTime int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    ProxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    ProxyWorkerCount int
    Proxy worker count.
    PurdueLevel string
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    QuicAckThresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    QuicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    QuicMaxDatagramSize int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    QuicPmtud string
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    QuicTlsHandshakeTimeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    QuicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    RebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    Refresh int
    Statistics refresh interval second(s) in GUI.
    Remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    ResetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    RestartTime string
    Daily restart time (hh:mm).
    RevisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    RevisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    ScanunitCount int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    SecurityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    SecurityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    SendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    SflowdMaxChildrenNum int
    Maximum number of sflowd child processes allowed to run.
    SnatRouteChange string
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    SpecialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    SpeedtestServer string
    Enable/disable speed test server. Valid values: enable, disable.
    SpeedtestdCtrlPort int
    Speedtest server controller port number.
    SpeedtestdServerPort int
    Speedtest server port number.
    SplitPort string
    Split port(s) to multiple 10Gbps ports.
    SsdTrimDate int
    Date within a month to run ssd trim.
    SsdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    SsdTrimHour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    SsdTrimMin int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    SsdTrimWeekday string
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    SshCbcCipher string
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    SshEncAlgo string
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    SshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    SshHostkey string
    Config SSH host key.
    SshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    SshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    SshHostkeyPassword string
    Password for ssh-hostkey.
    SshKexAlgo string
    Select one or more SSH kex algorithms.
    SshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    SshMacAlgo string
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    SshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    SslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    SslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    SslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    SslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    SslvpnMaxWorkerCount int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    SslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    SslvpnWebMode string
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    StrictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    StrongCrypto string
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    SwitchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    SwitchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    SysPerfLogInterval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    SyslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    TcpHalfcloseTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    TcpHalfopenTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    TcpOption string
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    TcpRstTimer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    TcpTimewaitTimer int
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    Tftp string
    Enable/disable TFTP. Valid values: enable, disable.
    Timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    TpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    TrafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    TrafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    TwoFactorEmailExpiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    TwoFactorFacExpiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    TwoFactorFtkExpiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    TwoFactorFtmExpiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    TwoFactorSmsExpiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    UdpIdleTimer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    UrlFilterAffinity string
    URL filter CPU affinity.
    UrlFilterCount int
    URL filter daemon count.
    UserDeviceStoreMaxDevices int
    Maximum number of devices allowed in user device store.
    UserDeviceStoreMaxUnifiedMem int
    Maximum unified memory allowed in user device store.
    UserDeviceStoreMaxUsers int
    Maximum number of users allowed in user device store.
    UserServerCert string
    Certificate to use for https user authentication.
    VdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    VdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    VirtualServerCount int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    VirtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    VirtualSwitchVlan string
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    VpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    WadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    WadCsvcCsCount int
    Number of concurrent WAD-cache-service object-cache processes.
    WadCsvcDbCount int
    Number of concurrent WAD-cache-service byte-cache processes.
    WadMemoryChangeGranularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    WadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    WadRestartMode string
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    WadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    WadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    WadWorkerCount int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    WifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    WifiCertificate string
    Certificate to use for WiFi authentication.
    Wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    WirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    WirelessControllerPort int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    adminConcurrent String
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    adminConsoleTimeout Integer
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    adminForticloudSsoDefaultProfile String
    Override access profile.
    adminForticloudSsoLogin String
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    adminHost String
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge Integer
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired String
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    adminHttpsRedirect String
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    adminHttpsSslBannedCiphers String
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    adminHttpsSslCiphersuites String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    adminHttpsSslVersions String
    Allowed TLS versions for web administration.
    adminLockoutDuration Integer
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold Integer
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax Integer
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer String
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    adminPort Integer
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal String
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    adminScp String
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    adminServerCert String
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport Integer
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime Integer
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword String
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    adminSshPort Integer
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 String
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    adminTelnet String
    Enable/disable TELNET service. Valid values: enable, disable.
    adminTelnetPort Integer
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout Integer
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias String
    Alias for your FortiGate unit.
    allowTrafficRedirect String
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    antiReplay String
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arpMaxEntry Integer
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute String
    Enable/disable asymmetric route. Valid values: enable, disable.
    authCert String
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort Integer
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    authHttpsPort Integer
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    authIkeSamlPort Integer
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive String
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    authSessionLimit String
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    autoAuthExtensionDevice String
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorunLogFsck String
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    avAffinity String
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen String
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    avFailopenSession String
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batchCmdb String
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfdAffinity String
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer Integer
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry Integer
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax Integer
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout Integer
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfgSave String
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    checkProtocolHeader String
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    checkResetRange String
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cliAuditLog String
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloudCommunication String
    Enable/disable all cloud communication. Valid values: enable, disable.
    cltCertReq String
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvrAffinity String
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck String
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    complianceCheckTime String
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold Integer
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute String
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    dailyRestart String
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    defaultServiceSourcePort String
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay Integer
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout Integer
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams String
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcpLeaseBackupInterval Integer
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount Integer
    DNS proxy worker count.
    dst String
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    earlyTcpNpuSession String
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    editVdomPrompt String
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpointControlFdsAccess String
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpointControlPortalPort Integer
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork String
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime Integer
    Fail-time for server lost.
    fazDiskBufferSize Integer
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics String
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fdsStatisticsPeriod Integer
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort Integer
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription String
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverterConfigUpload String
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverterIntegration String
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender String
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextenderDataPort Integer
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown String
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextenderProvisionOnAuthorization String
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextenderVlanMode String
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslbIntegration String
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipamIntegration String
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservicePort Integer
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud String
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitokenCloudPushStatus String
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitokenCloudSyncInterval Integer
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAllowDefaultHostname String
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    guiAllowIncompatibleFabricFgt String
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    guiAppDetectionSdwan String
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    guiAutoUpgradeSetupWarning String
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    guiCdnDomainOverride String
    Domain of CDN server.
    guiCdnUsage String
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    guiCertificates String
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    guiCustomLanguage String
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    guiDateFormat String
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    guiDateTimeSource String
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    guiDeviceLatitude String
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude String
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname String
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    guiFirmwareUpgradeSetupWarning String
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    guiFirmwareUpgradeWarning String
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    guiForticareRegistrationSetupWarning String
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    guiFortigateCloudSandbox String
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    guiFortiguardResourceFetch String
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    guiFortisandboxCloud String
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    guiIpv6 String
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    guiLinesPerPage Integer
    Number of lines to display per page for web administration.
    guiLocalOut String
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRestApiCache String
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    guiTheme String
    Color scheme for the administration GUI.
    guiWirelessOpensecurity String
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    guiWorkflowManagement String
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    haAffinity String
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf String
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname String
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmpStateLimit Integer
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit Integer
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage String
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internetServiceDatabase String
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists List<GlobalInternetServiceDownloadList>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval Integer
    Dead gateway detection interval.
    ipFragmentMemThresholds Integer
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange String
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity String
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload String
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsecHaSeqjumpRate Integer
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload String
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsecQatOffload String
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsecRoundRobin String
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsecSoftDecAsync String
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6AcceptDad Integer
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe String
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6AllowLocalInSilentDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowLocalInSlientDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowMulticastProbe String
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6AllowTrafficRedirect String
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irqTimeAccounting String
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language String
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout Integer
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    logSingleCpuHigh String
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    logSslConnection String
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    logUuidAddress String
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    logUuidPolicy String
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    loginTimestamp String
    Enable/disable login time recording. Valid values: enable, disable.
    longVdomName String
    Enable/disable long VDOM name support. Valid values: enable, disable.
    managementIp String
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort Integer
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport String
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    managementVdom String
    Management virtual domain name.
    maxDlpstatMemory Integer
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize Integer
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange String
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memoryUseThresholdExtreme Integer
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen Integer
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed Integer
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity String
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogdChildren Integer
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multiFactorAuthentication String
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndpMaxEntry Integer
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate String
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    perUserBal String
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    perUserBwl String
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtuDiscovery String
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policyAuthConcurrent Integer
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner String
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    preLoginBanner String
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    privateDataEncryption String
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxyAuthLifetime String
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxyAuthLifetimeTimeout Integer
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout Integer
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxyCipherHardwareAcceleration String
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxyHardwareAcceleration String
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxyKeepAliveMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxyKxpHardwareAcceleration String
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxyReAuthenticationMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxyReAuthenticationTime Integer
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode String
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxyWorkerCount Integer
    Proxy worker count.
    purdueLevel String
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quicAckThresold Integer
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo String
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quicMaxDatagramSize Integer
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud String
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quicTlsHandshakeTimeout Integer
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid String
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radiusPort Integer
    RADIUS service port number.
    rebootUponConfigRestore String
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh Integer
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout Integer
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    resetSessionlessTcp String
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restartTime String
    Daily restart time (hh:mm).
    revisionBackupOnLogout String
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revisionImageAutoBackup String
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunitCount Integer
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission String
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    securityRatingRunOnSchedule String
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    sendPmtuIcmp String
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowdMaxChildrenNum Integer
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange String
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    specialFile23Support String
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtestServer String
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestdCtrlPort Integer
    Speedtest server controller port number.
    speedtestdServerPort Integer
    Speedtest server port number.
    splitPort String
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate Integer
    Date within a month to run ssd trim.
    ssdTrimFreq String
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssdTrimHour Integer
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin Integer
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday String
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    sshCbcCipher String
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    sshEncAlgo String
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    sshHmacMd5 String
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    sshHostkey String
    Config SSH host key.
    sshHostkeyAlgo String
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride String
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    sshHostkeyPassword String
    Password for ssh-hostkey.
    sshKexAlgo String
    Select one or more SSH kex algorithms.
    sshKexSha1 String
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    sshMacAlgo String
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    sshMacWeak String
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers String
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpnCipherHardwareAcceleration String
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpnKxpHardwareAcceleration String
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpnMaxWorkerCount Integer
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck String
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpnWebMode String
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strictDirtySessionCheck String
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strongCrypto String
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switchController String
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switchControllerReservedNetwork String
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval Integer
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity String
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer Integer
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer Integer
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption String
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcpRstTimer Integer
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer Integer
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp String
    Enable/disable TFTP. Valid values: enable, disable.
    timezone String
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy String
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    trafficPriority String
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    trafficPriorityLevel String
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    twoFactorEmailExpiry Integer
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry Integer
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry Integer
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry Integer
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry Integer
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer Integer
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity String
    URL filter CPU affinity.
    urlFilterCount Integer
    URL filter daemon count.
    userDeviceStoreMaxDevices Integer
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem Integer
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers Integer
    Maximum number of users allowed in user device store.
    userServerCert String
    Certificate to use for https user authentication.
    vdomAdmin String
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdomMode String
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vipArpRange String
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtualServerCount Integer
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration String
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtualSwitchVlan String
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wadAffinity String
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount Integer
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount Integer
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity Integer
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime String
    WAD workers daily restart end time (hh:mm).
    wadRestartMode String
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wadRestartStartTime String
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity String
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wadWorkerCount Integer
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate String
    CA certificate that verifies the WiFi certificate.
    wifiCertificate String
    Certificate to use for WiFi authentication.
    wimax4gUsb String
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wirelessController String
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wirelessControllerPort Integer
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    adminConcurrent string
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    adminConsoleTimeout number
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    adminForticloudSsoDefaultProfile string
    Override access profile.
    adminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    adminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge number
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    adminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    adminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    adminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    adminHttpsSslVersions string
    Allowed TLS versions for web administration.
    adminLockoutDuration number
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold number
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax number
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    adminPort number
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    adminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    adminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport number
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime number
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword string
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    adminSshPort number
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 string
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    adminTelnet string
    Enable/disable TELNET service. Valid values: enable, disable.
    adminTelnetPort number
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout number
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias string
    Alias for your FortiGate unit.
    allowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    antiReplay string
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arpMaxEntry number
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute string
    Enable/disable asymmetric route. Valid values: enable, disable.
    authCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort number
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    authHttpsPort number
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    authIkeSamlPort number
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive string
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    authSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    autoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    avAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    avFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer number
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry number
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax number
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout number
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfgSave string
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    checkProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    checkResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cliAuditLog string
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloudCommunication string
    Enable/disable all cloud communication. Valid values: enable, disable.
    cltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck string
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    complianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold number
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    dailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    defaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay number
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout number
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcpLeaseBackupInterval number
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount number
    DNS proxy worker count.
    dst string
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    earlyTcpNpuSession string
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    editVdomPrompt string
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpointControlPortalPort number
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime number
    Fail-time for server lost.
    fazDiskBufferSize number
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fdsStatisticsPeriod number
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort number
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription string
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverterConfigUpload string
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverterIntegration string
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender string
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextenderDataPort number
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservicePort number
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud string
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitokenCloudSyncInterval number
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    guiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    guiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    guiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    guiCdnDomainOverride string
    Domain of CDN server.
    guiCdnUsage string
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    guiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    guiCustomLanguage string
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    guiDateFormat string
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    guiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    guiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    guiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    guiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    guiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    guiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    guiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    guiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    guiIpv6 string
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    guiLinesPerPage number
    Number of lines to display per page for web administration.
    guiLocalOut string
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRestApiCache string
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    guiTheme string
    Color scheme for the administration GUI.
    guiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    guiWorkflowManagement string
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    haAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmpStateLimit number
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit number
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists GlobalInternetServiceDownloadList[]
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval number
    Dead gateway detection interval.
    ipFragmentMemThresholds number
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsecHaSeqjumpRate number
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6AcceptDad number
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irqTimeAccounting string
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language string
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout number
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    logSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    logSslConnection string
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    logUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    logUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    loginTimestamp string
    Enable/disable login time recording. Valid values: enable, disable.
    longVdomName string
    Enable/disable long VDOM name support. Valid values: enable, disable.
    managementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort number
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    managementVdom string
    Management virtual domain name.
    maxDlpstatMemory number
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize number
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange string
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memoryUseThresholdExtreme number
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen number
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed number
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity string
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogdChildren number
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndpMaxEntry number
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    perUserBal string
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    perUserBwl string
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtuDiscovery string
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policyAuthConcurrent number
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    preLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    privateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxyAuthLifetimeTimeout number
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout number
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxyReAuthenticationTime number
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxyWorkerCount number
    Proxy worker count.
