fortinet.fortimanager.fmgr_devprof_system_global module – Configure global attributes.

Note

This module is part of the fortinet.fortimanager collection (version 2.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_devprof_system_global.

New in fortinet.fortimanager 1.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

devprof

string / required

The parameter (devprof) in requested url.

devprof_system_global

dictionary

The top level parameters set.

admin-ble-button

string

Deprecated, please rename it to admin_ble_button. Press the BLE button can enable BLE function

Choices:

  • "disable"

  • "enable"

admin-concurrent

string

Deprecated, please rename it to admin_concurrent. Enable/disable concurrent administrator logins.

Choices:

  • "disable"

  • "enable"

admin-console-timeout

integer

Deprecated, please rename it to admin_console_timeout. Console login timeout that overrides the admin timeout value

admin-forticloud-sso-default-profile

any

(list) Deprecated, please rename it to admin_forticloud_sso_default_profile. Override access profile.

admin-forticloud-sso-login

string

Deprecated, please rename it to admin_forticloud_sso_login. Enable/disable FortiCloud admin login via SSO.

Choices:

  • "disable"

  • "enable"

admin-host

string

Deprecated, please rename it to admin_host. Administrative host for HTTP and HTTPS.

admin-hsts-max-age

integer

Deprecated, please rename it to admin_hsts_max_age. HTTPS Strict-Transport-Security header max-age in seconds.

admin-https-pki-required

string

Deprecated, please rename it to admin_https_pki_required. Enable/disable admin login method.

Choices:

  • "disable"

  • "enable"

admin-https-redirect

string

Deprecated, please rename it to admin_https_redirect. Enable/disable redirection of HTTP administration access to HTTPS.

Choices:

  • "disable"

  • "enable"

admin-https-ssl-banned-ciphers

list / elements=string

Deprecated, please rename it to admin_https_ssl_banned_ciphers. Select one or more cipher technologies that cannot be used…

Choices:

  • "RSA"

  • "DHE"

  • "ECDHE"

  • "DSS"

  • "ECDSA"

  • "AES"

  • "AESGCM"

  • "CAMELLIA"

  • "3DES"

  • "SHA1"

  • "SHA256"

  • "SHA384"

  • "STATIC"

  • "CHACHA20"

  • "ARIA"

  • "AESCCM"

admin-https-ssl-ciphersuites

list / elements=string

Deprecated, please rename it to admin_https_ssl_ciphersuites. Select one or more TLS 1.

Choices:

  • "TLS-AES-128-GCM-SHA256"

  • "TLS-AES-256-GCM-SHA384"

  • "TLS-CHACHA20-POLY1305-SHA256"

  • "TLS-AES-128-CCM-SHA256"

  • "TLS-AES-128-CCM-8-SHA256"

admin-https-ssl-versions

list / elements=string

Deprecated, please rename it to admin_https_ssl_versions. Allowed TLS versions for web administration.

Choices:

  • "tlsv1-0"

  • "tlsv1-1"

  • "tlsv1-2"

  • "sslv3"

  • "tlsv1-3"

admin-lockout-duration

integer

Deprecated, please rename it to admin_lockout_duration. Amount of time in seconds that an administrator account is locked …

admin-lockout-threshold

integer

Deprecated, please rename it to admin_lockout_threshold. Number of failed login attempts before an administrator account i…

admin-login-max

integer

Deprecated, please rename it to admin_login_max. Maximum number of administrators who can be logged in at the same time

admin-maintainer

string

Deprecated, please rename it to admin_maintainer. Enable/disable maintainer administrator login.

Choices:

  • "disable"

  • "enable"

admin-port

integer

Deprecated, please rename it to admin_port. Administrative access port for HTTP.

admin-reset-button

string

Deprecated, please rename it to admin_reset_button. Press the reset button can reset to factory default.

Choices:

  • "disable"

  • "enable"

admin-restrict-local

string

Deprecated, please rename it to admin_restrict_local. Enable/disable local admin authentication restriction when remote au…

Choices:

  • "disable"

  • "enable"

  • "all"

  • "non-console-only"

admin-scp

string

Deprecated, please rename it to admin_scp. Enable/disable using SCP to download the system configuration.

Choices:

  • "disable"

  • "enable"

admin-server-cert

any

(list) Deprecated, please rename it to admin_server_cert. Server certificate that the FortiGate uses for HTTPS administrat…

admin-sport

integer

Deprecated, please rename it to admin_sport. Administrative access port for HTTPS.

admin-ssh-grace-time

integer

Deprecated, please rename it to admin_ssh_grace_time. Maximum time in seconds permitted between making an SSH connection t…

admin-ssh-password

string

Deprecated, please rename it to admin_ssh_password. Enable/disable password authentication for SSH admin access.

Choices:

  • "disable"

  • "enable"

admin-ssh-port

integer

Deprecated, please rename it to admin_ssh_port. Administrative access port for SSH.

admin-ssh-v1

string

Deprecated, please rename it to admin_ssh_v1. Enable/disable SSH v1 compatibility.

Choices:

  • "disable"

  • "enable"

admin-telnet

string

Deprecated, please rename it to admin_telnet. Enable/disable TELNET service.

Choices:

  • "disable"

  • "enable"

admin-telnet-port

integer

Deprecated, please rename it to admin_telnet_port. Administrative access port for TELNET.

admintimeout

integer

Number of minutes before an idle administrator session times out

airplane-mode

string

Deprecated, please rename it to airplane_mode. Enable/disable airplane mode.

Choices:

  • "disable"

  • "enable"

alias

string

Alias for your FortiGate unit.

allow-traffic-redirect

string

Deprecated, please rename it to allow_traffic_redirect. Disable to prevent traffic with same local ingress and egress inte…

Choices:

  • "disable"

  • "enable"

anti-replay

string

Deprecated, please rename it to anti_replay. Level of checking for packet replay and TCP sequence checking.

Choices:

  • "disable"

  • "loose"

  • "strict"

arp-max-entry

integer

Deprecated, please rename it to arp_max_entry. Maximum number of dynamically learned MAC addresses that can be added to th…

auth-cert

any

(list) Deprecated, please rename it to auth_cert. Server certificate that the FortiGate uses for HTTPS firewall authentica…

auth-http-port

integer

Deprecated, please rename it to auth_http_port. User authentication HTTP port.

auth-https-port

integer

Deprecated, please rename it to auth_https_port. User authentication HTTPS port.

auth-ike-saml-port

integer

Deprecated, please rename it to auth_ike_saml_port. User IKE SAML authentication port

auth-keepalive

string

Deprecated, please rename it to auth_keepalive. Enable to prevent user authentication sessions from timing out when idle.

Choices:

  • "disable"

  • "enable"

auth-session-auto-backup

string

Deprecated, please rename it to auth_session_auto_backup. Enable/disable automatic and periodic backup of authentication s…

Choices:

  • "disable"

  • "enable"

auth-session-auto-backup-interval

string

Deprecated, please rename it to auth_session_auto_backup_interval. Configure automatic authentication session backup inter…

Choices:

  • "1min"

  • "5min"

  • "15min"

  • "30min"

  • "1hr"

auth-session-limit

string

Deprecated, please rename it to auth_session_limit. Action to take when the number of allowed user authenticated sessions …

Choices:

  • "block-new"

  • "logout-inactive"

auto-auth-extension-device

string

Deprecated, please rename it to auto_auth_extension_device. Enable/disable automatic authorization of dedicated Fortinet e…

Choices:

  • "disable"

  • "enable"

autorun-log-fsck

string

Deprecated, please rename it to autorun_log_fsck. Enable/disable automatic log partition check after ungraceful shutdown.

Choices:

  • "disable"

  • "enable"

av-affinity

string

Deprecated, please rename it to av_affinity. Affinity setting for AV scanning

av-failopen

string

Deprecated, please rename it to av_failopen. Set the action to take if the FortiGate is running low on memory or the proxy…

Choices:

  • "off"

  • "pass"

  • "one-shot"

  • "idledrop"

av-failopen-session

string

Deprecated, please rename it to av_failopen_session. When enabled and a proxy for a protocol runs out of room in its sessi…

Choices:

  • "disable"

  • "enable"

batch-cmdb

string

Deprecated, please rename it to batch_cmdb. Enable/disable batch mode, allowing you to enter a series of CLI commands that…

Choices:

  • "disable"

  • "enable"

bfd-affinity

string

Deprecated, please rename it to bfd_affinity. Affinity setting for BFD daemon

block-session-timer

integer

Deprecated, please rename it to block_session_timer. Duration in seconds for blocked sessions

br-fdb-max-entry

integer

Deprecated, please rename it to br_fdb_max_entry. Maximum number of bridge forwarding database

cert-chain-max

integer

Deprecated, please rename it to cert_chain_max. Maximum number of certificates that can be traversed in a certificate chain.

cfg-revert-timeout

integer

Deprecated, please rename it to cfg_revert_timeout. Time-out for reverting to the last saved configuration.

cfg-save

string

Deprecated, please rename it to cfg_save. Configuration file save mode for CLI changes.

