config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set vdom {string}
        set cli-conn-status {integer}
        set mode [static|dhcp|...]
        config client-options
            Description: DHCP client options.
            edit <id>
                set code {integer}
                set type [hex|string|...]
                set value {string}
                set ip {user}
            next
        end
        set distance {integer}
        set priority {integer}
        set dhcp-relay-interface-select-method [auto|specify]
        set dhcp-relay-interface {string}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-link-selection {ipv4-address}
        set dhcp-relay-request-all-server [disable|enable]
        set dhcp-relay-type [regular|ipsec]
        set dhcp-relay-agent-option [enable|disable]
        set dhcp-classless-route-addition [enable|disable]
        set management-ip {ipv4-classnet-host}
        set ip {ipv4-classnet-host}
        set allowaccess {option1}, {option2}, ...
        set gwdetect [enable|disable]
        set ping-serv-status {integer}
        set detectserver {user}
        set detectprotocol {option1}, {option2}, ...
        set ha-priority {integer}
        set fail-detect [enable|disable]
        set fail-detect-option {option1}, {option2}, ...
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        set fail-alert-interfaces <name1>, <name2>, ...
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set ipunnumbered {ipv4-address}
        set username {string}
        set pppoe-unnumbered-negotiate [enable|disable]
        set password {password}
        set idle-timeout {integer}
        set detected-peer-mtu {integer}
        set disc-retry-timeout {integer}
        set padt-retry-timeout {integer}
        set service-name {string}
        set ac-name {string}
        set lcp-echo-interval {integer}
        set lcp-max-echo-fails {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set dns-server-protocol {option1}, {option2}, ...
        set auth-type [auto|pap|...]
        set pptp-client [enable|disable]
        set pptp-user {string}
        set pptp-password {password}
        set pptp-server-ip {ipv4-address}
        set pptp-auth-type [auto|pap|...]
        set pptp-timeout {integer}
        set arpforward [enable|disable]
        set broadcast-forward [enable|disable]
        set bfd [global|enable|...]
        set bfd-desired-min-tx {integer}
        set bfd-detect-mult {integer}
        set bfd-required-min-rx {integer}
        set l2forward [enable|disable]
        set icmp-send-redirect [enable|disable]
        set icmp-accept-redirect [enable|disable]
        set stpforward [enable|disable]
        set stpforward-mode [rpl-all-ext-id|rpl-bridge-ext-id|...]
        set macaddr {mac-address}
        set substitute-dst-mac {mac-address}
        set large-receive-offload [enable|disable]
        set generic-receive-offload [enable|disable]
        set speed [auto|10full|...]
        set status [up|down]
        set netbios-forward [disable|enable]
        set wins-ip {ipv4-address}
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set mtu-override [enable|disable]
        set mtu {integer}
        set ring-rx {integer}
        set ring-tx {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set src-check [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set disconnect-threshold {integer}
        set spillover-threshold {integer}
        set ingress-spillover-threshold {integer}
        set weight {integer}
        set interface {string}
        set external [enable|disable]
        set vlan-protocol [8021q|8021ad]
        set vlanid {integer}
        set forward-domain {integer}
        set remote-ip {ipv4-classnet-host}
        set member <interface-name1>, <interface-name2>, ...
        set lacp-mode {option}
        set lacp-ha-secondary [enable|disable]
        set system-id-type [auto|user]
        set system-id {mac-address}
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set switch {string}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [mac-auth-only|enable|...]
        set security-external-web {var-string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {var-string}
        set auth-cert {string}
        set auth-portal-addr {string}
        set security-exempt-list {string}
        set security-groups <name1>, <name2>, ...
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess {option1}, {option2}, ...
                set gwdetect [enable|disable]
                set ping-serv-status {integer}
                set detectserver {user}
                set detectprotocol {option1}, {option2}, ...
                set ha-priority {integer}
            next
        end
        set color {integer}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set nd-mode [basic|SEND-compatible]
            set nd-cert {string}
            set nd-security-level {integer}
            set nd-timestamp-delta {integer}
            set nd-timestamp-fuzz {integer}
            set nd-cga-modifier {user}
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess {option1}, {option2}, ...
            set ip6-send-adv [enable|disable]
            set icmp6-send-redirect [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ra-send-mtu [enable|disable]
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set unique-autoconf-addr [enable|disable]
            set interface-identifier {ipv6-address}
            set ip6-prefix-mode [dhcp6|ra]
            set ip6-upstream-interface {string}
            set ip6-delegated-prefix-iaid {integer}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                    set rdnss {user}
                    set dnssl <domain1>, <domain2>, ...
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set delegated-prefix-iaid {integer}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                    set rdnss-service [delegated|default|...]
                    set rdnss {user}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-ip {user}
            set dhcp6-client-options {option1}, {option2}, ...
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            config dhcp6-iapd-list
                Description: DHCPv6 IA-PD list.
                edit <iaid>
                    set prefix-hint {ipv6-network}
                    set prefix-hint-plt {integer}
                    set prefix-hint-vlt {integer}
                next
            end
            set cli-conn6-status {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 15

vdom

Interface is in this virtual domain (VDOM).

string

Maximum length: 31

cli-conn-status

CLI connection status.

integer

Minimum value: 0 Maximum value: 4294967295

mode

Addressing mode (static, DHCP, PPPoE).

option

static

Option	Description
static	Static setting.
dhcp	External DHCP client mode.
pppoe	External PPPoE mode.

distance

Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of learned routes.

integer

Minimum value: 1 Maximum value: 65535

dhcp-relay-interface-select-method

Specify how to select outgoing interface to reach server.

option

auto

Option	Description
auto	Set outgoing interface automatically.
specify	Set outgoing interface manually.

dhcp-relay-interface

Specify outgoing interface to reach server.

string

Maximum length: 15

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

disable

Option	Description
disable	None.
enable	DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-link-selection

DHCP relay link selection.

ipv4-address

Not Specified

0.0.0.0

dhcp-relay-request-all-server

Enable/disable sending of DHCP requests to all servers.

option

disable

Option	Description
disable	Send DHCP requests only to a matching server.
enable	Send DHCP requests to all servers.

dhcp-relay-type

DHCP relay type (regular or IPsec).

option

regular

Option	Description
regular	Regular DHCP relay.
ipsec	DHCP relay for IPsec.

dhcp-relay-agent-option

Enable/disable DHCP relay agent option.

option

enable

Option	Description
enable	Enable DHCP relay agent option.
disable	Disable DHCP relay agent option.

dhcp-classless-route-addition

Enable/disable addition of classless static routes retrieved from DHCP server.

option

enable

Option	Description
enable	Enable addition of classless static routes retrieved from DHCP server.
disable	Disable addition of classless static routes retrieved from DHCP server.

management-ip

High Availability in-band management IP address of this interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Permitted types of management access to this interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
fgfm	FortiManager access.
radius-acct	RADIUS accounting access.
probe-response	Probe access.
fabric	Security Fabric access.
ftm	FTM access.
speed-test	Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

disable

Option	Description
enable	Enable detect gateway alive for first.
disable	Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

ping

Option	Description
ping	PING.
tcp-echo	TCP echo.
udp-echo	UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

fail-detect

Enable/disable fail detection features for this interface.

option

disable

Option	Description
enable	Enable interface failed option status.
disable	Disable interface failed option status.

fail-detect-option

Options for detecting that this interface has failed.

option

link-down

Option	Description
detectserver	Use a ping server to determine if the interface has failed.
link-down	Use port detection to determine if the interface has failed.

fail-alert-method

Select link-failed-signal or link-down method to alert about a failed link.

option

link-down

Option	Description
link-failed-signal	Link-failed-signal.
link-down	Link-down.

fail-action-on-extender

Action on FortiExtender when interface fail.

option

soft-restart

Option	Description
soft-restart	Soft-restart-on-extender.
hard-restart	Hard-restart-on-extender.
reboot	Reboot-on-extender.

fail-alert-interfaces <name>

Names of the FortiProxy interfaces to which the link failure alert is sent.