    purdueLevel string
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quicAckThresold number
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quicMaxDatagramSize number
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud string
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quicTlsHandshakeTimeout number
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radiusPort number
    RADIUS service port number.
    rebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh number
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout number
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    resetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restartTime string
    Daily restart time (hh:mm).
    revisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunitCount number
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    securityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    sendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowdMaxChildrenNum number
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange string
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    specialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtestServer string
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestdCtrlPort number
    Speedtest server controller port number.
    speedtestdServerPort number
    Speedtest server port number.
    splitPort string
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate number
    Date within a month to run ssd trim.
    ssdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssdTrimHour number
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin number
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday string
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    sshCbcCipher string
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    sshEncAlgo string
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    sshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    sshHostkey string
    Config SSH host key.
    sshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    sshHostkeyPassword string
    Password for ssh-hostkey.
    sshKexAlgo string
    Select one or more SSH kex algorithms.
    sshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    sshMacAlgo string
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    sshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    sslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpnMaxWorkerCount number
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpnWebMode string
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strongCrypto string
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval number
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption string
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcpRstTimer number
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer number
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp string
    Enable/disable TFTP. Valid values: enable, disable.
    timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    trafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    trafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    twoFactorEmailExpiry number
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry number
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry number
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry number
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry number
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer number
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity string
    URL filter CPU affinity.
    urlFilterCount number
    URL filter daemon count.
    userDeviceStoreMaxDevices number
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem number
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers number
    Maximum number of users allowed in user device store.
    userServerCert string
    Certificate to use for https user authentication.
    vdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtualServerCount number
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtualSwitchVlan string
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount number
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount number
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity number
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    wadRestartMode string
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wadWorkerCount number
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    wifiCertificate string
    Certificate to use for WiFi authentication.
    wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wirelessControllerPort number
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    admin_concurrent str
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    admin_console_timeout int
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    admin_forticloud_sso_default_profile str
    Override access profile.
    admin_forticloud_sso_login str
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    admin_host str
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    admin_hsts_max_age int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    admin_https_pki_required str
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    admin_https_redirect str
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    admin_https_ssl_banned_ciphers str
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    admin_https_ssl_ciphersuites str
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    admin_https_ssl_versions str
    Allowed TLS versions for web administration.
    admin_lockout_duration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    admin_lockout_threshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    admin_login_max int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    admin_maintainer str
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    admin_port int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    admin_restrict_local str
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    admin_scp str
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    admin_server_cert str
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    admin_sport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    admin_ssh_grace_time int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    admin_ssh_password str
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    admin_ssh_port int
    Administrative access port for SSH. (1 - 65535, default = 22).
    admin_ssh_v1 str
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    admin_telnet str
    Enable/disable TELNET service. Valid values: enable, disable.
    admin_telnet_port int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout int
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias str
    Alias for your FortiGate unit.
    allow_traffic_redirect str
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    anti_replay str
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arp_max_entry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute str
    Enable/disable asymmetric route. Valid values: enable, disable.
    auth_cert str
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    auth_http_port int
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    auth_https_port int
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    auth_ike_saml_port int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    auth_keepalive str
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    auth_session_limit str
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    auto_auth_extension_device str
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorun_log_fsck str
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    av_affinity str
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    av_failopen str
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    av_failopen_session str
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batch_cmdb str
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfd_affinity str
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    block_session_timer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    br_fdb_max_entry int
    Maximum number of bridge forwarding database (FDB) entries.
    cert_chain_max int
    Maximum number of certificates that can be traversed in a certificate chain.
    cfg_revert_timeout int
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfg_save str
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    check_protocol_header str
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    check_reset_range str
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cli_audit_log str
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloud_communication str
    Enable/disable all cloud communication. Valid values: enable, disable.
    clt_cert_req str
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvr_affinity str
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    compliance_check str
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    compliance_check_time str
    Time of day to run scheduled PCI DSS compliance checks.
    cpu_use_threshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csr_ca_attribute str
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    daily_restart str
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    default_service_source_port str
    Default service source port range. (default=1-65535)
    device_identification_active_scan_delay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    device_idle_timeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dh_params str
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcp_lease_backup_interval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxy_worker_count int
    DNS proxy worker count.
    dst str
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    early_tcp_npu_session str
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    edit_vdom_prompt str
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpoint_control_fds_access str
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpoint_control_portal_port int
    Endpoint control portal port (1 - 65535).
    extender_controller_reserved_network str
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime int
    Fail-time for server lost.
    faz_disk_buffer_size int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fds_statistics str
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fds_statistics_period int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fec_port int
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgd_alert_subscription str
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverter_config_upload str
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverter_integration str
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender str
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextender_data_port int
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextender_discovery_lockdown str
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextender_provision_on_authorization str
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextender_vlan_mode str
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslb_integration str
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipam_integration str
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservice_port int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitoken_cloud str
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitoken_cloud_push_status str
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitoken_cloud_sync_interval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gui_allow_default_hostname str
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    gui_allow_incompatible_fabric_fgt str
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    gui_app_detection_sdwan str
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    gui_auto_upgrade_setup_warning str
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    gui_cdn_domain_override str
    Domain of CDN server.
    gui_cdn_usage str
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    gui_certificates str
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    gui_custom_language str
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    gui_date_format str
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    gui_date_time_source str
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    gui_device_latitude str
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    gui_device_longitude str
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    gui_display_hostname str
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    gui_firmware_upgrade_setup_warning str
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    gui_firmware_upgrade_warning str
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    gui_forticare_registration_setup_warning str
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    gui_fortigate_cloud_sandbox str
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    gui_fortiguard_resource_fetch str
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    gui_fortisandbox_cloud str
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    gui_ipv6 str
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    gui_lines_per_page int
    Number of lines to display per page for web administration.
    gui_local_out str
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    gui_replacement_message_groups str
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    gui_rest_api_cache str
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    gui_theme str
    Color scheme for the administration GUI.
    gui_wireless_opensecurity str
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    gui_workflow_management str
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    ha_affinity str
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honor_df str
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname str
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmp_state_limit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ike_embryonic_limit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interface_subnet_usage str
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internet_service_database str
    Configure which Internet Service database size to download from FortiGuard and use.
    internet_service_download_lists Sequence[GlobalInternetServiceDownloadListArgs]
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval int
    Dead gateway detection interval.
    ip_fragment_mem_thresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ip_src_port_range str
    IP source port range used for traffic originating from the FortiGate unit.
    ips_affinity str
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsec_asic_offload str
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsec_ha_seqjump_rate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsec_hmac_offload str
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsec_qat_offload str
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsec_round_robin str
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsec_soft_dec_async str
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6_accept_dad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6_allow_anycast_probe str
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6_allow_local_in_silent_drop str
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6_allow_local_in_slient_drop str
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6_allow_multicast_probe str
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6_allow_traffic_redirect str
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irq_time_accounting str
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language str
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldp_reception str
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldp_transmission str
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    log_single_cpu_high str
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    log_ssl_connection str
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    log_uuid_address str
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    log_uuid_policy str
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    login_timestamp str
    Enable/disable login time recording. Valid values: enable, disable.
    long_vdom_name str
    Enable/disable long VDOM name support. Valid values: enable, disable.
    management_ip str
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    management_port int
    Overriding port for management connection (Overrides admin port).
    management_port_use_admin_sport str
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    management_vdom str
    Management virtual domain name.
    max_dlpstat_memory int
    Maximum DLP stat memory (0 - 4294967295).
    max_route_cache_size int
    Maximum number of IP route cache entries (0 - 2147483647).
    mc_ttl_notchange str
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memory_use_threshold_extreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memory_use_threshold_green int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memory_use_threshold_red int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglog_affinity str
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogd_children int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multi_factor_authentication str
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicast_forward str
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndp_max_entry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npu_neighbor_update str
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    per_user_bal str
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    per_user_bwl str
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtu_discovery str
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policy_auth_concurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    post_login_banner str
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    pre_login_banner str
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    private_data_encryption str
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxy_auth_lifetime str
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxy_auth_lifetime_timeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxy_auth_timeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxy_cert_use_mgmt_vdom str
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxy_cipher_hardware_acceleration str
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxy_hardware_acceleration str
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxy_keep_alive_mode str
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxy_kxp_hardware_acceleration str
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxy_re_authentication_mode str
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxy_re_authentication_time int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxy_resource_mode str
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxy_worker_count int
    Proxy worker count.
    purdue_level str
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quic_ack_thresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quic_congestion_control_algo str
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quic_max_datagram_size int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quic_pmtud str
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quic_tls_handshake_timeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quic_udp_payload_size_shaping_per_cid str
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radius_port int
    RADIUS service port number.
    reboot_upon_config_restore str
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh int
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    reset_sessionless_tcp str
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restart_time str
    Daily restart time (hh:mm).
    revision_backup_on_logout str
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revision_image_auto_backup str
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunit_count int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    security_rating_result_submission str
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    security_rating_run_on_schedule str
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    send_pmtu_icmp str
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowd_max_children_num int
    Maximum number of sflowd child processes allowed to run.
    snat_route_change str
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    special_file23_support str
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtest_server str
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestd_ctrl_port int
    Speedtest server controller port number.
    speedtestd_server_port int
    Speedtest server port number.
    split_port str
    Split port(s) to multiple 10Gbps ports.
    ssd_trim_date int
    Date within a month to run ssd trim.
    ssd_trim_freq str
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssd_trim_hour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssd_trim_min int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssd_trim_weekday str
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    ssh_cbc_cipher str
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    ssh_enc_algo str
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    ssh_hmac_md5 str
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    ssh_hostkey str
    Config SSH host key.
    ssh_hostkey_algo str
    Select one or more SSH hostkey algorithms.
    ssh_hostkey_override str
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    ssh_hostkey_password str
    Password for ssh-hostkey.
    ssh_kex_algo str
    Select one or more SSH kex algorithms.
    ssh_kex_sha1 str
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    ssh_mac_algo str
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    ssh_mac_weak str
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    ssl_min_proto_version str
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    ssl_static_key_ciphers str
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpn_cipher_hardware_acceleration str
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpn_ems_sn_check str
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpn_kxp_hardware_acceleration str
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpn_max_worker_count int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpn_plugin_version_check str
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpn_web_mode str
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strict_dirty_session_check str
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strong_crypto str
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switch_controller str
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switch_controller_reserved_network str
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sys_perf_log_interval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslog_affinity str
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcp_halfclose_timer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcp_halfopen_timer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcp_option str
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcp_rst_timer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcp_timewait_timer int
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp str
    Enable/disable TFTP. Valid values: enable, disable.
    timezone str
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tp_mc_skip_policy str
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    traffic_priority str
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    traffic_priority_level str
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    two_factor_email_expiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    two_factor_fac_expiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    two_factor_ftk_expiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    two_factor_ftm_expiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    two_factor_sms_expiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udp_idle_timer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    url_filter_affinity str
    URL filter CPU affinity.
    url_filter_count int
    URL filter daemon count.
    user_device_store_max_devices int
    Maximum number of devices allowed in user device store.
    user_device_store_max_unified_mem int
    Maximum unified memory allowed in user device store.
    user_device_store_max_users int
    Maximum number of users allowed in user device store.
    user_server_cert str
    Certificate to use for https user authentication.
    vdom_admin str
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdom_mode str
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vip_arp_range str
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtual_server_count int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtual_server_hardware_acceleration str
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtual_switch_vlan str
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpn_ems_sn_check str
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wad_affinity str
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wad_csvc_cs_count int
    Number of concurrent WAD-cache-service object-cache processes.
    wad_csvc_db_count int
    Number of concurrent WAD-cache-service byte-cache processes.
    wad_memory_change_granularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wad_restart_end_time str
    WAD workers daily restart end time (hh:mm).
    wad_restart_mode str
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wad_restart_start_time str
    WAD workers daily restart time (hh:mm).
    wad_source_affinity str
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wad_worker_count int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifi_ca_certificate str
    CA certificate that verifies the WiFi certificate.
    wifi_certificate str
    Certificate to use for WiFi authentication.
    wimax4g_usb str
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wireless_controller str
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wireless_controller_port int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    adminConcurrent String
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    adminConsoleTimeout Number
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    adminForticloudSsoDefaultProfile String
    Override access profile.
    adminForticloudSsoLogin String
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    adminHost String
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge Number
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired String
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    adminHttpsRedirect String
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    adminHttpsSslBannedCiphers String
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    adminHttpsSslCiphersuites String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    adminHttpsSslVersions String
    Allowed TLS versions for web administration.
    adminLockoutDuration Number
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold Number
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax Number
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer String
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    adminPort Number
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal String
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    adminScp String
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    adminServerCert String
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport Number
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime Number
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword String
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    adminSshPort Number
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 String
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    adminTelnet String
    Enable/disable TELNET service. Valid values: enable, disable.
    adminTelnetPort Number
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout Number
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias String
    Alias for your FortiGate unit.
    allowTrafficRedirect String
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    antiReplay String
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arpMaxEntry Number
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute String
    Enable/disable asymmetric route. Valid values: enable, disable.
    authCert String
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort Number
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    authHttpsPort Number
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    authIkeSamlPort Number
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive String
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    authSessionLimit String
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    autoAuthExtensionDevice String
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorunLogFsck String
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    avAffinity String
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen String
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    avFailopenSession String
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batchCmdb String
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfdAffinity String
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer Number
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry Number
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax Number
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout Number
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfgSave String
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    checkProtocolHeader String
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    checkResetRange String
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cliAuditLog String
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloudCommunication String
    Enable/disable all cloud communication. Valid values: enable, disable.
    cltCertReq String
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvrAffinity String
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck String
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    complianceCheckTime String
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold Number
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute String
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    dailyRestart String
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    defaultServiceSourcePort String
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay Number
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout Number
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams String
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcpLeaseBackupInterval Number
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount Number
    DNS proxy worker count.
    dst String
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    earlyTcpNpuSession String
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    editVdomPrompt String
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpointControlFdsAccess String
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpointControlPortalPort Number
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork String
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime Number
    Fail-time for server lost.
    fazDiskBufferSize Number
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics String
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fdsStatisticsPeriod Number
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort Number
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription String
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverterConfigUpload String
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverterIntegration String
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender String
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextenderDataPort Number
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown String
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextenderProvisionOnAuthorization String
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextenderVlanMode String
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslbIntegration String
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipamIntegration String
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservicePort Number
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud String
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitokenCloudPushStatus String
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitokenCloudSyncInterval Number
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAllowDefaultHostname String
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    guiAllowIncompatibleFabricFgt String
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    guiAppDetectionSdwan String
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    guiAutoUpgradeSetupWarning String
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    guiCdnDomainOverride String
    Domain of CDN server.