Choices:

  • "automatic"

  • "manual"

  • "revert"

check-protocol-header

string

Deprecated, please rename it to check_protocol_header. Level of checking performed on protocol headers.

Choices:

  • "loose"

  • "strict"

check-reset-range

string

Deprecated, please rename it to check_reset_range. Configure ICMP error message verification.

Choices:

  • "disable"

  • "strict"

cli-audit-log

string

Deprecated, please rename it to cli_audit_log. Enable/disable CLI audit log.

Choices:

  • "disable"

  • "enable"

cloud-communication

string

Deprecated, please rename it to cloud_communication. Enable/disable all cloud communication.

Choices:

  • "disable"

  • "enable"

clt-cert-req

string

Deprecated, please rename it to clt_cert_req. Enable/disable requiring administrators to have a client certificate to log …

Choices:

  • "disable"

  • "enable"

cmdbsvr-affinity

string

Deprecated, please rename it to cmdbsvr_affinity. Affinity setting for cmdbsvr

cpu-use-threshold

integer

Deprecated, please rename it to cpu_use_threshold. Threshold at which CPU usage is reported

csr-ca-attribute

string

Deprecated, please rename it to csr_ca_attribute. Enable/disable the CA attribute in certificates.

Choices:

  • "disable"

  • "enable"

daily-restart

string

Deprecated, please rename it to daily_restart. Enable/disable daily restart of FortiGate unit.

Choices:

  • "disable"

  • "enable"

default-service-source-port

string

Deprecated, please rename it to default_service_source_port. Default service source port range

delay-tcp-npu-session

string

Deprecated, please rename it to delay_tcp_npu_session. Enable TCP NPU session delay to guarantee packet order of 3-way han…

Choices:

  • "disable"

  • "enable"

device-idle-timeout

integer

Deprecated, please rename it to device_idle_timeout. Time in seconds that a device must be idle to automatically log the d…

dh-params

string

Deprecated, please rename it to dh_params. Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.

Choices:

  • "1024"

  • "1536"

  • "2048"

  • "3072"

  • "4096"

  • "6144"

  • "8192"

dhcp-lease-backup-interval

integer

Deprecated, please rename it to dhcp_lease_backup_interval. DHCP leases backup interval in seconds

dnsproxy-worker-count

integer

Deprecated, please rename it to dnsproxy_worker_count. DNS proxy worker count.

dp-fragment-timer

integer

Deprecated, please rename it to dp_fragment_timer. DP fragment session timeout

dp-pinhole-timer

integer

Deprecated, please rename it to dp_pinhole_timer. DP pinhole session timeout

dp-rsync-timer

integer

Deprecated, please rename it to dp_rsync_timer. DP rsync session timeout

dp-tcp-normal-timer

integer

Deprecated, please rename it to dp_tcp_normal_timer. DP tcp normal timeout

dp-udp-idle-timer

integer

Deprecated, please rename it to dp_udp_idle_timer. DP udp idle timer

dst

string

Enable/disable daylight saving time.

Choices:

  • "disable"

  • "enable"

early-tcp-npu-session

string

Deprecated, please rename it to early_tcp_npu_session. Enable/disable early TCP NPU session.

Choices:

  • "disable"

  • "enable"

edit-vdom-prompt

string

Deprecated, please rename it to edit_vdom_prompt. Enable/disable edit new VDOM prompt.

Choices:

  • "disable"

  • "enable"

endpoint-control-fds-access

string

Deprecated, please rename it to endpoint_control_fds_access. Endpoint control fds access.

Choices:

  • "disable"

  • "enable"

extender-controller-reserved-network

any

(list) Deprecated, please rename it to extender_controller_reserved_network. Configure reserved network subnet for managed…

faz-disk-buffer-size

integer

Deprecated, please rename it to faz_disk_buffer_size. Maximum disk buffer size to temporarily store logs destined for Fort…

fds-statistics

string

Deprecated, please rename it to fds_statistics. Enable/disable sending IPS, Application Control, and AntiVirus data to For…

Choices:

  • "disable"

  • "enable"

fds-statistics-period

integer

Deprecated, please rename it to fds_statistics_period. FortiGuard statistics collection period in minutes.

fec-port

integer

Deprecated, please rename it to fec_port. Local UDP port for Forward Error Correction

fgd-alert-subscription

list / elements=string

Deprecated, please rename it to fgd_alert_subscription. Type of alert to retrieve from FortiGuard.

Choices:

  • "advisory"

  • "latest-threat"

  • "latest-virus"

  • "latest-attack"

  • "new-antivirus-db"

  • "new-attack-db"

forticarrier-bypass

string

Deprecated, please rename it to forticarrier_bypass. Forticarrier bypass.

Choices:

  • "disable"

  • "enable"

forticontroller-proxy

string

Deprecated, please rename it to forticontroller_proxy. Enable/disable FortiController proxy.

Choices:

  • "disable"

  • "enable"

forticontroller-proxy-port

integer

Deprecated, please rename it to forticontroller_proxy_port. FortiController proxy port

forticonverter-config-upload

string

Deprecated, please rename it to forticonverter_config_upload. Enable/disable config upload to FortiConverter.

Choices:

  • "disable"

  • "once"

forticonverter-integration

string

Deprecated, please rename it to forticonverter_integration. Enable/disable FortiConverter integration service.

Choices:

  • "disable"

  • "enable"

fortiextender

string

Enable/disable FortiExtender.

Choices:

  • "disable"

  • "enable"

fortiextender-data-port

integer

Deprecated, please rename it to fortiextender_data_port. FortiExtender data port

fortiextender-discovery-lockdown

string

Deprecated, please rename it to fortiextender_discovery_lockdown. Enable/disable FortiExtender CAPWAP lockdown.

Choices:

  • "disable"

  • "enable"

fortiextender-provision-on-authorization

string

Deprecated, please rename it to fortiextender_provision_on_authorization. Enable/disable automatic provisioning of latest …

Choices:

  • "disable"

  • "enable"

fortiextender-vlan-mode

string

Deprecated, please rename it to fortiextender_vlan_mode. Enable/disable FortiExtender VLAN mode.

Choices:

  • "disable"

  • "enable"

fortigslb-integration

string

Deprecated, please rename it to fortigslb_integration. Enable/disable integration with the FortiGSLB cloud service.

Choices:

  • "disable"

  • "enable"

fortiipam-integration

string

Deprecated, please rename it to fortiipam_integration. Enable/disable integration with the FortiIPAM cloud service.

Choices:

  • "disable"

  • "enable"

fortiservice-port

integer

Deprecated, please rename it to fortiservice_port. FortiService port

fortitoken-cloud

string

Deprecated, please rename it to fortitoken_cloud. Enable/disable FortiToken Cloud service.

Choices:

  • "disable"

  • "enable"

fortitoken-cloud-push-status

string

Deprecated, please rename it to fortitoken_cloud_push_status. Enable/disable FTM push service of FortiToken Cloud.

Choices:

  • "disable"

  • "enable"

fortitoken-cloud-service

string

Deprecated, please rename it to fortitoken_cloud_service. Fortitoken cloud service.

Choices:

  • "disable"

  • "enable"

fortitoken-cloud-sync-interval

integer

Deprecated, please rename it to fortitoken_cloud_sync_interval. Interval in which to clean up remote users in FortiToken Cloud

gtpu-dynamic-source-port

string

Deprecated, please rename it to gtpu_dynamic_source_port. Enable/disable GTP-U dynamic source port support.

Choices:

  • "disable"

  • "enable"

gui-allow-default-hostname

string

Deprecated, please rename it to gui_allow_default_hostname. Enable/disable the factory default hostname warning on the GUI…

Choices:

  • "disable"

  • "enable"

gui-allow-incompatible-fabric-fgt

string

Deprecated, please rename it to gui_allow_incompatible_fabric_fgt. Enable/disable Allow FGT with incompatible firmware to …

Choices:

  • "disable"

  • "enable"

gui-app-detection-sdwan

string

Deprecated, please rename it to gui_app_detection_sdwan. Enable/disable Allow app-detection based SD-WAN.

Choices:

  • "disable"

  • "enable"

gui-auto-upgrade-setup-warning

string

Deprecated, please rename it to gui_auto_upgrade_setup_warning. Enable/disable the automatic patch upgrade setup prompt on…

Choices:

  • "disable"

  • "enable"

gui-cdn-domain-override

string

Deprecated, please rename it to gui_cdn_domain_override. Domain of CDN server.

gui-cdn-usage

string

Deprecated, please rename it to gui_cdn_usage. Enable/disable Load GUI static files from a CDN.

Choices:

  • "disable"

  • "enable"

gui-certificates

string

Deprecated, please rename it to gui_certificates. Enable/disable the System > Certificate GUI page, allowing you to add an…

Choices:

  • "disable"

  • "enable"

gui-custom-language

string

Deprecated, please rename it to gui_custom_language. Enable/disable custom languages in GUI.