Names of the non-virtual interface.

string

Maximum length: 79

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time in seconds , 0 means use the renew time provided by the server.

integer

Minimum value: 300 Maximum value: 604800

ipunnumbered

Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.

ipv4-address

Not Specified

0.0.0.0

username

Username of the PPPoE account, provided by your ISP.

string

Maximum length: 64

pppoe-unnumbered-negotiate

Enable/disable PPPoE unnumbered negotiation.

option

enable

Option	Description
enable	Enable IP address negotiating for unnumbered.
disable	Disable IP address negotiating for unnumbered.

password

PPPoE account's password.

password

Not Specified

idle-timeout

PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 32767

detected-peer-mtu

MTU of detected peer.

integer

Minimum value: 0 Maximum value: 4294967295

disc-retry-timeout

Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 4294967295

padt-retry-timeout

PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.

integer

Minimum value: 0 Maximum value: 4294967295

service-name

PPPoE service name.

string

Maximum length: 63

ac-name

PPPoE server name.

string

Maximum length: 63

lcp-echo-interval

Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.

integer

Minimum value: 0 Maximum value: 32767

lcp-max-echo-fails

Maximum missed LCP echo messages before disconnect.

integer

Minimum value: 0 Maximum value: 32767

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

enable

Option	Description
enable	Enable default gateway.
disable	Disable default gateway.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

enable

Option	Description
enable	Use DNS acquired by DHCP or PPPoE.
disable	No not use DNS acquired by DHCP or PPPoE.

dns-server-protocol

DNS transport protocols.

option

cleartext

Option	Description
cleartext	DNS over UDP/53, DNS over TCP/53.
dot	DNS over TLS/853.
doh	DNS over HTTPS/443.

auth-type

PPP authentication type to use.

option

auto

Option	Description
auto	Automatically choose authentication.
pap	PAP authentication.
chap	CHAP authentication.
mschapv1	MS-CHAPv1 authentication.
mschapv2	MS-CHAPv2 authentication.

pptp-client

Enable/disable PPTP client.

option

disable

Option	Description
enable	Enable PPTP client.
disable	Disable PPTP client.

pptp-user

PPTP user name.

string

Maximum length: 64

pptp-password

PPTP password.

password

Not Specified

pptp-server-ip

PPTP server IP address.

ipv4-address

Not Specified

0.0.0.0

pptp-auth-type

PPTP authentication type.

option

auto

Option	Description
auto	Automatically choose authentication.
pap	PAP authentication.
chap	CHAP authentication.
mschapv1	MS-CHAPv1 authentication.
mschapv2	MS-CHAPv2 authentication.

pptp-timeout

Idle timer in minutes (0 for disabled).

integer

Minimum value: 0 Maximum value: 65535

arpforward

Enable/disable ARP forwarding.

option

enable

Option	Description
enable	Enable ARP forwarding.
disable	Disable ARP forwarding.

broadcast-forward

Enable/disable broadcast forwarding.

option

disable

Option	Description
enable	Enable broadcast forwarding.
disable	Disable broadcast forwarding.

bfd

Bidirectional Forwarding Detection (BFD) settings.

option

global

Option	Description
global	BFD behavior of this interface will be based on global configuration.
enable	Enable BFD on this interface and ignore global configuration.
disable	Disable BFD on this interface and ignore global configuration.

bfd-desired-min-tx

BFD desired minimal transmit interval.

integer

Minimum value: 1 Maximum value: 100000

250

bfd-detect-mult

BFD detection multiplier.

integer

Minimum value: 1 Maximum value: 50

bfd-required-min-rx

BFD required minimal receive interval.

integer

Minimum value: 1 Maximum value: 100000

250

l2forward

Enable/disable l2 forwarding.

option

disable

Option	Description
enable	Enable L2 forwarding.
disable	Disable L2 forwarding.

icmp-send-redirect

Enable/disable sending of ICMP redirects.

option

enable

Option	Description
enable	Enable sending of ICMP redirects.
disable	Disable sending of ICMP redirects.

icmp-accept-redirect

Enable/disable ICMP accept redirect.

option

enable

Option	Description
enable	Enable ICMP accept redirect.
disable	Disable ICMP accept redirect.

stpforward

Enable/disable STP forwarding.

option

disable

Option	Description
enable	Enable STP forwarding.
disable	Disable STP forwarding.

stpforward-mode

Configure STP forwarding mode.

option

rpl-all-ext-id

Option	Description
rpl-all-ext-id	Replace all extension IDs (root, bridge).
rpl-bridge-ext-id	Replace the bridge extension ID only.
rpl-nothing	Replace nothing.

macaddr

Change the interface's MAC address.

mac-address

Not Specified

00:00:00:00:00:00

substitute-dst-mac

Destination MAC address that all packets are sent to from this interface.

mac-address

Not Specified

00:00:00:00:00:00

large-receive-offload

Enable/disable large-receive-offload.

option

disable

Option	Description
enable	Enable large-receive-offload.
disable	Disable large-receive-offload.

generic-receive-offload

Enable/disable generic-receive-offload.

option

disable

Option	Description
enable	Enable generic-receive-offload.
disable	Disable generic-receive-offload.

speed

Interface speed. The default setting and the options available depend on the interface hardware.

option

auto

Option	Description
auto	Automatically adjust speed.
10full	10M full-duplex.
10half	10M half-duplex.
100full	100M full-duplex.
100half	100M half-duplex.
1000full	1000M full-duplex.
1000auto	1000M auto adjust.

status

Bring the interface up or shut the interface down.

option

Option	Description
up	Bring the interface up.
down	Shut the interface down.

netbios-forward

Enable/disable NETBIOS forwarding.

option

disable

Option	Description
disable	Disable NETBIOS forwarding.
enable	Enable NETBIOS forwarding.

wins-ip

WINS server IP.

ipv4-address

Not Specified

0.0.0.0

type

Interface type.

option

vlan

Option	Description
physical	Physical interface.
vlan	VLAN interface.
aggregate	Aggregate interface.
redundant	Redundant interface.
tunnel	Tunnel interface.
loopback	Loopback interface.
vdom-link	VDOM link interface.
vxlan	VXLAN interface.

dedicated-to

Configure interface for single purpose.

option

none

Option	Description
none	Interface not dedicated for any purpose.
management	Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

mtu-override

Enable to set a custom MTU for this interface.

option

disable

Option	Description
enable	Override default MTU.
disable	Use default MTU.

mtu

MTU value for this interface.

integer

Minimum value: 0 Maximum value: 4294967295

1500

ring-rx

RX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

ring-tx

TX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

wccp

Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.

option

disable

Option	Description
enable	Enable WCCP protocol on this interface.
disable	Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

disable

Option	Description
enable	Enable drop of overlapped fragment packets.
disable	Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

disable

Option	Description
enable	Enable/disable drop fragment packets.
disable	Do not drop fragment packets.

