fortimanager 1.13.0, Mar 13 25

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.SystemGlobal

Explore with Pulumi AI

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";

const trname = new fortimanager.SystemGlobal("trname", {
    hostname: "FMG-Terr",
    language: "en",
});

import pulumi
import pulumi_fortimanager as fortimanager

trname = fortimanager.SystemGlobal("trname",
    hostname="FMG-Terr",
    language="en")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fortimanager.NewSystemGlobal(ctx, "trname", &fortimanager.SystemGlobalArgs{
			Hostname: pulumi.String("FMG-Terr"),
			Language: pulumi.String("en"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortimanager.SystemGlobal("trname", new()
    {
        Hostname = "FMG-Terr",
        Language = "en",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.SystemGlobal;
import com.pulumi.fortimanager.SystemGlobalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new SystemGlobal("trname", SystemGlobalArgs.builder()
            .hostname("FMG-Terr")
            .language("en")
            .build());

    }
}

resources:
  trname:
    type: fortimanager:SystemGlobal
    properties:
      hostname: FMG-Terr
      language: en

Create SystemGlobal Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new SystemGlobal(name: string, args?: SystemGlobalArgs, opts?: CustomResourceOptions);

@overload
def SystemGlobal(resource_name: str,
                 args: Optional[SystemGlobalArgs] = None,
                 opts: Optional[ResourceOptions] = None)

@overload
def SystemGlobal(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 admin_host: Optional[str] = None,
                 admin_lockout_duration: Optional[float] = None,
                 admin_lockout_method: Optional[str] = None,
                 admin_lockout_threshold: Optional[float] = None,
                 admin_ssh_grace_time: Optional[float] = None,
                 adom_mode: Optional[str] = None,
                 adom_rev_auto_delete: Optional[str] = None,
                 adom_rev_max_backup_revisions: Optional[float] = None,
                 adom_rev_max_days: Optional[float] = None,
                 adom_rev_max_revisions: Optional[float] = None,
                 adom_select: Optional[str] = None,
                 adom_status: Optional[str] = None,
                 apache_mode: Optional[str] = None,
                 api_ip_binding: Optional[str] = None,
                 clone_name_option: Optional[str] = None,
                 clt_cert_req: Optional[str] = None,
                 console_output: Optional[str] = None,
                 contentpack_fgt_install: Optional[str] = None,
                 country_flag: Optional[str] = None,
                 create_revision: Optional[str] = None,
                 daylightsavetime: Optional[str] = None,
                 detect_unregistered_log_device: Optional[str] = None,
                 device_view_mode: Optional[str] = None,
                 dh_params: Optional[str] = None,
                 disable_modules: Optional[Sequence[str]] = None,
                 dynamic_sort_subtable: Optional[str] = None,
                 enc_algorithm: Optional[str] = None,
                 fabric_storage_pool_quota: Optional[float] = None,
                 fabric_storage_pool_size: Optional[float] = None,
                 faz_status: Optional[str] = None,
                 fcp_cfg_service: Optional[str] = None,
                 fgfm_ca_cert: Optional[str] = None,
                 fgfm_cert_exclusive: Optional[str] = None,
                 fgfm_deny_unknown: Optional[str] = None,
                 fgfm_local_cert: Optional[str] = None,
                 fgfm_peercert_withoutsn: Optional[str] = None,
                 fgfm_ssl_protocol: Optional[str] = None,
                 fortiservice_port: Optional[float] = None,
                 global_ssl_protocol: Optional[str] = None,
                 gui_curl_timeout: Optional[float] = None,
                 gui_polling_interval: Optional[float] = None,
                 ha_member_auto_grouping: Optional[str] = None,
                 hostname: Optional[str] = None,
                 httpd_ssl_protocols: Optional[Sequence[str]] = None,
                 import_ignore_addr_cmt: Optional[str] = None,
                 jsonapi_log: Optional[str] = None,
                 language: Optional[str] = None,
                 latitude: Optional[str] = None,
                 ldap_cache_timeout: Optional[float] = None,
                 ldapconntimeout: Optional[float] = None,
                 lock_preempt: Optional[str] = None,
                 log_checksum: Optional[str] = None,
                 log_checksum_upload: Optional[str] = None,
                 log_forward_cache_size: Optional[float] = None,
                 longitude: Optional[str] = None,
                 management_ip: Optional[str] = None,
                 management_port: Optional[float] = None,
                 mapclient_ssl_protocol: Optional[str] = None,
                 max_log_forward: Optional[float] = None,
                 max_running_reports: Optional[float] = None,
                 mc_policy_disabled_adoms: Optional[Sequence[SystemGlobalMcPolicyDisabledAdomArgs]] = None,
                 multiple_steps_upgrade_in_autolink: Optional[str] = None,
                 no_copy_permission_check: Optional[str] = None,
                 no_vip_value_check: Optional[str] = None,
                 normalized_intf_zone_only: Optional[str] = None,
                 object_revision_db_max: Optional[float] = None,
                 object_revision_mandatory_note: Optional[str] = None,
                 object_revision_object_max: Optional[float] = None,
                 object_revision_status: Optional[str] = None,
                 oftp_ssl_protocol: Optional[str] = None,
                 partial_install: Optional[str] = None,
                 partial_install_force: Optional[str] = None,
                 partial_install_rev: Optional[str] = None,
                 per_policy_lock: Optional[str] = None,
                 perform_improve_by_ha: Optional[str] = None,
                 policy_object_icon: Optional[str] = None,
                 policy_object_in_dual_pane: Optional[str] = None,
                 pre_login_banner: Optional[str] = None,
                 pre_login_banner_message: Optional[str] = None,
                 private_data_encryption: Optional[str] = None,
                 remoteauthtimeout: Optional[float] = None,
                 save_last_hit_in_adomdb: Optional[str] = None,
                 search_all_adoms: Optional[str] = None,
                 ssh_enc_algos: Optional[Sequence[str]] = None,
                 ssh_hostkey_algos: Optional[Sequence[str]] = None,
                 ssh_kex_algos: Optional[Sequence[str]] = None,
                 ssh_mac_algos: Optional[Sequence[str]] = None,
                 ssh_strong_crypto: Optional[str] = None,
                 ssl_cipher_suites: Optional[Sequence[SystemGlobalSslCipherSuiteArgs]] = None,
                 ssl_low_encryption: Optional[str] = None,
                 ssl_protocols: Optional[Sequence[str]] = None,
                 ssl_static_key_ciphers: Optional[str] = None,
                 system_global_id: Optional[str] = None,
                 table_entry_blink: Optional[str] = None,
                 task_list_size: Optional[float] = None,
                 tftp: Optional[str] = None,
                 timezone: Optional[str] = None,
                 tunnel_mtu: Optional[float] = None,
                 usg: Optional[str] = None,
                 vdom_mirror: Optional[str] = None,
                 webservice_protos: Optional[Sequence[str]] = None,
                 workflow_max_sessions: Optional[float] = None,
                 workspace_mode: Optional[str] = None,
                 workspace_unlock_after_install: Optional[str] = None)

func NewSystemGlobal(ctx *Context, name string, args *SystemGlobalArgs, opts ...ResourceOption) (*SystemGlobal, error)

public SystemGlobal(string name, SystemGlobalArgs? args = null, CustomResourceOptions? opts = null)

public SystemGlobal(String name, SystemGlobalArgs args)
public SystemGlobal(String name, SystemGlobalArgs args, CustomResourceOptions options)

type: fortimanager:SystemGlobal
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SystemGlobalArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SystemGlobalArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SystemGlobalArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SystemGlobalArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SystemGlobalArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var systemGlobalResource = new Fortimanager.SystemGlobal("systemGlobalResource", new()
{
    AdminHost = "string",
    AdminLockoutDuration = 0,
    AdminLockoutMethod = "string",
    AdminLockoutThreshold = 0,
    AdminSshGraceTime = 0,
    AdomMode = "string",
    AdomRevAutoDelete = "string",
    AdomRevMaxBackupRevisions = 0,
    AdomRevMaxDays = 0,
    AdomRevMaxRevisions = 0,
    AdomSelect = "string",
    AdomStatus = "string",
    ApacheMode = "string",
    ApiIpBinding = "string",
    CloneNameOption = "string",
    CltCertReq = "string",
    ConsoleOutput = "string",
    ContentpackFgtInstall = "string",
    CountryFlag = "string",
    CreateRevision = "string",
    Daylightsavetime = "string",
    DetectUnregisteredLogDevice = "string",
    DeviceViewMode = "string",
    DhParams = "string",
    DisableModules = new[]
    {
        "string",
    },
    DynamicSortSubtable = "string",
    EncAlgorithm = "string",
    FabricStoragePoolQuota = 0,
    FabricStoragePoolSize = 0,
    FazStatus = "string",
    FcpCfgService = "string",
    FgfmCaCert = "string",
    FgfmCertExclusive = "string",
    FgfmDenyUnknown = "string",
    FgfmLocalCert = "string",
    FgfmPeercertWithoutsn = "string",
    FgfmSslProtocol = "string",
    FortiservicePort = 0,
    GlobalSslProtocol = "string",
    GuiCurlTimeout = 0,
    GuiPollingInterval = 0,
    HaMemberAutoGrouping = "string",
    Hostname = "string",
    HttpdSslProtocols = new[]
    {
        "string",
    },
    ImportIgnoreAddrCmt = "string",
    JsonapiLog = "string",
    Language = "string",
    Latitude = "string",
    LdapCacheTimeout = 0,
    Ldapconntimeout = 0,
    LockPreempt = "string",
    LogChecksum = "string",
    LogChecksumUpload = "string",
    LogForwardCacheSize = 0,
    Longitude = "string",
    ManagementIp = "string",
    ManagementPort = 0,
    MapclientSslProtocol = "string",
    MaxLogForward = 0,
    MaxRunningReports = 0,
    McPolicyDisabledAdoms = new[]
    {
        new Fortimanager.Inputs.SystemGlobalMcPolicyDisabledAdomArgs
        {
            AdomName = "string",
        },
    },
    MultipleStepsUpgradeInAutolink = "string",
    NoCopyPermissionCheck = "string",
    NoVipValueCheck = "string",
    NormalizedIntfZoneOnly = "string",
    ObjectRevisionDbMax = 0,
    ObjectRevisionMandatoryNote = "string",
    ObjectRevisionObjectMax = 0,
    ObjectRevisionStatus = "string",
    OftpSslProtocol = "string",
    PartialInstall = "string",
    PartialInstallForce = "string",
    PartialInstallRev = "string",
    PerPolicyLock = "string",
    PerformImproveByHa = "string",
    PolicyObjectIcon = "string",
    PolicyObjectInDualPane = "string",
    PreLoginBanner = "string",
    PreLoginBannerMessage = "string",
    PrivateDataEncryption = "string",
    Remoteauthtimeout = 0,
    SaveLastHitInAdomdb = "string",
    SearchAllAdoms = "string",
    SshEncAlgos = new[]
    {
        "string",
    },
    SshHostkeyAlgos = new[]
    {
        "string",
    },
    SshKexAlgos = new[]
    {
        "string",
    },
    SshMacAlgos = new[]
    {
        "string",
    },
    SshStrongCrypto = "string",
    SslCipherSuites = new[]
    {
        new Fortimanager.Inputs.SystemGlobalSslCipherSuiteArgs
        {
            Cipher = "string",
            Priority = 0,
            Version = "string",
        },
    },
    SslLowEncryption = "string",
    SslProtocols = new[]
    {
        "string",
    },
    SslStaticKeyCiphers = "string",
    SystemGlobalId = "string",
    TableEntryBlink = "string",
    TaskListSize = 0,
    Tftp = "string",
    Timezone = "string",
    TunnelMtu = 0,
    Usg = "string",
    VdomMirror = "string",
    WebserviceProtos = new[]
    {
        "string",
    },
    WorkflowMaxSessions = 0,
    WorkspaceMode = "string",
    WorkspaceUnlockAfterInstall = "string",
});