    guiCdnUsage String
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    guiCertificates String
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    guiCustomLanguage String
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    guiDateFormat String
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    guiDateTimeSource String
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    guiDeviceLatitude String
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude String
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname String
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    guiFirmwareUpgradeSetupWarning String
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    guiFirmwareUpgradeWarning String
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    guiForticareRegistrationSetupWarning String
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    guiFortigateCloudSandbox String
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    guiFortiguardResourceFetch String
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    guiFortisandboxCloud String
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    guiIpv6 String
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    guiLinesPerPage Number
    Number of lines to display per page for web administration.
    guiLocalOut String
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRestApiCache String
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    guiTheme String
    Color scheme for the administration GUI.
    guiWirelessOpensecurity String
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    guiWorkflowManagement String
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    haAffinity String
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf String
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname String
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmpStateLimit Number
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit Number
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage String
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internetServiceDatabase String
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists List<Property Map>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval Number
    Dead gateway detection interval.
    ipFragmentMemThresholds Number
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange String
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity String
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload String
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsecHaSeqjumpRate Number
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload String
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsecQatOffload String
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsecRoundRobin String
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsecSoftDecAsync String
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6AcceptDad Number
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe String
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6AllowLocalInSilentDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowLocalInSlientDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowMulticastProbe String
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6AllowTrafficRedirect String
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irqTimeAccounting String
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language String
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout Number
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    logSingleCpuHigh String
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    logSslConnection String
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    logUuidAddress String
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    logUuidPolicy String
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    loginTimestamp String
    Enable/disable login time recording. Valid values: enable, disable.
    longVdomName String
    Enable/disable long VDOM name support. Valid values: enable, disable.
    managementIp String
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort Number
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport String
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    managementVdom String
    Management virtual domain name.
    maxDlpstatMemory Number
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize Number
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange String
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memoryUseThresholdExtreme Number
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen Number
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed Number
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity String
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogdChildren Number
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multiFactorAuthentication String
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndpMaxEntry Number
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate String
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    perUserBal String
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    perUserBwl String
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtuDiscovery String
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policyAuthConcurrent Number
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner String
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    preLoginBanner String
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    privateDataEncryption String
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxyAuthLifetime String
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxyAuthLifetimeTimeout Number
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout Number
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxyCipherHardwareAcceleration String
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxyHardwareAcceleration String
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxyKeepAliveMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxyKxpHardwareAcceleration String
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxyReAuthenticationMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxyReAuthenticationTime Number
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode String
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxyWorkerCount Number
    Proxy worker count.
    purdueLevel String
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quicAckThresold Number
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo String
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quicMaxDatagramSize Number
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud String
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quicTlsHandshakeTimeout Number
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid String
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radiusPort Number
    RADIUS service port number.
    rebootUponConfigRestore String
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh Number
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout Number
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    resetSessionlessTcp String
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restartTime String
    Daily restart time (hh:mm).
    revisionBackupOnLogout String
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revisionImageAutoBackup String
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunitCount Number
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission String
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    securityRatingRunOnSchedule String
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    sendPmtuIcmp String
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowdMaxChildrenNum Number
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange String
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    specialFile23Support String
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtestServer String
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestdCtrlPort Number
    Speedtest server controller port number.
    speedtestdServerPort Number
    Speedtest server port number.
    splitPort String
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate Number
    Date within a month to run ssd trim.
    ssdTrimFreq String
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssdTrimHour Number
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin Number
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday String
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    sshCbcCipher String
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    sshEncAlgo String
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    sshHmacMd5 String
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    sshHostkey String
    Config SSH host key.
    sshHostkeyAlgo String
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride String
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    sshHostkeyPassword String
    Password for ssh-hostkey.
    sshKexAlgo String
    Select one or more SSH kex algorithms.
    sshKexSha1 String
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    sshMacAlgo String
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    sshMacWeak String
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers String
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpnCipherHardwareAcceleration String
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpnKxpHardwareAcceleration String
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpnMaxWorkerCount Number
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck String
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpnWebMode String
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strictDirtySessionCheck String
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strongCrypto String
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switchController String
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switchControllerReservedNetwork String
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval Number
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity String
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer Number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer Number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption String
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcpRstTimer Number
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer Number
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp String
    Enable/disable TFTP. Valid values: enable, disable.
    timezone String
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy String
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    trafficPriority String
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    trafficPriorityLevel String
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    twoFactorEmailExpiry Number
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry Number
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry Number
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry Number
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry Number
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer Number
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity String
    URL filter CPU affinity.
    urlFilterCount Number
    URL filter daemon count.
    userDeviceStoreMaxDevices Number
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem Number
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers Number
    Maximum number of users allowed in user device store.
    userServerCert String
    Certificate to use for https user authentication.
    vdomAdmin String
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdomMode String
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vipArpRange String
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtualServerCount Number
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration String
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtualSwitchVlan String
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wadAffinity String
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount Number
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount Number
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity Number
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime String
    WAD workers daily restart end time (hh:mm).
    wadRestartMode String
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wadRestartStartTime String
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity String
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wadWorkerCount Number
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate String
    CA certificate that verifies the WiFi certificate.
    wifiCertificate String
    Certificate to use for WiFi authentication.
    wimax4gUsb String
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wirelessController String
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wirelessControllerPort Number
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Global resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Global Resource

    Get an existing Global resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: GlobalState, opts?: CustomResourceOptions): Global
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            admin_concurrent: Optional[str] = None,
            admin_console_timeout: Optional[int] = None,
            admin_forticloud_sso_default_profile: Optional[str] = None,
            admin_forticloud_sso_login: Optional[str] = None,
            admin_host: Optional[str] = None,
            admin_hsts_max_age: Optional[int] = None,
            admin_https_pki_required: Optional[str] = None,
            admin_https_redirect: Optional[str] = None,
            admin_https_ssl_banned_ciphers: Optional[str] = None,
            admin_https_ssl_ciphersuites: Optional[str] = None,
            admin_https_ssl_versions: Optional[str] = None,
            admin_lockout_duration: Optional[int] = None,
            admin_lockout_threshold: Optional[int] = None,
            admin_login_max: Optional[int] = None,
            admin_maintainer: Optional[str] = None,
            admin_port: Optional[int] = None,
            admin_restrict_local: Optional[str] = None,
            admin_scp: Optional[str] = None,
            admin_server_cert: Optional[str] = None,
            admin_sport: Optional[int] = None,
            admin_ssh_grace_time: Optional[int] = None,
            admin_ssh_password: Optional[str] = None,
            admin_ssh_port: Optional[int] = None,
            admin_ssh_v1: Optional[str] = None,
            admin_telnet: Optional[str] = None,
            admin_telnet_port: Optional[int] = None,
            admintimeout: Optional[int] = None,
            alias: Optional[str] = None,
            allow_traffic_redirect: Optional[str] = None,
            anti_replay: Optional[str] = None,
            arp_max_entry: Optional[int] = None,
            asymroute: Optional[str] = None,
            auth_cert: Optional[str] = None,
            auth_http_port: Optional[int] = None,
            auth_https_port: Optional[int] = None,
            auth_ike_saml_port: Optional[int] = None,
            auth_keepalive: Optional[str] = None,
            auth_session_limit: Optional[str] = None,
            auto_auth_extension_device: Optional[str] = None,
            autorun_log_fsck: Optional[str] = None,
            av_affinity: Optional[str] = None,
            av_failopen: Optional[str] = None,
            av_failopen_session: Optional[str] = None,
            batch_cmdb: Optional[str] = None,
            bfd_affinity: Optional[str] = None,
            block_session_timer: Optional[int] = None,
            br_fdb_max_entry: Optional[int] = None,
            cert_chain_max: Optional[int] = None,
            cfg_revert_timeout: Optional[int] = None,
            cfg_save: Optional[str] = None,
            check_protocol_header: Optional[str] = None,
            check_reset_range: Optional[str] = None,
            cli_audit_log: Optional[str] = None,
            cloud_communication: Optional[str] = None,
            clt_cert_req: Optional[str] = None,
            cmdbsvr_affinity: Optional[str] = None,
            compliance_check: Optional[str] = None,
            compliance_check_time: Optional[str] = None,
            cpu_use_threshold: Optional[int] = None,
            csr_ca_attribute: Optional[str] = None,
            daily_restart: Optional[str] = None,
            default_service_source_port: Optional[str] = None,
            device_identification_active_scan_delay: Optional[int] = None,
            device_idle_timeout: Optional[int] = None,
            dh_params: Optional[str] = None,
            dhcp_lease_backup_interval: Optional[int] = None,
            dnsproxy_worker_count: Optional[int] = None,
            dst: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            early_tcp_npu_session: Optional[str] = None,
            edit_vdom_prompt: Optional[str] = None,
            endpoint_control_fds_access: Optional[str] = None,
            endpoint_control_portal_port: Optional[int] = None,
            extender_controller_reserved_network: Optional[str] = None,
            failtime: Optional[int] = None,
            faz_disk_buffer_size: Optional[int] = None,
            fds_statistics: Optional[str] = None,
            fds_statistics_period: Optional[int] = None,
            fec_port: Optional[int] = None,
            fgd_alert_subscription: Optional[str] = None,
            forticonverter_config_upload: Optional[str] = None,
            forticonverter_integration: Optional[str] = None,
            fortiextender: Optional[str] = None,
            fortiextender_data_port: Optional[int] = None,
            fortiextender_discovery_lockdown: Optional[str] = None,
            fortiextender_provision_on_authorization: Optional[str] = None,
            fortiextender_vlan_mode: Optional[str] = None,
            fortigslb_integration: Optional[str] = None,
            fortiipam_integration: Optional[str] = None,
            fortiservice_port: Optional[int] = None,
            fortitoken_cloud: Optional[str] = None,
            fortitoken_cloud_push_status: Optional[str] = None,
            fortitoken_cloud_sync_interval: Optional[int] = None,
            get_all_tables: Optional[str] = None,
            gui_allow_default_hostname: Optional[str] = None,
            gui_allow_incompatible_fabric_fgt: Optional[str] = None,
            gui_app_detection_sdwan: Optional[str] = None,
            gui_auto_upgrade_setup_warning: Optional[str] = None,
            gui_cdn_domain_override: Optional[str] = None,
            gui_cdn_usage: Optional[str] = None,
            gui_certificates: Optional[str] = None,
            gui_custom_language: Optional[str] = None,
            gui_date_format: Optional[str] = None,
            gui_date_time_source: Optional[str] = None,
            gui_device_latitude: Optional[str] = None,
            gui_device_longitude: Optional[str] = None,
            gui_display_hostname: Optional[str] = None,
            gui_firmware_upgrade_setup_warning: Optional[str] = None,
            gui_firmware_upgrade_warning: Optional[str] = None,
            gui_forticare_registration_setup_warning: Optional[str] = None,
            gui_fortigate_cloud_sandbox: Optional[str] = None,
            gui_fortiguard_resource_fetch: Optional[str] = None,
            gui_fortisandbox_cloud: Optional[str] = None,
            gui_ipv6: Optional[str] = None,
            gui_lines_per_page: Optional[int] = None,
            gui_local_out: Optional[str] = None,
            gui_replacement_message_groups: Optional[str] = None,
            gui_rest_api_cache: Optional[str] = None,
            gui_theme: Optional[str] = None,
            gui_wireless_opensecurity: Optional[str] = None,
            gui_workflow_management: Optional[str] = None,
            ha_affinity: Optional[str] = None,
            honor_df: Optional[str] = None,
            hostname: Optional[str] = None,
            igmp_state_limit: Optional[int] = None,
            ike_embryonic_limit: Optional[int] = None,
            interface_subnet_usage: Optional[str] = None,
            internet_service_database: Optional[str] = None,
            internet_service_download_lists: Optional[Sequence[GlobalInternetServiceDownloadListArgs]] = None,
            interval: Optional[int] = None,
            ip_fragment_mem_thresholds: Optional[int] = None,
            ip_src_port_range: Optional[str] = None,
            ips_affinity: Optional[str] = None,
            ipsec_asic_offload: Optional[str] = None,
            ipsec_ha_seqjump_rate: Optional[int] = None,
            ipsec_hmac_offload: Optional[str] = None,
            ipsec_qat_offload: Optional[str] = None,
            ipsec_round_robin: Optional[str] = None,
            ipsec_soft_dec_async: Optional[str] = None,
            ipv6_accept_dad: Optional[int] = None,
            ipv6_allow_anycast_probe: Optional[str] = None,
            ipv6_allow_local_in_silent_drop: Optional[str] = None,
            ipv6_allow_local_in_slient_drop: Optional[str] = None,
            ipv6_allow_multicast_probe: Optional[str] = None,
            ipv6_allow_traffic_redirect: Optional[str] = None,
            irq_time_accounting: Optional[str] = None,
            language: Optional[str] = None,
            ldapconntimeout: Optional[int] = None,
            lldp_reception: Optional[str] = None,
            lldp_transmission: Optional[str] = None,
            log_single_cpu_high: Optional[str] = None,
            log_ssl_connection: Optional[str] = None,
            log_uuid_address: Optional[str] = None,
            log_uuid_policy: Optional[str] = None,
            login_timestamp: Optional[str] = None,
            long_vdom_name: Optional[str] = None,
            management_ip: Optional[str] = None,
            management_port: Optional[int] = None,
            management_port_use_admin_sport: Optional[str] = None,
            management_vdom: Optional[str] = None,
            max_dlpstat_memory: Optional[int] = None,
            max_route_cache_size: Optional[int] = None,
            mc_ttl_notchange: Optional[str] = None,
            memory_use_threshold_extreme: Optional[int] = None,
            memory_use_threshold_green: Optional[int] = None,
            memory_use_threshold_red: Optional[int] = None,
            miglog_affinity: Optional[str] = None,
            miglogd_children: Optional[int] = None,
            multi_factor_authentication: Optional[str] = None,
            multicast_forward: Optional[str] = None,
            ndp_max_entry: Optional[int] = None,
            npu_neighbor_update: Optional[str] = None,
            per_user_bal: Optional[str] = None,
            per_user_bwl: Optional[str] = None,
            pmtu_discovery: Optional[str] = None,
            policy_auth_concurrent: Optional[int] = None,
            post_login_banner: Optional[str] = None,
            pre_login_banner: Optional[str] = None,
            private_data_encryption: Optional[str] = None,
            proxy_auth_lifetime: Optional[str] = None,
            proxy_auth_lifetime_timeout: Optional[int] = None,
            proxy_auth_timeout: Optional[int] = None,
            proxy_cert_use_mgmt_vdom: Optional[str] = None,
            proxy_cipher_hardware_acceleration: Optional[str] = None,
            proxy_hardware_acceleration: Optional[str] = None,
            proxy_keep_alive_mode: Optional[str] = None,
            proxy_kxp_hardware_acceleration: Optional[str] = None,
            proxy_re_authentication_mode: Optional[str] = None,
            proxy_re_authentication_time: Optional[int] = None,
            proxy_resource_mode: Optional[str] = None,
            proxy_worker_count: Optional[int] = None,
            purdue_level: Optional[str] = None,
            quic_ack_thresold: Optional[int] = None,
