admin-concurrent

Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users.

option

-

admin-console-timeout

Console login timeout that overrides the admin timeout value.

integer

Minimum value: 15 Maximum value: 300

admin-forticloud-sso-default-profile

Override access profile.

string

Maximum length: 35

admin-forticloud-sso-login

Enable/disable FortiCloud admin login via SSO.

option

-

admin-host

Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection.

string

Maximum length: 255

admin-hsts-max-age

HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0.

integer

Minimum value: 0 Maximum value: 2147483647

admin-https-pki-required

Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password.

option

-

admin-https-redirect

Enable/disable redirection of HTTP administration access to HTTPS.

option

-

admin-https-ssl-banned-ciphers

Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below.

option

-

admin-https-ssl-ciphersuites

Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions.

option

-

admin-https-ssl-versions

Allowed TLS versions for web administration.

option

-

admin-lockout-duration

Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.

integer

Minimum value: 1 Maximum value: 2147483647

admin-lockout-threshold

Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.

integer

Minimum value: 1 Maximum value: 10

admin-login-max

Maximum number of administrators who can be logged in at the same time.

integer

Minimum value: 1 Maximum value: 100

admin-port

Administrative access port for HTTP..

integer

Minimum value: 1 Maximum value: 65535

admin-reset-button *

Press the reset button can reset to factory default.

option

-

admin-restrict-local

Enable/disable local admin authentication restriction when remote authenticator is up and running.

option

-

admin-scp

Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration.

option

-

admin-server-cert

Server certificate that the FortiGate uses for HTTPS administrative connections.

string

Maximum length: 35

admin-sport

Administrative access port for HTTPS..

integer

Minimum value: 1 Maximum value: 65535

admin-ssh-grace-time

Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating.

integer

Minimum value: 10 Maximum value: 3600

admin-ssh-password

Enable/disable password authentication for SSH admin access.

option

-

admin-ssh-port

Administrative access port for SSH..

integer

Minimum value: 1 Maximum value: 65535

admin-ssh-v1

Enable/disable SSH v1 compatibility.

option

-

admin-telnet

Enable/disable TELNET service.

option

-

admin-telnet-port

Administrative access port for TELNET..

integer

Minimum value: 1 Maximum value: 65535

admintimeout

Number of minutes before an idle administrator session times out. A shorter idle timeout is more secure.

integer

Minimum value: 1 Maximum value: 480

alias

Alias for your FortiGate unit.

string

Maximum length: 35

allow-traffic-redirect

Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check.

option

-

anti-replay

Level of checking for packet replay and TCP sequence checking.

option

-

arp-max-entry

Maximum number of dynamically learned MAC addresses that can be added to the ARP table.

integer

Minimum value: 131072 Maximum value: 2147483647

auth-cert

Server certificate that the FortiGate uses for HTTPS firewall authentication connections.

string

Maximum length: 35

auth-http-port

User authentication HTTP port..

integer

Minimum value: 1 Maximum value: 65535

auth-https-port

User authentication HTTPS port..

integer

Minimum value: 1 Maximum value: 65535

auth-ike-saml-port

User IKE SAML authentication port.

integer

Minimum value: 0 Maximum value: 65535

auth-keepalive

Enable to prevent user authentication sessions from timing out when idle.

option

-

auth-session-limit

Action to take when the number of allowed user authenticated sessions is reached.

option

-

auto-auth-extension-device

Enable/disable automatic authorization of dedicated Fortinet extension devices.

option

-

autorun-log-fsck

Enable/disable automatic log partition check after ungraceful shutdown.

option

-

av-affinity *

Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

av-failopen

Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached.

option

-

av-failopen-session

When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen.

option

-

batch-cmdb

Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.

option

-

block-session-timer

Duration in seconds for blocked sessions.

integer

Minimum value: 1 Maximum value: 300

br-fdb-max-entry

Maximum number of bridge forwarding database (FDB) entries.

integer

Minimum value: 8192 Maximum value: 2147483647

cert-chain-max

Maximum number of certificates that can be traversed in a certificate chain.

integer

Minimum value: 1 Maximum value: 2147483647

cfg-revert-timeout

Time-out for reverting to the last saved configuration..

integer

Minimum value: 10 Maximum value: 4294967295

cfg-save

Configuration file save mode for CLI changes.