example, err := fortimanager.NewSystemGlobal(ctx, "systemGlobalResource", &fortimanager.SystemGlobalArgs{
AdminHost: pulumi.String("string"),
AdminLockoutDuration: pulumi.Float64(0),
AdminLockoutMethod: pulumi.String("string"),
AdminLockoutThreshold: pulumi.Float64(0),
AdminSshGraceTime: pulumi.Float64(0),
AdomMode: pulumi.String("string"),
AdomRevAutoDelete: pulumi.String("string"),
AdomRevMaxBackupRevisions: pulumi.Float64(0),
AdomRevMaxDays: pulumi.Float64(0),
AdomRevMaxRevisions: pulumi.Float64(0),
AdomSelect: pulumi.String("string"),
AdomStatus: pulumi.String("string"),
ApacheMode: pulumi.String("string"),
ApiIpBinding: pulumi.String("string"),
CloneNameOption: pulumi.String("string"),
CltCertReq: pulumi.String("string"),
ConsoleOutput: pulumi.String("string"),
ContentpackFgtInstall: pulumi.String("string"),
CountryFlag: pulumi.String("string"),
CreateRevision: pulumi.String("string"),
Daylightsavetime: pulumi.String("string"),
DetectUnregisteredLogDevice: pulumi.String("string"),
DeviceViewMode: pulumi.String("string"),
DhParams: pulumi.String("string"),
DisableModules: pulumi.StringArray{
pulumi.String("string"),
},
DynamicSortSubtable: pulumi.String("string"),
EncAlgorithm: pulumi.String("string"),
FabricStoragePoolQuota: pulumi.Float64(0),
FabricStoragePoolSize: pulumi.Float64(0),
FazStatus: pulumi.String("string"),
FcpCfgService: pulumi.String("string"),
FgfmCaCert: pulumi.String("string"),
FgfmCertExclusive: pulumi.String("string"),
FgfmDenyUnknown: pulumi.String("string"),
FgfmLocalCert: pulumi.String("string"),
FgfmPeercertWithoutsn: pulumi.String("string"),
FgfmSslProtocol: pulumi.String("string"),
FortiservicePort: pulumi.Float64(0),
GlobalSslProtocol: pulumi.String("string"),
GuiCurlTimeout: pulumi.Float64(0),
GuiPollingInterval: pulumi.Float64(0),
HaMemberAutoGrouping: pulumi.String("string"),
Hostname: pulumi.String("string"),
HttpdSslProtocols: pulumi.StringArray{
pulumi.String("string"),
},
ImportIgnoreAddrCmt: pulumi.String("string"),
JsonapiLog: pulumi.String("string"),
Language: pulumi.String("string"),
Latitude: pulumi.String("string"),
LdapCacheTimeout: pulumi.Float64(0),
Ldapconntimeout: pulumi.Float64(0),
LockPreempt: pulumi.String("string"),
LogChecksum: pulumi.String("string"),
LogChecksumUpload: pulumi.String("string"),
LogForwardCacheSize: pulumi.Float64(0),
Longitude: pulumi.String("string"),
ManagementIp: pulumi.String("string"),
ManagementPort: pulumi.Float64(0),
MapclientSslProtocol: pulumi.String("string"),
MaxLogForward: pulumi.Float64(0),
MaxRunningReports: pulumi.Float64(0),
McPolicyDisabledAdoms: .SystemGlobalMcPolicyDisabledAdomArray{
&.SystemGlobalMcPolicyDisabledAdomArgs{
AdomName: pulumi.String("string"),
},
},
MultipleStepsUpgradeInAutolink: pulumi.String("string"),
NoCopyPermissionCheck: pulumi.String("string"),
NoVipValueCheck: pulumi.String("string"),
NormalizedIntfZoneOnly: pulumi.String("string"),
ObjectRevisionDbMax: pulumi.Float64(0),
ObjectRevisionMandatoryNote: pulumi.String("string"),
ObjectRevisionObjectMax: pulumi.Float64(0),
ObjectRevisionStatus: pulumi.String("string"),
OftpSslProtocol: pulumi.String("string"),
PartialInstall: pulumi.String("string"),
PartialInstallForce: pulumi.String("string"),
PartialInstallRev: pulumi.String("string"),
PerPolicyLock: pulumi.String("string"),
PerformImproveByHa: pulumi.String("string"),
PolicyObjectIcon: pulumi.String("string"),
PolicyObjectInDualPane: pulumi.String("string"),
PreLoginBanner: pulumi.String("string"),
PreLoginBannerMessage: pulumi.String("string"),
PrivateDataEncryption: pulumi.String("string"),
Remoteauthtimeout: pulumi.Float64(0),
SaveLastHitInAdomdb: pulumi.String("string"),
SearchAllAdoms: pulumi.String("string"),
SshEncAlgos: pulumi.StringArray{
pulumi.String("string"),
},
SshHostkeyAlgos: pulumi.StringArray{
pulumi.String("string"),
},
SshKexAlgos: pulumi.StringArray{
pulumi.String("string"),
},
SshMacAlgos: pulumi.StringArray{
pulumi.String("string"),
},
SshStrongCrypto: pulumi.String("string"),
SslCipherSuites: .SystemGlobalSslCipherSuiteArray{
&.SystemGlobalSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Version: pulumi.String("string"),
},
},
SslLowEncryption: pulumi.String("string"),
SslProtocols: pulumi.StringArray{
pulumi.String("string"),
},
SslStaticKeyCiphers: pulumi.String("string"),
SystemGlobalId: pulumi.String("string"),
TableEntryBlink: pulumi.String("string"),
TaskListSize: pulumi.Float64(0),
Tftp: pulumi.String("string"),
Timezone: pulumi.String("string"),
TunnelMtu: pulumi.Float64(0),
Usg: pulumi.String("string"),
VdomMirror: pulumi.String("string"),
WebserviceProtos: pulumi.StringArray{
pulumi.String("string"),
},
WorkflowMaxSessions: pulumi.Float64(0),
WorkspaceMode: pulumi.String("string"),
WorkspaceUnlockAfterInstall: pulumi.String("string"),
})

var systemGlobalResource = new SystemGlobal("systemGlobalResource", SystemGlobalArgs.builder()
    .adminHost("string")
    .adminLockoutDuration(0)
    .adminLockoutMethod("string")
    .adminLockoutThreshold(0)
    .adminSshGraceTime(0)
    .adomMode("string")
    .adomRevAutoDelete("string")
    .adomRevMaxBackupRevisions(0)
    .adomRevMaxDays(0)
    .adomRevMaxRevisions(0)
    .adomSelect("string")
    .adomStatus("string")
    .apacheMode("string")
    .apiIpBinding("string")
    .cloneNameOption("string")
    .cltCertReq("string")
    .consoleOutput("string")
    .contentpackFgtInstall("string")
    .countryFlag("string")
    .createRevision("string")
    .daylightsavetime("string")
    .detectUnregisteredLogDevice("string")
    .deviceViewMode("string")
    .dhParams("string")
    .disableModules("string")
    .dynamicSortSubtable("string")
    .encAlgorithm("string")
    .fabricStoragePoolQuota(0)
    .fabricStoragePoolSize(0)
    .fazStatus("string")
    .fcpCfgService("string")
    .fgfmCaCert("string")
    .fgfmCertExclusive("string")
    .fgfmDenyUnknown("string")
    .fgfmLocalCert("string")
    .fgfmPeercertWithoutsn("string")
    .fgfmSslProtocol("string")
    .fortiservicePort(0)
    .globalSslProtocol("string")
    .guiCurlTimeout(0)
    .guiPollingInterval(0)
    .haMemberAutoGrouping("string")
    .hostname("string")
    .httpdSslProtocols("string")
    .importIgnoreAddrCmt("string")
    .jsonapiLog("string")
    .language("string")
    .latitude("string")
    .ldapCacheTimeout(0)
    .ldapconntimeout(0)
    .lockPreempt("string")
    .logChecksum("string")
    .logChecksumUpload("string")
    .logForwardCacheSize(0)
    .longitude("string")
    .managementIp("string")
    .managementPort(0)
    .mapclientSslProtocol("string")
    .maxLogForward(0)
    .maxRunningReports(0)
    .mcPolicyDisabledAdoms(SystemGlobalMcPolicyDisabledAdomArgs.builder()
        .adomName("string")
        .build())
    .multipleStepsUpgradeInAutolink("string")
    .noCopyPermissionCheck("string")
    .noVipValueCheck("string")
    .normalizedIntfZoneOnly("string")
    .objectRevisionDbMax(0)
    .objectRevisionMandatoryNote("string")
    .objectRevisionObjectMax(0)
    .objectRevisionStatus("string")
    .oftpSslProtocol("string")
    .partialInstall("string")
    .partialInstallForce("string")
    .partialInstallRev("string")
    .perPolicyLock("string")
    .performImproveByHa("string")
    .policyObjectIcon("string")
    .policyObjectInDualPane("string")
    .preLoginBanner("string")
    .preLoginBannerMessage("string")
    .privateDataEncryption("string")
    .remoteauthtimeout(0)
    .saveLastHitInAdomdb("string")
    .searchAllAdoms("string")
    .sshEncAlgos("string")
    .sshHostkeyAlgos("string")
    .sshKexAlgos("string")
    .sshMacAlgos("string")
    .sshStrongCrypto("string")
    .sslCipherSuites(SystemGlobalSslCipherSuiteArgs.builder()
        .cipher("string")
        .priority(0)
        .version("string")
        .build())
    .sslLowEncryption("string")
    .sslProtocols("string")
    .sslStaticKeyCiphers("string")
    .systemGlobalId("string")
    .tableEntryBlink("string")
    .taskListSize(0)
    .tftp("string")
    .timezone("string")
    .tunnelMtu(0)
    .usg("string")
    .vdomMirror("string")
    .webserviceProtos("string")
    .workflowMaxSessions(0)
    .workspaceMode("string")
    .workspaceUnlockAfterInstall("string")
    .build());

system_global_resource = fortimanager.SystemGlobal("systemGlobalResource",
    admin_host="string",
    admin_lockout_duration=0,
    admin_lockout_method="string",
    admin_lockout_threshold=0,
    admin_ssh_grace_time=0,
    adom_mode="string",
    adom_rev_auto_delete="string",
    adom_rev_max_backup_revisions=0,
    adom_rev_max_days=0,
    adom_rev_max_revisions=0,
    adom_select="string",
    adom_status="string",
    apache_mode="string",
    api_ip_binding="string",
    clone_name_option="string",
    clt_cert_req="string",
    console_output="string",
    contentpack_fgt_install="string",
    country_flag="string",
    create_revision="string",
    daylightsavetime="string",
    detect_unregistered_log_device="string",
    device_view_mode="string",
    dh_params="string",
    disable_modules=["string"],
    dynamic_sort_subtable="string",
    enc_algorithm="string",
    fabric_storage_pool_quota=0,
    fabric_storage_pool_size=0,
    faz_status="string",
    fcp_cfg_service="string",
    fgfm_ca_cert="string",
    fgfm_cert_exclusive="string",
    fgfm_deny_unknown="string",
    fgfm_local_cert="string",
    fgfm_peercert_withoutsn="string",
    fgfm_ssl_protocol="string",
    fortiservice_port=0,
    global_ssl_protocol="string",
    gui_curl_timeout=0,
    gui_polling_interval=0,
    ha_member_auto_grouping="string",
    hostname="string",
    httpd_ssl_protocols=["string"],
    import_ignore_addr_cmt="string",
    jsonapi_log="string",
    language="string",
    latitude="string",
    ldap_cache_timeout=0,
    ldapconntimeout=0,
    lock_preempt="string",
    log_checksum="string",
    log_checksum_upload="string",
    log_forward_cache_size=0,
    longitude="string",
    management_ip="string",
    management_port=0,
    mapclient_ssl_protocol="string",
    max_log_forward=0,
    max_running_reports=0,
    mc_policy_disabled_adoms=[{
        "adom_name": "string",
    }],
    multiple_steps_upgrade_in_autolink="string",
    no_copy_permission_check="string",
    no_vip_value_check="string",
    normalized_intf_zone_only="string",
    object_revision_db_max=0,
    object_revision_mandatory_note="string",
    object_revision_object_max=0,
    object_revision_status="string",
    oftp_ssl_protocol="string",
    partial_install="string",
    partial_install_force="string",
    partial_install_rev="string",
    per_policy_lock="string",
    perform_improve_by_ha="string",
    policy_object_icon="string",
    policy_object_in_dual_pane="string",
    pre_login_banner="string",
    pre_login_banner_message="string",
    private_data_encryption="string",
    remoteauthtimeout=0,
    save_last_hit_in_adomdb="string",
    search_all_adoms="string",
    ssh_enc_algos=["string"],
    ssh_hostkey_algos=["string"],
    ssh_kex_algos=["string"],
    ssh_mac_algos=["string"],
    ssh_strong_crypto="string",
    ssl_cipher_suites=[{
        "cipher": "string",
        "priority": 0,
        "version": "string",
    }],
    ssl_low_encryption="string",
    ssl_protocols=["string"],
    ssl_static_key_ciphers="string",
    system_global_id="string",
    table_entry_blink="string",
    task_list_size=0,
    tftp="string",
    timezone="string",
    tunnel_mtu=0,
    usg="string",
    vdom_mirror="string",
    webservice_protos=["string"],
    workflow_max_sessions=0,
    workspace_mode="string",
    workspace_unlock_after_install="string")