            quic_congestion_control_algo: Optional[str] = None,
            quic_max_datagram_size: Optional[int] = None,
            quic_pmtud: Optional[str] = None,
            quic_tls_handshake_timeout: Optional[int] = None,
            quic_udp_payload_size_shaping_per_cid: Optional[str] = None,
            radius_port: Optional[int] = None,
            reboot_upon_config_restore: Optional[str] = None,
            refresh: Optional[int] = None,
            remoteauthtimeout: Optional[int] = None,
            reset_sessionless_tcp: Optional[str] = None,
            restart_time: Optional[str] = None,
            revision_backup_on_logout: Optional[str] = None,
            revision_image_auto_backup: Optional[str] = None,
            scanunit_count: Optional[int] = None,
            security_rating_result_submission: Optional[str] = None,
            security_rating_run_on_schedule: Optional[str] = None,
            send_pmtu_icmp: Optional[str] = None,
            sflowd_max_children_num: Optional[int] = None,
            snat_route_change: Optional[str] = None,
            special_file23_support: Optional[str] = None,
            speedtest_server: Optional[str] = None,
            speedtestd_ctrl_port: Optional[int] = None,
            speedtestd_server_port: Optional[int] = None,
            split_port: Optional[str] = None,
            ssd_trim_date: Optional[int] = None,
            ssd_trim_freq: Optional[str] = None,
            ssd_trim_hour: Optional[int] = None,
            ssd_trim_min: Optional[int] = None,
            ssd_trim_weekday: Optional[str] = None,
            ssh_cbc_cipher: Optional[str] = None,
            ssh_enc_algo: Optional[str] = None,
            ssh_hmac_md5: Optional[str] = None,
            ssh_hostkey: Optional[str] = None,
            ssh_hostkey_algo: Optional[str] = None,
            ssh_hostkey_override: Optional[str] = None,
            ssh_hostkey_password: Optional[str] = None,
            ssh_kex_algo: Optional[str] = None,
            ssh_kex_sha1: Optional[str] = None,
            ssh_mac_algo: Optional[str] = None,
            ssh_mac_weak: Optional[str] = None,
            ssl_min_proto_version: Optional[str] = None,
            ssl_static_key_ciphers: Optional[str] = None,
            sslvpn_cipher_hardware_acceleration: Optional[str] = None,
            sslvpn_ems_sn_check: Optional[str] = None,
            sslvpn_kxp_hardware_acceleration: Optional[str] = None,
            sslvpn_max_worker_count: Optional[int] = None,
            sslvpn_plugin_version_check: Optional[str] = None,
            sslvpn_web_mode: Optional[str] = None,
            strict_dirty_session_check: Optional[str] = None,
            strong_crypto: Optional[str] = None,
            switch_controller: Optional[str] = None,
            switch_controller_reserved_network: Optional[str] = None,
            sys_perf_log_interval: Optional[int] = None,
            syslog_affinity: Optional[str] = None,
            tcp_halfclose_timer: Optional[int] = None,
            tcp_halfopen_timer: Optional[int] = None,
            tcp_option: Optional[str] = None,
            tcp_rst_timer: Optional[int] = None,
            tcp_timewait_timer: Optional[int] = None,
            tftp: Optional[str] = None,
            timezone: Optional[str] = None,
            tp_mc_skip_policy: Optional[str] = None,
            traffic_priority: Optional[str] = None,
            traffic_priority_level: Optional[str] = None,
            two_factor_email_expiry: Optional[int] = None,
            two_factor_fac_expiry: Optional[int] = None,
            two_factor_ftk_expiry: Optional[int] = None,
            two_factor_ftm_expiry: Optional[int] = None,
            two_factor_sms_expiry: Optional[int] = None,
            udp_idle_timer: Optional[int] = None,
            url_filter_affinity: Optional[str] = None,
            url_filter_count: Optional[int] = None,
            user_device_store_max_devices: Optional[int] = None,
            user_device_store_max_unified_mem: Optional[int] = None,
            user_device_store_max_users: Optional[int] = None,
            user_server_cert: Optional[str] = None,
            vdom_admin: Optional[str] = None,
            vdom_mode: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vip_arp_range: Optional[str] = None,
            virtual_server_count: Optional[int] = None,
            virtual_server_hardware_acceleration: Optional[str] = None,
            virtual_switch_vlan: Optional[str] = None,
            vpn_ems_sn_check: Optional[str] = None,
            wad_affinity: Optional[str] = None,
            wad_csvc_cs_count: Optional[int] = None,
            wad_csvc_db_count: Optional[int] = None,
            wad_memory_change_granularity: Optional[int] = None,
            wad_restart_end_time: Optional[str] = None,
            wad_restart_mode: Optional[str] = None,
            wad_restart_start_time: Optional[str] = None,
            wad_source_affinity: Optional[str] = None,
            wad_worker_count: Optional[int] = None,
            wifi_ca_certificate: Optional[str] = None,
            wifi_certificate: Optional[str] = None,
            wimax4g_usb: Optional[str] = None,
            wireless_controller: Optional[str] = None,
            wireless_controller_port: Optional[int] = None) -> Global
    func GetGlobal(ctx *Context, name string, id IDInput, state *GlobalState, opts ...ResourceOption) (*Global, error)
    public static Global Get(string name, Input<string> id, GlobalState? state, CustomResourceOptions? opts = null)
    public static Global get(String name, Output<String> id, GlobalState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AdminConcurrent string
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    AdminConsoleTimeout int
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    AdminForticloudSsoDefaultProfile string
    Override access profile.
    AdminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    AdminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    AdminHstsMaxAge int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    AdminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    AdminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    AdminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    AdminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    AdminHttpsSslVersions string
    Allowed TLS versions for web administration.
    AdminLockoutDuration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    AdminLockoutThreshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    AdminLoginMax int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    AdminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    AdminPort int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    AdminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    AdminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    AdminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    AdminSport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    AdminSshGraceTime int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    AdminSshPassword string
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    AdminSshPort int
    Administrative access port for SSH. (1 - 65535, default = 22).
    AdminSshV1 string
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    AdminTelnet string
    Enable/disable TELNET service. Valid values: enable, disable.
    AdminTelnetPort int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    Admintimeout int
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    Alias string
    Alias for your FortiGate unit.
    AllowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    AntiReplay string
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    ArpMaxEntry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    Asymroute string
    Enable/disable asymmetric route. Valid values: enable, disable.
    AuthCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    AuthHttpPort int
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    AuthHttpsPort int
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    AuthIkeSamlPort int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    AuthKeepalive string
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    AuthSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    AutoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    AutorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    AvAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    AvFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    AvFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    BatchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    BfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    BlockSessionTimer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    BrFdbMaxEntry int
    Maximum number of bridge forwarding database (FDB) entries.
    CertChainMax int
    Maximum number of certificates that can be traversed in a certificate chain.
    CfgRevertTimeout int
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    CfgSave string
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    CheckProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    CheckResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    CliAuditLog string
    Enable/disable CLI audit log. Valid values: enable, disable.
    CloudCommunication string
    Enable/disable all cloud communication. Valid values: enable, disable.
    CltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    CmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    ComplianceCheck string
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    ComplianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    CpuUseThreshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    CsrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    DailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    DefaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    DeviceIdentificationActiveScanDelay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    DeviceIdleTimeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    DhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    DhcpLeaseBackupInterval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    DnsproxyWorkerCount int
    DNS proxy worker count.
    Dst string
    Enable/disable daylight saving time. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EarlyTcpNpuSession string
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    EditVdomPrompt string
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    EndpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    EndpointControlPortalPort int
    Endpoint control portal port (1 - 65535).
    ExtenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    Failtime int
    Fail-time for server lost.
    FazDiskBufferSize int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    FdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    FdsStatisticsPeriod int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    FecPort int
    Local UDP port for Forward Error Correction (49152 - 65535).
    FgdAlertSubscription string
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    ForticonverterConfigUpload string
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    ForticonverterIntegration string
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    Fortiextender string
    Enable/disable FortiExtender. Valid values: enable, disable.
    FortiextenderDataPort int
    FortiExtender data port (1024 - 49150, default = 25246).
    FortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    FortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    FortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    FortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    FortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    FortiservicePort int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    FortitokenCloud string
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    FortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    FortitokenCloudSyncInterval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    GuiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    GuiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    GuiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    GuiCdnDomainOverride string
    Domain of CDN server.
    GuiCdnUsage string
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    GuiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    GuiCustomLanguage string
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    GuiDateFormat string
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    GuiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    GuiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    GuiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    GuiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    GuiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    GuiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    GuiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    GuiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    GuiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    GuiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    GuiIpv6 string
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    GuiLinesPerPage int
    Number of lines to display per page for web administration.
    GuiLocalOut string
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRestApiCache string
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    GuiTheme string
    Color scheme for the administration GUI.
    GuiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    GuiWorkflowManagement string
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    HaAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    HonorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    Hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    IgmpStateLimit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    IkeEmbryonicLimit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    InterfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    InternetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    InternetServiceDownloadLists List<Pulumiverse.Fortios.System.Inputs.GlobalInternetServiceDownloadList>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    Interval int
    Dead gateway detection interval.
    IpFragmentMemThresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    IpSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    IpsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    IpsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    IpsecHaSeqjumpRate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    IpsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    IpsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    IpsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    IpsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    Ipv6AcceptDad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    Ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    Ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    Ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    IrqTimeAccounting string
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    Language string
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    Ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    LogSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    LogSslConnection string
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    LogUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    LogUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    LoginTimestamp string
    Enable/disable login time recording. Valid values: enable, disable.
    LongVdomName string
    Enable/disable long VDOM name support. Valid values: enable, disable.
    ManagementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    ManagementPort int
    Overriding port for management connection (Overrides admin port).
    ManagementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    ManagementVdom string
    Management virtual domain name.
    MaxDlpstatMemory int
    Maximum DLP stat memory (0 - 4294967295).
    MaxRouteCacheSize int
    Maximum number of IP route cache entries (0 - 2147483647).
    McTtlNotchange string
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    MemoryUseThresholdExtreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    MemoryUseThresholdGreen int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    MemoryUseThresholdRed int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    MiglogAffinity string
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    MiglogdChildren int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    MultiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    NdpMaxEntry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    NpuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    PerUserBal string
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    PerUserBwl string
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    PmtuDiscovery string
    Enable/disable path MTU discovery. Valid values: enable, disable.
    PolicyAuthConcurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    PostLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    PreLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    PrivateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    ProxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    ProxyAuthLifetimeTimeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    ProxyAuthTimeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    ProxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    ProxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    ProxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    ProxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    ProxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    ProxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    ProxyReAuthenticationTime int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    ProxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    ProxyWorkerCount int
    Proxy worker count.
    PurdueLevel string
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    QuicAckThresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    QuicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    QuicMaxDatagramSize int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    QuicPmtud string
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    QuicTlsHandshakeTimeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    QuicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    RebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    Refresh int
    Statistics refresh interval second(s) in GUI.
    Remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    ResetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    RestartTime string
    Daily restart time (hh:mm).
    RevisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    RevisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    ScanunitCount int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    SecurityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    SecurityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    SendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    SflowdMaxChildrenNum int
    Maximum number of sflowd child processes allowed to run.
    SnatRouteChange string
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    SpecialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    SpeedtestServer string
    Enable/disable speed test server. Valid values: enable, disable.
    SpeedtestdCtrlPort int
    Speedtest server controller port number.
    SpeedtestdServerPort int
    Speedtest server port number.
    SplitPort string
    Split port(s) to multiple 10Gbps ports.
    SsdTrimDate int
    Date within a month to run ssd trim.
    SsdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    SsdTrimHour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    SsdTrimMin int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    SsdTrimWeekday string
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    SshCbcCipher string
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    SshEncAlgo string
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    SshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    SshHostkey string
    Config SSH host key.
    SshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    SshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    SshHostkeyPassword string
    Password for ssh-hostkey.
    SshKexAlgo string
    Select one or more SSH kex algorithms.
    SshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    SshMacAlgo string
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    SshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    SslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    SslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    SslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    SslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    SslvpnMaxWorkerCount int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    SslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    SslvpnWebMode string
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    StrictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    StrongCrypto string
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    SwitchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    SwitchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    SysPerfLogInterval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    SyslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    TcpHalfcloseTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    TcpHalfopenTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    TcpOption string
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    TcpRstTimer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    TcpTimewaitTimer int
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    Tftp string
    Enable/disable TFTP. Valid values: enable, disable.
    Timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    TpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    TrafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    TrafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    TwoFactorEmailExpiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    TwoFactorFacExpiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    TwoFactorFtkExpiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    TwoFactorFtmExpiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    TwoFactorSmsExpiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    UdpIdleTimer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    UrlFilterAffinity string
    URL filter CPU affinity.
    UrlFilterCount int
    URL filter daemon count.
    UserDeviceStoreMaxDevices int
    Maximum number of devices allowed in user device store.
    UserDeviceStoreMaxUnifiedMem int
    Maximum unified memory allowed in user device store.
    UserDeviceStoreMaxUsers int
    Maximum number of users allowed in user device store.
    UserServerCert string
    Certificate to use for https user authentication.
    VdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    VdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    VirtualServerCount int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    VirtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    VirtualSwitchVlan string
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    VpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    WadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    WadCsvcCsCount int
    Number of concurrent WAD-cache-service object-cache processes.