option

-

check-protocol-header

Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is OK in most cases.

option

-

check-reset-range

Configure ICMP error message verification. You can either apply strict RST range checking or disable it.

option

-

cli-audit-log

Enable/disable CLI audit log.

option

-

cloud-communication

Enable/disable all cloud communication.

option

-

clt-cert-req

Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS.

option

-

cmdbsvr-affinity

Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

cpu-use-threshold

Threshold at which CPU usage is reported.

integer

Minimum value: 50 Maximum value: 99

csr-ca-attribute

Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute.

option

-

daily-restart

Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.

option

-

default-service-source-port

Default service source port range.

user

Not Specified

device-idle-timeout

Time in seconds that a device must be idle to automatically log the device user out..

integer

Minimum value: 30 Maximum value: 31536000

dh-params

Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.

option

-

dnsproxy-worker-count

DNS proxy worker count. For a FortiGate with multiple logical CPUs, you can set the DNS process number from 1 to the number of logical CPUs.

integer

Minimum value: 1 Maximum value: 8 **

early-tcp-npu-session

Enable/disable early TCP NPU session.

option

-

edit-vdom-prompt

Enable/disable edit new VDOM prompt.

option

-

extender-controller-reserved-network

Configure reserved network subnet for managed LAN extension FortiExtender units. This is available when the FortiExtender daemon is running.

ipv4-classnet-host

Not Specified

failtime

Fail-time for server lost.

integer

Minimum value: 0 Maximum value: 4294967295

faz-disk-buffer-size

Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailable.

integer

Minimum value: 0 Maximum value: 214748364

fds-statistics

Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.

option

-

fds-statistics-period

FortiGuard statistics collection period in minutes..

integer

Minimum value: 1 Maximum value: 1440

fgd-alert-subscription

Type of alert to retrieve from FortiGuard.

option

-

forticarrier-bypass *

Enable/disable forticarrier-bypass.

option

-

forticontroller-proxy *

Enable/disable FortiController proxy.

option

-

forticontroller-proxy-port *

FortiController proxy port.

integer

Minimum value: 1024 Maximum value: 49150

fortiextender

Enable/disable FortiExtender.

option

-

fortiextender-data-port

FortiExtender data port.

integer

Minimum value: 1024 Maximum value: 49150

fortiextender-discovery-lockdown

Enable/disable FortiExtender CAPWAP lockdown.

option

-

fortiextender-provision-on-authorization

Enable/disable automatic provisioning of latest FortiExtender firmware on authorization.

option

-

fortiextender-vlan-mode

Enable/disable FortiExtender VLAN mode.

option

-

fortiservice-port

FortiService port. Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.

integer

Minimum value: 1 Maximum value: 65535

fortitoken-cloud

Enable/disable FortiToken Cloud service.

option

-

gui-allow-default-hostname

Enable/disable the factory default hostname warning on the GUI setup wizard.

option

-

gui-allow-incompatible-fabric-fgt

Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error.

option

-

gui-app-detection-sdwan

Enable/disable Allow app-detection based SD-WAN.

option

-

gui-cdn-domain-override

Domain of CDN server.

string

Maximum length: 255

gui-cdn-usage

Enable/disable Load GUI static files from a CDN.

option

-

gui-certificates

Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.

option

-

gui-custom-language

Enable/disable custom languages in GUI.

option

-

gui-date-format

Default date format used throughout GUI.

option

-

gui-date-time-source

Source from which the FortiGate GUI uses to display date and time entries.

option

-

gui-device-latitude

Add the latitude of the location of this FortiGate to position it on the Threat Map.

string

Maximum length: 19

gui-device-longitude

Add the longitude of the location of this FortiGate to position it on the Threat Map.

string

Maximum length: 19

gui-display-hostname

Enable/disable displaying the FortiGate's hostname on the GUI login page.

option

-

gui-firmware-upgrade-warning

Enable/disable the firmware upgrade warning on the GUI.

option

-

gui-forticare-registration-setup-warning

Enable/disable the FortiCare registration setup warning on the GUI.

option

-

gui-fortigate-cloud-sandbox

Enable/disable displaying FortiGate Cloud Sandbox on the GUI.