const systemGlobalResource = new fortimanager.SystemGlobal("systemGlobalResource", {
    adminHost: "string",
    adminLockoutDuration: 0,
    adminLockoutMethod: "string",
    adminLockoutThreshold: 0,
    adminSshGraceTime: 0,
    adomMode: "string",
    adomRevAutoDelete: "string",
    adomRevMaxBackupRevisions: 0,
    adomRevMaxDays: 0,
    adomRevMaxRevisions: 0,
    adomSelect: "string",
    adomStatus: "string",
    apacheMode: "string",
    apiIpBinding: "string",
    cloneNameOption: "string",
    cltCertReq: "string",
    consoleOutput: "string",
    contentpackFgtInstall: "string",
    countryFlag: "string",
    createRevision: "string",
    daylightsavetime: "string",
    detectUnregisteredLogDevice: "string",
    deviceViewMode: "string",
    dhParams: "string",
    disableModules: ["string"],
    dynamicSortSubtable: "string",
    encAlgorithm: "string",
    fabricStoragePoolQuota: 0,
    fabricStoragePoolSize: 0,
    fazStatus: "string",
    fcpCfgService: "string",
    fgfmCaCert: "string",
    fgfmCertExclusive: "string",
    fgfmDenyUnknown: "string",
    fgfmLocalCert: "string",
    fgfmPeercertWithoutsn: "string",
    fgfmSslProtocol: "string",
    fortiservicePort: 0,
    globalSslProtocol: "string",
    guiCurlTimeout: 0,
    guiPollingInterval: 0,
    haMemberAutoGrouping: "string",
    hostname: "string",
    httpdSslProtocols: ["string"],
    importIgnoreAddrCmt: "string",
    jsonapiLog: "string",
    language: "string",
    latitude: "string",
    ldapCacheTimeout: 0,
    ldapconntimeout: 0,
    lockPreempt: "string",
    logChecksum: "string",
    logChecksumUpload: "string",
    logForwardCacheSize: 0,
    longitude: "string",
    managementIp: "string",
    managementPort: 0,
    mapclientSslProtocol: "string",
    maxLogForward: 0,
    maxRunningReports: 0,
    mcPolicyDisabledAdoms: [{
        adomName: "string",
    }],
    multipleStepsUpgradeInAutolink: "string",
    noCopyPermissionCheck: "string",
    noVipValueCheck: "string",
    normalizedIntfZoneOnly: "string",
    objectRevisionDbMax: 0,
    objectRevisionMandatoryNote: "string",
    objectRevisionObjectMax: 0,
    objectRevisionStatus: "string",
    oftpSslProtocol: "string",
    partialInstall: "string",
    partialInstallForce: "string",
    partialInstallRev: "string",
    perPolicyLock: "string",
    performImproveByHa: "string",
    policyObjectIcon: "string",
    policyObjectInDualPane: "string",
    preLoginBanner: "string",
    preLoginBannerMessage: "string",
    privateDataEncryption: "string",
    remoteauthtimeout: 0,
    saveLastHitInAdomdb: "string",
    searchAllAdoms: "string",
    sshEncAlgos: ["string"],
    sshHostkeyAlgos: ["string"],
    sshKexAlgos: ["string"],
    sshMacAlgos: ["string"],
    sshStrongCrypto: "string",
    sslCipherSuites: [{
        cipher: "string",
        priority: 0,
        version: "string",
    }],
    sslLowEncryption: "string",
    sslProtocols: ["string"],
    sslStaticKeyCiphers: "string",
    systemGlobalId: "string",
    tableEntryBlink: "string",
    taskListSize: 0,
    tftp: "string",
    timezone: "string",
    tunnelMtu: 0,
    usg: "string",
    vdomMirror: "string",
    webserviceProtos: ["string"],
    workflowMaxSessions: 0,
    workspaceMode: "string",
    workspaceUnlockAfterInstall: "string",
});

type: fortimanager:SystemGlobal
properties:
    adminHost: string
    adminLockoutDuration: 0
    adminLockoutMethod: string
    adminLockoutThreshold: 0
    adminSshGraceTime: 0
    adomMode: string
    adomRevAutoDelete: string
    adomRevMaxBackupRevisions: 0
    adomRevMaxDays: 0
    adomRevMaxRevisions: 0
    adomSelect: string
    adomStatus: string
    apacheMode: string
    apiIpBinding: string
    cloneNameOption: string
    cltCertReq: string
    consoleOutput: string
    contentpackFgtInstall: string
    countryFlag: string
    createRevision: string
    daylightsavetime: string
    detectUnregisteredLogDevice: string
    deviceViewMode: string
    dhParams: string
    disableModules:
        - string
    dynamicSortSubtable: string
    encAlgorithm: string
    fabricStoragePoolQuota: 0
    fabricStoragePoolSize: 0
    fazStatus: string
    fcpCfgService: string
    fgfmCaCert: string
    fgfmCertExclusive: string
    fgfmDenyUnknown: string
    fgfmLocalCert: string
    fgfmPeercertWithoutsn: string
    fgfmSslProtocol: string
    fortiservicePort: 0
    globalSslProtocol: string
    guiCurlTimeout: 0
    guiPollingInterval: 0
    haMemberAutoGrouping: string
    hostname: string
    httpdSslProtocols:
        - string
    importIgnoreAddrCmt: string
    jsonapiLog: string
    language: string
    latitude: string
    ldapCacheTimeout: 0
    ldapconntimeout: 0
    lockPreempt: string
    logChecksum: string
    logChecksumUpload: string
    logForwardCacheSize: 0
    longitude: string
    managementIp: string
    managementPort: 0
    mapclientSslProtocol: string
    maxLogForward: 0
    maxRunningReports: 0
    mcPolicyDisabledAdoms:
        - adomName: string
    multipleStepsUpgradeInAutolink: string
    noCopyPermissionCheck: string
    noVipValueCheck: string
    normalizedIntfZoneOnly: string
    objectRevisionDbMax: 0
    objectRevisionMandatoryNote: string
    objectRevisionObjectMax: 0
    objectRevisionStatus: string
    oftpSslProtocol: string
    partialInstall: string
    partialInstallForce: string
    partialInstallRev: string
    perPolicyLock: string
    performImproveByHa: string
    policyObjectIcon: string
    policyObjectInDualPane: string
    preLoginBanner: string
    preLoginBannerMessage: string
    privateDataEncryption: string
    remoteauthtimeout: 0
    saveLastHitInAdomdb: string
    searchAllAdoms: string
    sshEncAlgos:
        - string
    sshHostkeyAlgos:
        - string
    sshKexAlgos:
        - string
    sshMacAlgos:
        - string
    sshStrongCrypto: string
    sslCipherSuites:
        - cipher: string
          priority: 0
          version: string
    sslLowEncryption: string
    sslProtocols:
        - string
    sslStaticKeyCiphers: string
    systemGlobalId: string
    tableEntryBlink: string
    taskListSize: 0
    tftp: string
    timezone: string
    tunnelMtu: 0
    usg: string
    vdomMirror: string
    webserviceProtos:
        - string
    workflowMaxSessions: 0
    workspaceMode: string
    workspaceUnlockAfterInstall: string

SystemGlobal Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SystemGlobal resource accepts the following input properties:

AdminHost string: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
AdminLockoutDuration double: Lockout duration(sec) for administration.
AdminLockoutMethod string: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
AdminLockoutThreshold double: Lockout threshold for administration.
AdminSshGraceTime double: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
AdomMode string: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
AdomRevAutoDelete string: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
AdomRevMaxBackupRevisions double: Maximum number of ADOM revisions to backup.
AdomRevMaxDays double: Number of days to keep old ADOM revisions.
AdomRevMaxRevisions double: Maximum number of ADOM revisions to keep.
AdomSelect string: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
AdomStatus string: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
ApacheMode string: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
ApiIpBinding string: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
CloneNameOption string: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
CltCertReq string: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
ConsoleOutput string: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
ContentpackFgtInstall string: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
CountryFlag string: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
CreateRevision string: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
Daylightsavetime string: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
DetectUnregisteredLogDevice string: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
DeviceViewMode string: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
DhParams string: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
DisableModules List<string>: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EncAlgorithm string: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
FabricStoragePoolQuota double: Disk quota for Fabric (MB).
FabricStoragePoolSize double: Max storage pooll size
FazStatus string: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
FcpCfgService string: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
FgfmCaCert string: set the extra fgfm CA certificates.
FgfmCertExclusive string: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
FgfmDenyUnknown string: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
FgfmLocalCert string: set the fgfm local certificate.
FgfmPeercertWithoutsn string: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
FgfmSslProtocol string: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
FortiservicePort double: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
GlobalSslProtocol string: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
GuiCurlTimeout double: GUI curl timeout in seconds (5-300 default 30).
GuiPollingInterval double: GUI polling interval in seconds (1-288000 default 5).
HaMemberAutoGrouping string: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
Hostname string: System hostname.
HttpdSslProtocols List<string>: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
ImportIgnoreAddrCmt string: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
JsonapiLog string: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
Language string: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
Latitude string: fmg location latitude
LdapCacheTimeout double: LDAP browser cache timeout (seconds).
Ldapconntimeout double: LDAP connection timeout (msec).
LockPreempt string: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
LogChecksum string: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
LogChecksumUpload string: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
LogForwardCacheSize double: Log forwarding disk cache size (GB).
Longitude string: fmg location longitude
ManagementIp string: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
ManagementPort double: Overriding port for management connection (Overrides admin port).
MapclientSslProtocol string: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
MaxLogForward double: Maximum number of log-forward and aggregation settings.
MaxRunningReports double: Maximum number of reports generating at one time.
McPolicyDisabledAdoms List<SystemGlobalMcPolicyDisabledAdom>: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
MultipleStepsUpgradeInAutolink string: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoCopyPermissionCheck string: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoVipValueCheck string: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NormalizedIntfZoneOnly string: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
ObjectRevisionDbMax double: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
ObjectRevisionMandatoryNote string: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
ObjectRevisionObjectMax double: Maximum revisions for a single object (10-1000 default 100).
ObjectRevisionStatus string: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
OftpSslProtocol string: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
PartialInstall string: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
PartialInstallForce string: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
PartialInstallRev string: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
PerPolicyLock string: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
PerformImproveByHa string: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
PolicyObjectIcon string: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
PolicyObjectInDualPane string: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
PreLoginBanner string: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
PreLoginBannerMessage string: Pre-login banner message.
PrivateDataEncryption string: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
Remoteauthtimeout double: Remote authentication (RADIUS/LDAP) timeout (sec).
SaveLastHitInAdomdb string: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
SearchAllAdoms string: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
SshEncAlgos List<string>: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
SshHostkeyAlgos List<string>: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
SshKexAlgos List<string>: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
SshMacAlgos List<string>: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
SshStrongCrypto string: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
SslCipherSuites List<SystemGlobalSslCipherSuite>: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslLowEncryption string: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
SslProtocols List<string>: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
SslStaticKeyCiphers string: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
SystemGlobalId string: an identifier for the resource.
TableEntryBlink string: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
TaskListSize double: Maximum number of completed tasks to keep.
Tftp string: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
Timezone string: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
TunnelMtu double: Maximum transportation unit(68 - 9000).
Usg string: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
VdomMirror string: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
WebserviceProtos List<string>: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
WorkflowMaxSessions double: Maximum number of workflow sessions per ADOM (minimum 100).
WorkspaceMode string: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
WorkspaceUnlockAfterInstall string: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