    WadCsvcDbCount int
    Number of concurrent WAD-cache-service byte-cache processes.
    WadMemoryChangeGranularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    WadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    WadRestartMode string
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    WadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    WadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    WadWorkerCount int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    WifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    WifiCertificate string
    Certificate to use for WiFi authentication.
    Wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    WirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    WirelessControllerPort int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    AdminConcurrent string
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    AdminConsoleTimeout int
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    AdminForticloudSsoDefaultProfile string
    Override access profile.
    AdminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    AdminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    AdminHstsMaxAge int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    AdminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    AdminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    AdminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    AdminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    AdminHttpsSslVersions string
    Allowed TLS versions for web administration.
    AdminLockoutDuration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    AdminLockoutThreshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    AdminLoginMax int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    AdminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    AdminPort int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    AdminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    AdminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    AdminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    AdminSport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    AdminSshGraceTime int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    AdminSshPassword string
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    AdminSshPort int
    Administrative access port for SSH. (1 - 65535, default = 22).
    AdminSshV1 string
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    AdminTelnet string
    Enable/disable TELNET service. Valid values: enable, disable.
    AdminTelnetPort int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    Admintimeout int
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    Alias string
    Alias for your FortiGate unit.
    AllowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    AntiReplay string
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    ArpMaxEntry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    Asymroute string
    Enable/disable asymmetric route. Valid values: enable, disable.
    AuthCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    AuthHttpPort int
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    AuthHttpsPort int
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    AuthIkeSamlPort int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    AuthKeepalive string
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    AuthSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    AutoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    AutorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    AvAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    AvFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    AvFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    BatchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    BfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    BlockSessionTimer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    BrFdbMaxEntry int
    Maximum number of bridge forwarding database (FDB) entries.
    CertChainMax int
    Maximum number of certificates that can be traversed in a certificate chain.
    CfgRevertTimeout int
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    CfgSave string
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    CheckProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    CheckResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    CliAuditLog string
    Enable/disable CLI audit log. Valid values: enable, disable.
    CloudCommunication string
    Enable/disable all cloud communication. Valid values: enable, disable.
    CltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    CmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    ComplianceCheck string
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    ComplianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    CpuUseThreshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    CsrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    DailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    DefaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    DeviceIdentificationActiveScanDelay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    DeviceIdleTimeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    DhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    DhcpLeaseBackupInterval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    DnsproxyWorkerCount int
    DNS proxy worker count.
    Dst string
    Enable/disable daylight saving time. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EarlyTcpNpuSession string
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    EditVdomPrompt string
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    EndpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    EndpointControlPortalPort int
    Endpoint control portal port (1 - 65535).
    ExtenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    Failtime int
    Fail-time for server lost.
    FazDiskBufferSize int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    FdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    FdsStatisticsPeriod int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    FecPort int
    Local UDP port for Forward Error Correction (49152 - 65535).
    FgdAlertSubscription string
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    ForticonverterConfigUpload string
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    ForticonverterIntegration string
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    Fortiextender string
    Enable/disable FortiExtender. Valid values: enable, disable.
    FortiextenderDataPort int
    FortiExtender data port (1024 - 49150, default = 25246).
    FortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    FortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    FortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    FortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    FortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    FortiservicePort int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    FortitokenCloud string
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    FortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    FortitokenCloudSyncInterval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    GuiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    GuiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    GuiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    GuiCdnDomainOverride string
    Domain of CDN server.
    GuiCdnUsage string
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    GuiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    GuiCustomLanguage string
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    GuiDateFormat string
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    GuiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    GuiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    GuiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    GuiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    GuiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    GuiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    GuiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    GuiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    GuiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    GuiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    GuiIpv6 string
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    GuiLinesPerPage int
    Number of lines to display per page for web administration.
    GuiLocalOut string
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRestApiCache string
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    GuiTheme string
    Color scheme for the administration GUI.
    GuiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    GuiWorkflowManagement string
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    HaAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    HonorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    Hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    IgmpStateLimit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    IkeEmbryonicLimit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    InterfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    InternetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    InternetServiceDownloadLists []GlobalInternetServiceDownloadListArgs
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    Interval int
    Dead gateway detection interval.
    IpFragmentMemThresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    IpSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    IpsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    IpsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    IpsecHaSeqjumpRate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    IpsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    IpsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    IpsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    IpsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    Ipv6AcceptDad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    Ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    Ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    Ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    Ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    IrqTimeAccounting string
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    Language string
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    Ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    LogSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    LogSslConnection string
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    LogUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    LogUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    LoginTimestamp string
    Enable/disable login time recording. Valid values: enable, disable.
    LongVdomName string
    Enable/disable long VDOM name support. Valid values: enable, disable.
    ManagementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    ManagementPort int
    Overriding port for management connection (Overrides admin port).
    ManagementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    ManagementVdom string
    Management virtual domain name.
    MaxDlpstatMemory int
    Maximum DLP stat memory (0 - 4294967295).
    MaxRouteCacheSize int
    Maximum number of IP route cache entries (0 - 2147483647).
    McTtlNotchange string
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    MemoryUseThresholdExtreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    MemoryUseThresholdGreen int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    MemoryUseThresholdRed int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    MiglogAffinity string
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    MiglogdChildren int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    MultiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    NdpMaxEntry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    NpuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    PerUserBal string
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    PerUserBwl string
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    PmtuDiscovery string
    Enable/disable path MTU discovery. Valid values: enable, disable.
    PolicyAuthConcurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    PostLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    PreLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    PrivateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    ProxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    ProxyAuthLifetimeTimeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    ProxyAuthTimeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    ProxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    ProxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    ProxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    ProxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    ProxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    ProxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    ProxyReAuthenticationTime int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    ProxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    ProxyWorkerCount int
    Proxy worker count.
    PurdueLevel string
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    QuicAckThresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    QuicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    QuicMaxDatagramSize int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    QuicPmtud string
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    QuicTlsHandshakeTimeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    QuicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    RadiusPort int
    RADIUS service port number.
    RebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    Refresh int
    Statistics refresh interval second(s) in GUI.
    Remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    ResetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    RestartTime string
    Daily restart time (hh:mm).
    RevisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    RevisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    ScanunitCount int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    SecurityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    SecurityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    SendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    SflowdMaxChildrenNum int
    Maximum number of sflowd child processes allowed to run.
    SnatRouteChange string
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    SpecialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    SpeedtestServer string
    Enable/disable speed test server. Valid values: enable, disable.
    SpeedtestdCtrlPort int
    Speedtest server controller port number.
    SpeedtestdServerPort int
    Speedtest server port number.
    SplitPort string
    Split port(s) to multiple 10Gbps ports.
    SsdTrimDate int
    Date within a month to run ssd trim.
    SsdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    SsdTrimHour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    SsdTrimMin int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    SsdTrimWeekday string
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    SshCbcCipher string
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    SshEncAlgo string
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    SshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    SshHostkey string
    Config SSH host key.
    SshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    SshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    SshHostkeyPassword string
    Password for ssh-hostkey.
    SshKexAlgo string
    Select one or more SSH kex algorithms.
    SshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    SshMacAlgo string
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    SshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    SslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    SslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    SslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    SslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    SslvpnMaxWorkerCount int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    SslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    SslvpnWebMode string
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    StrictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    StrongCrypto string
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    SwitchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    SwitchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    SysPerfLogInterval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    SyslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    TcpHalfcloseTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    TcpHalfopenTimer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    TcpOption string
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    TcpRstTimer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    TcpTimewaitTimer int
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    Tftp string
    Enable/disable TFTP. Valid values: enable, disable.
    Timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    TpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    TrafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    TrafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    TwoFactorEmailExpiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    TwoFactorFacExpiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    TwoFactorFtkExpiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    TwoFactorFtmExpiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    TwoFactorSmsExpiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    UdpIdleTimer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    UrlFilterAffinity string
    URL filter CPU affinity.
    UrlFilterCount int
    URL filter daemon count.
    UserDeviceStoreMaxDevices int
    Maximum number of devices allowed in user device store.
    UserDeviceStoreMaxUnifiedMem int
    Maximum unified memory allowed in user device store.
    UserDeviceStoreMaxUsers int
    Maximum number of users allowed in user device store.
    UserServerCert string
    Certificate to use for https user authentication.
    VdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    VdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    VirtualServerCount int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    VirtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    VirtualSwitchVlan string
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    VpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    WadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    WadCsvcCsCount int
    Number of concurrent WAD-cache-service object-cache processes.
    WadCsvcDbCount int
    Number of concurrent WAD-cache-service byte-cache processes.
    WadMemoryChangeGranularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    WadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    WadRestartMode string
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    WadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    WadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    WadWorkerCount int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    WifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    WifiCertificate string
    Certificate to use for WiFi authentication.
    Wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    WirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    WirelessControllerPort int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    adminConcurrent String
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    adminConsoleTimeout Integer
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    adminForticloudSsoDefaultProfile String
    Override access profile.
    adminForticloudSsoLogin String
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    adminHost String
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge Integer
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired String
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    adminHttpsRedirect String
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    adminHttpsSslBannedCiphers String
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    adminHttpsSslCiphersuites String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    adminHttpsSslVersions String
    Allowed TLS versions for web administration.
    adminLockoutDuration Integer
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold Integer
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax Integer
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer String
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    adminPort Integer
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal String
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    adminScp String
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    adminServerCert String
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport Integer
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime Integer
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword String
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    adminSshPort Integer
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 String
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    adminTelnet String
    Enable/disable TELNET service. Valid values: enable, disable.
    adminTelnetPort Integer
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout Integer
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias String
    Alias for your FortiGate unit.
    allowTrafficRedirect String
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    antiReplay String
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arpMaxEntry Integer
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute String
    Enable/disable asymmetric route. Valid values: enable, disable.
    authCert String
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort Integer
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    authHttpsPort Integer
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    authIkeSamlPort Integer
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive String
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    authSessionLimit String
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    autoAuthExtensionDevice String
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorunLogFsck String
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    avAffinity String
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen String
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    avFailopenSession String
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batchCmdb String
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfdAffinity String
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer Integer
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry Integer
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax Integer
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout Integer
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfgSave String
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    checkProtocolHeader String
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    checkResetRange String
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cliAuditLog String
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloudCommunication String
    Enable/disable all cloud communication. Valid values: enable, disable.
    cltCertReq String
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvrAffinity String
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck String
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    complianceCheckTime String
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold Integer
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute String
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    dailyRestart String
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    defaultServiceSourcePort String
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay Integer
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout Integer
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams String
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcpLeaseBackupInterval Integer
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount Integer
    DNS proxy worker count.
    dst String
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    earlyTcpNpuSession String
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    editVdomPrompt String
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpointControlFdsAccess String
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpointControlPortalPort Integer
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork String
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime Integer
    Fail-time for server lost.
    fazDiskBufferSize Integer
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics String
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fdsStatisticsPeriod Integer
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort Integer
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription String
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverterConfigUpload String
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverterIntegration String
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender String
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextenderDataPort Integer
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown String
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextenderProvisionOnAuthorization String
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextenderVlanMode String
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslbIntegration String
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipamIntegration String
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservicePort Integer
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud String
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitokenCloudPushStatus String
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitokenCloudSyncInterval Integer
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAllowDefaultHostname String
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    guiAllowIncompatibleFabricFgt String
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    guiAppDetectionSdwan String
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    guiAutoUpgradeSetupWarning String
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    guiCdnDomainOverride String
    Domain of CDN server.
    guiCdnUsage String
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    guiCertificates String
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    guiCustomLanguage String
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    guiDateFormat String
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    guiDateTimeSource String
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    guiDeviceLatitude String
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude String
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname String
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    guiFirmwareUpgradeSetupWarning String
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    guiFirmwareUpgradeWarning String
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    guiForticareRegistrationSetupWarning String
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    guiFortigateCloudSandbox String
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    guiFortiguardResourceFetch String
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    guiFortisandboxCloud String
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    guiIpv6 String
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    guiLinesPerPage Integer
    Number of lines to display per page for web administration.
    guiLocalOut String
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRestApiCache String
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    guiTheme String
    Color scheme for the administration GUI.
    guiWirelessOpensecurity String
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    guiWorkflowManagement String
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    haAffinity String
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf String
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname String
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmpStateLimit Integer
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit Integer
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage String
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internetServiceDatabase String
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists List<GlobalInternetServiceDownloadList>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval Integer
    Dead gateway detection interval.
    ipFragmentMemThresholds Integer
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange String
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity String
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload String
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsecHaSeqjumpRate Integer
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload String
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsecQatOffload String
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsecRoundRobin String
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsecSoftDecAsync String
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6AcceptDad Integer
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe String
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6AllowLocalInSilentDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowLocalInSlientDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowMulticastProbe String
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6AllowTrafficRedirect String
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irqTimeAccounting String
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language String
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout Integer
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    logSingleCpuHigh String
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    logSslConnection String
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    logUuidAddress String
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    logUuidPolicy String
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    loginTimestamp String
    Enable/disable login time recording. Valid values: enable, disable.
    longVdomName String
    Enable/disable long VDOM name support. Valid values: enable, disable.
    managementIp String
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort Integer
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport String
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    managementVdom String
    Management virtual domain name.
    maxDlpstatMemory Integer
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize Integer
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange String
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memoryUseThresholdExtreme Integer
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen Integer
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed Integer
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity String
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogdChildren Integer
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multiFactorAuthentication String
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndpMaxEntry Integer
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate String
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    perUserBal String
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    perUserBwl String
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtuDiscovery String
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policyAuthConcurrent Integer
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner String
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    preLoginBanner String
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    privateDataEncryption String
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxyAuthLifetime String
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxyAuthLifetimeTimeout Integer
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout Integer
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxyCipherHardwareAcceleration String
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxyHardwareAcceleration String
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxyKeepAliveMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxyKxpHardwareAcceleration String
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxyReAuthenticationMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxyReAuthenticationTime Integer
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode String
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxyWorkerCount Integer
    Proxy worker count.
    purdueLevel String
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quicAckThresold Integer
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo String
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quicMaxDatagramSize Integer
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud String
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quicTlsHandshakeTimeout Integer
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid String
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radiusPort Integer
    RADIUS service port number.
    rebootUponConfigRestore String
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh Integer
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout Integer
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    resetSessionlessTcp String
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restartTime String
    Daily restart time (hh:mm).