option

-

gui-ipv6

Enable/disable IPv6 settings on the GUI.

option

-

gui-local-out

Enable/disable Local-out traffic on the GUI.

option

-

gui-replacement-message-groups

Enable/disable replacement message groups on the GUI.

option

-

gui-rest-api-cache

Enable/disable REST API result caching on FortiGate.

option

-

gui-theme

Color scheme for the administration GUI.

option

-

gui-wireless-opensecurity

Enable/disable wireless open security option on the GUI.

option

-

gui-workflow-management

Enable/disable Workflow management features on the GUI.

option

-

ha-affinity

Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

honor-df

Enable/disable honoring of Don't-Fragment (DF) flag.

option

-

hostname

FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.

string

Maximum length: 35

hyper-scale-vdom-num *

Number of VDOMs for hyper scale license.

integer

Minimum value: 1 Maximum value: 250

igmp-state-limit

Maximum number of IGMP memberships.

integer

Minimum value: 96 Maximum value: 128000

interface-subnet-usage

Enable/disable allowing use of interface-subnet setting in firewall addresses.

option

-

internal-switch-speed *

Internal port speed.

option

-

internet-service-database

Configure which Internet Service database size to download from FortiGuard and use.

option

-

interval

Dead gateway detection interval.

integer

Minimum value: 0 Maximum value: 4294967295

ip-fragment-mem-thresholds

Maximum memory (MB) used to reassemble IPv4/IPv6 fragments.

integer

Minimum value: 32 Maximum value: 2047

ip-src-port-range

IP source port range used for traffic originating from the FortiGate unit.

user

Not Specified

ips-affinity *

Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons).

string

Maximum length: 79

ipsec-asic-offload *

Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption.

option

-

ipsec-ha-seqjump-rate

ESP jump ahead rate (1G - 10G pps equivalent).

integer

Minimum value: 1 Maximum value: 10

ipsec-hmac-offload *

Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN.

option

-

ipsec-soft-dec-async

Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic.

option

-

ipv6-accept-dad

Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD).

integer

Minimum value: 0 Maximum value: 2

ipv6-allow-anycast-probe

Enable/disable IPv6 address probe through Anycast.

option

-

ipv6-allow-local-in-slient-drop

Enable/disable silent drop of IPv6 local-in traffic.

option

-

ipv6-allow-multicast-probe

Enable/disable IPv6 address probe through Multicast.

option

-

ipv6-allow-traffic-redirect

Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check.

option

-

irq-time-accounting

Configure CPU IRQ time accounting mode.

option

-

language

GUI display language.

option

-

ldapconntimeout

Global timeout for connections with remote LDAP servers in milliseconds.

integer

Minimum value: 1 Maximum value: 300000

legacy-poe-device-support *

Enable/disable legacy POE device support.

option

-

lldp-reception

Enable/disable Link Layer Discovery Protocol (LLDP) reception.

option

-

lldp-transmission

Enable/disable Link Layer Discovery Protocol (LLDP) transmission.

option

-

log-single-cpu-high

Enable/disable logging the event of a single CPU core reaching CPU usage threshold.

option

-

log-ssl-connection

Enable/disable logging of SSL connection events.

option

-

log-uuid-address

Enable/disable insertion of address UUIDs to traffic logs.

option

-

login-timestamp

Enable/disable login time recording.

option

-

long-vdom-name

Enable/disable long VDOM name support.

option

-

management-ip

Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

string

Maximum length: 255

management-port

Overriding port for management connection (Overrides admin port).

integer

Minimum value: 1 Maximum value: 65535

management-port-use-admin-sport

Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port.

option

-

management-vdom

Management virtual domain name.

string

Maximum length: 31

max-route-cache-size

Maximum number of IP route cache entries.

integer

Minimum value: 0 Maximum value: 2147483647

memory-use-threshold-extreme

Threshold at which memory usage is considered extreme.

integer

Minimum value: 70 Maximum value: 97

memory-use-threshold-green

Threshold at which memory usage forces the FortiGate to exit conserve mode.

integer

Minimum value: 70 Maximum value: 97

memory-use-threshold-red

Threshold at which memory usage forces the FortiGate to enter conserve mode.

integer

Minimum value: 70 Maximum value: 97

miglog-affinity *

Affinity setting for logging (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

miglogd-children

Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed.