AdminHost string: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
AdminLockoutDuration float64: Lockout duration(sec) for administration.
AdminLockoutMethod string: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
AdminLockoutThreshold float64: Lockout threshold for administration.
AdminSshGraceTime float64: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
AdomMode string: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
AdomRevAutoDelete string: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
AdomRevMaxBackupRevisions float64: Maximum number of ADOM revisions to backup.
AdomRevMaxDays float64: Number of days to keep old ADOM revisions.
AdomRevMaxRevisions float64: Maximum number of ADOM revisions to keep.
AdomSelect string: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
AdomStatus string: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
ApacheMode string: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
ApiIpBinding string: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
CloneNameOption string: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
CltCertReq string: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
ConsoleOutput string: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
ContentpackFgtInstall string: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
CountryFlag string: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
CreateRevision string: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
Daylightsavetime string: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
DetectUnregisteredLogDevice string: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
DeviceViewMode string: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
DhParams string: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
DisableModules []string: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EncAlgorithm string: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
FabricStoragePoolQuota float64: Disk quota for Fabric (MB).
FabricStoragePoolSize float64: Max storage pooll size
FazStatus string: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
FcpCfgService string: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
FgfmCaCert string: set the extra fgfm CA certificates.
FgfmCertExclusive string: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
FgfmDenyUnknown string: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
FgfmLocalCert string: set the fgfm local certificate.
FgfmPeercertWithoutsn string: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
FgfmSslProtocol string: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
FortiservicePort float64: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
GlobalSslProtocol string: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
GuiCurlTimeout float64: GUI curl timeout in seconds (5-300 default 30).
GuiPollingInterval float64: GUI polling interval in seconds (1-288000 default 5).
HaMemberAutoGrouping string: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
Hostname string: System hostname.
HttpdSslProtocols []string: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
ImportIgnoreAddrCmt string: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
JsonapiLog string: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
Language string: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
Latitude string: fmg location latitude
LdapCacheTimeout float64: LDAP browser cache timeout (seconds).
Ldapconntimeout float64: LDAP connection timeout (msec).
LockPreempt string: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
LogChecksum string: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
LogChecksumUpload string: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
LogForwardCacheSize float64: Log forwarding disk cache size (GB).
Longitude string: fmg location longitude
ManagementIp string: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
ManagementPort float64: Overriding port for management connection (Overrides admin port).
MapclientSslProtocol string: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
MaxLogForward float64: Maximum number of log-forward and aggregation settings.
MaxRunningReports float64: Maximum number of reports generating at one time.
McPolicyDisabledAdoms []SystemGlobalMcPolicyDisabledAdomArgs: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
MultipleStepsUpgradeInAutolink string: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoCopyPermissionCheck string: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoVipValueCheck string: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NormalizedIntfZoneOnly string: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
ObjectRevisionDbMax float64: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
ObjectRevisionMandatoryNote string: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
ObjectRevisionObjectMax float64: Maximum revisions for a single object (10-1000 default 100).
ObjectRevisionStatus string: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
OftpSslProtocol string: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
PartialInstall string: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
PartialInstallForce string: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
PartialInstallRev string: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
PerPolicyLock string: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
PerformImproveByHa string: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
PolicyObjectIcon string: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
PolicyObjectInDualPane string: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
PreLoginBanner string: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
PreLoginBannerMessage string: Pre-login banner message.
PrivateDataEncryption string: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
Remoteauthtimeout float64: Remote authentication (RADIUS/LDAP) timeout (sec).
SaveLastHitInAdomdb string: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
SearchAllAdoms string: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
SshEncAlgos []string: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
SshHostkeyAlgos []string: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
SshKexAlgos []string: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
SshMacAlgos []string: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
SshStrongCrypto string: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
SslCipherSuites []SystemGlobalSslCipherSuiteArgs: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslLowEncryption string: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
SslProtocols []string: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
SslStaticKeyCiphers string: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
SystemGlobalId string: an identifier for the resource.
TableEntryBlink string: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
TaskListSize float64: Maximum number of completed tasks to keep.
Tftp string: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
Timezone string: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
TunnelMtu float64: Maximum transportation unit(68 - 9000).
Usg string: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
VdomMirror string: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
WebserviceProtos []string: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
WorkflowMaxSessions float64: Maximum number of workflow sessions per ADOM (minimum 100).
WorkspaceMode string: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
WorkspaceUnlockAfterInstall string: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

adminHost String: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
adminLockoutDuration Double: Lockout duration(sec) for administration.
adminLockoutMethod String: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
adminLockoutThreshold Double: Lockout threshold for administration.
adminSshGraceTime Double: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adomMode String: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adomRevAutoDelete String: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adomRevMaxBackupRevisions Double: Maximum number of ADOM revisions to backup.
adomRevMaxDays Double: Number of days to keep old ADOM revisions.
adomRevMaxRevisions Double: Maximum number of ADOM revisions to keep.
adomSelect String: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adomStatus String: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apacheMode String: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
apiIpBinding String: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
cloneNameOption String: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
cltCertReq String: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
consoleOutput String: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpackFgtInstall String: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
countryFlag String: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
createRevision String: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime String: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detectUnregisteredLogDevice String: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
deviceViewMode String: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dhParams String: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disableModules List<String>: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
encAlgorithm String: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabricStoragePoolQuota Double: Disk quota for Fabric (MB).
fabricStoragePoolSize Double: Max storage pooll size
fazStatus String: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcpCfgService String: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfmCaCert String: set the extra fgfm CA certificates.
fgfmCertExclusive String: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfmDenyUnknown String: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfmLocalCert String: set the fgfm local certificate.
fgfmPeercertWithoutsn String: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfmSslProtocol String: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservicePort Double: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
globalSslProtocol String: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
guiCurlTimeout Double: GUI curl timeout in seconds (5-300 default 30).
guiPollingInterval Double: GUI polling interval in seconds (1-288000 default 5).
haMemberAutoGrouping String: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname String: System hostname.
httpdSslProtocols List<String>: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
importIgnoreAddrCmt String: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapiLog String: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language String: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude String: fmg location latitude
ldapCacheTimeout Double: LDAP browser cache timeout (seconds).
ldapconntimeout Double: LDAP connection timeout (msec).
lockPreempt String: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
logChecksum String: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
logChecksumUpload String: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
logForwardCacheSize Double: Log forwarding disk cache size (GB).
longitude String: fmg location longitude
managementIp String: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
managementPort Double: Overriding port for management connection (Overrides admin port).
mapclientSslProtocol String: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
maxLogForward Double: Maximum number of log-forward and aggregation settings.
maxRunningReports Double: Maximum number of reports generating at one time.
mcPolicyDisabledAdoms List<SystemGlobalMcPolicyDisabledAdom>: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multipleStepsUpgradeInAutolink String: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noCopyPermissionCheck String: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noVipValueCheck String: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalizedIntfZoneOnly String: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
objectRevisionDbMax Double: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
objectRevisionMandatoryNote String: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
objectRevisionObjectMax Double: Maximum revisions for a single object (10-1000 default 100).
objectRevisionStatus String: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftpSslProtocol String: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partialInstall String: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partialInstallForce String: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partialInstallRev String: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
perPolicyLock String: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
performImproveByHa String: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policyObjectIcon String: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policyObjectInDualPane String: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
preLoginBanner String: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
preLoginBannerMessage String: Pre-login banner message.
privateDataEncryption String: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout Double: Remote authentication (RADIUS/LDAP) timeout (sec).
saveLastHitInAdomdb String: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
searchAllAdoms String: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
sshEncAlgos List<String>: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
sshHostkeyAlgos List<String>: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
sshKexAlgos List<String>: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
sshMacAlgos List<String>: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
sshStrongCrypto String: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
sslCipherSuites List<SystemGlobalSslCipherSuite>: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslLowEncryption String: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
sslProtocols List<String>: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
sslStaticKeyCiphers String: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
systemGlobalId String: an identifier for the resource.
tableEntryBlink String: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
taskListSize Double: Maximum number of completed tasks to keep.
tftp String: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone String: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnelMtu Double: Maximum transportation unit(68 - 9000).
usg String: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdomMirror String: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webserviceProtos List<String>: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflowMaxSessions Double: Maximum number of workflow sessions per ADOM (minimum 100).
workspaceMode String: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspaceUnlockAfterInstall String: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

adminHost string: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
adminLockoutDuration number: Lockout duration(sec) for administration.
adminLockoutMethod string: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
adminLockoutThreshold number: Lockout threshold for administration.
adminSshGraceTime number: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adomMode string: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adomRevAutoDelete string: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adomRevMaxBackupRevisions number: Maximum number of ADOM revisions to backup.
adomRevMaxDays number: Number of days to keep old ADOM revisions.
adomRevMaxRevisions number: Maximum number of ADOM revisions to keep.
adomSelect string: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adomStatus string: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apacheMode string: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
apiIpBinding string: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
cloneNameOption string: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
cltCertReq string: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
consoleOutput string: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpackFgtInstall string: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
countryFlag string: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
createRevision string: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime string: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detectUnregisteredLogDevice string: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
deviceViewMode string: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dhParams string: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disableModules string[]: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
encAlgorithm string: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabricStoragePoolQuota number: Disk quota for Fabric (MB).
fabricStoragePoolSize number: Max storage pooll size
fazStatus string: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcpCfgService string: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfmCaCert string: set the extra fgfm CA certificates.
fgfmCertExclusive string: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfmDenyUnknown string: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfmLocalCert string: set the fgfm local certificate.
fgfmPeercertWithoutsn string: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfmSslProtocol string: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservicePort number: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
globalSslProtocol string: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
guiCurlTimeout number: GUI curl timeout in seconds (5-300 default 30).
guiPollingInterval number: GUI polling interval in seconds (1-288000 default 5).
haMemberAutoGrouping string: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname string: System hostname.
httpdSslProtocols string[]: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
importIgnoreAddrCmt string: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapiLog string: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language string: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude string: fmg location latitude
ldapCacheTimeout number: LDAP browser cache timeout (seconds).
ldapconntimeout number: LDAP connection timeout (msec).
lockPreempt string: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
logChecksum string: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
logChecksumUpload string: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
logForwardCacheSize number: Log forwarding disk cache size (GB).
longitude string: fmg location longitude
managementIp string: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
managementPort number: Overriding port for management connection (Overrides admin port).
mapclientSslProtocol string: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
maxLogForward number: Maximum number of log-forward and aggregation settings.
maxRunningReports number: Maximum number of reports generating at one time.
mcPolicyDisabledAdoms SystemGlobalMcPolicyDisabledAdom[]: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multipleStepsUpgradeInAutolink string: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noCopyPermissionCheck string: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noVipValueCheck string: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalizedIntfZoneOnly string: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
objectRevisionDbMax number: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
objectRevisionMandatoryNote string: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
objectRevisionObjectMax number: Maximum revisions for a single object (10-1000 default 100).
objectRevisionStatus string: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftpSslProtocol string: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partialInstall string: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partialInstallForce string: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partialInstallRev string: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
perPolicyLock string: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
performImproveByHa string: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policyObjectIcon string: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policyObjectInDualPane string: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
preLoginBanner string: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
preLoginBannerMessage string: Pre-login banner message.
privateDataEncryption string: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout number: Remote authentication (RADIUS/LDAP) timeout (sec).
saveLastHitInAdomdb string: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
searchAllAdoms string: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
sshEncAlgos string[]: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
sshHostkeyAlgos string[]: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
sshKexAlgos string[]: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
sshMacAlgos string[]: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
sshStrongCrypto string: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
sslCipherSuites SystemGlobalSslCipherSuite[]: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslLowEncryption string: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
sslProtocols string[]: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
sslStaticKeyCiphers string: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
systemGlobalId string: an identifier for the resource.
tableEntryBlink string: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
taskListSize number: Maximum number of completed tasks to keep.
tftp string: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone string: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnelMtu number: Maximum transportation unit(68 - 9000).
usg string: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdomMirror string: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webserviceProtos string[]: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflowMaxSessions number: Maximum number of workflow sessions per ADOM (minimum 100).
workspaceMode string: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspaceUnlockAfterInstall string: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