    revisionBackupOnLogout String
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revisionImageAutoBackup String
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunitCount Integer
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission String
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    securityRatingRunOnSchedule String
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    sendPmtuIcmp String
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowdMaxChildrenNum Integer
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange String
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    specialFile23Support String
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtestServer String
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestdCtrlPort Integer
    Speedtest server controller port number.
    speedtestdServerPort Integer
    Speedtest server port number.
    splitPort String
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate Integer
    Date within a month to run ssd trim.
    ssdTrimFreq String
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssdTrimHour Integer
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin Integer
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday String
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    sshCbcCipher String
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    sshEncAlgo String
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    sshHmacMd5 String
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    sshHostkey String
    Config SSH host key.
    sshHostkeyAlgo String
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride String
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    sshHostkeyPassword String
    Password for ssh-hostkey.
    sshKexAlgo String
    Select one or more SSH kex algorithms.
    sshKexSha1 String
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    sshMacAlgo String
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    sshMacWeak String
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers String
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpnCipherHardwareAcceleration String
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpnKxpHardwareAcceleration String
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpnMaxWorkerCount Integer
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck String
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpnWebMode String
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strictDirtySessionCheck String
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strongCrypto String
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switchController String
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switchControllerReservedNetwork String
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval Integer
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity String
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer Integer
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer Integer
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption String
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcpRstTimer Integer
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer Integer
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp String
    Enable/disable TFTP. Valid values: enable, disable.
    timezone String
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy String
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    trafficPriority String
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    trafficPriorityLevel String
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    twoFactorEmailExpiry Integer
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry Integer
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry Integer
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry Integer
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry Integer
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer Integer
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity String
    URL filter CPU affinity.
    urlFilterCount Integer
    URL filter daemon count.
    userDeviceStoreMaxDevices Integer
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem Integer
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers Integer
    Maximum number of users allowed in user device store.
    userServerCert String
    Certificate to use for https user authentication.
    vdomAdmin String
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdomMode String
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vipArpRange String
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtualServerCount Integer
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration String
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtualSwitchVlan String
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wadAffinity String
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount Integer
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount Integer
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity Integer
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime String
    WAD workers daily restart end time (hh:mm).
    wadRestartMode String
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wadRestartStartTime String
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity String
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wadWorkerCount Integer
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate String
    CA certificate that verifies the WiFi certificate.
    wifiCertificate String
    Certificate to use for WiFi authentication.
    wimax4gUsb String
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wirelessController String
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wirelessControllerPort Integer
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    adminConcurrent string
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    adminConsoleTimeout number
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    adminForticloudSsoDefaultProfile string
    Override access profile.
    adminForticloudSsoLogin string
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    adminHost string
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge number
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired string
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    adminHttpsRedirect string
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    adminHttpsSslBannedCiphers string
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    adminHttpsSslCiphersuites string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    adminHttpsSslVersions string
    Allowed TLS versions for web administration.
    adminLockoutDuration number
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold number
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax number
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer string
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    adminPort number
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal string
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    adminScp string
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    adminServerCert string
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport number
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime number
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword string
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    adminSshPort number
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 string
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    adminTelnet string
    Enable/disable TELNET service. Valid values: enable, disable.
    adminTelnetPort number
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout number
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias string
    Alias for your FortiGate unit.
    allowTrafficRedirect string
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    antiReplay string
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arpMaxEntry number
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute string
    Enable/disable asymmetric route. Valid values: enable, disable.
    authCert string
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort number
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    authHttpsPort number
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    authIkeSamlPort number
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive string
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    authSessionLimit string
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    autoAuthExtensionDevice string
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorunLogFsck string
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    avAffinity string
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen string
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    avFailopenSession string
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batchCmdb string
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfdAffinity string
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer number
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry number
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax number
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout number
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfgSave string
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    checkProtocolHeader string
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    checkResetRange string
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cliAuditLog string
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloudCommunication string
    Enable/disable all cloud communication. Valid values: enable, disable.
    cltCertReq string
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvrAffinity string
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck string
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    complianceCheckTime string
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold number
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute string
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    dailyRestart string
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    defaultServiceSourcePort string
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay number
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout number
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams string
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcpLeaseBackupInterval number
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount number
    DNS proxy worker count.
    dst string
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    earlyTcpNpuSession string
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    editVdomPrompt string
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpointControlFdsAccess string
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpointControlPortalPort number
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork string
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime number
    Fail-time for server lost.
    fazDiskBufferSize number
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics string
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fdsStatisticsPeriod number
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort number
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription string
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverterConfigUpload string
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverterIntegration string
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender string
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextenderDataPort number
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown string
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextenderProvisionOnAuthorization string
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextenderVlanMode string
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslbIntegration string
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipamIntegration string
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservicePort number
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud string
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitokenCloudPushStatus string
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitokenCloudSyncInterval number
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAllowDefaultHostname string
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    guiAllowIncompatibleFabricFgt string
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    guiAppDetectionSdwan string
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    guiAutoUpgradeSetupWarning string
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    guiCdnDomainOverride string
    Domain of CDN server.
    guiCdnUsage string
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    guiCertificates string
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    guiCustomLanguage string
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    guiDateFormat string
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    guiDateTimeSource string
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    guiDeviceLatitude string
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude string
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname string
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    guiFirmwareUpgradeSetupWarning string
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    guiFirmwareUpgradeWarning string
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    guiForticareRegistrationSetupWarning string
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    guiFortigateCloudSandbox string
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    guiFortiguardResourceFetch string
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    guiFortisandboxCloud string
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    guiIpv6 string
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    guiLinesPerPage number
    Number of lines to display per page for web administration.
    guiLocalOut string
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRestApiCache string
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    guiTheme string
    Color scheme for the administration GUI.
    guiWirelessOpensecurity string
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    guiWorkflowManagement string
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    haAffinity string
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf string
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname string
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmpStateLimit number
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit number
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage string
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internetServiceDatabase string
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists GlobalInternetServiceDownloadList[]
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval number
    Dead gateway detection interval.
    ipFragmentMemThresholds number
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange string
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity string
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload string
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsecHaSeqjumpRate number
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload string
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsecQatOffload string
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsecRoundRobin string
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsecSoftDecAsync string
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6AcceptDad number
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe string
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6AllowLocalInSilentDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowLocalInSlientDrop string
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowMulticastProbe string
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6AllowTrafficRedirect string
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irqTimeAccounting string
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language string
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout number
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    logSingleCpuHigh string
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    logSslConnection string
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    logUuidAddress string
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    logUuidPolicy string
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    loginTimestamp string
    Enable/disable login time recording. Valid values: enable, disable.
    longVdomName string
    Enable/disable long VDOM name support. Valid values: enable, disable.
    managementIp string
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort number
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport string
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    managementVdom string
    Management virtual domain name.
    maxDlpstatMemory number
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize number
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange string
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memoryUseThresholdExtreme number
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen number
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed number
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity string
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogdChildren number
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multiFactorAuthentication string
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndpMaxEntry number
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate string
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    perUserBal string
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    perUserBwl string
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtuDiscovery string
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policyAuthConcurrent number
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner string
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    preLoginBanner string
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    privateDataEncryption string
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxyAuthLifetime string
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxyAuthLifetimeTimeout number
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout number
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom string
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxyCipherHardwareAcceleration string
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxyHardwareAcceleration string
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxyKeepAliveMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxyKxpHardwareAcceleration string
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxyReAuthenticationMode string
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxyReAuthenticationTime number
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode string
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxyWorkerCount number
    Proxy worker count.
    purdueLevel string
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quicAckThresold number
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo string
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quicMaxDatagramSize number
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud string
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quicTlsHandshakeTimeout number
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid string
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radiusPort number
    RADIUS service port number.
    rebootUponConfigRestore string
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh number
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout number
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    resetSessionlessTcp string
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restartTime string
    Daily restart time (hh:mm).
    revisionBackupOnLogout string
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revisionImageAutoBackup string
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunitCount number
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission string
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    securityRatingRunOnSchedule string
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    sendPmtuIcmp string
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowdMaxChildrenNum number
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange string
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    specialFile23Support string
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtestServer string
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestdCtrlPort number
    Speedtest server controller port number.
    speedtestdServerPort number
    Speedtest server port number.
    splitPort string
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate number
    Date within a month to run ssd trim.
    ssdTrimFreq string
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssdTrimHour number
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin number
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday string
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    sshCbcCipher string
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    sshEncAlgo string
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    sshHmacMd5 string
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    sshHostkey string
    Config SSH host key.
    sshHostkeyAlgo string
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride string
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    sshHostkeyPassword string
    Password for ssh-hostkey.
    sshKexAlgo string
    Select one or more SSH kex algorithms.
    sshKexSha1 string
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    sshMacAlgo string
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    sshMacWeak string
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    sslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers string
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpnCipherHardwareAcceleration string
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpnKxpHardwareAcceleration string
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpnMaxWorkerCount number
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck string
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpnWebMode string
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strictDirtySessionCheck string
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strongCrypto string
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switchController string
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switchControllerReservedNetwork string
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval number
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity string
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption string
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcpRstTimer number
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer number
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp string
    Enable/disable TFTP. Valid values: enable, disable.
    timezone string
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy string
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    trafficPriority string
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    trafficPriorityLevel string
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    twoFactorEmailExpiry number
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry number
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry number
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry number
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry number
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer number
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity string
    URL filter CPU affinity.
    urlFilterCount number
    URL filter daemon count.
    userDeviceStoreMaxDevices number
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem number
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers number
    Maximum number of users allowed in user device store.
    userServerCert string
    Certificate to use for https user authentication.
    vdomAdmin string
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdomMode string
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vipArpRange string
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtualServerCount number
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration string
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtualSwitchVlan string
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpnEmsSnCheck string
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wadAffinity string
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount number
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount number
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity number
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime string
    WAD workers daily restart end time (hh:mm).
    wadRestartMode string
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wadRestartStartTime string
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity string
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wadWorkerCount number
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate string
    CA certificate that verifies the WiFi certificate.
    wifiCertificate string
    Certificate to use for WiFi authentication.
    wimax4gUsb string
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wirelessController string
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wirelessControllerPort number
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    admin_concurrent str
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    admin_console_timeout int
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    admin_forticloud_sso_default_profile str
    Override access profile.
    admin_forticloud_sso_login str
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    admin_host str
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    admin_hsts_max_age int
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    admin_https_pki_required str
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    admin_https_redirect str
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    admin_https_ssl_banned_ciphers str
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    admin_https_ssl_ciphersuites str
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    admin_https_ssl_versions str
    Allowed TLS versions for web administration.
    admin_lockout_duration int
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    admin_lockout_threshold int
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    admin_login_max int
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    admin_maintainer str
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    admin_port int
    Administrative access port for HTTP. (1 - 65535, default = 80).
    admin_restrict_local str
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    admin_scp str
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    admin_server_cert str
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    admin_sport int
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    admin_ssh_grace_time int
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    admin_ssh_password str
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    admin_ssh_port int
    Administrative access port for SSH. (1 - 65535, default = 22).
    admin_ssh_v1 str
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    admin_telnet str
    Enable/disable TELNET service. Valid values: enable, disable.
    admin_telnet_port int
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout int
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias str
    Alias for your FortiGate unit.
    allow_traffic_redirect str
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    anti_replay str
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arp_max_entry int
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute str
    Enable/disable asymmetric route. Valid values: enable, disable.
    auth_cert str
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    auth_http_port int
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    auth_https_port int
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    auth_ike_saml_port int
    User IKE SAML authentication port (0 - 65535, default = 1001).
    auth_keepalive str
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    auth_session_limit str
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    auto_auth_extension_device str
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorun_log_fsck str
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    av_affinity str
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    av_failopen str
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    av_failopen_session str
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batch_cmdb str
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfd_affinity str
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    block_session_timer int
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    br_fdb_max_entry int
    Maximum number of bridge forwarding database (FDB) entries.
    cert_chain_max int
    Maximum number of certificates that can be traversed in a certificate chain.
    cfg_revert_timeout int
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfg_save str
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    check_protocol_header str
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    check_reset_range str
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cli_audit_log str
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloud_communication str
    Enable/disable all cloud communication. Valid values: enable, disable.
    clt_cert_req str
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvr_affinity str
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    compliance_check str
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    compliance_check_time str
    Time of day to run scheduled PCI DSS compliance checks.
    cpu_use_threshold int
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csr_ca_attribute str
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    daily_restart str
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    default_service_source_port str
    Default service source port range. (default=1-65535)
    device_identification_active_scan_delay int
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    device_idle_timeout int
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dh_params str
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcp_lease_backup_interval int
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxy_worker_count int
    DNS proxy worker count.
    dst str
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    early_tcp_npu_session str
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    edit_vdom_prompt str
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpoint_control_fds_access str
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpoint_control_portal_port int
    Endpoint control portal port (1 - 65535).
    extender_controller_reserved_network str
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime int
    Fail-time for server lost.
    faz_disk_buffer_size int
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fds_statistics str
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fds_statistics_period int
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fec_port int
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgd_alert_subscription str
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverter_config_upload str
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverter_integration str
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender str
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextender_data_port int
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextender_discovery_lockdown str
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextender_provision_on_authorization str
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextender_vlan_mode str
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslb_integration str
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipam_integration str
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservice_port int
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitoken_cloud str
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitoken_cloud_push_status str
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitoken_cloud_sync_interval int
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gui_allow_default_hostname str
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    gui_allow_incompatible_fabric_fgt str
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    gui_app_detection_sdwan str
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    gui_auto_upgrade_setup_warning str
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    gui_cdn_domain_override str
    Domain of CDN server.
    gui_cdn_usage str
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    gui_certificates str
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    gui_custom_language str
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    gui_date_format str
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    gui_date_time_source str
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    gui_device_latitude str
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    gui_device_longitude str
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    gui_display_hostname str
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    gui_firmware_upgrade_setup_warning str
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    gui_firmware_upgrade_warning str
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    gui_forticare_registration_setup_warning str
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    gui_fortigate_cloud_sandbox str
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    gui_fortiguard_resource_fetch str
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    gui_fortisandbox_cloud str
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    gui_ipv6 str
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    gui_lines_per_page int
    Number of lines to display per page for web administration.
    gui_local_out str
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    gui_replacement_message_groups str
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    gui_rest_api_cache str
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    gui_theme str
    Color scheme for the administration GUI.