Choices:

  • "disable"

  • "enable"

gui-date-format

string

Deprecated, please rename it to gui_date_format. Default date format used throughout GUI.

Choices:

  • "yyyy/MM/dd"

  • "dd/MM/yyyy"

  • "MM/dd/yyyy"

  • "yyyy-MM-dd"

  • "dd-MM-yyyy"

  • "MM-dd-yyyy"

gui-date-time-source

string

Deprecated, please rename it to gui_date_time_source. Source from which the FortiGate GUI uses to display date and time en…

Choices:

  • "system"

  • "browser"

gui-device-latitude

string

Deprecated, please rename it to gui_device_latitude.

Support meta variable

Add the latitude of the location of this FortiGate to position it on the Threat Map.

gui-device-longitude

string

Deprecated, please rename it to gui_device_longitude.

Support meta variable

Add the longitude of the location of this FortiGate to position it on the Threat Map.

gui-display-hostname

string

Deprecated, please rename it to gui_display_hostname. Enable/disable displaying the FortiGates hostname on the GUI login page.

Choices:

  • "disable"

  • "enable"

gui-firmware-upgrade-setup-warning

string

Deprecated, please rename it to gui_firmware_upgrade_setup_warning. Gui firmware upgrade setup warning.

Choices:

  • "disable"

  • "enable"

gui-firmware-upgrade-warning

string

Deprecated, please rename it to gui_firmware_upgrade_warning. Enable/disable the firmware upgrade warning on the GUI.

Choices:

  • "disable"

  • "enable"

gui-forticare-registration-setup-warning

string

Deprecated, please rename it to gui_forticare_registration_setup_warning. Enable/disable the FortiCare registration setup …

Choices:

  • "disable"

  • "enable"

gui-fortigate-cloud-sandbox

string

Deprecated, please rename it to gui_fortigate_cloud_sandbox. Enable/disable displaying FortiGate Cloud Sandbox on the GUI.

Choices:

  • "disable"

  • "enable"

gui-fortiguard-resource-fetch

string

Deprecated, please rename it to gui_fortiguard_resource_fetch. Enable/disable retrieving static GUI resources from FortiGuard.

Choices:

  • "disable"

  • "enable"

gui-fortisandbox-cloud

string

Deprecated, please rename it to gui_fortisandbox_cloud. Enable/disable displaying FortiSandbox Cloud on the GUI.

Choices:

  • "disable"

  • "enable"

gui-ipv6

string

Deprecated, please rename it to gui_ipv6. Enable/disable IPv6 settings on the GUI.

Choices:

  • "disable"

  • "enable"

gui-lines-per-page

integer

Deprecated, please rename it to gui_lines_per_page. Number of lines to display per page for web administration.

gui-local-out

string

Deprecated, please rename it to gui_local_out. Enable/disable Local-out traffic on the GUI.

Choices:

  • "disable"

  • "enable"

gui-replacement-message-groups

string

Deprecated, please rename it to gui_replacement_message_groups. Enable/disable replacement message groups on the GUI.

Choices:

  • "disable"

  • "enable"

gui-rest-api-cache

string

Deprecated, please rename it to gui_rest_api_cache. Enable/disable REST API result caching on FortiGate.

Choices:

  • "disable"

  • "enable"

gui-theme

string

Deprecated, please rename it to gui_theme. Color scheme for the administration GUI.

Choices:

  • "blue"

  • "green"

  • "melongene"

  • "red"

  • "mariner"

  • "neutrino"

  • "jade"

  • "graphite"

  • "dark-matter"

  • "onyx"

  • "eclipse"

  • "retro"

  • "fpx"

  • "jet-stream"

  • "security-fabric"

gui-wireless-opensecurity

string

Deprecated, please rename it to gui_wireless_opensecurity. Enable/disable wireless open security option on the GUI.

Choices:

  • "disable"

  • "enable"

gui-workflow-management

string

Deprecated, please rename it to gui_workflow_management. Enable/disable Workflow management features on the GUI.

Choices:

  • "disable"

  • "enable"

ha-affinity

string

Deprecated, please rename it to ha_affinity. Affinity setting for HA daemons

honor-df

string

Deprecated, please rename it to honor_df. Enable/disable honoring of Dont-Fragment

Choices:

  • "disable"

  • "enable"

hostname

string

Support meta variable

FortiGate units hostname.

http-request-limit

integer

Deprecated, please rename it to http_request_limit. HTTP request body size limit.

http-unauthenticated-request-limit

integer

Deprecated, please rename it to http_unauthenticated_request_limit. HTTP request body size limit before authentication.

httpd-max-worker-count

integer

Deprecated, please rename it to httpd_max_worker_count. Maximum number of simultaneous HTTP requests that will be served.

hw-switch-ether-filter

string

Deprecated, please rename it to hw_switch_ether_filter. Enable/disable hardware filter for certain Ethernet packet types.

Choices:

  • "disable"

  • "enable"

hyper-scale-vdom-num

integer

Deprecated, please rename it to hyper_scale_vdom_num. Number of VDOMs for hyper scale license.

igmp-state-limit

integer

Deprecated, please rename it to igmp_state_limit. Maximum number of IGMP memberships

interface-subnet-usage

string

Deprecated, please rename it to interface_subnet_usage. Enable/disable allowing use of interface-subnet setting in firewal…

Choices:

  • "disable"

  • "enable"

internal-switch-mode

string

Deprecated, please rename it to internal_switch_mode. Internal switch mode.

Choices:

  • "switch"

  • "interface"

  • "hub"

internal-switch-speed

list / elements=string

Deprecated, please rename it to internal_switch_speed. Internal port speed.

Choices:

  • "auto"

  • "10full"

  • "10half"

  • "100full"

  • "100half"

  • "1000full"

  • "1000auto"

internet-service-database

string

Deprecated, please rename it to internet_service_database. Configure which Internet Service database size to download from…

Choices:

  • "mini"

  • "standard"

  • "full"

  • "on-demand"

internet-service-download-list

any

(list) Deprecated, please rename it to internet_service_download_list. Configure which on-demand Internet Service IDs are …

ip-conflict-detection

string

Deprecated, please rename it to ip_conflict_detection. Enable/disable logging of IPv4 address conflict detection.

Choices:

  • "disable"

  • "enable"

ip-fragment-mem-thresholds

integer

Deprecated, please rename it to ip_fragment_mem_thresholds. Maximum memory

ip-fragment-timeout

integer

Deprecated, please rename it to ip_fragment_timeout. Timeout value in seconds for any fragment not being reassembled

ip-src-port-range

any

(list) Deprecated, please rename it to ip_src_port_range. IP source port range used for traffic originating from the Forti…

ips-affinity

string

Deprecated, please rename it to ips_affinity. Affinity setting for IPS

ipsec-asic-offload

string

Deprecated, please rename it to ipsec_asic_offload. Enable/disable ASIC offloading

Choices:

  • "disable"

  • "enable"

ipsec-ha-seqjump-rate

integer

Deprecated, please rename it to ipsec_ha_seqjump_rate. ESP jump ahead rate

ipsec-hmac-offload

string

Deprecated, please rename it to ipsec_hmac_offload. Enable/disable offloading

Choices:

  • "disable"

  • "enable"

ipsec-qat-offload

string

Deprecated, please rename it to ipsec_qat_offload. Enable/disable QAT offloading

Choices:

  • "disable"

  • "enable"

ipsec-round-robin

string

Deprecated, please rename it to ipsec_round_robin. Enable/disable round-robin redistribution to multiple CPUs for IPsec VP…

Choices:

  • "disable"

  • "enable"

ipsec-soft-dec-async

string

Deprecated, please rename it to ipsec_soft_dec_async. Enable/disable software decryption asynchronization

Choices:

  • "disable"

  • "enable"

ipv6-accept-dad

integer

Deprecated, please rename it to ipv6_accept_dad. Enable/disable acceptance of IPv6 Duplicate Address Detection

ipv6-allow-anycast-probe

string

Deprecated, please rename it to ipv6_allow_anycast_probe. Enable/disable IPv6 address probe through Anycast.

Choices:

  • "disable"

  • "enable"

ipv6-allow-local-in-silent-drop

string

Deprecated, please rename it to ipv6_allow_local_in_silent_drop. Enable/disable silent drop of IPv6 local-in traffic.

Choices:

  • "disable"

  • "enable"

ipv6-allow-local-in-slient-drop

string

Deprecated, please rename it to ipv6_allow_local_in_slient_drop. Enable/disable silent drop of IPv6 local-in traffic.

Choices:

  • "disable"

  • "enable"

ipv6-allow-multicast-probe

string

Deprecated, please rename it to ipv6_allow_multicast_probe. Enable/disable IPv6 address probe through Multicast.