integer

Minimum value: 0 Maximum value: 15

multi-factor-authentication

Enforce all login methods to require an additional authentication factor.

option

-

ndp-max-entry

Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries).

integer

Minimum value: 65536 Maximum value: 2147483647

per-user-bal *

Enable/disable per-user block/allow list filter.

option

-

pmtu-discovery

Enable/disable path MTU discovery.

option

-

policy-auth-concurrent

Number of concurrent firewall use logins from the same user.

integer

Minimum value: 0 Maximum value: 100

post-login-banner

Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in.

option

-

pre-login-banner

Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in.

option

-

private-data-encryption

Enable/disable private data encryption using an AES 128-bit key or passpharse.

option

-

proxy-auth-lifetime

Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place.

option

-

proxy-auth-lifetime-timeout

Lifetime timeout in minutes for authenticated users.

integer

Minimum value: 5 Maximum value: 65535

proxy-auth-timeout

Authentication timeout in minutes for authenticated users.

integer

Minimum value: 1 Maximum value: 300

proxy-cert-use-mgmt-vdom

Enable/disable using management VDOM to send requests.

option

-

proxy-hardware-acceleration *

Enable/disable email proxy hardware acceleration.

option

-

proxy-keep-alive-mode

Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.

option

-

proxy-re-authentication-time

The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s.

integer

Minimum value: 1 Maximum value: 86400

proxy-resource-mode

Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources.

option

-

proxy-worker-count

Proxy worker count.

integer

Minimum value: 1 Maximum value: 8 **

radius-port

RADIUS service port number.

integer

Minimum value: 1 Maximum value: 65535

reboot-upon-config-restore

Enable/disable reboot of system upon restoring configuration.

option

-

refresh

Statistics refresh interval second(s) in GUI.

integer

Minimum value: 0 Maximum value: 4294967295

remoteauthtimeout

Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers..

integer

Minimum value: 1 Maximum value: 300

reset-sessionless-tcp

Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only.

option

-

restart-time

Daily restart time (hh:mm).

user

Not Specified

revision-backup-on-logout

Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.

option

-

revision-image-auto-backup

Enable/disable back-up of the latest image revision after the firmware is upgraded.

option

-

scanunit-count

Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs.

integer

Minimum value: 1 Maximum value: 8 **

security-rating-result-submission

Enable/disable the submission of Security Rating results to FortiGuard.

option

-

security-rating-run-on-schedule

Enable/disable scheduled runs of Security Rating.

option

-

send-pmtu-icmp

Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.

option

-

sflowd-max-children-num

Maximum number of sflowd child processes allowed to run.

integer

Minimum value: 0 Maximum value: 6 **

show-backplane-intf *

show/hide backplane interfaces

option

-

snat-route-change

Enable/disable the ability to change the source NAT route.

option

-

special-file-23-support

Enable/disable detection of those special format files when using Data Leak Prevention.

option

-

speedtest-server

Enable/disable speed test server.

option

-

split-port *

Split port(s) to multiple 10Gbps ports.

string

Maximum length: 15

ssd-trim-date *

Date within a month to run ssd trim.

integer

Minimum value: 1 Maximum value: 31

ssd-trim-freq *

How often to run SSD Trim. SSD Trim prevents SSD drive data loss by finding and isolating errors.

option

-

ssd-trim-hour *

Hour of the day on which to run SSD Trim.

integer

Minimum value: 0 Maximum value: 23

ssd-trim-min *

Minute of the hour on which to run SSD Trim.

integer

Minimum value: 0 Maximum value: 60

ssd-trim-weekday *

Day of week to run SSD Trim.

option

-

ssh-enc-algo

Select one or more SSH ciphers.

option

-

ssh-kex-algo

Select one or more SSH kex algorithms.

option

-

ssh-mac-algo

Select one or more SSH MAC algorithms.

option

-

ssl-min-proto-version

Minimum supported protocol version for SSL/TLS connections.

option

-

ssl-static-key-ciphers

Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).

option

-

sslvpn-ems-sn-check

Enable/disable verification of EMS serial number in SSL-VPN connection.

option

-

sslvpn-max-worker-count

Maximum number of SSL-VPN processes. Upper limit for this value is the number of CPUs and depends on the model. Default value of zero means the SSLVPN daemon decides the number of worker processes.