    gui_wireless_opensecurity str
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    gui_workflow_management str
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    ha_affinity str
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honor_df str
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname str
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmp_state_limit int
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ike_embryonic_limit int
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interface_subnet_usage str
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internet_service_database str
    Configure which Internet Service database size to download from FortiGuard and use.
    internet_service_download_lists Sequence[GlobalInternetServiceDownloadListArgs]
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval int
    Dead gateway detection interval.
    ip_fragment_mem_thresholds int
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ip_src_port_range str
    IP source port range used for traffic originating from the FortiGate unit.
    ips_affinity str
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsec_asic_offload str
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsec_ha_seqjump_rate int
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsec_hmac_offload str
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsec_qat_offload str
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsec_round_robin str
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsec_soft_dec_async str
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6_accept_dad int
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6_allow_anycast_probe str
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6_allow_local_in_silent_drop str
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6_allow_local_in_slient_drop str
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6_allow_multicast_probe str
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6_allow_traffic_redirect str
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irq_time_accounting str
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language str
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout int
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldp_reception str
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldp_transmission str
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    log_single_cpu_high str
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    log_ssl_connection str
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    log_uuid_address str
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    log_uuid_policy str
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    login_timestamp str
    Enable/disable login time recording. Valid values: enable, disable.
    long_vdom_name str
    Enable/disable long VDOM name support. Valid values: enable, disable.
    management_ip str
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    management_port int
    Overriding port for management connection (Overrides admin port).
    management_port_use_admin_sport str
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    management_vdom str
    Management virtual domain name.
    max_dlpstat_memory int
    Maximum DLP stat memory (0 - 4294967295).
    max_route_cache_size int
    Maximum number of IP route cache entries (0 - 2147483647).
    mc_ttl_notchange str
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memory_use_threshold_extreme int
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memory_use_threshold_green int
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memory_use_threshold_red int
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglog_affinity str
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogd_children int
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multi_factor_authentication str
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicast_forward str
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndp_max_entry int
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npu_neighbor_update str
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    per_user_bal str
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    per_user_bwl str
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtu_discovery str
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policy_auth_concurrent int
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    post_login_banner str
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    pre_login_banner str
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    private_data_encryption str
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxy_auth_lifetime str
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxy_auth_lifetime_timeout int
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxy_auth_timeout int
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxy_cert_use_mgmt_vdom str
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxy_cipher_hardware_acceleration str
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxy_hardware_acceleration str
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxy_keep_alive_mode str
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxy_kxp_hardware_acceleration str
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxy_re_authentication_mode str
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxy_re_authentication_time int
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxy_resource_mode str
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxy_worker_count int
    Proxy worker count.
    purdue_level str
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quic_ack_thresold int
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quic_congestion_control_algo str
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quic_max_datagram_size int
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quic_pmtud str
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quic_tls_handshake_timeout int
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quic_udp_payload_size_shaping_per_cid str
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radius_port int
    RADIUS service port number.
    reboot_upon_config_restore str
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh int
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout int
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    reset_sessionless_tcp str
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restart_time str
    Daily restart time (hh:mm).
    revision_backup_on_logout str
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revision_image_auto_backup str
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunit_count int
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    security_rating_result_submission str
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    security_rating_run_on_schedule str
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    send_pmtu_icmp str
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowd_max_children_num int
    Maximum number of sflowd child processes allowed to run.
    snat_route_change str
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    special_file23_support str
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtest_server str
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestd_ctrl_port int
    Speedtest server controller port number.
    speedtestd_server_port int
    Speedtest server port number.
    split_port str
    Split port(s) to multiple 10Gbps ports.
    ssd_trim_date int
    Date within a month to run ssd trim.
    ssd_trim_freq str
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssd_trim_hour int
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssd_trim_min int
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssd_trim_weekday str
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    ssh_cbc_cipher str
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    ssh_enc_algo str
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    ssh_hmac_md5 str
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    ssh_hostkey str
    Config SSH host key.
    ssh_hostkey_algo str
    Select one or more SSH hostkey algorithms.
    ssh_hostkey_override str
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    ssh_hostkey_password str
    Password for ssh-hostkey.
    ssh_kex_algo str
    Select one or more SSH kex algorithms.
    ssh_kex_sha1 str
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    ssh_mac_algo str
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    ssh_mac_weak str
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    ssl_min_proto_version str
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    ssl_static_key_ciphers str
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpn_cipher_hardware_acceleration str
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpn_ems_sn_check str
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpn_kxp_hardware_acceleration str
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpn_max_worker_count int
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpn_plugin_version_check str
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpn_web_mode str
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strict_dirty_session_check str
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strong_crypto str
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switch_controller str
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switch_controller_reserved_network str
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sys_perf_log_interval int
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslog_affinity str
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcp_halfclose_timer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcp_halfopen_timer int
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcp_option str
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcp_rst_timer int
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcp_timewait_timer int
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp str
    Enable/disable TFTP. Valid values: enable, disable.
    timezone str
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tp_mc_skip_policy str
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    traffic_priority str
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    traffic_priority_level str
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    two_factor_email_expiry int
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    two_factor_fac_expiry int
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    two_factor_ftk_expiry int
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    two_factor_ftm_expiry int
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    two_factor_sms_expiry int
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udp_idle_timer int
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    url_filter_affinity str
    URL filter CPU affinity.
    url_filter_count int
    URL filter daemon count.
    user_device_store_max_devices int
    Maximum number of devices allowed in user device store.
    user_device_store_max_unified_mem int
    Maximum unified memory allowed in user device store.
    user_device_store_max_users int
    Maximum number of users allowed in user device store.
    user_server_cert str
    Certificate to use for https user authentication.
    vdom_admin str
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdom_mode str
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vip_arp_range str
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtual_server_count int
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtual_server_hardware_acceleration str
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtual_switch_vlan str
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpn_ems_sn_check str
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wad_affinity str
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wad_csvc_cs_count int
    Number of concurrent WAD-cache-service object-cache processes.
    wad_csvc_db_count int
    Number of concurrent WAD-cache-service byte-cache processes.
    wad_memory_change_granularity int
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wad_restart_end_time str
    WAD workers daily restart end time (hh:mm).
    wad_restart_mode str
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wad_restart_start_time str
    WAD workers daily restart time (hh:mm).
    wad_source_affinity str
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wad_worker_count int
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifi_ca_certificate str
    CA certificate that verifies the WiFi certificate.
    wifi_certificate str
    Certificate to use for WiFi authentication.
    wimax4g_usb str
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wireless_controller str
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wireless_controller_port int
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).
    adminConcurrent String
    Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: enable, disable.
    adminConsoleTimeout Number
    Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout).
    adminForticloudSsoDefaultProfile String
    Override access profile.
    adminForticloudSsoLogin String
    Enable/disable FortiCloud admin login via SSO. Valid values: enable, disable.
    adminHost String
    Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.
    adminHstsMaxAge Number
    HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.
    adminHttpsPkiRequired String
    Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: enable, disable.
    adminHttpsRedirect String
    Enable/disable redirection of HTTP administration access to HTTPS. Valid values: enable, disable.
    adminHttpsSslBannedCiphers String
    Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: RSA, DHE, ECDHE, DSS, ECDSA, AES, AESGCM, CAMELLIA, 3DES, SHA1, SHA256, SHA384, STATIC, CHACHA20, ARIA, AESCCM.
    adminHttpsSslCiphersuites String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    adminHttpsSslVersions String
    Allowed TLS versions for web administration.
    adminLockoutDuration Number
    Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.
    adminLockoutThreshold Number
    Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.
    adminLoginMax Number
    Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)
    adminMaintainer String
    Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: enable, disable.
    adminPort Number
    Administrative access port for HTTP. (1 - 65535, default = 80).
    adminRestrictLocal String
    Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: enable, disable.
    adminScp String
    Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: enable, disable.
    adminServerCert String
    Server certificate that the FortiGate uses for HTTPS administrative connections.
    adminSport Number
    Administrative access port for HTTPS. (1 - 65535, default = 443).
    adminSshGraceTime Number
    Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120).
    adminSshPassword String
    Enable/disable password authentication for SSH admin access. Valid values: enable, disable.
    adminSshPort Number
    Administrative access port for SSH. (1 - 65535, default = 22).
    adminSshV1 String
    Enable/disable SSH v1 compatibility. Valid values: enable, disable.
    adminTelnet String
    Enable/disable TELNET service. Valid values: enable, disable.
    adminTelnetPort Number
    Administrative access port for TELNET. (1 - 65535, default = 23).
    admintimeout Number
    Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours).
    alias String
    Alias for your FortiGate unit.
    allowTrafficRedirect String
    Disable to allow traffic to be routed back on a different interface. Valid values: enable, disable.
    antiReplay String
    Level of checking for packet replay and TCP sequence checking. Valid values: disable, loose, strict.
    arpMaxEntry Number
    Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072).
    asymroute String
    Enable/disable asymmetric route. Valid values: enable, disable.
    authCert String
    Server certificate that the FortiGate uses for HTTPS firewall authentication connections.
    authHttpPort Number
    User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000.
    authHttpsPort Number
    User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003.
    authIkeSamlPort Number
    User IKE SAML authentication port (0 - 65535, default = 1001).
    authKeepalive String
    Enable to prevent user authentication sessions from timing out when idle. Valid values: enable, disable.
    authSessionLimit String
    Action to take when the number of allowed user authenticated sessions is reached. Valid values: block-new, logout-inactive.
    autoAuthExtensionDevice String
    Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: enable, disable.
    autorunLogFsck String
    Enable/disable automatic log partition check after ungraceful shutdown. Valid values: enable, disable.
    avAffinity String
    Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    avFailopen String
    Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: pass, off, one-shot.
    avFailopenSession String
    When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: enable, disable.
    batchCmdb String
    Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: enable, disable.
    bfdAffinity String
    Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    blockSessionTimer Number
    Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
    brFdbMaxEntry Number
    Maximum number of bridge forwarding database (FDB) entries.
    certChainMax Number
    Maximum number of certificates that can be traversed in a certificate chain.
    cfgRevertTimeout Number
    Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600).
    cfgSave String
    Configuration file save mode for CLI changes. Valid values: automatic, manual, revert.
    checkProtocolHeader String
    Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: loose, strict.
    checkResetRange String
    Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: strict, disable.
    cliAuditLog String
    Enable/disable CLI audit log. Valid values: enable, disable.
    cloudCommunication String
    Enable/disable all cloud communication. Valid values: enable, disable.
    cltCertReq String
    Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: enable, disable.
    cmdbsvrAffinity String
    Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    complianceCheck String
    Enable/disable global PCI DSS compliance check. Valid values: enable, disable.
    complianceCheckTime String
    Time of day to run scheduled PCI DSS compliance checks.
    cpuUseThreshold Number
    Threshold at which CPU usage is reported. (% of total CPU, default = 90).
    csrCaAttribute String
    Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: enable, disable.
    dailyRestart String
    Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: enable, disable.
    defaultServiceSourcePort String
    Default service source port range. (default=1-65535)
    deviceIdentificationActiveScanDelay Number
    Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90).
    deviceIdleTimeout Number
    Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300).
    dhParams String
    Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
    dhcpLeaseBackupInterval Number
    DHCP leases backup interval in seconds (10 - 3600, default = 60).
    dnsproxyWorkerCount Number
    DNS proxy worker count.
    dst String
    Enable/disable daylight saving time. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    earlyTcpNpuSession String
    Enable/disable early TCP NPU session. Valid values: enable, disable.
    editVdomPrompt String
    Enable/disable edit new VDOM prompt. Valid values: enable, disable.
    endpointControlFdsAccess String
    Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: enable, disable.
    endpointControlPortalPort Number
    Endpoint control portal port (1 - 65535).
    extenderControllerReservedNetwork String
    Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running.
    failtime Number
    Fail-time for server lost.
    fazDiskBufferSize Number
    Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble.
    fdsStatistics String
    Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: enable, disable.
    fdsStatisticsPeriod Number
    FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).
    fecPort Number
    Local UDP port for Forward Error Correction (49152 - 65535).
    fgdAlertSubscription String
    Type of alert to retrieve from FortiGuard. Valid values: advisory, latest-threat, latest-virus, latest-attack, new-antivirus-db, new-attack-db.
    forticonverterConfigUpload String
    Enable/disable config upload to FortiConverter. Valid values: once, disable.
    forticonverterIntegration String
    Enable/disable FortiConverter integration service. Valid values: enable, disable.
    fortiextender String
    Enable/disable FortiExtender. Valid values: enable, disable.
    fortiextenderDataPort Number
    FortiExtender data port (1024 - 49150, default = 25246).
    fortiextenderDiscoveryLockdown String
    Enable/disable FortiExtender CAPWAP lockdown. Valid values: disable, enable.
    fortiextenderProvisionOnAuthorization String
    Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: enable, disable.
    fortiextenderVlanMode String
    Enable/disable FortiExtender VLAN mode. Valid values: enable, disable.
    fortigslbIntegration String
    Enable/disable integration with the FortiGSLB cloud service. Valid values: disable, enable.
    fortiipamIntegration String
    Enable/disable integration with the FortiIPAM cloud service. Valid values: enable, disable.
    fortiservicePort Number
    FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
    fortitokenCloud String
    Enable/disable FortiToken Cloud service. Valid values: enable, disable.
    fortitokenCloudPushStatus String
    Enable/disable FTM push service of FortiToken Cloud. Valid values: enable, disable.
    fortitokenCloudSyncInterval Number
    Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAllowDefaultHostname String
    Enable/disable the GUI warning about using a default hostname Valid values: enable, disable.
    guiAllowIncompatibleFabricFgt String
    Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: enable, disable.
    guiAppDetectionSdwan String
    Enable/disable Allow app-detection based SD-WAN. Valid values: enable, disable.
    guiAutoUpgradeSetupWarning String
    Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: enable, disable.
    guiCdnDomainOverride String
    Domain of CDN server.
    guiCdnUsage String
    Enable/disable Load GUI static files from a CDN. Valid values: enable, disable.
    guiCertificates String
    Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: enable, disable.
    guiCustomLanguage String
    Enable/disable custom languages in GUI. Valid values: enable, disable.
    guiDateFormat String
    Default date format used throughout GUI. Valid values: yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, yyyy-MM-dd, dd-MM-yyyy, MM-dd-yyyy.
    guiDateTimeSource String
    Source from which the FortiGate GUI uses to display date and time entries. Valid values: system, browser.