Choices:

  • "disable"

  • "enable"

ipv6-allow-traffic-redirect

string

Deprecated, please rename it to ipv6_allow_traffic_redirect. Disable to prevent IPv6 traffic with same local ingress and e…

Choices:

  • "disable"

  • "enable"

ipv6-fragment-timeout

integer

Deprecated, please rename it to ipv6_fragment_timeout. Timeout value in seconds for any IPv6 fragment not being reassembled

irq-time-accounting

string

Deprecated, please rename it to irq_time_accounting. Configure CPU IRQ time accounting mode.

Choices:

  • "auto"

  • "force"

language

string

GUI display language.

Choices:

  • "english"

  • "simch"

  • "japanese"

  • "korean"

  • "spanish"

  • "trach"

  • "french"

  • "portuguese"

ldapconntimeout

integer

Global timeout for connections with remote LDAP servers in milliseconds

legacy-poe-device-support

string

Deprecated, please rename it to legacy_poe_device_support. Enable/disable legacy POE device support.

Choices:

  • "disable"

  • "enable"

lldp-reception

string

Deprecated, please rename it to lldp_reception. Enable/disable Link Layer Discovery Protocol

Choices:

  • "disable"

  • "enable"

lldp-transmission

string

Deprecated, please rename it to lldp_transmission. Enable/disable Link Layer Discovery Protocol

Choices:

  • "disable"

  • "enable"

log-single-cpu-high

string

Deprecated, please rename it to log_single_cpu_high. Enable/disable logging the event of a single CPU core reaching CPU us…

Choices:

  • "disable"

  • "enable"

log-ssl-connection

string

Deprecated, please rename it to log_ssl_connection. Enable/disable logging of SSL connection events.

Choices:

  • "disable"

  • "enable"

log-uuid-address

string

Deprecated, please rename it to log_uuid_address. Enable/disable insertion of address UUIDs to traffic logs.

Choices:

  • "disable"

  • "enable"

log-uuid-policy

string

Deprecated, please rename it to log_uuid_policy. Enable/disable insertion of policy UUIDs to traffic logs.

Choices:

  • "disable"

  • "enable"

login-timestamp

string

Deprecated, please rename it to login_timestamp. Enable/disable login time recording.

Choices:

  • "disable"

  • "enable"

long-vdom-name

string

Deprecated, please rename it to long_vdom_name. Enable/disable long VDOM name support.

Choices:

  • "disable"

  • "enable"

management-ip

string

Deprecated, please rename it to management_ip. Management IP address of this FortiGate.

management-port

integer

Deprecated, please rename it to management_port. Overriding port for management connection

management-port-use-admin-sport

string

Deprecated, please rename it to management_port_use_admin_sport. Enable/disable use of the admin-sport setting for the man…

Choices:

  • "disable"

  • "enable"

management-vdom

any

(list) Deprecated, please rename it to management_vdom. Management virtual domain name.

max-route-cache-size

integer

Deprecated, please rename it to max_route_cache_size. Maximum number of IP route cache entries

memory-use-threshold-extreme

integer

Deprecated, please rename it to memory_use_threshold_extreme. Threshold at which memory usage is considered extreme

memory-use-threshold-green

integer

Deprecated, please rename it to memory_use_threshold_green. Threshold at which memory usage forces the FortiGate to exit c…

memory-use-threshold-red

integer

Deprecated, please rename it to memory_use_threshold_red. Threshold at which memory usage forces the FortiGate to enter co…

miglog-affinity

string

Deprecated, please rename it to miglog_affinity. Affinity setting for logging

miglogd-children

integer

Deprecated, please rename it to miglogd_children. Number of logging

multi-factor-authentication

string

Deprecated, please rename it to multi_factor_authentication. Enforce all login methods to require an additional authentica…

Choices:

  • "optional"

  • "mandatory"

ndp-max-entry

integer

Deprecated, please rename it to ndp_max_entry. Maximum number of NDP table entries

npu-neighbor-update

string

Deprecated, please rename it to npu_neighbor_update. Enable/disable sending of ARP/ICMP6 probing packets to update neighbo…

Choices:

  • "disable"

  • "enable"

optimize-flow-mode

string

Deprecated, please rename it to optimize_flow_mode. Flow mode optimization option.

Choices:

  • "disable"

  • "enable"

per-user-bal

string

Deprecated, please rename it to per_user_bal. Enable/disable per-user block/allow list filter.

Choices:

  • "disable"

  • "enable"

per-user-bwl

string

Deprecated, please rename it to per_user_bwl. Enable/disable per-user black/white list filter.

Choices:

  • "disable"

  • "enable"

pmtu-discovery

string

Deprecated, please rename it to pmtu_discovery. Enable/disable path MTU discovery.

Choices:

  • "disable"

  • "enable"

policy-auth-concurrent

integer

Deprecated, please rename it to policy_auth_concurrent. Number of concurrent firewall use logins from the same user

post-login-banner

string

Deprecated, please rename it to post_login_banner. Enable/disable displaying the administrator access disclaimer message a…

Choices:

  • "disable"

  • "enable"

pre-login-banner

string

Deprecated, please rename it to pre_login_banner. Enable/disable displaying the administrator access disclaimer message on…

Choices:

  • "disable"

  • "enable"

private-data-encryption

string

Deprecated, please rename it to private_data_encryption. Enable/disable private data encryption using an AES 128-bit key o…

Choices:

  • "disable"

  • "enable"

proxy-and-explicit-proxy

string

Deprecated, please rename it to proxy_and_explicit_proxy. Proxy and explicit proxy.

Choices:

  • "disable"

  • "enable"

proxy-auth-lifetime

string

Deprecated, please rename it to proxy_auth_lifetime. Enable/disable authenticated users lifetime control.

Choices:

  • "disable"

  • "enable"

proxy-auth-lifetime-timeout

integer

Deprecated, please rename it to proxy_auth_lifetime_timeout. Lifetime timeout in minutes for authenticated users

proxy-auth-timeout

integer

Deprecated, please rename it to proxy_auth_timeout. Authentication timeout in minutes for authenticated users

proxy-cert-use-mgmt-vdom

string

Deprecated, please rename it to proxy_cert_use_mgmt_vdom. Enable/disable using management VDOM to send requests.

Choices:

  • "disable"

  • "enable"

proxy-cipher-hardware-acceleration

string

Deprecated, please rename it to proxy_cipher_hardware_acceleration. Enable/disable using content processor

Choices:

  • "disable"

  • "enable"

proxy-hardware-acceleration

string

Deprecated, please rename it to proxy_hardware_acceleration. Enable/disable email proxy hardware acceleration.

Choices:

  • "disable"

  • "enable"

proxy-keep-alive-mode

string

Deprecated, please rename it to proxy_keep_alive_mode. Control if users must re-authenticate after a session is closed, tr…

Choices:

  • "session"

  • "traffic"

  • "re-authentication"

proxy-kxp-hardware-acceleration

string

Deprecated, please rename it to proxy_kxp_hardware_acceleration. Enable/disable using the content processor to accelerate …

Choices:

  • "disable"

  • "enable"

proxy-re-authentication-mode

string

Deprecated, please rename it to proxy_re_authentication_mode. Control if users must re-authenticate after a session is clo…

Choices:

  • "session"

  • "traffic"

  • "absolute"

proxy-re-authentication-time

integer

Deprecated, please rename it to proxy_re_authentication_time. The time limit that users must re-authenticate if proxy-keep…

proxy-resource-mode

string

Deprecated, please rename it to proxy_resource_mode. Enable/disable use of the maximum memory usage on the FortiGate units…

Choices:

  • "disable"

  • "enable"

proxy-worker-count

integer

Deprecated, please rename it to proxy_worker_count. Proxy worker count.

purdue-level

string

Deprecated, please rename it to purdue_level. Purdue Level of this FortiGate.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

  • "5"

  • "1.5"

  • "2.5"

  • "3.5"

  • "5.5"

qsfp28-40g-port

any

(list) Deprecated, please rename it to qsfp28_40g_port. Set port

qsfpdd-100g-port

any

(list) Deprecated, please rename it to qsfpdd_100g_port. Split qsfpddd port

qsfpdd-split8-port

any

(list) Deprecated, please rename it to qsfpdd_split8_port. Split qsfpddd port

quic-ack-thresold

integer

Deprecated, please rename it to quic_ack_thresold. Maximum number of unacknowledged packets before sending ACK

quic-congestion-control-algo

string

Deprecated, please rename it to quic_congestion_control_algo. QUIC congestion control algorithm

Choices:

  • "cubic"

  • "bbr"

  • "bbr2"

  • "reno"

quic-max-datagram-size

integer

Deprecated, please rename it to quic_max_datagram_size. Maximum transmit datagram size

quic-pmtud

string

Deprecated, please rename it to quic_pmtud. Enable/disable path MTU discovery

Choices:

  • "disable"

  • "enable"

quic-tls-handshake-timeout

integer

Deprecated, please rename it to quic_tls_handshake_timeout. Time-to-live

quic-udp-payload-size-shaping-per-cid

string

Deprecated, please rename it to quic_udp_payload_size_shaping_per_cid. Enable/disable UDP payload size shaping per connect…

Choices:

  • "disable"

  • "enable"

radius-port

integer

Deprecated, please rename it to radius_port. RADIUS service port number.

reboot-upon-config-restore

string

Deprecated, please rename it to reboot_upon_config_restore. Enable/disable reboot of system upon restoring configuration.