src-check

Enable/disable source IP check.

option

enable

Option	Description
enable	Enable source IP check.
disable	Disable source IP check.

explicit-web-proxy

Enable/disable the explicit web proxy on this interface.

option

disable

Option	Description
enable	Enable explicit Web proxy on this interface.
disable	Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable the explicit FTP proxy on this interface.

option

disable

Option	Description
enable	Enable explicit FTP proxy on this interface.
disable	Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

disable

Option	Description
enable	Enable proxy captive portal on this interface.
disable	Disable proxy captive portal on this interface.

tcp-mss

TCP maximum segment size. 0 means do not change segment size.

integer

Minimum value: 48 Maximum value: 65535

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 80000000

outbandwidth

Bandwidth limit for outgoing traffic.

integer

Minimum value: 0 Maximum value: 80000000

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

disconnect-threshold

Time in milliseconds to wait before sending a notification that this interface is down or disconnected.

integer

Minimum value: 0 Maximum value: 10000

spillover-threshold

Egress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

ingress-spillover-threshold

Ingress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

interface

Interface name.

string

Maximum length: 15

external

Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet).

option

disable

Option	Description
enable	Enable identifying the interface as an external interface.
disable	Disable identifying the interface as an external interface.

vlan-protocol

Ethernet protocol of VLAN.

option

8021q

Option	Description
8021q	IEEE 802.1Q.
8021ad	IEEE 802.1AD.

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

forward-domain

Transparent mode forward domain.

integer

Minimum value: 1 Maximum value: 4094

remote-ip

Remote IP address of tunnel.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

member <interface-name>

Physical interfaces that belong to the aggregate or redundant interface.

Physical interface name.

string

Maximum length: 79

lacp-mode

LACP mode.

option

Option	Description
static	Use static aggregation, do not send and ignore any LACP messages.

lacp-ha-secondary

LACP HA slave.

option

enable

Option	Description
enable	Allow HA slave to send/receive LACP messages.
disable	Block HA slave from sending/receiving LACP messages.

system-id-type

Method in which system ID is generated.

option

auto

Option	Description
auto	Use the MAC address of the first member.
user	User-defined system ID.

system-id

Define a system ID for the aggregate interface.

mac-address

Not Specified

00:00:00:00:00:00

lacp-speed

How often the interface sends LACP messages.

option

slow

Option	Description
slow	Send LACP message every 30 seconds.
fast	Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

min-links-down

Action to take when less than the configured minimum number of links are active.

option

operational

Option	Description
operational	Set the aggregate operationally down.
administrative	Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

Option	Description
L2	Use layer 2 address for distribution.
L3	Use layer 3 address for distribution.
L4	Use layer 4 information for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

priority-override

Enable/disable fail back to higher priority port once recovered.

option

enable

Option	Description
enable	Enable fail back to higher priority port once recovered.
disable	Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

switch

Contained in switch.

string

Maximum length: 15

description

Description.

var-string

Maximum length: 255

alias

Alias will be displayed with the interface name to make it easier to distinguish.

string

Maximum length: 25

security-mode

Turn on captive portal authentication for this interface.

option

none

Option	Description
none	No security option.
captive-portal	Captive portal authentication.
802.1X	802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

disable

Option	Description
mac-auth-only	Enable MAC authentication bypass without EAP.
enable	Enable MAC authentication bypass.
disable	Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

var-string

Maximum length: 1023

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

var-string

Maximum length: 1023

auth-cert

HTTPS server certificate.

string

Maximum length: 35

auth-portal-addr

Address of captive portal.

string

Maximum length: 63

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

security-groups <name>

User groups that can authenticate with the captive portal.

Names of user groups that can authenticate with the captive portal.

string

Maximum length: 79

role

Interface role.

option

undefined

Option	Description
lan	Connected to local network of endpoints.
wan	Connected to Internet.
dmz	Connected to server zone.
undefined	Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 1 Maximum value: 2147483647

secondary-IP

Enable/disable adding a secondary IP to this interface.

option

disable

Option	Description
enable	Enable secondary IP.
disable	Disable secondary IP.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

config client-options

Parameter

Description

Type

Size

Default

ID.

integer

Minimum value: 0 Maximum value: 4294967295

code

DHCP client option code.

integer

Minimum value: 0 Maximum value: 255

type

DHCP client option type.

option

hex

Option	Description
hex	DHCP option in hex.
string	DHCP option in string.
ip	DHCP option in IP.
fqdn	DHCP option in domain search option format.

value

DHCP client option value.

string

Maximum length: 312

DHCP option IPs.

user

Not Specified

config secondaryip

Parameter

Description

Type

Size

Default

ID.

integer

Minimum value: 0 Maximum value: 4294967295

Secondary IP address of the interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Management access settings for the secondary IP address.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
fgfm	FortiManager access.
radius-acct	RADIUS accounting access.
probe-response	Probe access.
fabric	Security Fabric access.
ftm	FTM access.
speed-test	Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

disable

Option	Description
enable	Enable detect gateway alive for first.
disable	Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

ping

Option	Description
ping	PING.
tcp-echo	TCP echo.
udp-echo	UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

config tagging

Parameter

Description

Type

Size

Default

name

Tagging entry name.

string

Maximum length: 63

config ipv6

Parameter

Description

Type

Size

Default

ip6-mode

Addressing mode (static, DHCP, delegated).

option

static

Option	Description
static	Static setting.
dhcp	DHCPv6 client mode.
pppoe	IPv6 over PPPoE mode.
delegated	IPv6 address with delegated prefix.

nd-mode

Neighbor discovery mode.

option

basic

Option	Description
basic	Do not support SEND.
SEND-compatible	Support SEND.

nd-cert

Neighbor discovery certificate.

string

Maximum length: 35

nd-security-level

Neighbor discovery security level.

integer

Minimum value: 0 Maximum value: 7

nd-timestamp-delta

Neighbor discovery timestamp delta value.

integer

Minimum value: 1 Maximum value: 3600

300

nd-timestamp-fuzz

Neighbor discovery timestamp fuzz factor.

integer

Minimum value: 1 Maximum value: 60

nd-cga-modifier

Neighbor discovery CGA modifier.

user

Not Specified

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

enable

Option	Description
enable	Enable using the DNS server acquired by DHCP.
disable	Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

ip6-allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
fgfm	FortiManager access.
fabric	Fabric access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

disable

Option	Description
enable	Enable sending advertisements about this interface.
disable	Disable sending advertisements about this interface.

icmp6-send-redirect

Enable/disable sending of ICMPv6 redirects.

option

enable

Option	Description
enable	Enable sending of ICMPv6 redirects.
disable	Disable sending of ICMPv6 redirects.

ip6-manage-flag

Enable/disable the managed flag.

option

disable

Option	Description
enable	Enable the managed IPv6 flag.
disable	Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

disable

Option	Description
enable	Enable the other IPv6 flag.
disable	Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

600

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

198

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

ra-send-mtu

Enable/disable sending link MTU in RA packet.

option

enable

Option	Description
enable	Enable sending link MTU in RA packet.
disable	Disable sending link MTU in RA packet.