admin_host str: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
admin_lockout_duration float: Lockout duration(sec) for administration.
admin_lockout_method str: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
admin_lockout_threshold float: Lockout threshold for administration.
admin_ssh_grace_time float: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adom_mode str: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adom_rev_auto_delete str: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adom_rev_max_backup_revisions float: Maximum number of ADOM revisions to backup.
adom_rev_max_days float: Number of days to keep old ADOM revisions.
adom_rev_max_revisions float: Maximum number of ADOM revisions to keep.
adom_select str: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adom_status str: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apache_mode str: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
api_ip_binding str: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
clone_name_option str: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
clt_cert_req str: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
console_output str: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpack_fgt_install str: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
country_flag str: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
create_revision str: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime str: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detect_unregistered_log_device str: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
device_view_mode str: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dh_params str: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disable_modules Sequence[str]: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamic_sort_subtable str: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
enc_algorithm str: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabric_storage_pool_quota float: Disk quota for Fabric (MB).
fabric_storage_pool_size float: Max storage pooll size
faz_status str: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcp_cfg_service str: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfm_ca_cert str: set the extra fgfm CA certificates.
fgfm_cert_exclusive str: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfm_deny_unknown str: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfm_local_cert str: set the fgfm local certificate.
fgfm_peercert_withoutsn str: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfm_ssl_protocol str: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservice_port float: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
global_ssl_protocol str: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
gui_curl_timeout float: GUI curl timeout in seconds (5-300 default 30).
gui_polling_interval float: GUI polling interval in seconds (1-288000 default 5).
ha_member_auto_grouping str: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname str: System hostname.
httpd_ssl_protocols Sequence[str]: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
import_ignore_addr_cmt str: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapi_log str: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language str: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude str: fmg location latitude
ldap_cache_timeout float: LDAP browser cache timeout (seconds).
ldapconntimeout float: LDAP connection timeout (msec).
lock_preempt str: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
log_checksum str: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
log_checksum_upload str: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
log_forward_cache_size float: Log forwarding disk cache size (GB).
longitude str: fmg location longitude
management_ip str: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
management_port float: Overriding port for management connection (Overrides admin port).
mapclient_ssl_protocol str: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
max_log_forward float: Maximum number of log-forward and aggregation settings.
max_running_reports float: Maximum number of reports generating at one time.
mc_policy_disabled_adoms Sequence[SystemGlobalMcPolicyDisabledAdomArgs]: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multiple_steps_upgrade_in_autolink str: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
no_copy_permission_check str: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
no_vip_value_check str: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalized_intf_zone_only str: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
object_revision_db_max float: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
object_revision_mandatory_note str: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
object_revision_object_max float: Maximum revisions for a single object (10-1000 default 100).
object_revision_status str: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftp_ssl_protocol str: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partial_install str: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partial_install_force str: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partial_install_rev str: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
per_policy_lock str: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
perform_improve_by_ha str: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policy_object_icon str: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policy_object_in_dual_pane str: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
pre_login_banner str: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
pre_login_banner_message str: Pre-login banner message.
private_data_encryption str: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout float: Remote authentication (RADIUS/LDAP) timeout (sec).
save_last_hit_in_adomdb str: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
search_all_adoms str: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
ssh_enc_algos Sequence[str]: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
ssh_hostkey_algos Sequence[str]: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
ssh_kex_algos Sequence[str]: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
ssh_mac_algos Sequence[str]: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
ssh_strong_crypto str: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
ssl_cipher_suites Sequence[SystemGlobalSslCipherSuiteArgs]: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
ssl_low_encryption str: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
ssl_protocols Sequence[str]: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
ssl_static_key_ciphers str: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
system_global_id str: an identifier for the resource.
table_entry_blink str: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
task_list_size float: Maximum number of completed tasks to keep.
tftp str: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone str: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnel_mtu float: Maximum transportation unit(68 - 9000).
usg str: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdom_mirror str: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webservice_protos Sequence[str]: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflow_max_sessions float: Maximum number of workflow sessions per ADOM (minimum 100).
workspace_mode str: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspace_unlock_after_install str: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

adminHost String: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
adminLockoutDuration Number: Lockout duration(sec) for administration.
adminLockoutMethod String: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
adminLockoutThreshold Number: Lockout threshold for administration.
adminSshGraceTime Number: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adomMode String: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adomRevAutoDelete String: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adomRevMaxBackupRevisions Number: Maximum number of ADOM revisions to backup.
adomRevMaxDays Number: Number of days to keep old ADOM revisions.
adomRevMaxRevisions Number: Maximum number of ADOM revisions to keep.
adomSelect String: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adomStatus String: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apacheMode String: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
apiIpBinding String: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
cloneNameOption String: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
cltCertReq String: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
consoleOutput String: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpackFgtInstall String: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
countryFlag String: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
createRevision String: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime String: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detectUnregisteredLogDevice String: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
deviceViewMode String: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dhParams String: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disableModules List<String>: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
encAlgorithm String: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabricStoragePoolQuota Number: Disk quota for Fabric (MB).
fabricStoragePoolSize Number: Max storage pooll size
fazStatus String: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcpCfgService String: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfmCaCert String: set the extra fgfm CA certificates.
fgfmCertExclusive String: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfmDenyUnknown String: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfmLocalCert String: set the fgfm local certificate.
fgfmPeercertWithoutsn String: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfmSslProtocol String: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservicePort Number: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
globalSslProtocol String: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
guiCurlTimeout Number: GUI curl timeout in seconds (5-300 default 30).
guiPollingInterval Number: GUI polling interval in seconds (1-288000 default 5).
haMemberAutoGrouping String: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname String: System hostname.
httpdSslProtocols List<String>: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
importIgnoreAddrCmt String: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapiLog String: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language String: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude String: fmg location latitude
ldapCacheTimeout Number: LDAP browser cache timeout (seconds).
ldapconntimeout Number: LDAP connection timeout (msec).
lockPreempt String: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
logChecksum String: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
logChecksumUpload String: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
logForwardCacheSize Number: Log forwarding disk cache size (GB).
longitude String: fmg location longitude
managementIp String: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
managementPort Number: Overriding port for management connection (Overrides admin port).
mapclientSslProtocol String: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
maxLogForward Number: Maximum number of log-forward and aggregation settings.
maxRunningReports Number: Maximum number of reports generating at one time.
mcPolicyDisabledAdoms List<Property Map>: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multipleStepsUpgradeInAutolink String: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noCopyPermissionCheck String: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noVipValueCheck String: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalizedIntfZoneOnly String: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
objectRevisionDbMax Number: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
objectRevisionMandatoryNote String: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
objectRevisionObjectMax Number: Maximum revisions for a single object (10-1000 default 100).
objectRevisionStatus String: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftpSslProtocol String: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partialInstall String: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partialInstallForce String: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partialInstallRev String: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
perPolicyLock String: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
performImproveByHa String: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policyObjectIcon String: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policyObjectInDualPane String: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
preLoginBanner String: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
preLoginBannerMessage String: Pre-login banner message.
privateDataEncryption String: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout Number: Remote authentication (RADIUS/LDAP) timeout (sec).
saveLastHitInAdomdb String: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
searchAllAdoms String: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
sshEncAlgos List<String>: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
sshHostkeyAlgos List<String>: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
sshKexAlgos List<String>: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
sshMacAlgos List<String>: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
sshStrongCrypto String: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
sslCipherSuites List<Property Map>: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslLowEncryption String: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
sslProtocols List<String>: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
sslStaticKeyCiphers String: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
systemGlobalId String: an identifier for the resource.
tableEntryBlink String: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
taskListSize Number: Maximum number of completed tasks to keep.
tftp String: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone String: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnelMtu Number: Maximum transportation unit(68 - 9000).
usg String: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdomMirror String: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webserviceProtos List<String>: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflowMaxSessions Number: Maximum number of workflow sessions per ADOM (minimum 100).
workspaceMode String: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspaceUnlockAfterInstall String: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

Outputs

All input properties are implicitly available as output properties. Additionally, the SystemGlobal resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SystemGlobal Resource

Get an existing SystemGlobal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: SystemGlobalState, opts?: CustomResourceOptions): SystemGlobal