Choices:

  • "disable"

  • "enable"

refresh

integer

Statistics refresh interval second

remoteauthtimeout

integer

Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers.

reset-sessionless-tcp

string

Deprecated, please rename it to reset_sessionless_tcp. Action to perform if the FortiGate receives a TCP packet but cannot…

Choices:

  • "disable"

  • "enable"

restart-time

string

Deprecated, please rename it to restart_time. Daily restart time

revision-backup-on-logout

string

Deprecated, please rename it to revision_backup_on_logout. Enable/disable back-up of the latest configuration revision whe…

Choices:

  • "disable"

  • "enable"

revision-image-auto-backup

string

Deprecated, please rename it to revision_image_auto_backup. Enable/disable back-up of the latest image revision after the …

Choices:

  • "disable"

  • "enable"

scanunit-count

integer

Deprecated, please rename it to scanunit_count. Number of scanunits.

scim-http-port

integer

Deprecated, please rename it to scim_http_port. SCIM http port

scim-https-port

integer

Deprecated, please rename it to scim_https_port. SCIM port

scim-server-cert

any

(list) Deprecated, please rename it to scim_server_cert. Server certificate that the FortiGate uses for SCIM connections.

security-rating-result-submission

string

Deprecated, please rename it to security_rating_result_submission. Enable/disable the submission of Security Rating result…

Choices:

  • "disable"

  • "enable"

security-rating-run-on-schedule

string

Deprecated, please rename it to security_rating_run_on_schedule. Enable/disable scheduled runs of Security Rating.

Choices:

  • "disable"

  • "enable"

send-pmtu-icmp

string

Deprecated, please rename it to send_pmtu_icmp. Enable/disable sending of path maximum transmission unit

Choices:

  • "disable"

  • "enable"

sflowd-max-children-num

integer

Deprecated, please rename it to sflowd_max_children_num. Maximum number of sflowd child processes allowed to run.

show-backplane-intf

string

Deprecated, please rename it to show_backplane_intf. Show/hide backplane interfaces

Choices:

  • "disable"

  • "enable"

snat-route-change

string

Deprecated, please rename it to snat_route_change. Enable/disable the ability to change the source NAT route.

Choices:

  • "disable"

  • "enable"

special-file-23-support

string

Deprecated, please rename it to special_file_23_support. Enable/disable detection of those special format files when using…

Choices:

  • "disable"

  • "enable"

speedtest-server

string

Deprecated, please rename it to speedtest_server. Enable/disable speed test server.

Choices:

  • "disable"

  • "enable"

speedtestd-ctrl-port

integer

Deprecated, please rename it to speedtestd_ctrl_port. Speedtest server controller port number.

speedtestd-server-port

integer

Deprecated, please rename it to speedtestd_server_port. Speedtest server port number.

split-port

any

(list) Deprecated, please rename it to split_port. Split port

split-port-mode

list / elements=dictionary

Deprecated, please rename it to split_port_mode. Split port mode.

interface

string

Split port interface.

split-mode

string

Deprecated, please rename it to split_mode. The configuration mode for the split port interface.

Choices:

  • "disable"

  • "4x10G"

  • "4x25G"

  • "4x50G"

  • "8x50G"

  • "4x100G"

  • "2x200G"

  • "8x25G"

ssd-trim-date

integer

Deprecated, please rename it to ssd_trim_date. Date within a month to run ssd trim.

ssd-trim-freq

string

Deprecated, please rename it to ssd_trim_freq. How often to run SSD Trim

Choices:

  • "daily"

  • "weekly"

  • "monthly"

  • "hourly"

  • "never"

ssd-trim-hour

integer

Deprecated, please rename it to ssd_trim_hour. Hour of the day on which to run SSD Trim

ssd-trim-min

integer

Deprecated, please rename it to ssd_trim_min. Minute of the hour on which to run SSD Trim

ssd-trim-weekday

string

Deprecated, please rename it to ssd_trim_weekday. Day of week to run SSD Trim.

Choices:

  • "sunday"

  • "monday"

  • "tuesday"

  • "wednesday"

  • "thursday"

  • "friday"

  • "saturday"

ssh-cbc-cipher

string

Deprecated, please rename it to ssh_cbc_cipher. Enable/disable CBC cipher for SSH access.

Choices:

  • "disable"

  • "enable"

ssh-enc-algo

list / elements=string

Deprecated, please rename it to ssh_enc_algo. Select one or more SSH ciphers.

Choices:

  • "chacha20-poly1305@openssh.com"

  • "aes128-ctr"

  • "aes192-ctr"

  • "aes256-ctr"

  • "arcfour256"

  • "arcfour128"

  • "aes128-cbc"

  • "3des-cbc"

  • "blowfish-cbc"

  • "cast128-cbc"

  • "aes192-cbc"

  • "aes256-cbc"

  • "arcfour"

  • "rijndael-cbc@lysator.liu.se"

  • "aes128-gcm@openssh.com"

  • "aes256-gcm@openssh.com"

ssh-hmac-md5

string

Deprecated, please rename it to ssh_hmac_md5. Enable/disable HMAC-MD5 for SSH access.

Choices:

  • "disable"

  • "enable"

ssh-hostkey

string

Deprecated, please rename it to ssh_hostkey. Config SSH host key.

ssh-hostkey-algo

list / elements=string

Deprecated, please rename it to ssh_hostkey_algo. Select one or more SSH hostkey algorithms.

Choices:

  • "ssh-rsa"

  • "ecdsa-sha2-nistp521"

  • "rsa-sha2-256"

  • "rsa-sha2-512"

  • "ssh-ed25519"

  • "ecdsa-sha2-nistp384"

  • "ecdsa-sha2-nistp256"

ssh-hostkey-override

string

Deprecated, please rename it to ssh_hostkey_override. Enable/disable SSH host key override in SSH daemon.

Choices:

  • "disable"

  • "enable"

ssh-hostkey-password

any

(list) Deprecated, please rename it to ssh_hostkey_password. Password for ssh-hostkey.

ssh-kex-algo

list / elements=string

Deprecated, please rename it to ssh_kex_algo. Select one or more SSH kex algorithms.

Choices:

  • "diffie-hellman-group1-sha1"

  • "diffie-hellman-group14-sha1"

  • "diffie-hellman-group-exchange-sha1"

  • "diffie-hellman-group-exchange-sha256"

  • "curve25519-sha256@libssh.org"

  • "ecdh-sha2-nistp256"

  • "ecdh-sha2-nistp384"

  • "ecdh-sha2-nistp521"

  • "diffie-hellman-group14-sha256"

  • "diffie-hellman-group16-sha512"

  • "diffie-hellman-group18-sha512"

ssh-kex-sha1

string

Deprecated, please rename it to ssh_kex_sha1. Enable/disable SHA1 key exchange for SSH access.

Choices:

  • "disable"

  • "enable"

ssh-mac-algo

list / elements=string

Deprecated, please rename it to ssh_mac_algo. Select one or more SSH MAC algorithms.

Choices:

  • "hmac-md5"

  • "hmac-md5-etm@openssh.com"

  • "hmac-md5-96"

  • "hmac-md5-96-etm@openssh.com"

  • "hmac-sha1"

  • "hmac-sha1-etm@openssh.com"

  • "hmac-sha2-256"

  • "hmac-sha2-256-etm@openssh.com"

  • "hmac-sha2-512"

  • "hmac-sha2-512-etm@openssh.com"

  • "hmac-ripemd160"

  • "hmac-ripemd160@openssh.com"

  • "hmac-ripemd160-etm@openssh.com"

  • "umac-64@openssh.com"

  • "umac-128@openssh.com"

  • "umac-64-etm@openssh.com"

  • "umac-128-etm@openssh.com"

ssh-mac-weak

string

Deprecated, please rename it to ssh_mac_weak. Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.

Choices:

  • "disable"

  • "enable"

ssl-min-proto-version

string

Deprecated, please rename it to ssl_min_proto_version. Minimum supported protocol version for SSL/TLS connections

Choices:

  • "TLSv1"

  • "TLSv1-1"

  • "TLSv1-2"

  • "SSLv3"

  • "TLSv1-3"

ssl-static-key-ciphers

string

Deprecated, please rename it to ssl_static_key_ciphers. Enable/disable static key ciphers in SSL/TLS connections

Choices:

  • "disable"

  • "enable"

sslvpn-cipher-hardware-acceleration

string

Deprecated, please rename it to sslvpn_cipher_hardware_acceleration. Enable/disable SSL-VPN hardware acceleration.