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

1800

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

autoconf

Enable/disable address auto config.

option

disable

Option	Description
enable	Enable auto-configuration.
disable	Disable auto-configuration.

unique-autoconf-addr

Enable/disable unique auto config address.

option

disable

Option	Description
enable	Enable unique auto-configuration address.
disable	Disable unique auto-configuration address.

interface-identifier

IPv6 interface identifier.

ipv6-address

Not Specified

ip6-prefix-mode

Assigning a prefix from DHCP or RA.

option

dhcp6

Option	Description
dhcp6	Use delegated prefix from a DHCPv6 client to form a delegated IPv6 address.
ra	Use prefix from RA to form a delegated IPv6 address.

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

ip6-subnet

Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

disable

Option	Description
disable	Disable DHCPv6 relay
enable	Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

regular

Option	Description
regular	Regular DHCP relay.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

Option	Description
rapid	Send rapid commit option.
iapd	Send including IA-PD option.
iana	Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

disable

Option	Description
enable	Enable DHCPv6 prefix delegation.
disable	Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

disable

Option	Description
enable	Enable DHCPv6 information request.
disable	Disable DHCPv6 information request.

cli-conn6-status

CLI IPv6 connection status.

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-extra-addr

Parameter	Description	Type	Size	Default
prefix	IPv6 address prefix.	ipv6-prefix	Not Specified	::/0

config ip6-prefix-list

Parameter

Description

Type

Size

Default

prefix

IPv6 prefix.

ipv6-network

Not Specified

::/0

autonomous-flag

Enable/disable the autonomous flag.

option

enable

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

enable

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

2592000

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

604800

rdnss

Recursive DNS server option.

user

Not Specified

dnssl <domain>

DNS search list option.

Domain name.

string

Maximum length: 79

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

Default

prefix-id

Prefix ID.

integer

Minimum value: 0 Maximum value: 4294967295

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

autonomous-flag

Enable/disable the autonomous flag.

option

enable

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

enable

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified

::/0

rdnss-service

Recursive DNS service option.

option

specify

Option	Description
delegated	Delegated RDNSS settings.
default	System RDNSS settings.
specify	Specify recursive DNS servers.

rdnss

Recursive DNS server option.

user

Not Specified

config dhcp6-iapd-list

Parameter	Description	Type	Size	Default
iaid	Identity association identifier.	integer	Minimum value: 0 Maximum value: 4294967295	0
prefix-hint	DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.	ipv6-network	Not Specified	::/0
prefix-hint-plt	DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.	integer	Minimum value: 0 Maximum value: 4294967295	604800
prefix-hint-vlt	DHCPv6 prefix hint valid life time (sec).	integer	Minimum value: 0 Maximum value: 4294967295	2592000

config system interface

Configure interfaces.

config system interface
    Description: Configure interfaces.
    edit <name>
        set vdom {string}
        set cli-conn-status {integer}
        set mode [static|dhcp|...]
        config client-options
            Description: DHCP client options.
            edit <id>
                set code {integer}
                set type [hex|string|...]
                set value {string}
                set ip {user}
            next
        end
        set distance {integer}
        set priority {integer}
        set dhcp-relay-interface-select-method [auto|specify]
        set dhcp-relay-interface {string}
        set dhcp-relay-service [disable|enable]
        set dhcp-relay-ip {user}
        set dhcp-relay-link-selection {ipv4-address}
        set dhcp-relay-request-all-server [disable|enable]
        set dhcp-relay-type [regular|ipsec]
        set dhcp-relay-agent-option [enable|disable]
        set dhcp-classless-route-addition [enable|disable]
        set management-ip {ipv4-classnet-host}
        set ip {ipv4-classnet-host}
        set allowaccess {option1}, {option2}, ...
        set gwdetect [enable|disable]
        set ping-serv-status {integer}
        set detectserver {user}
        set detectprotocol {option1}, {option2}, ...
        set ha-priority {integer}
        set fail-detect [enable|disable]
        set fail-detect-option {option1}, {option2}, ...
        set fail-alert-method [link-failed-signal|link-down]
        set fail-action-on-extender [soft-restart|hard-restart|...]
        set fail-alert-interfaces <name1>, <name2>, ...
        set dhcp-client-identifier {string}
        set dhcp-renew-time {integer}
        set ipunnumbered {ipv4-address}
        set username {string}
        set pppoe-unnumbered-negotiate [enable|disable]
        set password {password}
        set idle-timeout {integer}
        set detected-peer-mtu {integer}
        set disc-retry-timeout {integer}
        set padt-retry-timeout {integer}
        set service-name {string}
        set ac-name {string}
        set lcp-echo-interval {integer}
        set lcp-max-echo-fails {integer}
        set defaultgw [enable|disable]
        set dns-server-override [enable|disable]
        set dns-server-protocol {option1}, {option2}, ...
        set auth-type [auto|pap|...]
        set pptp-client [enable|disable]
        set pptp-user {string}
        set pptp-password {password}
        set pptp-server-ip {ipv4-address}
        set pptp-auth-type [auto|pap|...]
        set pptp-timeout {integer}
        set arpforward [enable|disable]
        set broadcast-forward [enable|disable]
        set bfd [global|enable|...]
        set bfd-desired-min-tx {integer}
        set bfd-detect-mult {integer}
        set bfd-required-min-rx {integer}
        set l2forward [enable|disable]
        set icmp-send-redirect [enable|disable]
        set icmp-accept-redirect [enable|disable]
        set stpforward [enable|disable]
        set stpforward-mode [rpl-all-ext-id|rpl-bridge-ext-id|...]
        set macaddr {mac-address}
        set substitute-dst-mac {mac-address}
        set large-receive-offload [enable|disable]
        set generic-receive-offload [enable|disable]
        set speed [auto|10full|...]
        set status [up|down]
        set netbios-forward [disable|enable]
        set wins-ip {ipv4-address}
        set type [physical|vlan|...]
        set dedicated-to [none|management]
        set trust-ip-1 {ipv4-classnet-any}
        set trust-ip-2 {ipv4-classnet-any}
        set trust-ip-3 {ipv4-classnet-any}
        set trust-ip6-1 {ipv6-prefix}
        set trust-ip6-2 {ipv6-prefix}
        set trust-ip6-3 {ipv6-prefix}
        set mtu-override [enable|disable]
        set mtu {integer}
        set ring-rx {integer}
        set ring-tx {integer}
        set wccp [enable|disable]
        set drop-overlapped-fragment [enable|disable]
        set drop-fragment [enable|disable]
        set src-check [enable|disable]
        set explicit-web-proxy [enable|disable]
        set explicit-ftp-proxy [enable|disable]
        set proxy-captive-portal [enable|disable]
        set tcp-mss {integer}
        set inbandwidth {integer}
        set outbandwidth {integer}
        set egress-shaping-profile {string}
        set ingress-shaping-profile {string}
        set disconnect-threshold {integer}
        set spillover-threshold {integer}
        set ingress-spillover-threshold {integer}
        set weight {integer}
        set interface {string}
        set external [enable|disable]
        set vlan-protocol [8021q|8021ad]
        set vlanid {integer}
        set forward-domain {integer}
        set remote-ip {ipv4-classnet-host}
        set member <interface-name1>, <interface-name2>, ...
        set lacp-mode {option}
        set lacp-ha-secondary [enable|disable]
        set system-id-type [auto|user]
        set system-id {mac-address}
        set lacp-speed [slow|fast]
        set min-links {integer}
        set min-links-down [operational|administrative]
        set algorithm [L2|L3|...]
        set link-up-delay {integer}
        set priority-override [enable|disable]
        set aggregate {string}
        set redundant-interface {string}
        set devindex {integer}
        set switch {string}
        set description {var-string}
        set alias {string}
        set security-mode [none|captive-portal|...]
        set security-mac-auth-bypass [mac-auth-only|enable|...]
        set security-external-web {var-string}
        set security-external-logout {string}
        set replacemsg-override-group {string}
        set security-redirect-url {var-string}
        set auth-cert {string}
        set auth-portal-addr {string}
        set security-exempt-list {string}
        set security-groups <name1>, <name2>, ...
        set role [lan|wan|...]
        set snmp-index {integer}
        set secondary-IP [enable|disable]
        config secondaryip
            Description: Second IP address of interface.
            edit <id>
                set ip {ipv4-classnet-host}
                set allowaccess {option1}, {option2}, ...
                set gwdetect [enable|disable]
                set ping-serv-status {integer}
                set detectserver {user}
                set detectprotocol {option1}, {option2}, ...
                set ha-priority {integer}
            next
        end
        set color {integer}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        config ipv6
            Description: IPv6 of interface.
            set ip6-mode [static|dhcp|...]
            set nd-mode [basic|SEND-compatible]
            set nd-cert {string}
            set nd-security-level {integer}
            set nd-timestamp-delta {integer}
            set nd-timestamp-fuzz {integer}
            set nd-cga-modifier {user}
            set ip6-dns-server-override [enable|disable]
            set ip6-address {ipv6-prefix}
            config ip6-extra-addr
                Description: Extra IPv6 address prefixes of interface.
                edit <prefix>
                next
            end
            set ip6-allowaccess {option1}, {option2}, ...
            set ip6-send-adv [enable|disable]
            set icmp6-send-redirect [enable|disable]
            set ip6-manage-flag [enable|disable]
            set ip6-other-flag [enable|disable]
            set ip6-max-interval {integer}
            set ip6-min-interval {integer}
            set ip6-link-mtu {integer}
            set ra-send-mtu [enable|disable]
            set ip6-reachable-time {integer}
            set ip6-retrans-time {integer}
            set ip6-default-life {integer}
            set ip6-hop-limit {integer}
            set autoconf [enable|disable]
            set unique-autoconf-addr [enable|disable]
            set interface-identifier {ipv6-address}
            set ip6-prefix-mode [dhcp6|ra]
            set ip6-upstream-interface {string}
            set ip6-delegated-prefix-iaid {integer}
            set ip6-subnet {ipv6-prefix}
            config ip6-prefix-list
                Description: Advertised prefix list.
                edit <prefix>
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set valid-life-time {integer}
                    set preferred-life-time {integer}
                    set rdnss {user}
                    set dnssl <domain1>, <domain2>, ...
                next
            end
            config ip6-delegated-prefix-list
                Description: Advertised IPv6 delegated prefix list.
                edit <prefix-id>
                    set upstream-interface {string}
                    set delegated-prefix-iaid {integer}
                    set autonomous-flag [enable|disable]
                    set onlink-flag [enable|disable]
                    set subnet {ipv6-network}
                    set rdnss-service [delegated|default|...]
                    set rdnss {user}
                next
            end
            set dhcp6-relay-service [disable|enable]
            set dhcp6-relay-type {option}
            set dhcp6-relay-ip {user}
            set dhcp6-client-options {option1}, {option2}, ...
            set dhcp6-prefix-delegation [enable|disable]
            set dhcp6-information-request [enable|disable]
            config dhcp6-iapd-list
                Description: DHCPv6 IA-PD list.
                edit <iaid>
                    set prefix-hint {ipv6-network}
                    set prefix-hint-plt {integer}
                    set prefix-hint-vlt {integer}
                next
            end
            set cli-conn6-status {integer}
        end
    next
end