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admin_host: Optional[str] = None,
        admin_lockout_duration: Optional[float] = None,
        admin_lockout_method: Optional[str] = None,
        admin_lockout_threshold: Optional[float] = None,
        admin_ssh_grace_time: Optional[float] = None,
        adom_mode: Optional[str] = None,
        adom_rev_auto_delete: Optional[str] = None,
        adom_rev_max_backup_revisions: Optional[float] = None,
        adom_rev_max_days: Optional[float] = None,
        adom_rev_max_revisions: Optional[float] = None,
        adom_select: Optional[str] = None,
        adom_status: Optional[str] = None,
        apache_mode: Optional[str] = None,
        api_ip_binding: Optional[str] = None,
        clone_name_option: Optional[str] = None,
        clt_cert_req: Optional[str] = None,
        console_output: Optional[str] = None,
        contentpack_fgt_install: Optional[str] = None,
        country_flag: Optional[str] = None,
        create_revision: Optional[str] = None,
        daylightsavetime: Optional[str] = None,
        detect_unregistered_log_device: Optional[str] = None,
        device_view_mode: Optional[str] = None,
        dh_params: Optional[str] = None,
        disable_modules: Optional[Sequence[str]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        enc_algorithm: Optional[str] = None,
        fabric_storage_pool_quota: Optional[float] = None,
        fabric_storage_pool_size: Optional[float] = None,
        faz_status: Optional[str] = None,
        fcp_cfg_service: Optional[str] = None,
        fgfm_ca_cert: Optional[str] = None,
        fgfm_cert_exclusive: Optional[str] = None,
        fgfm_deny_unknown: Optional[str] = None,
        fgfm_local_cert: Optional[str] = None,
        fgfm_peercert_withoutsn: Optional[str] = None,
        fgfm_ssl_protocol: Optional[str] = None,
        fortiservice_port: Optional[float] = None,
        global_ssl_protocol: Optional[str] = None,
        gui_curl_timeout: Optional[float] = None,
        gui_polling_interval: Optional[float] = None,
        ha_member_auto_grouping: Optional[str] = None,
        hostname: Optional[str] = None,
        httpd_ssl_protocols: Optional[Sequence[str]] = None,
        import_ignore_addr_cmt: Optional[str] = None,
        jsonapi_log: Optional[str] = None,
        language: Optional[str] = None,
        latitude: Optional[str] = None,
        ldap_cache_timeout: Optional[float] = None,
        ldapconntimeout: Optional[float] = None,
        lock_preempt: Optional[str] = None,
        log_checksum: Optional[str] = None,
        log_checksum_upload: Optional[str] = None,
        log_forward_cache_size: Optional[float] = None,
        longitude: Optional[str] = None,
        management_ip: Optional[str] = None,
        management_port: Optional[float] = None,
        mapclient_ssl_protocol: Optional[str] = None,
        max_log_forward: Optional[float] = None,
        max_running_reports: Optional[float] = None,
        mc_policy_disabled_adoms: Optional[Sequence[SystemGlobalMcPolicyDisabledAdomArgs]] = None,
        multiple_steps_upgrade_in_autolink: Optional[str] = None,
        no_copy_permission_check: Optional[str] = None,
        no_vip_value_check: Optional[str] = None,
        normalized_intf_zone_only: Optional[str] = None,
        object_revision_db_max: Optional[float] = None,
        object_revision_mandatory_note: Optional[str] = None,
        object_revision_object_max: Optional[float] = None,
        object_revision_status: Optional[str] = None,
        oftp_ssl_protocol: Optional[str] = None,
        partial_install: Optional[str] = None,
        partial_install_force: Optional[str] = None,
        partial_install_rev: Optional[str] = None,
        per_policy_lock: Optional[str] = None,
        perform_improve_by_ha: Optional[str] = None,
        policy_object_icon: Optional[str] = None,
        policy_object_in_dual_pane: Optional[str] = None,
        pre_login_banner: Optional[str] = None,
        pre_login_banner_message: Optional[str] = None,
        private_data_encryption: Optional[str] = None,
        remoteauthtimeout: Optional[float] = None,
        save_last_hit_in_adomdb: Optional[str] = None,
        search_all_adoms: Optional[str] = None,
        ssh_enc_algos: Optional[Sequence[str]] = None,
        ssh_hostkey_algos: Optional[Sequence[str]] = None,
        ssh_kex_algos: Optional[Sequence[str]] = None,
        ssh_mac_algos: Optional[Sequence[str]] = None,
        ssh_strong_crypto: Optional[str] = None,
        ssl_cipher_suites: Optional[Sequence[SystemGlobalSslCipherSuiteArgs]] = None,
        ssl_low_encryption: Optional[str] = None,
        ssl_protocols: Optional[Sequence[str]] = None,
        ssl_static_key_ciphers: Optional[str] = None,
        system_global_id: Optional[str] = None,
        table_entry_blink: Optional[str] = None,
        task_list_size: Optional[float] = None,
        tftp: Optional[str] = None,
        timezone: Optional[str] = None,
        tunnel_mtu: Optional[float] = None,
        usg: Optional[str] = None,
        vdom_mirror: Optional[str] = None,
        webservice_protos: Optional[Sequence[str]] = None,
        workflow_max_sessions: Optional[float] = None,
        workspace_mode: Optional[str] = None,
        workspace_unlock_after_install: Optional[str] = None) -> SystemGlobal

func GetSystemGlobal(ctx *Context, name string, id IDInput, state *SystemGlobalState, opts ...ResourceOption) (*SystemGlobal, error)

public static SystemGlobal Get(string name, Input<string> id, SystemGlobalState? state, CustomResourceOptions? opts = null)

public static SystemGlobal get(String name, Output<String> id, SystemGlobalState state, CustomResourceOptions options)

resources:  _:    type: fortimanager:SystemGlobal    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdminHost string: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
AdminLockoutDuration double: Lockout duration(sec) for administration.
AdminLockoutMethod string: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
AdminLockoutThreshold double: Lockout threshold for administration.
AdminSshGraceTime double: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
AdomMode string: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
AdomRevAutoDelete string: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
AdomRevMaxBackupRevisions double: Maximum number of ADOM revisions to backup.
AdomRevMaxDays double: Number of days to keep old ADOM revisions.
AdomRevMaxRevisions double: Maximum number of ADOM revisions to keep.
AdomSelect string: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
AdomStatus string: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
ApacheMode string: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
ApiIpBinding string: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
CloneNameOption string: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
CltCertReq string: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
ConsoleOutput string: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
ContentpackFgtInstall string: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
CountryFlag string: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
CreateRevision string: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
Daylightsavetime string: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
DetectUnregisteredLogDevice string: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
DeviceViewMode string: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
DhParams string: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
DisableModules List<string>: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EncAlgorithm string: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
FabricStoragePoolQuota double: Disk quota for Fabric (MB).
FabricStoragePoolSize double: Max storage pooll size
FazStatus string: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
FcpCfgService string: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
FgfmCaCert string: set the extra fgfm CA certificates.
FgfmCertExclusive string: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
FgfmDenyUnknown string: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
FgfmLocalCert string: set the fgfm local certificate.
FgfmPeercertWithoutsn string: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
FgfmSslProtocol string: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
FortiservicePort double: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
GlobalSslProtocol string: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
GuiCurlTimeout double: GUI curl timeout in seconds (5-300 default 30).
GuiPollingInterval double: GUI polling interval in seconds (1-288000 default 5).
HaMemberAutoGrouping string: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
Hostname string: System hostname.
HttpdSslProtocols List<string>: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
ImportIgnoreAddrCmt string: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
JsonapiLog string: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
Language string: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
Latitude string: fmg location latitude
LdapCacheTimeout double: LDAP browser cache timeout (seconds).
Ldapconntimeout double: LDAP connection timeout (msec).
LockPreempt string: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
LogChecksum string: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
LogChecksumUpload string: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
LogForwardCacheSize double: Log forwarding disk cache size (GB).
Longitude string: fmg location longitude
ManagementIp string: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
ManagementPort double: Overriding port for management connection (Overrides admin port).
MapclientSslProtocol string: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
MaxLogForward double: Maximum number of log-forward and aggregation settings.
MaxRunningReports double: Maximum number of reports generating at one time.
McPolicyDisabledAdoms List<SystemGlobalMcPolicyDisabledAdom>: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
MultipleStepsUpgradeInAutolink string: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoCopyPermissionCheck string: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoVipValueCheck string: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NormalizedIntfZoneOnly string: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
ObjectRevisionDbMax double: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
ObjectRevisionMandatoryNote string: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
ObjectRevisionObjectMax double: Maximum revisions for a single object (10-1000 default 100).
ObjectRevisionStatus string: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
OftpSslProtocol string: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
PartialInstall string: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
PartialInstallForce string: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
PartialInstallRev string: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
PerPolicyLock string: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
PerformImproveByHa string: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
PolicyObjectIcon string: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
PolicyObjectInDualPane string: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
PreLoginBanner string: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
PreLoginBannerMessage string: Pre-login banner message.
PrivateDataEncryption string: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
Remoteauthtimeout double: Remote authentication (RADIUS/LDAP) timeout (sec).
SaveLastHitInAdomdb string: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
SearchAllAdoms string: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
SshEncAlgos List<string>: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
SshHostkeyAlgos List<string>: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
SshKexAlgos List<string>: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
SshMacAlgos List<string>: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
SshStrongCrypto string: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
SslCipherSuites List<SystemGlobalSslCipherSuite>: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslLowEncryption string: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
SslProtocols List<string>: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
SslStaticKeyCiphers string: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
SystemGlobalId string: an identifier for the resource.
TableEntryBlink string: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
TaskListSize double: Maximum number of completed tasks to keep.
Tftp string: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
Timezone string: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
TunnelMtu double: Maximum transportation unit(68 - 9000).
Usg string: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
VdomMirror string: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
WebserviceProtos List<string>: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
WorkflowMaxSessions double: Maximum number of workflow sessions per ADOM (minimum 100).
WorkspaceMode string: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
WorkspaceUnlockAfterInstall string: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

AdminHost string: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
AdminLockoutDuration float64: Lockout duration(sec) for administration.
AdminLockoutMethod string: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
AdminLockoutThreshold float64: Lockout threshold for administration.
AdminSshGraceTime float64: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
AdomMode string: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
AdomRevAutoDelete string: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
AdomRevMaxBackupRevisions float64: Maximum number of ADOM revisions to backup.
AdomRevMaxDays float64: Number of days to keep old ADOM revisions.
AdomRevMaxRevisions float64: Maximum number of ADOM revisions to keep.
AdomSelect string: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
AdomStatus string: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
ApacheMode string: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
ApiIpBinding string: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
CloneNameOption string: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
CltCertReq string: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
ConsoleOutput string: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
ContentpackFgtInstall string: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
CountryFlag string: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
CreateRevision string: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
Daylightsavetime string: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
DetectUnregisteredLogDevice string: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
DeviceViewMode string: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
DhParams string: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
DisableModules []string: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
DynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
EncAlgorithm string: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
FabricStoragePoolQuota float64: Disk quota for Fabric (MB).
FabricStoragePoolSize float64: Max storage pooll size
FazStatus string: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
FcpCfgService string: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
FgfmCaCert string: set the extra fgfm CA certificates.
FgfmCertExclusive string: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
FgfmDenyUnknown string: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
FgfmLocalCert string: set the fgfm local certificate.
FgfmPeercertWithoutsn string: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
FgfmSslProtocol string: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
FortiservicePort float64: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
GlobalSslProtocol string: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
GuiCurlTimeout float64: GUI curl timeout in seconds (5-300 default 30).
GuiPollingInterval float64: GUI polling interval in seconds (1-288000 default 5).
HaMemberAutoGrouping string: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
Hostname string: System hostname.
HttpdSslProtocols []string: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
ImportIgnoreAddrCmt string: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
JsonapiLog string: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
Language string: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
Latitude string: fmg location latitude
LdapCacheTimeout float64: LDAP browser cache timeout (seconds).
Ldapconntimeout float64: LDAP connection timeout (msec).
LockPreempt string: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
LogChecksum string: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
LogChecksumUpload string: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
LogForwardCacheSize float64: Log forwarding disk cache size (GB).
Longitude string: fmg location longitude
ManagementIp string: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
ManagementPort float64: Overriding port for management connection (Overrides admin port).
MapclientSslProtocol string: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
MaxLogForward float64: Maximum number of log-forward and aggregation settings.
MaxRunningReports float64: Maximum number of reports generating at one time.
McPolicyDisabledAdoms []SystemGlobalMcPolicyDisabledAdomArgs: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
MultipleStepsUpgradeInAutolink string: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoCopyPermissionCheck string: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NoVipValueCheck string: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
NormalizedIntfZoneOnly string: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
ObjectRevisionDbMax float64: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
ObjectRevisionMandatoryNote string: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
ObjectRevisionObjectMax float64: Maximum revisions for a single object (10-1000 default 100).
ObjectRevisionStatus string: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
OftpSslProtocol string: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
PartialInstall string: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
PartialInstallForce string: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
PartialInstallRev string: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
PerPolicyLock string: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
PerformImproveByHa string: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
PolicyObjectIcon string: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
PolicyObjectInDualPane string: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
PreLoginBanner string: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
PreLoginBannerMessage string: Pre-login banner message.
PrivateDataEncryption string: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
Remoteauthtimeout float64: Remote authentication (RADIUS/LDAP) timeout (sec).
SaveLastHitInAdomdb string: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
SearchAllAdoms string: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
SshEncAlgos []string: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
SshHostkeyAlgos []string: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
SshKexAlgos []string: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
SshMacAlgos []string: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
SshStrongCrypto string: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
SslCipherSuites []SystemGlobalSslCipherSuiteArgs: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslLowEncryption string: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
SslProtocols []string: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
SslStaticKeyCiphers string: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
SystemGlobalId string: an identifier for the resource.
TableEntryBlink string: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
TaskListSize float64: Maximum number of completed tasks to keep.
Tftp string: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
Timezone string: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
TunnelMtu float64: Maximum transportation unit(68 - 9000).
Usg string: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
VdomMirror string: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
WebserviceProtos []string: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
WorkflowMaxSessions float64: Maximum number of workflow sessions per ADOM (minimum 100).
WorkspaceMode string: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
WorkspaceUnlockAfterInstall string: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