Choices:

  • "disable"

  • "enable"

sslvpn-ems-sn-check

string

Deprecated, please rename it to sslvpn_ems_sn_check. Enable/disable verification of EMS serial number in SSL-VPN connection.

Choices:

  • "disable"

  • "enable"

sslvpn-kxp-hardware-acceleration

string

Deprecated, please rename it to sslvpn_kxp_hardware_acceleration. Enable/disable SSL-VPN KXP hardware acceleration.

Choices:

  • "disable"

  • "enable"

sslvpn-max-worker-count

integer

Deprecated, please rename it to sslvpn_max_worker_count. Maximum number of SSL-VPN processes.

sslvpn-plugin-version-check

string

Deprecated, please rename it to sslvpn_plugin_version_check. Enable/disable checking browsers plugin version by SSL-VPN.

Choices:

  • "disable"

  • "enable"

sslvpn-web-mode

string

Deprecated, please rename it to sslvpn_web_mode. Enable/disable SSL-VPN web mode.

Choices:

  • "disable"

  • "enable"

strict-dirty-session-check

string

Deprecated, please rename it to strict_dirty_session_check. Enable to check the session against the original policy when r…

Choices:

  • "disable"

  • "enable"

strong-crypto

string

Deprecated, please rename it to strong_crypto. Enable to use strong encryption and only allow strong ciphers and digest fo…

Choices:

  • "disable"

  • "enable"

switch-controller

string

Deprecated, please rename it to switch_controller. Enable/disable switch controller feature.

Choices:

  • "disable"

  • "enable"

switch-controller-reserved-network

any

(list) Deprecated, please rename it to switch_controller_reserved_network. Configure reserved network subnet for managed s…

sys-file-check-interval

integer

Deprecated, please rename it to sys_file_check_interval. Set scheduled system file checking interval in minutes

sys-perf-log-interval

integer

Deprecated, please rename it to sys_perf_log_interval. Time in minutes between updates of performance statistics logging.

syslog-affinity

string

Deprecated, please rename it to syslog_affinity. Affinity setting for syslog

tcp-halfclose-timer

integer

Deprecated, please rename it to tcp_halfclose_timer. Number of seconds the FortiGate unit should wait to close a session a…

tcp-halfopen-timer

integer

Deprecated, please rename it to tcp_halfopen_timer. Number of seconds the FortiGate unit should wait to close a session af…

tcp-option

string

Deprecated, please rename it to tcp_option. Enable SACK, timestamp and MSS TCP options.

Choices:

  • "disable"

  • "enable"

tcp-rst-timer

integer

Deprecated, please rename it to tcp_rst_timer. Length of the TCP CLOSE state in seconds

tcp-timewait-timer

integer

Deprecated, please rename it to tcp_timewait_timer. Length of the TCP TIME-WAIT state in seconds

tftp

string

Enable/disable TFTP.

Choices:

  • "disable"

  • "enable"

timezone

any

(list)

Support meta variable

Timezone database name.

traffic-priority

string

Deprecated, please rename it to traffic_priority. Choose Type of Service

Choices:

  • "tos"

  • "dscp"

traffic-priority-level

string

Deprecated, please rename it to traffic_priority_level. Default system-wide level of priority for traffic prioritization.

Choices:

  • "high"

  • "medium"

  • "low"

two-factor-email-expiry

integer

Deprecated, please rename it to two_factor_email_expiry. Email-based two-factor authentication session timeout

two-factor-fac-expiry

integer

Deprecated, please rename it to two_factor_fac_expiry. FortiAuthenticator token authentication session timeout

two-factor-ftk-expiry

integer

Deprecated, please rename it to two_factor_ftk_expiry. FortiToken authentication session timeout

two-factor-ftm-expiry

integer

Deprecated, please rename it to two_factor_ftm_expiry. FortiToken Mobile session timeout

two-factor-sms-expiry

integer

Deprecated, please rename it to two_factor_sms_expiry. SMS-based two-factor authentication session timeout

udp-idle-timer

integer

Deprecated, please rename it to udp_idle_timer. UDP connection session timeout.

url-filter-affinity

string

Deprecated, please rename it to url_filter_affinity. URL filter CPU affinity.

url-filter-count

integer

Deprecated, please rename it to url_filter_count. URL filter daemon count.

user-device-store-max-devices

integer

Deprecated, please rename it to user_device_store_max_devices. Maximum number of devices allowed in user device store.

user-device-store-max-unified-mem

integer

Deprecated, please rename it to user_device_store_max_unified_mem. Maximum unified memory allowed in user device store.

user-device-store-max-users

integer

Deprecated, please rename it to user_device_store_max_users. Maximum number of users allowed in user device store.

user-history-password-threshold

integer

Deprecated, please rename it to user_history_password_threshold. Maximum number of previous passwords saved per admin/user

user-server-cert

any

(list) Deprecated, please rename it to user_server_cert. Certificate to use for https user authentication.

vdom-mode

string

Deprecated, please rename it to vdom_mode. Enable/disable support for multiple virtual domains

Choices:

  • "no-vdom"

  • "multi-vdom"

  • "split-vdom"

vip-arp-range

string

Deprecated, please rename it to vip_arp_range. Controls the number of ARPs that the FortiGate sends for a Virtual IP

Choices:

  • "restricted"

  • "unlimited"

virtual-server-count

integer

Deprecated, please rename it to virtual_server_count. Maximum number of virtual server processes to create.

virtual-server-hardware-acceleration

string

Deprecated, please rename it to virtual_server_hardware_acceleration. Enable/disable virtual server hardware acceleration.

Choices:

  • "disable"

  • "enable"

virtual-switch-vlan

string

Deprecated, please rename it to virtual_switch_vlan. Enable/disable virtual switch VLAN.

Choices:

  • "disable"

  • "enable"

vpn-ems-sn-check

string

Deprecated, please rename it to vpn_ems_sn_check. Enable/disable verification of EMS serial number in SSL-VPN connection.

Choices:

  • "disable"

  • "enable"

wad-affinity

string

Deprecated, please rename it to wad_affinity. Affinity setting for wad

wad-csvc-cs-count

integer

Deprecated, please rename it to wad_csvc_cs_count. Number of concurrent WAD-cache-service object-cache processes.

wad-csvc-db-count

integer

Deprecated, please rename it to wad_csvc_db_count. Number of concurrent WAD-cache-service byte-cache processes.

wad-memory-change-granularity

integer

Deprecated, please rename it to wad_memory_change_granularity. Minimum percentage change in system memory usage detected b…

wad-restart-end-time

string

Deprecated, please rename it to wad_restart_end_time. WAD workers daily restart end time

wad-restart-mode

string

Deprecated, please rename it to wad_restart_mode. WAD worker restart mode

Choices:

  • "none"

  • "time"

  • "memory"

wad-restart-start-time

string

Deprecated, please rename it to wad_restart_start_time. WAD workers daily restart time

wad-source-affinity

string

Deprecated, please rename it to wad_source_affinity. Enable/disable dispatching traffic to WAD workers based on source aff…

Choices:

  • "disable"

  • "enable"

wad-worker-count

integer

Deprecated, please rename it to wad_worker_count. Number of explicit proxy WAN optimization daemon

wifi-ca-certificate

any

(list) Deprecated, please rename it to wifi_ca_certificate. CA certificate that verifies the WiFi certificate.

wifi-certificate

any

(list) Deprecated, please rename it to wifi_certificate. Certificate to use for WiFi authentication.

wimax-4g-usb

string

Deprecated, please rename it to wimax_4g_usb. Enable/disable comparability with WiMAX 4G USB devices.

Choices:

  • "disable"

  • "enable"

wireless-controller

string

Deprecated, please rename it to wireless_controller. Enable/disable the wireless controller feature to use the FortiGate u…

Choices:

  • "disable"

  • "enable"

wireless-controller-port

integer

Deprecated, please rename it to wireless_controller_port. Port used for the control channel in wireless controller mode

wireless-mode

string

Deprecated, please rename it to wireless_mode. Wireless mode setting.

Choices:

  • "ac"

  • "client"

  • "wtp"

  • "fwfap"

xstools-update-frequency

integer

Deprecated, please rename it to xstools_update_frequency. Xenserver tools daemon update frequency

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure global attributes.
      fortinet.fortimanager.fmgr_devprof_system_global:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        devprof: <your own value>
        devprof_system_global:
          admin_https_redirect: <value in [disable, enable]>
          admin_port: <integer>
          admin_scp: <value in [disable, enable]>
          admin_sport: <integer>
          admin_ssh_port: <integer>
          admin_ssh_v1: <value in [disable, enable]>
          admin_telnet_port: <integer>
          admintimeout: <integer>
          gui_ipv6: <value in [disable, enable]>
          gui_lines_per_page: <integer>
          gui_theme: <value in [blue, green, melongene, ...]>
          language: <value in [english, simch, japanese, ...]>
          switch_controller: <value in [disable, enable]>
          gui_device_latitude: <string>
          gui_device_longitude: <string>
          hostname: <string>
          timezone: <list or string>
          check_reset_range: <value in [disable, strict]>
          pmtu_discovery: <value in [disable, enable]>
          gui_allow_incompatible_fabric_fgt: <value in [disable, enable]>
          admin_restrict_local: <value in [disable, enable, all, ...]>
          gui_workflow_management: <value in [disable, enable]>
          send_pmtu_icmp: <value in [disable, enable]>
          tcp_halfclose_timer: <integer>
          admin_server_cert: <list or string>
          dnsproxy_worker_count: <integer>
          show_backplane_intf: <value in [disable, enable]>
          gui_custom_language: <value in [disable, enable]>
          ldapconntimeout: <integer>
          auth_https_port: <integer>
          revision_backup_on_logout: <value in [disable, enable]>
          arp_max_entry: <integer>
          long_vdom_name: <value in [disable, enable]>
          pre_login_banner: <value in [disable, enable]>
          qsfpdd_split8_port: <list or string>
          max_route_cache_size: <integer>
          fortitoken_cloud_push_status: <value in [disable, enable]>
          ssh_hostkey_override: <value in [disable, enable]>
          proxy_hardware_acceleration: <value in [disable, enable]>
          switch_controller_reserved_network: <list or string>
          ssd_trim_date: <integer>
          wad_worker_count: <integer>
          ssh_hostkey: <string>
          wireless_controller_port: <integer>
          fgd_alert_subscription:
            - advisory
            - latest-threat
            - latest-virus
            - latest-attack
            - new-antivirus-db
            - new-attack-db
          forticontroller_proxy_port: <integer>
          dh_params: <value in [1024, 1536, 2048, ...]>
          memory_use_threshold_green: <integer>
          proxy_cert_use_mgmt_vdom: <value in [disable, enable]>
          proxy_auth_lifetime_timeout: <integer>
          gui_auto_upgrade_setup_warning: <value in [disable, enable]>
          gui_cdn_usage: <value in [disable, enable]>
          two_factor_email_expiry: <integer>
          udp_idle_timer: <integer>
          interface_subnet_usage: <value in [disable, enable]>
          forticontroller_proxy: <value in [disable, enable]>
          ssh_enc_algo:
            - [email protected]
            - aes128-ctr
            - aes192-ctr
            - aes256-ctr
            - arcfour256
            - arcfour128
            - aes128-cbc
            - 3des-cbc
            - blowfish-cbc
            - cast128-cbc
            - aes192-cbc
            - aes256-cbc
            - arcfour
            - [email protected]
            - [email protected]
            - [email protected]
          block_session_timer: <integer>
          quic_pmtud: <value in [disable, enable]>
          admin_https_ssl_ciphersuites:
            - TLS-AES-128-GCM-SHA256
            - TLS-AES-256-GCM-SHA384
            - TLS-CHACHA20-POLY1305-SHA256
            - TLS-AES-128-CCM-SHA256
            - TLS-AES-128-CCM-8-SHA256
          security_rating_result_submission: <value in [disable, enable]>
          user_device_store_max_unified_mem: <integer>
          management_port: <integer>
          fortigslb_integration: <value in [disable, enable]>
          admin_https_ssl_versions:
            - tlsv1-0
            - tlsv1-1
            - tlsv1-2
            - sslv3
            - tlsv1-3
          cert_chain_max: <integer>
          qsfp28_40g_port: <list or string>
          strong_crypto: <value in [disable, enable]>
          multi_factor_authentication: <value in [optional, mandatory]>
          fds_statistics: <value in [disable, enable]>
          gui_display_hostname: <value in [disable, enable]>
          two_factor_ftk_expiry: <integer>
          wad_source_affinity: <value in [disable, enable]>
          ssl_static_key_ciphers: <value in [disable, enable]>
          daily_restart: <value in [disable, enable]>
          snat_route_change: <value in [disable, enable]>
          tcp_rst_timer: <integer>
          anti_replay: <value in [disable, loose, strict]>
          ssl_min_proto_version: <value in [TLSv1, TLSv1-1, TLSv1-2, ...]>
          speedtestd_server_port: <integer>
          cpu_use_threshold: <integer>
          admin_host: <string>
          csr_ca_attribute: <value in [disable, enable]>
          fortiservice_port: <integer>
          ssd_trim_hour: <integer>
          purdue_level: <value in [1, 2, 3, ...]>
          management_vdom: <list or string>
          quic_ack_thresold: <integer>
          qsfpdd_100g_port: <list or string>
          ips_affinity: <string>
          vip_arp_range: <value in [restricted, unlimited]>
          internet_service_database: <value in [mini, standard, full, ...]>
          revision_image_auto_backup: <value in [disable, enable]>
          sflowd_max_children_num: <integer>
          admin_https_pki_required: <value in [disable, enable]>
          special_file_23_support: <value in [disable, enable]>
          npu_neighbor_update: <value in [disable, enable]>
          log_single_cpu_high: <value in [disable, enable]>
          management_ip: <string>
          proxy_resource_mode: <value in [disable, enable]>
          admin_ble_button: <value in [disable, enable]>
          gui_firmware_upgrade_warning: <value in [disable, enable]>
          dp_tcp_normal_timer: <integer>
          ipv6_allow_traffic_redirect: <value in [disable, enable]>
          cli_audit_log: <value in [disable, enable]>
          memory_use_threshold_extreme: <integer>
          ha_affinity: <string>
          restart_time: <string>
          speedtestd_ctrl_port: <integer>
          gui_wireless_opensecurity: <value in [disable, enable]>
          memory_use_threshold_red: <integer>
          dp_fragment_timer: <integer>
          wad_restart_start_time: <string>
          proxy_re_authentication_time: <integer>
          gui_app_detection_sdwan: <value in [disable, enable]>
          scanunit_count: <integer>
          tftp: <value in [disable, enable]>
          xstools_update_frequency: <integer>
          clt_cert_req: <value in [disable, enable]>
          fortiextender_vlan_mode: <value in [disable, enable]>
          auth_http_port: <integer>
          per_user_bal: <value in [disable, enable]>
          gui_date_format: <value in [yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, ...]>
          log_uuid_address: <value in [disable, enable]>
          cloud_communication: <value in [disable, enable]>
          lldp_reception: <value in [disable, enable]>
          two_factor_ftm_expiry: <integer>
          quic_udp_payload_size_shaping_per_cid: <value in [disable, enable]>
          autorun_log_fsck: <value in [disable, enable]>
          vpn_ems_sn_check: <value in [disable, enable]>
          admin_ssh_password: <value in [disable, enable]>
          airplane_mode: <value in [disable, enable]>
          batch_cmdb: <value in [disable, enable]>
          ip_src_port_range: <list or string>
          strict_dirty_session_check: <value in [disable, enable]>
          user_device_store_max_devices: <integer>
          dp_udp_idle_timer: <integer>
          internal_switch_speed:
            - auto
            - 10full
            - 10half
            - 100full
            - 100half
            - 1000full
            - 1000auto
          forticonverter_config_upload: <value in [disable, once]>
          ipsec_round_robin: <value in [disable, enable]>
          wad_affinity: <string>
          wifi_ca_certificate: <list or string>
          wimax_4g_usb: <value in [disable, enable]>
          miglog_affinity: <string>
          faz_disk_buffer_size: <integer>
          ssh_kex_algo:
            - diffie-hellman-group1-sha1
            - diffie-hellman-group14-sha1
            - diffie-hellman-group-exchange-sha1
            - diffie-hellman-group-exchange-sha256
            - [email protected]
            - ecdh-sha2-nistp256
            - ecdh-sha2-nistp384
            - ecdh-sha2-nistp521
            - diffie-hellman-group14-sha256
            - diffie-hellman-group16-sha512
            - diffie-hellman-group18-sha512
          auto_auth_extension_device: <value in [disable, enable]>
          forticarrier_bypass: <value in [disable, enable]>
          reset_sessionless_tcp: <value in [disable, enable]>
          early_tcp_npu_session: <value in [disable, enable]>
          http_unauthenticated_request_limit: <integer>
          gui_local_out: <value in [disable, enable]>
          tcp_option: <value in [disable, enable]>
          proxy_auth_timeout: <integer>
          fortiextender_discovery_lockdown: <value in [disable, enable]>
          lldp_transmission: <value in [disable, enable]>
          split_port: <list or string>
          gui_certificates: <value in [disable, enable]>
          cfg_save: <value in [automatic, manual, revert]>
          auth_keepalive: <value in [disable, enable]>
          split_port_mode:
            -
              interface: <string>
              split_mode: <value in [disable, 4x10G, 4x25G, ...]>
          admin_forticloud_sso_login: <value in [disable, enable]>
          post_login_banner: <value in [disable, enable]>
          br_fdb_max_entry: <integer>
          ip_fragment_mem_thresholds: <integer>
          fortiextender_provision_on_authorization: <value in [disable, enable]>
          reboot_upon_config_restore: <value in [disable, enable]>
          syslog_affinity: <string>
          fortiextender_data_port: <integer>
          quic_tls_handshake_timeout: <integer>
          forticonverter_integration: <value in [disable, enable]>
          proxy_keep_alive_mode: <value in [session, traffic, re-authentication]>
          cmdbsvr_affinity: <string>
          wad_memory_change_granularity: <integer>
          dhcp_lease_backup_interval: <integer>
          check_protocol_header: <value in [loose, strict]>
          av_failopen_session: <value in [disable, enable]>
          ipsec_ha_seqjump_rate: <integer>
          admin_hsts_max_age: <integer>
          igmp_state_limit: <integer>
          admin_login_max: <integer>
          ipv6_allow_multicast_probe: <value in [disable, enable]>
          virtual_switch_vlan: <value in [disable, enable]>
          admin_lockout_threshold: <integer>
          dp_pinhole_timer: <integer>
          wireless_controller: <value in [disable, enable]>
          bfd_affinity: <string>
          ssd_trim_freq: <value in [daily, weekly, monthly, ...]>
          two_factor_sms_expiry: <integer>
          traffic_priority: <value in [tos, dscp]>
          proxy_and_explicit_proxy: <value in [disable, enable]>
          sslvpn_web_mode: <value in [disable, enable]>
          ssh_hostkey_password: <list or string>
          wad_csvc_db_count: <integer>
          ipv6_allow_anycast_probe: <value in [disable, enable]>
          honor_df: <value in [disable, enable]>
          hyper_scale_vdom_num: <integer>
          wad_csvc_cs_count: <integer>
          internal_switch_mode: <value in [switch, interface, hub]>
          cfg_revert_timeout: <integer>
          admin_concurrent: <value in [disable, enable]>
          ipv6_allow_local_in_silent_drop: <value in [disable, enable]>
          tcp_halfopen_timer: <integer>
          dp_rsync_timer: <integer>
          management_port_use_admin_sport: <value in [disable, enable]>
          gui_forticare_registration_setup_warning: <value in [disable, enable]>
          gui_replacement_message_groups: <value in [disable, enable]>
          security_rating_run_on_schedule: <value in [disable, enable]>
          admin_lockout_duration: <integer>
          optimize_flow_mode: <value in [disable, enable]>
          private_data_encryption: <value in [disable, enable]>
          wireless_mode: <value in [ac, client, wtp, ...]>
          alias: <string>
          ssh_hostkey_algo:
            - ssh-rsa
            - ecdsa-sha2-nistp521
            - rsa-sha2-256
            - rsa-sha2-512
            - ssh-ed25519
            - ecdsa-sha2-nistp384
            - ecdsa-sha2-nistp256
          fortitoken_cloud: <value in [disable, enable]>
          av_affinity: <string>
          proxy_worker_count: <integer>
          ipsec_asic_offload: <value in [disable, enable]>
          miglogd_children: <integer>
          sslvpn_max_worker_count: <integer>
          ssh_mac_algo:
            - hmac-md5
            - [email protected]
            - hmac-md5-96
            - [email protected]
            - hmac-sha1
            - [email protected]
            - hmac-sha2-256
            - [email protected]
            - hmac-sha2-512
            - [email protected]
            - hmac-ripemd160
            - [email protected]
            - [email protected]
            - [email protected]
            - [email protected]
            - [email protected]
            - [email protected]
          url_filter_count: <integer>
          wifi_certificate: <list or string>
          radius_port: <integer>
          sys_perf_log_interval: <integer>
          gui_fortigate_cloud_sandbox: <value in [disable, enable]>
          auth_cert: <list or string>
          fortiextender: <value in [disable, enable]>
          admin_reset_button: <value in [disable, enable]>
          av_failopen: <value in [off, pass, one-shot, ...]>
          user_device_store_max_users: <integer>
          auth_session_limit: <value in [block-new, logout-inactive]>
          ipv6_allow_local_in_slient_drop: <value in [disable, enable]>
          quic_congestion_control_algo: <value in [cubic, bbr, bbr2, ...]>
          auth_ike_saml_port: <integer>
          wad_restart_end_time: <string>
          http_request_limit: <integer>
          irq_time_accounting: <value in [auto, force]>
          remoteauthtimeout: <integer>
          admin_https_ssl_banned_ciphers:
            - RSA
            - DHE
            - ECDHE
            - DSS
            - ECDSA
            - AES
            - AESGCM
            - CAMELLIA
            - 3DES
            - SHA1
            - SHA256
            - SHA384
            - STATIC
            - CHACHA20
            - ARIA
            - AESCCM
          allow_traffic_redirect: <value in [disable, enable]>
          legacy_poe_device_support: <value in [disable, enable]>
          wad_restart_mode: <value in [none, time, memory]>
          fds_statistics_period: <integer>
          admin_telnet: <value in [disable, enable]>
          ipv6_accept_dad: <integer>
          tcp_timewait_timer: <integer>
          admin_console_timeout: <integer>
          default_service_source_port: <string>
          quic_max_datagram_size: <integer>
          refresh: <integer>
          extender_controller_reserved_network: <list or string>
          url_filter_affinity: <string>
          policy_auth_concurrent: <integer>
          ipsec_hmac_offload: <value in [disable, enable]>
          traffic_priority_level: <value in [high, medium, low]>
          ipsec_qat_offload: <value in [disable, enable]>
          ssd_trim_min: <integer>
          gui_date_time_source: <value in [system, browser]>
          log_ssl_connection: <value in [disable, enable]>
          ndp_max_entry: <integer>
          vdom_mode: <value in [no-vdom, multi-vdom, split-vdom]>
          internet_service_download_list: <list or string>
          fortitoken_cloud_sync_interval: <integer>
          ssd_trim_weekday: <value in [sunday, monday, tuesday, ...]>
          two_factor_fac_expiry: <integer>
          gui_rest_api_cache: <value in [disable, enable]>
          admin_forticloud_sso_default_profile: <list or string>
          proxy_auth_lifetime: <value in [disable, enable]>
          device_idle_timeout: <integer>
          login_timestamp: <value in [disable, enable]>
          speedtest_server: <value in [disable, enable]>
          edit_vdom_prompt: <value in [disable, enable]>
          gui_cdn_domain_override: <string>
          admin_ssh_grace_time: <integer>
          sslvpn_ems_sn_check: <value in [disable, enable]>
          user_server_cert: <list or string>
          gui_allow_default_hostname: <value in [disable, enable]>
          proxy_re_authentication_mode: <value in [session, traffic, absolute]>
          ipsec_soft_dec_async: <value in [disable, enable]>
          admin_maintainer: <value in [disable, enable]>
          dst: <value in [disable, enable]>
          fec_port: <integer>
          ssh_kex_sha1: <value in [disable, enable]>
          ssh_mac_weak: <value in [disable, enable]>
          sslvpn_cipher_hardware_acceleration: <value in [disable, enable]>
          sys_file_check_interval: <integer>
          ssh_hmac_md5: <value in [disable, enable]>
          ssh_cbc_cipher: <value in [disable, enable]>
          gui_fortiguard_resource_fetch: <value in [disable, enable]>
          sslvpn_kxp_hardware_acceleration: <value in [disable, enable]>
          sslvpn_plugin_version_check: <value in [disable, enable]>
          fortiipam_integration: <value in [disable, enable]>
          gui_firmware_upgrade_setup_warning: <value in [disable, enable]>
          log_uuid_policy: <value in [disable, enable]>
          per_user_bwl: <value in [disable, enable]>
          gui_fortisandbox_cloud: <value in [disable, enable]>
          fortitoken_cloud_service: <value in [disable, enable]>
          hw_switch_ether_filter: <value in [disable, enable]>
          virtual_server_count: <integer>
          endpoint_control_fds_access: <value in [disable, enable]>
          proxy_cipher_hardware_acceleration: <value in [disable, enable]>
          proxy_kxp_hardware_acceleration: <value in [disable, enable]>
          virtual_server_hardware_acceleration: <value in [disable, enable]>
          user_history_password_threshold: <integer>
          delay_tcp_npu_session: <value in [disable, enable]>
          auth_session_auto_backup_interval: <value in [1min, 5min, 15min, ...]>
          ip_conflict_detection: <value in [disable, enable]>
          gtpu_dynamic_source_port: <value in [disable, enable]>
          ip_fragment_timeout: <integer>
          ipv6_fragment_timeout: <integer>
          scim_server_cert: <list or string>
          scim_http_port: <integer>
          auth_session_auto_backup: <value in [disable, enable]>
          scim_https_port: <integer>
          httpd_max_worker_count: <integer>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)