config system interface

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 15

vdom

Interface is in this virtual domain (VDOM).

string

Maximum length: 31

cli-conn-status

CLI connection status.

integer

Minimum value: 0 Maximum value: 4294967295

mode

Addressing mode (static, DHCP, PPPoE).

option

static

Option	Description
static	Static setting.
dhcp	External DHCP client mode.
pppoe	External PPPoE mode.

distance

Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.

integer

Minimum value: 1 Maximum value: 255

priority

Priority of learned routes.

integer

Minimum value: 1 Maximum value: 65535

dhcp-relay-interface-select-method

Specify how to select outgoing interface to reach server.

option

auto

Option	Description
auto	Set outgoing interface automatically.
specify	Set outgoing interface manually.

dhcp-relay-interface

Specify outgoing interface to reach server.

string

Maximum length: 15

dhcp-relay-service

Enable/disable allowing this interface to act as a DHCP relay.

option

disable

Option	Description
disable	None.
enable	DHCP relay agent.

dhcp-relay-ip

DHCP relay IP address.

user

Not Specified

dhcp-relay-link-selection

DHCP relay link selection.

ipv4-address

Not Specified

0.0.0.0

dhcp-relay-request-all-server

Enable/disable sending of DHCP requests to all servers.

option

disable

Option	Description
disable	Send DHCP requests only to a matching server.
enable	Send DHCP requests to all servers.

dhcp-relay-type

DHCP relay type (regular or IPsec).

option

regular

Option	Description
regular	Regular DHCP relay.
ipsec	DHCP relay for IPsec.

dhcp-relay-agent-option

Enable/disable DHCP relay agent option.

option

enable

Option	Description
enable	Enable DHCP relay agent option.
disable	Disable DHCP relay agent option.

dhcp-classless-route-addition

Enable/disable addition of classless static routes retrieved from DHCP server.

option

enable

Option	Description
enable	Enable addition of classless static routes retrieved from DHCP server.
disable	Disable addition of classless static routes retrieved from DHCP server.

management-ip

High Availability in-band management IP address of this interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Permitted types of management access to this interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
fgfm	FortiManager access.
radius-acct	RADIUS accounting access.
probe-response	Probe access.
fabric	Security Fabric access.
ftm	FTM access.
speed-test	Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

disable

Option	Description
enable	Enable detect gateway alive for first.
disable	Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

ping

Option	Description
ping	PING.
tcp-echo	TCP echo.
udp-echo	UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

fail-detect

Enable/disable fail detection features for this interface.

option

disable

Option	Description
enable	Enable interface failed option status.
disable	Disable interface failed option status.

fail-detect-option

Options for detecting that this interface has failed.

option

link-down

Option	Description
detectserver	Use a ping server to determine if the interface has failed.
link-down	Use port detection to determine if the interface has failed.

fail-alert-method

Select link-failed-signal or link-down method to alert about a failed link.

option

link-down

Option	Description
link-failed-signal	Link-failed-signal.
link-down	Link-down.

fail-action-on-extender

Action on FortiExtender when interface fail.

option

soft-restart

Option	Description
soft-restart	Soft-restart-on-extender.
hard-restart	Hard-restart-on-extender.
reboot	Reboot-on-extender.

fail-alert-interfaces <name>

Names of the FortiProxy interfaces to which the link failure alert is sent.

Names of the non-virtual interface.

string

Maximum length: 79

dhcp-client-identifier

DHCP client identifier.

string

Maximum length: 48

dhcp-renew-time

DHCP renew time in seconds , 0 means use the renew time provided by the server.

integer

Minimum value: 300 Maximum value: 604800

ipunnumbered

Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.

ipv4-address

Not Specified

0.0.0.0

username

Username of the PPPoE account, provided by your ISP.

string

Maximum length: 64

pppoe-unnumbered-negotiate

Enable/disable PPPoE unnumbered negotiation.

option

enable

Option	Description
enable	Enable IP address negotiating for unnumbered.
disable	Disable IP address negotiating for unnumbered.

password

PPPoE account's password.

password

Not Specified

idle-timeout

PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 32767

detected-peer-mtu

MTU of detected peer.

integer

Minimum value: 0 Maximum value: 4294967295

disc-retry-timeout

Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.

integer

Minimum value: 0 Maximum value: 4294967295

padt-retry-timeout

PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.

integer

Minimum value: 0 Maximum value: 4294967295

service-name

PPPoE service name.

string

Maximum length: 63

ac-name

PPPoE server name.

string

Maximum length: 63

lcp-echo-interval

Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.

integer

Minimum value: 0 Maximum value: 32767

lcp-max-echo-fails

Maximum missed LCP echo messages before disconnect.

integer

Minimum value: 0 Maximum value: 32767

defaultgw

Enable to get the gateway IP from the DHCP or PPPoE server.

option

enable

Option	Description
enable	Enable default gateway.
disable	Disable default gateway.

dns-server-override

Enable/disable use DNS acquired by DHCP or PPPoE.

option

enable

Option	Description
enable	Use DNS acquired by DHCP or PPPoE.
disable	No not use DNS acquired by DHCP or PPPoE.

dns-server-protocol

DNS transport protocols.

option

cleartext

Option	Description
cleartext	DNS over UDP/53, DNS over TCP/53.
dot	DNS over TLS/853.
doh	DNS over HTTPS/443.

auth-type

PPP authentication type to use.

option

auto

Option	Description
auto	Automatically choose authentication.
pap	PAP authentication.
chap	CHAP authentication.
mschapv1	MS-CHAPv1 authentication.
mschapv2	MS-CHAPv2 authentication.

pptp-client

Enable/disable PPTP client.

option

disable

Option	Description
enable	Enable PPTP client.
disable	Disable PPTP client.

pptp-user

PPTP user name.

string

Maximum length: 64

pptp-password

PPTP password.

password

Not Specified

pptp-server-ip

PPTP server IP address.

ipv4-address

Not Specified

0.0.0.0

pptp-auth-type

PPTP authentication type.

option

auto

Option	Description
auto	Automatically choose authentication.
pap	PAP authentication.
chap	CHAP authentication.
mschapv1	MS-CHAPv1 authentication.
mschapv2	MS-CHAPv2 authentication.

pptp-timeout

Idle timer in minutes (0 for disabled).

integer

Minimum value: 0 Maximum value: 65535

arpforward

Enable/disable ARP forwarding.

option

enable

Option	Description
enable	Enable ARP forwarding.
disable	Disable ARP forwarding.

broadcast-forward

Enable/disable broadcast forwarding.

option

disable

Option	Description
enable	Enable broadcast forwarding.
disable	Disable broadcast forwarding.

bfd

Bidirectional Forwarding Detection (BFD) settings.

option

global

Option	Description
global	BFD behavior of this interface will be based on global configuration.
enable	Enable BFD on this interface and ignore global configuration.
disable	Disable BFD on this interface and ignore global configuration.

bfd-desired-min-tx

BFD desired minimal transmit interval.

integer

Minimum value: 1 Maximum value: 100000

250

bfd-detect-mult

BFD detection multiplier.

integer

Minimum value: 1 Maximum value: 50

bfd-required-min-rx

BFD required minimal receive interval.

integer

Minimum value: 1 Maximum value: 100000

250

l2forward

Enable/disable l2 forwarding.

option

disable

Option	Description
enable	Enable L2 forwarding.
disable	Disable L2 forwarding.

icmp-send-redirect

Enable/disable sending of ICMP redirects.

option

enable

Option	Description
enable	Enable sending of ICMP redirects.
disable	Disable sending of ICMP redirects.

icmp-accept-redirect

Enable/disable ICMP accept redirect.

option

enable

Option	Description
enable	Enable ICMP accept redirect.
disable	Disable ICMP accept redirect.

stpforward

Enable/disable STP forwarding.

option

disable

Option	Description
enable	Enable STP forwarding.
disable	Disable STP forwarding.

stpforward-mode

Configure STP forwarding mode.

option

rpl-all-ext-id

Option	Description
rpl-all-ext-id	Replace all extension IDs (root, bridge).
rpl-bridge-ext-id	Replace the bridge extension ID only.
rpl-nothing	Replace nothing.

macaddr

Change the interface's MAC address.

mac-address

Not Specified

00:00:00:00:00:00

substitute-dst-mac

Destination MAC address that all packets are sent to from this interface.

mac-address

Not Specified

00:00:00:00:00:00

large-receive-offload

Enable/disable large-receive-offload.

option

disable

Option	Description
enable	Enable large-receive-offload.
disable	Disable large-receive-offload.

generic-receive-offload

Enable/disable generic-receive-offload.

option

disable

Option	Description
enable	Enable generic-receive-offload.
disable	Disable generic-receive-offload.

speed

Interface speed. The default setting and the options available depend on the interface hardware.

option

auto

Option	Description
auto	Automatically adjust speed.
10full	10M full-duplex.
10half	10M half-duplex.
100full	100M full-duplex.
100half	100M half-duplex.
1000full	1000M full-duplex.
1000auto	1000M auto adjust.

status

Bring the interface up or shut the interface down.

option

Option	Description
up	Bring the interface up.
down	Shut the interface down.

netbios-forward

Enable/disable NETBIOS forwarding.

option

disable

Option	Description
disable	Disable NETBIOS forwarding.
enable	Enable NETBIOS forwarding.

wins-ip

WINS server IP.

ipv4-address

Not Specified

0.0.0.0

type

Interface type.

option

vlan

Option	Description
physical	Physical interface.
vlan	VLAN interface.
aggregate	Aggregate interface.
redundant	Redundant interface.
tunnel	Tunnel interface.
loopback	Loopback interface.
vdom-link	VDOM link interface.
vxlan	VXLAN interface.

dedicated-to

Configure interface for single purpose.

option

none

Option	Description
none	Interface not dedicated for any purpose.
management	Dedicate this interface for management purposes only.

trust-ip-1

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-2

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip-3

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

trust-ip6-1

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-2

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

trust-ip6-3

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

ipv6-prefix

Not Specified

::/0

mtu-override

Enable to set a custom MTU for this interface.

option

disable

Option	Description
enable	Override default MTU.
disable	Use default MTU.

mtu

MTU value for this interface.

integer

Minimum value: 0 Maximum value: 4294967295

1500

ring-rx

RX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

ring-tx

TX ring size.

integer

Minimum value: 0 Maximum value: 4294967295

wccp

Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.

option

disable

Option	Description
enable	Enable WCCP protocol on this interface.
disable	Disable WCCP protocol on this interface.

drop-overlapped-fragment

Enable/disable drop overlapped fragment packets.

option

disable

Option	Description
enable	Enable drop of overlapped fragment packets.
disable	Disable drop of overlapped fragment packets.

drop-fragment

Enable/disable drop fragment packets.

option

disable

Option	Description
enable	Enable/disable drop fragment packets.
disable	Do not drop fragment packets.

src-check

Enable/disable source IP check.

option

enable

Option	Description
enable	Enable source IP check.
disable	Disable source IP check.

explicit-web-proxy

Enable/disable the explicit web proxy on this interface.

option

disable

Option	Description
enable	Enable explicit Web proxy on this interface.
disable	Disable explicit Web proxy on this interface.

explicit-ftp-proxy

Enable/disable the explicit FTP proxy on this interface.

option

disable

Option	Description
enable	Enable explicit FTP proxy on this interface.
disable	Disable explicit FTP proxy on this interface.

proxy-captive-portal

Enable/disable proxy captive portal on this interface.

option

disable

Option	Description
enable	Enable proxy captive portal on this interface.
disable	Disable proxy captive portal on this interface.

tcp-mss

TCP maximum segment size. 0 means do not change segment size.

integer

Minimum value: 48 Maximum value: 65535

inbandwidth

Bandwidth limit for incoming traffic , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 80000000

outbandwidth

Bandwidth limit for outgoing traffic.

integer

Minimum value: 0 Maximum value: 80000000

egress-shaping-profile

Outgoing traffic shaping profile.

string

Maximum length: 35

ingress-shaping-profile

Incoming traffic shaping profile.

string

Maximum length: 35

disconnect-threshold

Time in milliseconds to wait before sending a notification that this interface is down or disconnected.

integer

Minimum value: 0 Maximum value: 10000

spillover-threshold

Egress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

ingress-spillover-threshold

Ingress Spillover threshold , 0 means unlimited.

integer

Minimum value: 0 Maximum value: 16776000

weight

Default weight for static routes (if route has no weight configured).

integer

Minimum value: 0 Maximum value: 255

interface

Interface name.

string

Maximum length: 15

external

Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet).

option

disable

Option	Description
enable	Enable identifying the interface as an external interface.
disable	Disable identifying the interface as an external interface.

vlan-protocol

Ethernet protocol of VLAN.

option

8021q

Option	Description
8021q	IEEE 802.1Q.
8021ad	IEEE 802.1AD.

vlanid

VLAN ID.

integer

Minimum value: 1 Maximum value: 4094

forward-domain

Transparent mode forward domain.

integer

Minimum value: 1 Maximum value: 4094

remote-ip

Remote IP address of tunnel.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

member <interface-name>

Physical interfaces that belong to the aggregate or redundant interface.

Physical interface name.

string

Maximum length: 79

lacp-mode

LACP mode.

option

Option	Description
static	Use static aggregation, do not send and ignore any LACP messages.

lacp-ha-secondary

LACP HA slave.

option

enable

Option	Description
enable	Allow HA slave to send/receive LACP messages.
disable	Block HA slave from sending/receiving LACP messages.

system-id-type

Method in which system ID is generated.

option

auto

Option	Description
auto	Use the MAC address of the first member.
user	User-defined system ID.

system-id

Define a system ID for the aggregate interface.

mac-address

Not Specified

00:00:00:00:00:00

lacp-speed

How often the interface sends LACP messages.

option

slow

Option	Description
slow	Send LACP message every 30 seconds.
fast	Send LACP message every second.

min-links

Minimum number of aggregated ports that must be up.

integer

Minimum value: 1 Maximum value: 32

min-links-down

Action to take when less than the configured minimum number of links are active.

option

operational

Option	Description
operational	Set the aggregate operationally down.
administrative	Set the aggregate administratively down.

algorithm

Frame distribution algorithm.

option

Option	Description
L2	Use layer 2 address for distribution.
L3	Use layer 3 address for distribution.
L4	Use layer 4 information for distribution.

link-up-delay

Number of milliseconds to wait before considering a link is up.

integer

Minimum value: 50 Maximum value: 3600000

priority-override

Enable/disable fail back to higher priority port once recovered.

option

enable

Option	Description
enable	Enable fail back to higher priority port once recovered.
disable	Disable fail back to higher priority port once recovered.

aggregate

Aggregate interface.

string

Maximum length: 15

redundant-interface

Redundant interface.

string

Maximum length: 15

devindex

Device Index.

integer

Minimum value: 0 Maximum value: 4294967295

switch

Contained in switch.

string

Maximum length: 15

description

Description.

var-string

Maximum length: 255

alias

Alias will be displayed with the interface name to make it easier to distinguish.

string

Maximum length: 25

security-mode

Turn on captive portal authentication for this interface.

option

none

Option	Description
none	No security option.
captive-portal	Captive portal authentication.
802.1X	802.1X port-based authentication.

security-mac-auth-bypass

Enable/disable MAC authentication bypass.

option

disable

Option	Description
mac-auth-only	Enable MAC authentication bypass without EAP.
enable	Enable MAC authentication bypass.
disable	Disable MAC authentication bypass.

security-external-web

URL of external authentication web server.

var-string

Maximum length: 1023

security-external-logout

URL of external authentication logout server.

string

Maximum length: 127

replacemsg-override-group

Replacement message override group.

string

Maximum length: 35

security-redirect-url

URL redirection after disclaimer/authentication.

var-string

Maximum length: 1023

auth-cert

HTTPS server certificate.

string

Maximum length: 35

auth-portal-addr

Address of captive portal.

string

Maximum length: 63

security-exempt-list

Name of security-exempt-list.

string

Maximum length: 35

security-groups <name>

User groups that can authenticate with the captive portal.

Names of user groups that can authenticate with the captive portal.

string

Maximum length: 79

role

Interface role.

option

undefined

Option	Description
lan	Connected to local network of endpoints.
wan	Connected to Internet.
dmz	Connected to server zone.
undefined	Interface has no specific role.

snmp-index

Permanent SNMP Index of the interface.

integer

Minimum value: 1 Maximum value: 2147483647

secondary-IP

Enable/disable adding a secondary IP to this interface.

option

disable

Option	Description
enable	Enable secondary IP.
disable	Disable secondary IP.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

config client-options

Parameter

Description

Type

Size

Default

ID.

integer

Minimum value: 0 Maximum value: 4294967295

code

DHCP client option code.

integer

Minimum value: 0 Maximum value: 255

type

DHCP client option type.

option

hex

Option	Description
hex	DHCP option in hex.
string	DHCP option in string.
ip	DHCP option in IP.
fqdn	DHCP option in domain search option format.

value

DHCP client option value.

string

Maximum length: 312

DHCP option IPs.

user

Not Specified

config secondaryip

Parameter

Description

Type

Size

Default

ID.

integer

Minimum value: 0 Maximum value: 4294967295

Secondary IP address of the interface.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

allowaccess

Management access settings for the secondary IP address.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
fgfm	FortiManager access.
radius-acct	RADIUS accounting access.
probe-response	Probe access.
fabric	Security Fabric access.
ftm	FTM access.
speed-test	Speed test access.

gwdetect

Enable/disable detect gateway alive for first.

option

disable

Option	Description
enable	Enable detect gateway alive for first.
disable	Disable detect gateway alive for first.

ping-serv-status

PING server status.

integer

Minimum value: 0 Maximum value: 255

detectserver

Gateway's ping server for this IP.

user

Not Specified

detectprotocol

Protocols used to detect the server.

option

ping

Option	Description
ping	PING.
tcp-echo	TCP echo.
udp-echo	UDP echo.

ha-priority

HA election priority for the PING server.

integer

Minimum value: 1 Maximum value: 50

config tagging

Parameter

Description

Type

Size

Default

name

Tagging entry name.

string

Maximum length: 63

config ipv6

Parameter

Description

Type

Size

Default

ip6-mode

Addressing mode (static, DHCP, delegated).