integer

Minimum value: 0 Maximum value: 8 **

strict-dirty-session-check

Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session.

option

-

strong-crypto

Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions.

option

-

switch-controller *

Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself.

option

-

switch-controller-reserved-network *

Configure reserved network subnet for managed switches. This is available when the switch controller is enabled.

ipv4-classnet-host

Not Specified

sys-perf-log-interval

Time in minutes between updates of performance statistics logging..

integer

Minimum value: 0 Maximum value: 15

syslog-affinity *

Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

tcp-halfclose-timer

Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded.

integer

Minimum value: 1 Maximum value: 86400

tcp-halfopen-timer

Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded.

integer

Minimum value: 1 Maximum value: 86400

tcp-option

Enable SACK, timestamp and MSS TCP options.

option

-

tcp-rst-timer

Length of the TCP CLOSE state in seconds.

integer

Minimum value: 5 Maximum value: 300

tcp-timewait-timer

Length of the TCP TIME-WAIT state in seconds.

integer

Minimum value: 0 Maximum value: 300

tftp

Enable/disable TFTP.

option

-

timezone

Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.

option

-

traffic-priority

Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.

option

-

traffic-priority-level

Default system-wide level of priority for traffic prioritization.

option

-

two-factor-email-expiry

Email-based two-factor authentication session timeout.

integer

Minimum value: 30 Maximum value: 300

two-factor-fac-expiry

FortiAuthenticator token authentication session timeout.

integer

Minimum value: 10 Maximum value: 3600

two-factor-ftk-expiry

FortiToken authentication session timeout.

integer

Minimum value: 60 Maximum value: 600

two-factor-ftm-expiry

FortiToken Mobile session timeout.

integer

Minimum value: 1 Maximum value: 168

two-factor-sms-expiry

SMS-based two-factor authentication session timeout.

integer

Minimum value: 30 Maximum value: 300

udp-idle-timer

UDP connection session timeout. This command can be useful in managing CPU and memory resources.

integer

Minimum value: 1 Maximum value: 86400

url-filter-affinity *

URL filter CPU affinity.

string

Maximum length: 79

url-filter-count

URL filter daemon count.

integer

Minimum value: 1 Maximum value: 1 **

user-device-store-max-devices

Maximum number of devices allowed in user device store.

integer

Minimum value: 84219 Maximum value: 240628 **

user-device-store-max-unified-mem

Maximum unified memory allowed in user device store.

integer

Minimum value: 168439808 Maximum value: 1684398080 **

user-device-store-max-users

Maximum number of users allowed in user device store.

integer

Minimum value: 84219 Maximum value: 240628 **

vdom-mode

Enable/disable support for multiple virtual domains (VDOMs).

option

-

vip-arp-range

Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range.

option

-

virtual-switch-vlan *

Enable/disable virtual switch VLAN.

option

-

wad-affinity *

Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

wad-csvc-cs-count

Number of concurrent WAD-cache-service object-cache processes.

integer

Minimum value: 1 Maximum value: 1

wad-csvc-db-count

Number of concurrent WAD-cache-service byte-cache processes.

integer

Minimum value: 0 Maximum value: 8 **

wad-memory-change-granularity

Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection.

integer

Minimum value: 5 Maximum value: 25

wad-restart-end-time

WAD workers daily restart end time (hh:mm).

user

Not Specified

wad-restart-mode

WAD worker restart mode.

option

-

wad-restart-start-time

WAD workers daily restart time (hh:mm).

user

Not Specified

wad-source-affinity

Enable/disable dispatching traffic to WAD workers based on source affinity.

option

-

wad-worker-count

Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit.

integer

Minimum value: 0 Maximum value: 8 **

wifi-ca-certificate

CA certificate that verifies the WiFi certificate.

string

Maximum length: 79

wifi-certificate

Certificate to use for WiFi authentication.

string

Maximum length: 35

wimax-4g-usb

Enable/disable comparability with WiMAX 4G USB devices.

option

-

wireless-controller

Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs.

option

-

wireless-controller-port

Port used for the control channel in wireless controller mode.

integer

Minimum value: 1024 Maximum value: 49150

wireless-mode *

Wireless mode setting.

option

-