    guiDeviceLatitude String
    Add the latitude of the location of this FortiGate to position it on the Threat Map.
    guiDeviceLongitude String
    Add the longitude of the location of this FortiGate to position it on the Threat Map.
    guiDisplayHostname String
    Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: enable, disable.
    guiFirmwareUpgradeSetupWarning String
    Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: enable, disable.
    guiFirmwareUpgradeWarning String
    Enable/disable the firmware upgrade warning on the GUI. Valid values: enable, disable.
    guiForticareRegistrationSetupWarning String
    Enable/disable the FortiCare registration setup warning on the GUI. Valid values: enable, disable.
    guiFortigateCloudSandbox String
    Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: enable, disable.
    guiFortiguardResourceFetch String
    Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: enable, disable.
    guiFortisandboxCloud String
    Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: enable, disable.
    guiIpv6 String
    Enable/disable IPv6 settings on the GUI. Valid values: enable, disable.
    guiLinesPerPage Number
    Number of lines to display per page for web administration.
    guiLocalOut String
    Enable/disable Local-out traffic on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRestApiCache String
    Enable/disable REST API result caching on FortiGate. Valid values: enable, disable.
    guiTheme String
    Color scheme for the administration GUI.
    guiWirelessOpensecurity String
    Enable/disable wireless open security option on the GUI. Valid values: enable, disable.
    guiWorkflowManagement String
    Enable/disable Workflow management features on the GUI. Valid values: enable, disable.
    haAffinity String
    Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    honorDf String
    Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: enable, disable.
    hostname String
    FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.
    igmpStateLimit Number
    Maximum number of IGMP memberships (96 - 64000, default = 3200).
    ikeEmbryonicLimit Number
    Maximum number of IPsec tunnels to negotiate simultaneously.
    interfaceSubnetUsage String
    Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: disable, enable.
    internetServiceDatabase String
    Configure which Internet Service database size to download from FortiGuard and use.
    internetServiceDownloadLists List<Property Map>
    Configure which on-demand Internet Service IDs are to be downloaded. The structure of internet_service_download_list block is documented below.
    interval Number
    Dead gateway detection interval.
    ipFragmentMemThresholds Number
    Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.
    ipSrcPortRange String
    IP source port range used for traffic originating from the FortiGate unit.
    ipsAffinity String
    Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).
    ipsecAsicOffload String
    Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: enable, disable.
    ipsecHaSeqjumpRate Number
    ESP jump ahead rate (1G - 10G pps equivalent).
    ipsecHmacOffload String
    Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: enable, disable.
    ipsecQatOffload String
    Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: enable, disable.
    ipsecRoundRobin String
    Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: enable, disable.
    ipsecSoftDecAsync String
    Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: enable, disable.
    ipv6AcceptDad Number
    Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).
    ipv6AllowAnycastProbe String
    Enable/disable IPv6 address probe through Anycast. Valid values: enable, disable.
    ipv6AllowLocalInSilentDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowLocalInSlientDrop String
    Enable/disable silent drop of IPv6 local-in traffic. Valid values: enable, disable.
    ipv6AllowMulticastProbe String
    Enable/disable IPv6 address probe through Multicast. Valid values: enable, disable.
    ipv6AllowTrafficRedirect String
    Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: enable, disable.
    irqTimeAccounting String
    Configure CPU IRQ time accounting mode. Valid values: auto, force.
    language String
    GUI display language. Valid values: english, french, spanish, portuguese, japanese, trach, simch, korean.
    ldapconntimeout Number
    Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: enable, disable.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: enable, disable.
    logSingleCpuHigh String
    Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: enable, disable.
    logSslConnection String
    Enable/disable logging of SSL connection events. Valid values: enable, disable.
    logUuidAddress String
    Enable/disable insertion of address UUIDs to traffic logs. Valid values: enable, disable.
    logUuidPolicy String
    Enable/disable insertion of policy UUIDs to traffic logs. Valid values: enable, disable.
    loginTimestamp String
    Enable/disable login time recording. Valid values: enable, disable.
    longVdomName String
    Enable/disable long VDOM name support. Valid values: enable, disable.
    managementIp String
    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    managementPort Number
    Overriding port for management connection (Overrides admin port).
    managementPortUseAdminSport String
    Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: enable, disable.
    managementVdom String
    Management virtual domain name.
    maxDlpstatMemory Number
    Maximum DLP stat memory (0 - 4294967295).
    maxRouteCacheSize Number
    Maximum number of IP route cache entries (0 - 2147483647).
    mcTtlNotchange String
    Enable/disable no modification of multicast TTL. Valid values: enable, disable.
    memoryUseThresholdExtreme Number
    Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95).
    memoryUseThresholdGreen Number
    Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82).
    memoryUseThresholdRed Number
    Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88).
    miglogAffinity String
    Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx.
    miglogdChildren Number
    Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time.
    multiFactorAuthentication String
    Enforce all login methods to require an additional authentication factor (default = optional). Valid values: optional, mandatory.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    ndpMaxEntry Number
    Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).
    npuNeighborUpdate String
    Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: enable, disable.
    perUserBal String
    Enable/disable per-user block/allow list filter. Valid values: enable, disable.
    perUserBwl String
    Enable/disable per-user black/white list filter. Valid values: enable, disable.
    pmtuDiscovery String
    Enable/disable path MTU discovery. Valid values: enable, disable.
    policyAuthConcurrent Number
    Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit).
    postLoginBanner String
    Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: disable, enable.
    preLoginBanner String
    Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: enable, disable.
    privateDataEncryption String
    Enable/disable private data encryption using an AES 128-bit key. Valid values: disable, enable.
    proxyAuthLifetime String
    Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: enable, disable.
    proxyAuthLifetimeTimeout Number
    Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)).
    proxyAuthTimeout Number
    Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10).
    proxyCertUseMgmtVdom String
    Enable/disable using management VDOM to send requests. Valid values: enable, disable.
    proxyCipherHardwareAcceleration String
    Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: disable, enable.
    proxyHardwareAcceleration String
    Enable/disable email proxy hardware acceleration. Valid values: disable, enable.
    proxyKeepAliveMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: session, traffic, re-authentication.
    proxyKxpHardwareAcceleration String
    Enable/disable using the content processor to accelerate KXP traffic. Valid values: disable, enable.
    proxyReAuthenticationMode String
    Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: session, traffic, absolute.
    proxyReAuthenticationTime Number
    The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.
    proxyResourceMode String
    Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: enable, disable.
    proxyWorkerCount Number
    Proxy worker count.
    purdueLevel String
    Purdue Level of this FortiGate. Valid values: 1, 1.5, 2, 2.5, 3, 3.5, 4, 5, 5.5.
    quicAckThresold Number
    Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3).
    quicCongestionControlAlgo String
    QUIC congestion control algorithm (default = cubic). Valid values: cubic, bbr, bbr2, reno.
    quicMaxDatagramSize Number
    Maximum transmit datagram size (1200 - 1500, default = 1500).
    quicPmtud String
    Enable/disable path MTU discovery (default = enable). Valid values: enable, disable.
    quicTlsHandshakeTimeout Number
    Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5).
    quicUdpPayloadSizeShapingPerCid String
    Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: enable, disable.
    radiusPort Number
    RADIUS service port number.
    rebootUponConfigRestore String
    Enable/disable reboot of system upon restoring configuration. Valid values: enable, disable.
    refresh Number
    Statistics refresh interval second(s) in GUI.
    remoteauthtimeout Number
    Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec.
    resetSessionlessTcp String
    Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: enable, disable.
    restartTime String
    Daily restart time (hh:mm).
    revisionBackupOnLogout String
    Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: enable, disable.
    revisionImageAutoBackup String
    Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: enable, disable.
    scanunitCount Number
    Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.
    securityRatingResultSubmission String
    Enable/disable the submission of Security Rating results to FortiGuard. Valid values: enable, disable.
    securityRatingRunOnSchedule String
    Enable/disable scheduled runs of Security Rating. Valid values: enable, disable.
    sendPmtuIcmp String
    Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: enable, disable.
    sflowdMaxChildrenNum Number
    Maximum number of sflowd child processes allowed to run.
    snatRouteChange String
    Enable/disable the ability to change the static NAT route. Valid values: enable, disable.
    specialFile23Support String
    Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: disable, enable.
    speedtestServer String
    Enable/disable speed test server. Valid values: enable, disable.
    speedtestdCtrlPort Number
    Speedtest server controller port number.
    speedtestdServerPort Number
    Speedtest server port number.
    splitPort String
    Split port(s) to multiple 10Gbps ports.
    ssdTrimDate Number
    Date within a month to run ssd trim.
    ssdTrimFreq String
    How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: never, hourly, daily, weekly, monthly.
    ssdTrimHour Number
    Hour of the day on which to run SSD Trim (0 - 23, default = 1).
    ssdTrimMin Number
    Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).
    ssdTrimWeekday String
    Day of week to run SSD Trim. Valid values: sunday, monday, tuesday, wednesday, thursday, friday, saturday.
    sshCbcCipher String
    Enable/disable CBC cipher for SSH access. Valid values: enable, disable.
    sshEncAlgo String
    Select one or more SSH ciphers. Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
    sshHmacMd5 String
    Enable/disable HMAC-MD5 for SSH access. Valid values: enable, disable.
    sshHostkey String
    Config SSH host key.
    sshHostkeyAlgo String
    Select one or more SSH hostkey algorithms.
    sshHostkeyOverride String
    Enable/disable SSH host key override in SSH daemon. Valid values: disable, enable.
    sshHostkeyPassword String
    Password for ssh-hostkey.
    sshKexAlgo String
    Select one or more SSH kex algorithms.
    sshKexSha1 String
    Enable/disable SHA1 key exchange for SSH access. Valid values: enable, disable.
    sshMacAlgo String
    Select one or more SSH MAC algorithms. Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
    sshMacWeak String
    Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: enable, disable.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).
    sslStaticKeyCiphers String
    Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: enable, disable.
    sslvpnCipherHardwareAcceleration String
    Enable/disable SSL VPN hardware acceleration. Valid values: enable, disable.
    sslvpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: enable, disable.
    sslvpnKxpHardwareAcceleration String
    Enable/disable SSL VPN KXP hardware acceleration. Valid values: enable, disable.
    sslvpnMaxWorkerCount Number
    Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model.
    sslvpnPluginVersionCheck String
    Enable/disable checking browser's plugin version by SSL VPN. Valid values: enable, disable.
    sslvpnWebMode String
    Enable/disable SSL-VPN web mode. Valid values: enable, disable.
    strictDirtySessionCheck String
    Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: enable, disable.
    strongCrypto String
    Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: enable, disable.
    switchController String
    Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: disable, enable.
    switchControllerReservedNetwork String
    Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled.
    sysPerfLogInterval Number
    Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled).
    syslogAffinity String
    Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    tcpHalfcloseTimer Number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120).
    tcpHalfopenTimer Number
    Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10).
    tcpOption String
    Enable SACK, timestamp and MSS TCP options. Valid values: enable, disable.
    tcpRstTimer Number
    Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5).
    tcpTimewaitTimer Number
    Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1).
    tftp String
    Enable/disable TFTP. Valid values: enable, disable.
    timezone String
    Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.
    tpMcSkipPolicy String
    Enable/disable skip policy check and allow multicast through. Valid values: enable, disable.
    trafficPriority String
    Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: tos, dscp.
    trafficPriorityLevel String
    Default system-wide level of priority for traffic prioritization. Valid values: low, medium, high.
    twoFactorEmailExpiry Number
    Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes), default = 60).
    twoFactorFacExpiry Number
    FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour), default = 60).
    twoFactorFtkExpiry Number
    FortiToken authentication session timeout (60 - 600 sec (10 minutes), default = 60).
    twoFactorFtmExpiry Number
    FortiToken Mobile session timeout (1 - 168 hours (7 days), default = 72).
    twoFactorSmsExpiry Number
    SMS-based two-factor authentication session timeout (30 - 300 sec, default = 60).
    udpIdleTimer Number
    UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60).
    urlFilterAffinity String
    URL filter CPU affinity.
    urlFilterCount Number
    URL filter daemon count.
    userDeviceStoreMaxDevices Number
    Maximum number of devices allowed in user device store.
    userDeviceStoreMaxUnifiedMem Number
    Maximum unified memory allowed in user device store.
    userDeviceStoreMaxUsers Number
    Maximum number of users allowed in user device store.
    userServerCert String
    Certificate to use for https user authentication.
    vdomAdmin String
    Enable/disable support for multiple virtual domains (VDOMs). Valid values: enable, disable.
    vdomMode String
    Enable/disable support for split/multiple virtual domains (VDOMs). Valid values: no-vdom, split-vdom, multi-vdom.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vipArpRange String
    Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. Valid values: unlimited, restricted.
    virtualServerCount Number
    Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs.
    virtualServerHardwareAcceleration String
    Enable/disable virtual server hardware acceleration. Valid values: disable, enable.
    virtualSwitchVlan String
    Enable/disable virtual switch VLAN. Valid values: enable, disable.
    vpnEmsSnCheck String
    Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: enable, disable.
    wadAffinity String
    Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).
    wadCsvcCsCount Number
    Number of concurrent WAD-cache-service object-cache processes.
    wadCsvcDbCount Number
    Number of concurrent WAD-cache-service byte-cache processes.
    wadMemoryChangeGranularity Number
    Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.
    wadRestartEndTime String
    WAD workers daily restart end time (hh:mm).
    wadRestartMode String
    WAD worker restart mode (default = none). Valid values: none, time, memory.
    wadRestartStartTime String
    WAD workers daily restart time (hh:mm).
    wadSourceAffinity String
    Enable/disable dispatching traffic to WAD workers based on source affinity. Valid values: disable, enable.
    wadWorkerCount Number
    Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.
    wifiCaCertificate String
    CA certificate that verifies the WiFi certificate.
    wifiCertificate String
    Certificate to use for WiFi authentication.
    wimax4gUsb String
    Enable/disable comparability with WiMAX 4G USB devices. Valid values: enable, disable.
    wirelessController String
    Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Valid values: enable, disable.
    wirelessControllerPort Number
    Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150, default = 5246).

    Supporting Types

    GlobalInternetServiceDownloadList, GlobalInternetServiceDownloadListArgs

    Id int
    Internet Service ID.
    Id int
    Internet Service ID.
    id Integer
    Internet Service ID.
    id number
    Internet Service ID.
    id int
    Internet Service ID.
    id Number
    Internet Service ID.

    Import

    System Global can be imported using any of these accepted formats:

    $ pulumi import fortios:system/global:Global labelname SystemGlobal
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:system/global:Global labelname SystemGlobal
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse