CLI Reference

FortiProxy CLI Interface
alertemail
- config alertemail setting
antivirus
- config antivirus heuristic
- config antivirus profile
- config antivirus quarantine
- config antivirus settings
application
- config application custom
- config application list
- config application name
- config application rule-settings
authentication
- config authentication rule
- config authentication scheme
- config authentication setting
certificate
- config certificate ca
- config certificate crl
- config certificate local
- config certificate remote
- config certificate setting
cifs
- config cifs domain-controller
- config cifs profile
credential-store
- config credential-store domain-controller
diagnose
- diagnose alertconsole
- diagnose antivirus bypass
- diagnose antivirus database-info
- diagnose antivirus quarantine
- diagnose antivirus test
- diagnose autoupdate
- diagnose central-mgmt script-history
- diagnose cp cp9kxp
- diagnose cp cp9vpn
- diagnose debug admin error-log
- diagnose debug application
- diagnose debug authd
- diagnose debug cli
- diagnose debug cmdb-trace
- diagnose debug cmdb-walk
- diagnose debug config-error-log
- diagnose debug console
- diagnose debug crashlog
- diagnose debug disable
- diagnose debug duration
- diagnose debug enable
- diagnose debug fsso-polling
- diagnose debug info
- diagnose debug kernel
- diagnose debug rating
- diagnose debug report
- diagnose debug reset
- diagnose debug sdnc valgrind
- diagnose debug sql-log-error
- diagnose debug urlfilter
- diagnose disktest
- diagnose fdsm account-info
- diagnose fdsm central-mgmt-status
- diagnose fdsm cfg-diff
- diagnose fdsm cfg-download
- diagnose fdsm cfg-list
- diagnose fdsm cfg-upload
- diagnose fdsm contract-controller-update
- diagnose fdsm fc-installer-download
- diagnose fdsm fds-update
- diagnose fdsm forticlient-net-info
- diagnose fdsm forticlient-update
- diagnose fdsm fortisw-download
- diagnose fdsm fortisw-latest-ver
- diagnose fdsm ftk-activiate
- diagnose fdsm image-download
- diagnose fdsm image-list
- diagnose fdsm image-upgrade-matrix
- diagnose fdsm log-controller-update
- diagnose fdsm message-update
- diagnose fdsm modem-list
- diagnose fdsm report-download
- diagnose fdsm report-list
- diagnose fdsm sslvpn-man-upgrade
- diagnose fdsm sslvpn-package-download
- diagnose firewall auth
- diagnose firewall fqdn list
- diagnose firewall ipgeo
- diagnose fortiguard ipblacklist
- diagnose fortitoken
- diagnose fortiview
- diagnose geoip
- diagnose hardware
- diagnose http-view
- diagnose internet-service
- diagnose ip address
- diagnose ip arp
- diagnose ip framed-ip
- diagnose ip route
- diagnose ip tcp
- diagnose ip udp
- diagnose ips
- get ips global
- get ips rule status
- get log custom-field
- get log disk
- get log eventfilter
- get log fortianalyzer setting
- get log fortianalyzer2 setting
- get log fortianalyzer3 setting
- get ssh-filter profile
- get system accprofile
- get system admin
- get system alias
- get system api-user
- get system arp-table
- get user
- get wanopt
- get webfilter categories
- get webfilter content
- get webfilter cookie-ovrd
- get webfilter content-header
dlp
- config dlp filepattern
- config dlp fp-sensitivity
- config dlp sensor
dnsfilter
- config dnsfilter domain-filter
- config dnsfilter profile
execute
- execute api-user
- execute auto-script backup
- execute auto-script delete
- execute auto-script result
- execute auto-script start
- execute auto-script status
- execute auto-script stop
- execute auto-script stopall
- execute backup
- execute batch
- execute central-mgmt
- execute certificate
- execute cfg reload
- execute cfg save
- execute clear system arp table
- execute cli
- execute date
- execute disconnect-admin-session
- execute disk
- execute erase-disk
- execute factoryreset-shutdown
- execute factoryreset
- execute factoryreset2
- execute firewall
- execute formatlogdisk
- execute forticlient info
- execute forticlient list
- execute fortiguard-log
- execute fortiguard-message
- execute fortitoken-mobile
- execute fortitoken
- execute fsso
- execute ha disconnect
- execute ha manage
- execute ha set-priority
- execute ha synchronize
- execute http-view
- execute log backup
- execute log delete-all
- execute log delete
- execute log detail
- execute log display
- execute log filter
- execute log flush-cache-all
- execute log flush-cache
- execute log fortianalyzer
- execute log fortiguard
- execute log list
- execute log roll
- execute log shift-time
- execute ping-options
- execute ping
- execute ping6-options
- execute ping6
- execute preload http-transaction-log
- execute preload list
- execute preload show-log
- execute preload url-delete
- execute preload url
- execute reboot
- execute report-config
- execute report
- execute restore
- execute send-fds-statistics
- execute shutdown
- execute ssh
- execute system custom-language
- execute system fortisandbox
- execute tac
- execute telnet
- execute time
- execute traceroute-options
- execute traceroute
- execute tracert6
- execute update-av
- execute update-geo-ip
- execute update-ips
- execute update-list
- execute update-now
- execute upload
- execute usb-device disconnect
- execute usb-device list
- execute usb-disk
- execute vpn
- execute webcache
- execute webfilter
firewall
- config firewall address
- config firewall address6
- config firewall addrgrp
- config firewall addrgrp6
- config firewall central-snat-map
- config firewall decrypted-traffic-mirror
- config firewall internet-service-custom
- config firewall internet-service
- config firewall ippool
- config firewall ippool6
- config firewall policy
- config firewall profile-group
- config firewall profile-protocol-options
- config firewall proxy-address
- config firewall proxy-addrgrp
- config firewall schedule group
- config firewall schedule onetime
- config firewall schedule recurring
- config firewall service category
- config firewall service custom
- config firewall service group
- config firewall shaping-policy
- config firewall shaping-profile
- config firewall sniffer
- config firewall ssh host-key
- config firewall ssh local-ca
- config firewall ssh local-key
- config firewall ssh setting
- config firewall ssl-server
- config firewall ssl-ssh-profile
- config firewall ssl setting
- config firewall vip
- config firewall vipgrp
ftp-proxy
- config ftp-proxy explicit
icap
- config icap local-server
- config icap profile
- config icap remote-server-group
- config icap remote-server
image-analyzer
- config image-analyzer profile
ips
- config ips custom
- config ips decoder
- config ips global
- config ips rule-settings
- config ips rule
- config ips sensor
- config ips settings
log
- config log custom-field
- config log disk filter
- config log disk setting
- config log eventfilter
- config log fortianalyzer2 filter
- config log fortianalyzer2 setting
- config log fortianalyzer3 filter
- config log fortianalyzer3 setting
- config log fortianalyzer filter
- config log fortianalyzer override-filter
- config log fortianalyzer override-setting
- config log fortianalyzer setting
- config log fortiguard filter
- config log fortiguard override-filter
- config log fortiguard override-setting
- config log fortiguard setting
- config log gui-display
- config log memory filter
- config log memory global-setting
- config log memory setting
- config log null-device filter
- config log null-device setting
- config log setting
- config log syslogd2 filter
- config log syslogd2 setting
- config log syslogd3 filter
- config log syslogd3 setting
- config log syslogd4 filter
- config log syslogd4 setting
- config log syslogd filter
- config log syslogd override-filter
- config log syslogd override-setting
- config log syslogd setting
- config log threat-weight
- config log webtrends filter
- config log webtrends setting
report
- config report chart
- config report dataset
- config report layout
- config report setting
- config report style
- config report theme
router
- config router static
- config router static6
spamfilter
- config spamfilter bwl
- config spamfilter bword
- config spamfilter dnsbl
- config spamfilter fortishield
- config spamfilter iptrust
- config spamfilter mheader
- config spamfilter options
- config spamfilter profile
ssh-filter
- config ssh-filter profile
system
- config system accprofile
- config system admin
- config system affinity-interrupt
- config system affinity-packet-redistribution
- config system alarm
- config system alias
- config system api-user
- config system arp-table
- config system auto-install
- config system auto-script
- config system autoupdate push-update
- config system autoupdate schedule
- config system autoupdate tunneling
- config system central-management
- config system console
- config system csf
- config system custom-language
- config system dhcp6 server
- config system dhcp server
- config system dns-database
- config system dns-server
- config system dns
- config system email-server
- config system external-resource
- config system fips-cc
- config system fm
- config system fortiguard
- config system fortimanager
- config system fortisandbox
- config system fsso-polling
- config system ftm-push
- config system geoip-override
- config system global
- config system gre-tunnel
- config system ha-monitor
- config system ha
- config system interface
- config system ips-urlfilter-dns
- config system link-monitor
- config system nethsm
- config system network-visibility
- config system ntp
- config system object-tag
- config system password-policy-guest-admin
- config system password-policy
- config system replacemsg-group
- config system replacemsg-image
- config system replacemsg admin
- config system replacemsg alertmail
- config system replacemsg auth
- config system replacemsg device-detection-portal
- config system replacemsg ec
- config system replacemsg fortiguard-wf
- config system replacemsg ftp
- config system replacemsg http
- config system replacemsg icap
- config system replacemsg mail
- config system replacemsg nac-quar
- config system replacemsg nntp
- config system replacemsg spam
- config system replacemsg sslvpn
- config system replacemsg traffic-quota
- config system replacemsg utm
- config system replacemsg webproxy
- config system resource-limits
- config system sdn-connector
- config system settings
- config system sms-server
- config system snmp community
- config system snmp sysinfo
- config system snmp user
- config system span-port
- config system storage
- config system vdom-dns
- config system vdom-property
- config system vdom-radius-server
- config system vdom
- config system wccp
- config system zone
user
- config user adgrp
- config user domain-controller
- config user fortitoken
- config user fsso-polling
- config user fsso
- config user group
- config user krb-keytab
- config user ldap
- config user local
- config user password-policy
- config user peer
- config user peergrp
- config user pop3
- config user radius
- config user saml
- config user setting
- config user tacacs+
vpn
- config vpn ipsec phase1-interface
- config vpn ipsec phase2-interface
- config vpn ssl settings
- config vpn ssl web host-check-software
- config vpn ssl web portal
- config vpn ssl web realm
- config vpn ssl web user-bookmark
- config vpn ssl web user-group-bookmark
wanopt
- config wanopt auth-group
- config wanopt cache-service
- config wanopt content-delivery-network-rule
- config wanopt peer
- config wanopt profile
- config wanopt settings
web-proxy
- config web-proxy debug-url
- config web-proxy dynamic-bypass
- config web-proxy explicit
- config web-proxy forward-server-group
- config web-proxy forward-server
- config web-proxy global
- config web-proxy isolator-server
- config web-proxy pac-policy
- config web-proxy profile
- config web-proxy url-list
- config web-proxy url-match
- config web-proxy wisp
webcache
- config webcache reverse-cache-prefetch-url
- config webcache reverse-cache-server
- config webcache settings
- config webcache user-agent
webfilter
- config webfilter content-header
- config webfilter content
- config webfilter cookie-ovrd
- config webfilter fortiguard
- config webfilter ftgd-local-cat
- config webfilter ftgd-local-rating
- config webfilter ips-urlfilter-cache-setting
- config webfilter ips-urlfilter-setting
- config webfilter override
- config webfilter profile
- config webfilter search-engine
- config webfilter urlfilter
Change log

Home FortiProxy 2.0.13 CLI Reference

2.0.13

config system admin

Configure admin users.

config system admin
    Description: Configure admin users.
    edit <name>
        set wildcard [enable|disable]
        set remote-auth [enable|disable]
        set remote-group {string}
        set password {password-2}
        set peer-auth [enable|disable]
        set peer-group {string}
        set trusthost1 {ipv4-classnet}
        set trusthost2 {ipv4-classnet}
        set trusthost3 {ipv4-classnet}
        set trusthost4 {ipv4-classnet}
        set trusthost5 {ipv4-classnet}
        set trusthost6 {ipv4-classnet}
        set trusthost7 {ipv4-classnet}
        set trusthost8 {ipv4-classnet}
        set trusthost9 {ipv4-classnet}
        set trusthost10 {ipv4-classnet}
        set ip6-trusthost1 {ipv6-prefix}
        set ip6-trusthost2 {ipv6-prefix}
        set ip6-trusthost3 {ipv6-prefix}
        set ip6-trusthost4 {ipv6-prefix}
        set ip6-trusthost5 {ipv6-prefix}
        set ip6-trusthost6 {ipv6-prefix}
        set ip6-trusthost7 {ipv6-prefix}
        set ip6-trusthost8 {ipv6-prefix}
        set ip6-trusthost9 {ipv6-prefix}
        set ip6-trusthost10 {ipv6-prefix}
        set accprofile {string}
        set allow-remove-admin-session [enable|disable]
        set comments {var-string}
        set hidden {integer}
        config vdom
            Description: Virtual domain(s) that the administrator can access.
            edit <name>
            next
        end
        set ssh-public-key1 {user}
        set ssh-public-key2 {user}
        set ssh-public-key3 {user}
        set ssh-certificate {string}
        set schedule {string}
        set accprofile-override [enable|disable]
        set radius-vdom-override [enable|disable]
        set password-expire {user}
        set force-password-change [enable|disable]
        set two-factor [disable|fortitoken|...]
        set fortitoken {string}
        set email-to {string}
        set sms-server [fortiguard|custom]
        set sms-custom-server {string}
        set sms-phone {string}
        set guest-auth [disable|enable]
        config guest-usergroups
            Description: Select guest user groups.
            edit <name>
            next
        end
        set guest-lang {string}
    next
end

config system admin

Parameter

Description

Type

Size

name

User name.

string

Maximum length: 35

wildcard

Enable/disable wildcard RADIUS authentication.

option

Option	Description
enable	Enable username wildcard.
disable	Disable username wildcard.

remote-auth

Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server.

option

Option	Description
enable	Enable remote authentication.
disable	Disable remote authentication.

remote-group

User group name used for remote auth.

string

Maximum length: 35

password

Admin user password.

password-2

Not Specified

peer-auth

Set to enable peer certificate authentication (for HTTPS admin access).

option

Option	Description
enable	Enable peer.
disable	Disable peer.

peer-group

Name of peer group defined under config user peergrp or user group defined under config user group. Used for peer certificate authentication (for HTTPS admin access).

string

Maximum length: 35

trusthost1

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost2

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost3

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost4

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost5

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost6

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost7

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost8

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost9

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost10

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

ip6-trusthost1

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost2

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost3

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost4

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost5

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost6

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost7

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost8

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost9

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost10

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

accprofile

Access profile for this administrator. Access profiles control administrator access to FortiProxy features.

string

Maximum length: 35

allow-remove-admin-session

Enable/disable allow admin session to be removed by privileged admin users.

option

Option	Description
enable	Enable allow-remove option.
disable	Disable allow-remove option.

comments

Comment.

var-string

Maximum length: 255

hidden

Admin user hidden attribute.

integer

Minimum value: 0 Maximum value: 255

ssh-public-key1

Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.

user

Not Specified

ssh-public-key2

Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.

user

Not Specified

ssh-public-key3

Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.

user

Not Specified

ssh-certificate

Select the certificate to be used by the FortiProxy for authentication with an SSH client.

string

Maximum length: 35

schedule

Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions.

string

Maximum length: 35

accprofile-override

Enable to use the name of an access profile provided by the remote authentication server to control the FortiProxy features that this administrator can access.

option

Option	Description
enable	Enable access profile override.
disable	Disable access profile override.

radius-vdom-override

Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access.

option

Option	Description
enable	Enable VDOM override.
disable	Disable VDOM override.

password-expire

Password expire time.

user

Not Specified

force-password-change

Enable/disable force password change on next login.

option

Option	Description
enable	Enable force password change on next login.
disable	Disable force password change on next login.

two-factor

Enable/disable two-factor authentication.

option

Option	Description
disable	Disable two-factor authentication.
fortitoken	Use FortiToken or FortiToken mobile two-factor authentication.
email	Send a two-factor authentication code to the configured email-to email address.
sms	Send a two-factor authentication code to the configured sms-server and sms-phone.

fortitoken

This administrator's FortiToken serial number.

string

Maximum length: 16

email-to

This administrator's email address.

string

Maximum length: 63

sms-server

Send SMS messages using the FortiGuard SMS server or a custom server.

option

Option	Description
fortiguard	Send SMS by FortiGuard.
custom	Send SMS by custom server.

sms-custom-server

Custom SMS server to send SMS messages to.

string

Maximum length: 35

sms-phone

Phone number on which the administrator receives SMS messages.

string

Maximum length: 15

guest-auth

Enable/disable guest authentication.

option

Option	Description
disable	Disable guest authentication.
enable	Enable guest authentication.

guest-lang

Guest management portal language.

string

Maximum length: 35

config vdom

Parameter	Description	Type	Size
name	Virtual domain name.	string	Maximum length: 64

config guest-usergroups

Parameter	Description	Type	Size
name	Select guest user groups.	string	Maximum length: 64

config system admin

Configure admin users.

config system admin
    Description: Configure admin users.
    edit <name>
        set wildcard [enable|disable]
        set remote-auth [enable|disable]
        set remote-group {string}
        set password {password-2}
        set peer-auth [enable|disable]
        set peer-group {string}
        set trusthost1 {ipv4-classnet}
        set trusthost2 {ipv4-classnet}
        set trusthost3 {ipv4-classnet}
        set trusthost4 {ipv4-classnet}
        set trusthost5 {ipv4-classnet}
        set trusthost6 {ipv4-classnet}
        set trusthost7 {ipv4-classnet}
        set trusthost8 {ipv4-classnet}
        set trusthost9 {ipv4-classnet}
        set trusthost10 {ipv4-classnet}
        set ip6-trusthost1 {ipv6-prefix}
        set ip6-trusthost2 {ipv6-prefix}
        set ip6-trusthost3 {ipv6-prefix}
        set ip6-trusthost4 {ipv6-prefix}
        set ip6-trusthost5 {ipv6-prefix}
        set ip6-trusthost6 {ipv6-prefix}
        set ip6-trusthost7 {ipv6-prefix}
        set ip6-trusthost8 {ipv6-prefix}
        set ip6-trusthost9 {ipv6-prefix}
        set ip6-trusthost10 {ipv6-prefix}
        set accprofile {string}
        set allow-remove-admin-session [enable|disable]
        set comments {var-string}
        set hidden {integer}
        config vdom
            Description: Virtual domain(s) that the administrator can access.
            edit <name>
            next
        end
        set ssh-public-key1 {user}
        set ssh-public-key2 {user}
        set ssh-public-key3 {user}
        set ssh-certificate {string}
        set schedule {string}
        set accprofile-override [enable|disable]
        set radius-vdom-override [enable|disable]
        set password-expire {user}
        set force-password-change [enable|disable]
        set two-factor [disable|fortitoken|...]
        set fortitoken {string}
        set email-to {string}
        set sms-server [fortiguard|custom]
        set sms-custom-server {string}
        set sms-phone {string}
        set guest-auth [disable|enable]
        config guest-usergroups
            Description: Select guest user groups.
            edit <name>
            next
        end
        set guest-lang {string}
    next
end

config system admin

Parameter

Description

Type

Size

name

User name.

string

Maximum length: 35

wildcard

Enable/disable wildcard RADIUS authentication.

option

Option	Description
enable	Enable username wildcard.
disable	Disable username wildcard.

remote-auth

Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server.

option

Option	Description
enable	Enable remote authentication.
disable	Disable remote authentication.

remote-group

User group name used for remote auth.

string

Maximum length: 35

password

Admin user password.

password-2

Not Specified

peer-auth

Set to enable peer certificate authentication (for HTTPS admin access).

option

Option	Description
enable	Enable peer.
disable	Disable peer.

peer-group

Name of peer group defined under config user peergrp or user group defined under config user group. Used for peer certificate authentication (for HTTPS admin access).

string

Maximum length: 35

trusthost1

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost2

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost3

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost4

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost5

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost6

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost7

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost8

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost9

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

trusthost10

Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv4 address.

ipv4-classnet

Not Specified

ip6-trusthost1

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost2

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost3

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost4

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost5

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost6

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost7

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost8

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost9

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

ip6-trusthost10

Any IPv6 address from which the administrator can connect to the FortiProxy unit. Default allows access from any IPv6 address.

ipv6-prefix

Not Specified

accprofile

Access profile for this administrator. Access profiles control administrator access to FortiProxy features.

string

Maximum length: 35

allow-remove-admin-session

Enable/disable allow admin session to be removed by privileged admin users.

option

Option	Description
enable	Enable allow-remove option.
disable	Disable allow-remove option.

comments

Comment.

var-string

Maximum length: 255

hidden

Admin user hidden attribute.

integer

Minimum value: 0 Maximum value: 255

ssh-public-key1

Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.

user

Not Specified

ssh-public-key2

Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.

user

Not Specified

ssh-public-key3

Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application.

user

Not Specified

ssh-certificate

Select the certificate to be used by the FortiProxy for authentication with an SSH client.

string

Maximum length: 35

schedule

Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions.

string

Maximum length: 35

accprofile-override

Enable to use the name of an access profile provided by the remote authentication server to control the FortiProxy features that this administrator can access.

option

Option	Description
enable	Enable access profile override.
disable	Disable access profile override.

radius-vdom-override

Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access.

option

Option	Description
enable	Enable VDOM override.
disable	Disable VDOM override.

password-expire

Password expire time.

user

Not Specified

force-password-change

Enable/disable force password change on next login.

option

Option	Description
enable	Enable force password change on next login.
disable	Disable force password change on next login.

two-factor

Enable/disable two-factor authentication.

option

Option	Description
disable	Disable two-factor authentication.
fortitoken	Use FortiToken or FortiToken mobile two-factor authentication.
email	Send a two-factor authentication code to the configured email-to email address.
sms	Send a two-factor authentication code to the configured sms-server and sms-phone.

fortitoken

This administrator's FortiToken serial number.

string

Maximum length: 16

email-to

This administrator's email address.

string

Maximum length: 63

sms-server

Send SMS messages using the FortiGuard SMS server or a custom server.

option

Option	Description
fortiguard	Send SMS by FortiGuard.
custom	Send SMS by custom server.

sms-custom-server

Custom SMS server to send SMS messages to.

string

Maximum length: 35

sms-phone

Phone number on which the administrator receives SMS messages.

string

Maximum length: 15

guest-auth

Enable/disable guest authentication.

option

Option	Description
disable	Disable guest authentication.
enable	Enable guest authentication.

guest-lang

Guest management portal language.

string

Maximum length: 35

config vdom

Parameter	Description	Type	Size
name	Virtual domain name.	string	Maximum length: 64

config guest-usergroups

Parameter	Description	Type	Size
name	Select guest user groups.	string	Maximum length: 64