option

static

Option	Description
static	Static setting.
dhcp	DHCPv6 client mode.
pppoe	IPv6 over PPPoE mode.
delegated	IPv6 address with delegated prefix.

nd-mode

Neighbor discovery mode.

option

basic

Option	Description
basic	Do not support SEND.
SEND-compatible	Support SEND.

nd-cert

Neighbor discovery certificate.

string

Maximum length: 35

nd-security-level

Neighbor discovery security level.

integer

Minimum value: 0 Maximum value: 7

nd-timestamp-delta

Neighbor discovery timestamp delta value.

integer

Minimum value: 1 Maximum value: 3600

300

nd-timestamp-fuzz

Neighbor discovery timestamp fuzz factor.

integer

Minimum value: 1 Maximum value: 60

nd-cga-modifier

Neighbor discovery CGA modifier.

user

Not Specified

ip6-dns-server-override

Enable/disable using the DNS server acquired by DHCP.

option

enable

Option	Description
enable	Enable using the DNS server acquired by DHCP.
disable	Disable using the DNS server acquired by DHCP.

ip6-address

Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

ip6-allowaccess

Allow management access to the interface.

option

Option	Description
ping	PING access.
https	HTTPS access.
ssh	SSH access.
snmp	SNMP access.
http	HTTP access.
telnet	TELNET access.
fgfm	FortiManager access.
fabric	Fabric access.

ip6-send-adv

Enable/disable sending advertisements about the interface.

option

disable

Option	Description
enable	Enable sending advertisements about this interface.
disable	Disable sending advertisements about this interface.

icmp6-send-redirect

Enable/disable sending of ICMPv6 redirects.

option

enable

Option	Description
enable	Enable sending of ICMPv6 redirects.
disable	Disable sending of ICMPv6 redirects.

ip6-manage-flag

Enable/disable the managed flag.

option

disable

Option	Description
enable	Enable the managed IPv6 flag.
disable	Disable the managed IPv6 flag.

ip6-other-flag

Enable/disable the other IPv6 flag.

option

disable

Option	Description
enable	Enable the other IPv6 flag.
disable	Disable the other IPv6 flag.

ip6-max-interval

IPv6 maximum interval (4 to 1800 sec).

integer

Minimum value: 4 Maximum value: 1800

600

ip6-min-interval

IPv6 minimum interval (3 to 1350 sec).

integer

Minimum value: 3 Maximum value: 1350

198

ip6-link-mtu

IPv6 link MTU.

integer

Minimum value: 1280 Maximum value: 16000

ra-send-mtu

Enable/disable sending link MTU in RA packet.

option

enable

Option	Description
enable	Enable sending link MTU in RA packet.
disable	Disable sending link MTU in RA packet.

ip6-reachable-time

IPv6 reachable time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 3600000

ip6-retrans-time

IPv6 retransmit time (milliseconds; 0 means unspecified).

integer

Minimum value: 0 Maximum value: 4294967295

ip6-default-life

Default life (sec).

integer

Minimum value: 0 Maximum value: 9000

1800

ip6-hop-limit

Hop limit (0 means unspecified).

integer

Minimum value: 0 Maximum value: 255

autoconf

Enable/disable address auto config.

option

disable

Option	Description
enable	Enable auto-configuration.
disable	Disable auto-configuration.

unique-autoconf-addr

Enable/disable unique auto config address.

option

disable

Option	Description
enable	Enable unique auto-configuration address.
disable	Disable unique auto-configuration address.

interface-identifier

IPv6 interface identifier.

ipv6-address

Not Specified

ip6-prefix-mode

Assigning a prefix from DHCP or RA.

option

dhcp6

Option	Description
dhcp6	Use delegated prefix from a DHCPv6 client to form a delegated IPv6 address.
ra	Use prefix from RA to form a delegated IPv6 address.

ip6-upstream-interface

Interface name providing delegated information.

string

Maximum length: 15

ip6-delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

ip6-subnet

Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx.

ipv6-prefix

Not Specified

::/0

dhcp6-relay-service

Enable/disable DHCPv6 relay.

option

disable

Option	Description
disable	Disable DHCPv6 relay
enable	Enable DHCPv6 relay.

dhcp6-relay-type

DHCPv6 relay type.

option

regular

Option	Description
regular	Regular DHCP relay.

dhcp6-relay-ip

DHCPv6 relay IP address.

user

Not Specified

dhcp6-client-options

DHCPv6 client options.

option

Option	Description
rapid	Send rapid commit option.
iapd	Send including IA-PD option.
iana	Send including IA-NA option.

dhcp6-prefix-delegation

Enable/disable DHCPv6 prefix delegation.

option

disable

Option	Description
enable	Enable DHCPv6 prefix delegation.
disable	Disable DHCPv6 prefix delegation.

dhcp6-information-request

Enable/disable DHCPv6 information request.

option

disable

Option	Description
enable	Enable DHCPv6 information request.
disable	Disable DHCPv6 information request.

cli-conn6-status

CLI IPv6 connection status.

integer

Minimum value: 0 Maximum value: 4294967295

config ip6-extra-addr

Parameter	Description	Type	Size	Default
prefix	IPv6 address prefix.	ipv6-prefix	Not Specified	::/0

config ip6-prefix-list

Parameter

Description

Type

Size

Default

prefix

IPv6 prefix.

ipv6-network

Not Specified

::/0

autonomous-flag

Enable/disable the autonomous flag.

option

enable

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

enable

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

valid-life-time

Valid life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

2592000

preferred-life-time

Preferred life time (sec).

integer

Minimum value: 0 Maximum value: 4294967295

604800

rdnss

Recursive DNS server option.

user

Not Specified

dnssl <domain>

DNS search list option.

Domain name.

string

Maximum length: 79

config ip6-delegated-prefix-list

Parameter

Description

Type

Size

Default

prefix-id

Prefix ID.

integer

Minimum value: 0 Maximum value: 4294967295

upstream-interface

Name of the interface that provides delegated information.

string

Maximum length: 15

delegated-prefix-iaid

IAID of obtained delegated-prefix from the upstream interface.

integer

Minimum value: 0 Maximum value: 4294967295

autonomous-flag

Enable/disable the autonomous flag.

option

enable

Option	Description
enable	Enable the autonomous flag.
disable	Disable the autonomous flag.

onlink-flag

Enable/disable the onlink flag.

option

enable

Option	Description
enable	Enable the onlink flag.
disable	Disable the onlink flag.

subnet

Add subnet ID to routing prefix.

ipv6-network

Not Specified

::/0

rdnss-service

Recursive DNS service option.

option

specify

Option	Description
delegated	Delegated RDNSS settings.
default	System RDNSS settings.
specify	Specify recursive DNS servers.

rdnss

Recursive DNS server option.

user

Not Specified

config dhcp6-iapd-list

Parameter	Description	Type	Size	Default
iaid	Identity association identifier.	integer	Minimum value: 0 Maximum value: 4294967295	0
prefix-hint	DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.	ipv6-network	Not Specified	::/0
prefix-hint-plt	DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.	integer	Minimum value: 0 Maximum value: 4294967295	604800
prefix-hint-vlt	DHCPv6 prefix hint valid life time (sec).	integer	Minimum value: 0 Maximum value: 4294967295	2592000

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config system interface

config system interface

config system interface

config client-options

config secondaryip

config tagging

config ipv6

config ip6-extra-addr

config ip6-prefix-list

config ip6-delegated-prefix-list

config dhcp6-iapd-list