adminHost String: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
adminLockoutDuration Double: Lockout duration(sec) for administration.
adminLockoutMethod String: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
adminLockoutThreshold Double: Lockout threshold for administration.
adminSshGraceTime Double: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adomMode String: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adomRevAutoDelete String: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adomRevMaxBackupRevisions Double: Maximum number of ADOM revisions to backup.
adomRevMaxDays Double: Number of days to keep old ADOM revisions.
adomRevMaxRevisions Double: Maximum number of ADOM revisions to keep.
adomSelect String: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adomStatus String: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apacheMode String: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
apiIpBinding String: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
cloneNameOption String: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
cltCertReq String: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
consoleOutput String: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpackFgtInstall String: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
countryFlag String: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
createRevision String: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime String: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detectUnregisteredLogDevice String: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
deviceViewMode String: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dhParams String: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disableModules List<String>: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
encAlgorithm String: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabricStoragePoolQuota Double: Disk quota for Fabric (MB).
fabricStoragePoolSize Double: Max storage pooll size
fazStatus String: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcpCfgService String: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfmCaCert String: set the extra fgfm CA certificates.
fgfmCertExclusive String: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfmDenyUnknown String: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfmLocalCert String: set the fgfm local certificate.
fgfmPeercertWithoutsn String: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfmSslProtocol String: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservicePort Double: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
globalSslProtocol String: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
guiCurlTimeout Double: GUI curl timeout in seconds (5-300 default 30).
guiPollingInterval Double: GUI polling interval in seconds (1-288000 default 5).
haMemberAutoGrouping String: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname String: System hostname.
httpdSslProtocols List<String>: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
importIgnoreAddrCmt String: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapiLog String: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language String: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude String: fmg location latitude
ldapCacheTimeout Double: LDAP browser cache timeout (seconds).
ldapconntimeout Double: LDAP connection timeout (msec).
lockPreempt String: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
logChecksum String: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
logChecksumUpload String: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
logForwardCacheSize Double: Log forwarding disk cache size (GB).
longitude String: fmg location longitude
managementIp String: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
managementPort Double: Overriding port for management connection (Overrides admin port).
mapclientSslProtocol String: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
maxLogForward Double: Maximum number of log-forward and aggregation settings.
maxRunningReports Double: Maximum number of reports generating at one time.
mcPolicyDisabledAdoms List<SystemGlobalMcPolicyDisabledAdom>: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multipleStepsUpgradeInAutolink String: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noCopyPermissionCheck String: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noVipValueCheck String: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalizedIntfZoneOnly String: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
objectRevisionDbMax Double: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
objectRevisionMandatoryNote String: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
objectRevisionObjectMax Double: Maximum revisions for a single object (10-1000 default 100).
objectRevisionStatus String: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftpSslProtocol String: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partialInstall String: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partialInstallForce String: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partialInstallRev String: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
perPolicyLock String: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
performImproveByHa String: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policyObjectIcon String: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policyObjectInDualPane String: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
preLoginBanner String: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
preLoginBannerMessage String: Pre-login banner message.
privateDataEncryption String: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout Double: Remote authentication (RADIUS/LDAP) timeout (sec).
saveLastHitInAdomdb String: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
searchAllAdoms String: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
sshEncAlgos List<String>: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
sshHostkeyAlgos List<String>: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
sshKexAlgos List<String>: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
sshMacAlgos List<String>: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
sshStrongCrypto String: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
sslCipherSuites List<SystemGlobalSslCipherSuite>: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslLowEncryption String: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
sslProtocols List<String>: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
sslStaticKeyCiphers String: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
systemGlobalId String: an identifier for the resource.
tableEntryBlink String: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
taskListSize Double: Maximum number of completed tasks to keep.
tftp String: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone String: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnelMtu Double: Maximum transportation unit(68 - 9000).
usg String: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdomMirror String: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webserviceProtos List<String>: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflowMaxSessions Double: Maximum number of workflow sessions per ADOM (minimum 100).
workspaceMode String: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspaceUnlockAfterInstall String: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

adminHost string: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
adminLockoutDuration number: Lockout duration(sec) for administration.
adminLockoutMethod string: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
adminLockoutThreshold number: Lockout threshold for administration.
adminSshGraceTime number: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adomMode string: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adomRevAutoDelete string: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adomRevMaxBackupRevisions number: Maximum number of ADOM revisions to backup.
adomRevMaxDays number: Number of days to keep old ADOM revisions.
adomRevMaxRevisions number: Maximum number of ADOM revisions to keep.
adomSelect string: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adomStatus string: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apacheMode string: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
apiIpBinding string: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
cloneNameOption string: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
cltCertReq string: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
consoleOutput string: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpackFgtInstall string: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
countryFlag string: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
createRevision string: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime string: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detectUnregisteredLogDevice string: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
deviceViewMode string: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dhParams string: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disableModules string[]: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamicSortSubtable string: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
encAlgorithm string: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabricStoragePoolQuota number: Disk quota for Fabric (MB).
fabricStoragePoolSize number: Max storage pooll size
fazStatus string: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcpCfgService string: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfmCaCert string: set the extra fgfm CA certificates.
fgfmCertExclusive string: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfmDenyUnknown string: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfmLocalCert string: set the fgfm local certificate.
fgfmPeercertWithoutsn string: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfmSslProtocol string: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservicePort number: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
globalSslProtocol string: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
guiCurlTimeout number: GUI curl timeout in seconds (5-300 default 30).
guiPollingInterval number: GUI polling interval in seconds (1-288000 default 5).
haMemberAutoGrouping string: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname string: System hostname.
httpdSslProtocols string[]: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
importIgnoreAddrCmt string: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapiLog string: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language string: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude string: fmg location latitude
ldapCacheTimeout number: LDAP browser cache timeout (seconds).
ldapconntimeout number: LDAP connection timeout (msec).
lockPreempt string: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
logChecksum string: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
logChecksumUpload string: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
logForwardCacheSize number: Log forwarding disk cache size (GB).
longitude string: fmg location longitude
managementIp string: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
managementPort number: Overriding port for management connection (Overrides admin port).
mapclientSslProtocol string: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
maxLogForward number: Maximum number of log-forward and aggregation settings.
maxRunningReports number: Maximum number of reports generating at one time.
mcPolicyDisabledAdoms SystemGlobalMcPolicyDisabledAdom[]: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multipleStepsUpgradeInAutolink string: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noCopyPermissionCheck string: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noVipValueCheck string: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalizedIntfZoneOnly string: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
objectRevisionDbMax number: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
objectRevisionMandatoryNote string: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
objectRevisionObjectMax number: Maximum revisions for a single object (10-1000 default 100).
objectRevisionStatus string: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftpSslProtocol string: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partialInstall string: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partialInstallForce string: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partialInstallRev string: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
perPolicyLock string: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
performImproveByHa string: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policyObjectIcon string: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policyObjectInDualPane string: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
preLoginBanner string: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
preLoginBannerMessage string: Pre-login banner message.
privateDataEncryption string: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout number: Remote authentication (RADIUS/LDAP) timeout (sec).
saveLastHitInAdomdb string: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
searchAllAdoms string: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
sshEncAlgos string[]: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
sshHostkeyAlgos string[]: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
sshKexAlgos string[]: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
sshMacAlgos string[]: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
sshStrongCrypto string: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
sslCipherSuites SystemGlobalSslCipherSuite[]: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslLowEncryption string: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
sslProtocols string[]: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
sslStaticKeyCiphers string: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
systemGlobalId string: an identifier for the resource.
tableEntryBlink string: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
taskListSize number: Maximum number of completed tasks to keep.
tftp string: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone string: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnelMtu number: Maximum transportation unit(68 - 9000).
usg string: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdomMirror string: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webserviceProtos string[]: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflowMaxSessions number: Maximum number of workflow sessions per ADOM (minimum 100).
workspaceMode string: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspaceUnlockAfterInstall string: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

admin_host str: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
admin_lockout_duration float: Lockout duration(sec) for administration.
admin_lockout_method str: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
admin_lockout_threshold float: Lockout threshold for administration.
admin_ssh_grace_time float: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adom_mode str: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adom_rev_auto_delete str: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adom_rev_max_backup_revisions float: Maximum number of ADOM revisions to backup.
adom_rev_max_days float: Number of days to keep old ADOM revisions.
adom_rev_max_revisions float: Maximum number of ADOM revisions to keep.
adom_select str: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adom_status str: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apache_mode str: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
api_ip_binding str: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
clone_name_option str: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
clt_cert_req str: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
console_output str: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpack_fgt_install str: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
country_flag str: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
create_revision str: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime str: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detect_unregistered_log_device str: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
device_view_mode str: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dh_params str: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disable_modules Sequence[str]: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamic_sort_subtable str: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
enc_algorithm str: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabric_storage_pool_quota float: Disk quota for Fabric (MB).
fabric_storage_pool_size float: Max storage pooll size
faz_status str: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcp_cfg_service str: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfm_ca_cert str: set the extra fgfm CA certificates.
fgfm_cert_exclusive str: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfm_deny_unknown str: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfm_local_cert str: set the fgfm local certificate.
fgfm_peercert_withoutsn str: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfm_ssl_protocol str: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservice_port float: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
global_ssl_protocol str: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
gui_curl_timeout float: GUI curl timeout in seconds (5-300 default 30).
gui_polling_interval float: GUI polling interval in seconds (1-288000 default 5).
ha_member_auto_grouping str: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname str: System hostname.
httpd_ssl_protocols Sequence[str]: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
import_ignore_addr_cmt str: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapi_log str: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language str: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude str: fmg location latitude
ldap_cache_timeout float: LDAP browser cache timeout (seconds).
ldapconntimeout float: LDAP connection timeout (msec).
lock_preempt str: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
log_checksum str: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
log_checksum_upload str: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
log_forward_cache_size float: Log forwarding disk cache size (GB).
longitude str: fmg location longitude
management_ip str: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
management_port float: Overriding port for management connection (Overrides admin port).
mapclient_ssl_protocol str: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
max_log_forward float: Maximum number of log-forward and aggregation settings.
max_running_reports float: Maximum number of reports generating at one time.
mc_policy_disabled_adoms Sequence[SystemGlobalMcPolicyDisabledAdomArgs]: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multiple_steps_upgrade_in_autolink str: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
no_copy_permission_check str: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
no_vip_value_check str: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalized_intf_zone_only str: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
object_revision_db_max float: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
object_revision_mandatory_note str: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
object_revision_object_max float: Maximum revisions for a single object (10-1000 default 100).
object_revision_status str: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftp_ssl_protocol str: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partial_install str: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partial_install_force str: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partial_install_rev str: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
per_policy_lock str: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
perform_improve_by_ha str: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policy_object_icon str: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policy_object_in_dual_pane str: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
pre_login_banner str: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
pre_login_banner_message str: Pre-login banner message.
private_data_encryption str: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout float: Remote authentication (RADIUS/LDAP) timeout (sec).
save_last_hit_in_adomdb str: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
search_all_adoms str: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
ssh_enc_algos Sequence[str]: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
ssh_hostkey_algos Sequence[str]: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
ssh_kex_algos Sequence[str]: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
ssh_mac_algos Sequence[str]: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
ssh_strong_crypto str: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
ssl_cipher_suites Sequence[SystemGlobalSslCipherSuiteArgs]: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
ssl_low_encryption str: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
ssl_protocols Sequence[str]: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
ssl_static_key_ciphers str: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
system_global_id str: an identifier for the resource.
table_entry_blink str: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
task_list_size float: Maximum number of completed tasks to keep.
tftp str: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone str: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnel_mtu float: Maximum transportation unit(68 - 9000).
usg str: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdom_mirror str: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webservice_protos Sequence[str]: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflow_max_sessions float: Maximum number of workflow sessions per ADOM (minimum 100).
workspace_mode str: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspace_unlock_after_install str: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

adminHost String: Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection.
adminLockoutDuration Number: Lockout duration(sec) for administration.
adminLockoutMethod String: Lockout method for administration. ip - Lockout by IP user - Lockout by user Valid values: ip, user.
adminLockoutThreshold Number: Lockout threshold for administration.
adminSshGraceTime Number: Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120).
adomMode String: ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Valid values: normal, advanced.
adomRevAutoDelete String: Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Valid values: disable, by-revisions, by-days.
adomRevMaxBackupRevisions Number: Maximum number of ADOM revisions to backup.
adomRevMaxDays Number: Number of days to keep old ADOM revisions.
adomRevMaxRevisions Number: Maximum number of ADOM revisions to keep.
adomSelect String: Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Valid values: disable, enable.
adomStatus String: ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Valid values: disable, enable.
apacheMode String: Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Valid values: event, prefork.
apiIpBinding String: Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
cloneNameOption String: set the clone object names option. default - Add a prefix of 'Clone of' to the clone name. keep - Keep the original name for user to edit. Valid values: default, keep.
cltCertReq String: Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Valid values: disable, enable, optional.
consoleOutput String: Console output mode. standard - Standard output. more - More page output. Valid values: standard, more.
contentpackFgtInstall String: Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Valid values: disable, enable.
countryFlag String: Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Valid values: disable, enable.
createRevision String: Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Valid values: disable, enable.
daylightsavetime String: Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
detectUnregisteredLogDevice String: Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
deviceViewMode String: Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Valid values: regular, tree.
dhParams String: Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Valid values: 1024, 1536, 2048, 3072, 4096, 6144, 8192.
disableModules List<String>: Disable module list. fortiview-noc - FortiView/NOC-SOC module. fortirecorder - FortiRecorder module. siem - SIEM module. soc - SOC module. ai - AI module. Valid values: fortiview-noc, fortirecorder, siem, soc, ai.
dynamicSortSubtable String: true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
encAlgorithm String: SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Valid values: low, medium, high.
fabricStoragePoolQuota Number: Disk quota for Fabric (MB).
fabricStoragePoolSize Number: Max storage pooll size
fazStatus String: FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Valid values: disable, enable.
fcpCfgService String: Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Valid values: disable, enable.
fgfmCaCert String: set the extra fgfm CA certificates.
fgfmCertExclusive String: set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Valid values: disable, enable.
fgfmDenyUnknown String: set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Valid values: disable, enable.
fgfmLocalCert String: set the fgfm local certificate.
fgfmPeercertWithoutsn String: set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Valid values: disable, enable.
fgfmSslProtocol String: set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
fortiservicePort Number: FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.
globalSslProtocol String: set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
guiCurlTimeout Number: GUI curl timeout in seconds (5-300 default 30).
guiPollingInterval Number: GUI polling interval in seconds (1-288000 default 5).
haMemberAutoGrouping String: Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: disable, enable.
hostname String: System hostname.
httpdSslProtocols List<String>: set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
importIgnoreAddrCmt String: Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Valid values: disable, enable.
jsonapiLog String: enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: disable, request, response, all.
language String: System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: english, simch, japanese, korean, spanish, trach.
latitude String: fmg location latitude
ldapCacheTimeout Number: LDAP browser cache timeout (seconds).
ldapconntimeout Number: LDAP connection timeout (msec).
lockPreempt String: Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Valid values: disable, enable.
logChecksum String: Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log file's MD5 hash value only. md5-auth - Record log file's MD5 hash value and authentication code. Valid values: none, md5, md5-auth.
logChecksumUpload String: Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Valid values: disable, enable.
logForwardCacheSize Number: Log forwarding disk cache size (GB).
longitude String: fmg location longitude
managementIp String: Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
managementPort Number: Overriding port for management connection (Overrides admin port).
mapclientSslProtocol String: set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
maxLogForward Number: Maximum number of log-forward and aggregation settings.
maxRunningReports Number: Maximum number of reports generating at one time.
mcPolicyDisabledAdoms List<Property Map>: Mc-Policy-Disabled-Adoms. The structure of mc_policy_disabled_adoms block is documented below.
multipleStepsUpgradeInAutolink String: Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noCopyPermissionCheck String: Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
noVipValueCheck String: Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
normalizedIntfZoneOnly String: allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
objectRevisionDbMax Number: Maximum revisions for a single database (10,000-1,000,000 default 100,000).
objectRevisionMandatoryNote String: Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
objectRevisionObjectMax Number: Maximum revisions for a single object (10-1000 default 100).
objectRevisionStatus String: Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Valid values: disable, enable.
oftpSslProtocol String: set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3.
partialInstall String: Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Valid values: disable, enable.
partialInstallForce String: Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Valid values: disable, enable.
partialInstallRev String: Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Valid values: disable, enable.
perPolicyLock String: Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Valid values: disable, enable.
performImproveByHa String: Enable/Disable performance improvement by distributing tasks to HA secondary units. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Valid values: disable, enable.
policyObjectIcon String: show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Valid values: disable, enable.
policyObjectInDualPane String: show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Valid values: disable, enable.
preLoginBanner String: Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Valid values: disable, enable.
preLoginBannerMessage String: Pre-login banner message.
privateDataEncryption String: Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Valid values: disable, enable.
remoteauthtimeout Number: Remote authentication (RADIUS/LDAP) timeout (sec).
saveLastHitInAdomdb String: Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Valid values: disable, enable.
searchAllAdoms String: Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Valid values: disable, enable.
sshEncAlgos List<String>: Select one or more SSH ciphers. chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com - Valid values: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com.
sshHostkeyAlgos List<String>: Select one or more SSH hostkey algorithms. ssh-rsa - ecdsa-sha2-nistp521 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 - Valid values: ssh-rsa, ecdsa-sha2-nistp521, rsa-sha2-256, rsa-sha2-512, ssh-ed25519.
sshKexAlgos List<String>: Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - Valid values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521.
sshMacAlgos List<String>: Select one or more SSH MAC algorithms. hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - Valid values: hmac-md5, hmac-md5-etm@openssh.com, hmac-md5-96, hmac-md5-96-etm@openssh.com, hmac-sha1, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-ripemd160-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com.
sshStrongCrypto String: Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Valid values: disable, enable.
sslCipherSuites List<Property Map>: Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslLowEncryption String: SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Valid values: disable, enable.
sslProtocols List<String>: SSL protocols. tlsv1.3 - Enable TLSv1.3. tlsv1.2 - Enable TLSv1.2. tlsv1.1 - Enable TLSv1.1. tlsv1.0 - Enable TLSv1.0. sslv3 - Enable SSLv3. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3.
sslStaticKeyCiphers String: Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
systemGlobalId String: an identifier for the resource.
tableEntryBlink String: Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Valid values: disable, enable.
taskListSize Number: Maximum number of completed tasks to keep.
tftp String: Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Valid values: disable, enable.
timezone String: Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic (Deprecated). 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) London, Edinburgh. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi, Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+5:30) Sri Jayawardenepura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing, ChongQing, HongKong, Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nuku'alofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. 90 - (GMT) Dublin. 91 - (GMT) Lisbon. Valid values: 00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91.
tunnelMtu Number: Maximum transportation unit(68 - 9000).
usg String: Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Valid values: disable, enable.
vdomMirror String: VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Valid values: disable, enable.
webserviceProtos List<String>: Web Service connection support SSL protocols. tlsv1.3 - Web Service connection using TLSv1.3 protocol. tlsv1.2 - Web Service connection using TLSv1.2 protocol. tlsv1.1 - Web Service connection using TLSv1.1 protocol. tlsv1.0 - Web Service connection using TLSv1.0 protocol. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Valid values: tlsv1.3, tlsv1.2, tlsv1.1, tlsv1.0, sslv3, sslv2.
workflowMaxSessions Number: Maximum number of workflow sessions per ADOM (minimum 100).
workspaceMode String: Set workspace mode. disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. per-adom - Per-Adom workspace mode. Valid values: disabled, normal, workflow, per-adom.
workspaceUnlockAfterInstall String: Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Valid values: disable, enable.

Supporting Types

SystemGlobalMcPolicyDisabledAdom
, SystemGlobalMcPolicyDisabledAdomArgs

AdomName string: Adom names.

AdomName string: Adom names.

adomName String: Adom names.

adomName string: Adom names.

adom_name str: Adom names.

adomName String: Adom names.

SystemGlobalSslCipherSuite
, SystemGlobalSslCipherSuiteArgs

Cipher string: Cipher name
Priority double: SSL/TLS cipher suites priority.
Version string: SSL/TLS version the cipher suite can be used with. tls1.2-or-below - TLS 1.2 or below. tls1.3 - TLS 1.3 Valid values: tls1.2-or-below, tls1.3.

Cipher string: Cipher name
Priority float64: SSL/TLS cipher suites priority.
Version string: SSL/TLS version the cipher suite can be used with. tls1.2-or-below - TLS 1.2 or below. tls1.3 - TLS 1.3 Valid values: tls1.2-or-below, tls1.3.

cipher String: Cipher name
priority Double: SSL/TLS cipher suites priority.
version String: SSL/TLS version the cipher suite can be used with. tls1.2-or-below - TLS 1.2 or below. tls1.3 - TLS 1.3 Valid values: tls1.2-or-below, tls1.3.

cipher string: Cipher name
priority number: SSL/TLS cipher suites priority.
version string: SSL/TLS version the cipher suite can be used with. tls1.2-or-below - TLS 1.2 or below. tls1.3 - TLS 1.3 Valid values: tls1.2-or-below, tls1.3.

cipher str: Cipher name
priority float: SSL/TLS cipher suites priority.
version str: SSL/TLS version the cipher suite can be used with. tls1.2-or-below - TLS 1.2 or below. tls1.3 - TLS 1.3 Valid values: tls1.2-or-below, tls1.3.

cipher String: Cipher name
priority Number: SSL/TLS cipher suites priority.
version String: SSL/TLS version the cipher suite can be used with. tls1.2-or-below - TLS 1.2 or below. tls1.3 - TLS 1.3 Valid values: tls1.2-or-below, tls1.3.

Import

System Global can be imported using any of these accepted formats:

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/systemGlobal:SystemGlobal labelname SystemGlobal

$ unset “FORTIMANAGER_IMPORT_TABLE”

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes: This Pulumi package is based on the fortimanager Terraform Provider.

fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortinetdev/terraform-provider-fortimanager

fortimanager.SystemGlobal

On this page

On this page

Example Usage

Create SystemGlobal Resource

Constructor syntax

Parameters

Constructor example

SystemGlobal Resource Properties

Inputs

Outputs

Look up Existing SystemGlobal Resource

Supporting Types

SystemGlobalMcPolicyDisabledAdom
, SystemGlobalMcPolicyDisabledAdomArgs

SystemGlobalSslCipherSuite
, SystemGlobalSslCipherSuiteArgs

Import

Package Details

On this page

On this page

fortimanager.SystemGlobal

On this page

On this page

Example Usage

Create SystemGlobal Resource

Constructor syntax

Parameters

Constructor example

SystemGlobal Resource Properties

Inputs

Outputs

Look up Existing SystemGlobal Resource

Supporting Types

SystemGlobalMcPolicyDisabledAdom, SystemGlobalMcPolicyDisabledAdomArgs

SystemGlobalSslCipherSuite, SystemGlobalSslCipherSuiteArgs

Import

Package Details

On this page

On this page

SystemGlobalMcPolicyDisabledAdom
, SystemGlobalMcPolicyDisabledAdomArgs

SystemGlobalSslCipherSuite
, SystemGlobalSslCipherSuiteArgs