config system global
Use this command to manage system settings.
Before you begin:
- You must have read-write permission for system settings.
Syntax
config system global
set admin-idle-timeout <integer>
set config-sync {enable|disable}
set default-certificate <certname>
set hardware-ssl {enable|disable}
set hostname <string>
set language {english|chinese-simplified}
set port-http <integer>
set port-https <integer>
set port-ssh <integer>
set port-telnet <integer>
set share-ip-address {enable|disable}
set snat-match-local-traffics {enable|disable}
set ipvs-fullnat-min-port <integer>
set ipvs-fullnat-max-port <integer>
set snat-min-port <integer>
set snat-max-port <integer>
set socket-min-port <integer>
set socket-max-port <integer>
set ssh-cbc-cipher {enable|disable}
set ssh-hmac-md5 {enable|disable}
set vdom-admin {enable|disable}
set pre-login-banner {enable|disable}
set sync-slb-statistics {enable|disable}
set glsb-ca-verify {enable|disable}
set shell-access {enable|disable}
set shell-username <username>
set shell-password <password>
set shell-timeout <integer>
end
admin-idle-timeout |
Log out an idle administrator session. The default is 30 minutes. |
config-sync |
Enable/disable the configuration synchronization feature. This feature is related to the execute config-sync command, not HA synchronization. Disabled by default. |
default-certificate |
The default is Factory. |
hardware-ssl |
Enable/disable hardware SSL acceleration. The setting has no effect on FortiADC-VM. |
hostname |
You can configure a hostname to facilitate system management. If you use SNMP, for example, the SNMP system name is derived from the configured hostname. The hostname can be up to 35 characters in length. It can include US-ASCII letters, numbers, hyphens, and underscores, but not spaces and special characters. The System Information widget and the |
language |
English or Simplified Chinese. |
port-http |
Specify the port for the HTTP service. Usually, HTTP uses port 80. |
port-https |
Specify the port for the HTTPS service. Usually, HTTPS uses port 443. |
port-ssh |
Specify the port for the SSH service. Usually, SSH uses port 22. |
port-telnet |
Specify the port for the Telnet service. Usually, Telnet uses port 25. |
share-ip-address |
Enable this option to share NAT IP pools/addresses between L4, L7 virtual servers, and SNAT policy. Once enabled, SNAT across the firewall, L4 VS and L7 VS can use the same IP address, but with different port ranges that can be customized. |
snat-match-local-traffics |
If share-ip-address is enabled, snat-match-local-traffics becomes configurable. Enable/disable the SNAT rule to match with the local traffic. |
ipvs-fullnat-min-port |
If share-ip-address is enabled, ipvs-fullnat-min-port becomes configurable. Specify the L4 VS FULLNAT port range minimum. |
ipvs-fullnat-max-port |
If share-ip-address is enabled, ipvs-fullnat-max-port becomes configurable. Specify the L4 VS FULLNAT port range maximum. |
snat-min-port |
If share-ip-address is enabled, snat-min-port becomes configurable. Specify the SNAT port range minimum. |
snat-max-port |
If share-ip-address is enabled, snat-max-port becomes configurable. Specify the SNAT port rang maximum. |
socket-min-port |
If share-ip-address is enabled, socket-min-port becomes configurable. Specify the L7 VS port range minimum. |
socket-max-port |
If share-ip-address is enabled, socket-max-port becomes configurable. Specify the L7 VS port range maximum. |
ssh-cbc-cipher |
Disabled by default. Enable if you want to use this cipher. |
ssh-hmac-md5 |
Disabled by default. Enable if you want to use this cipher. |
vdom-admin |
Enables the virtual domain feature. |
pre-login-banner |
Enables the pre-login banner feature. |
sync-slb-statistics |
Enable/disable the statistic data between the SLB and GLB. |
glsb-ca-verify |
Enable/disable root CA verification between the LICD and GICD. Once enabled, the root CA will be verified for both incoming server connections and outgoing servers. Note: This is enabled by default for FortiADC 7.0.0. |
shell-access |
Enable/disable the shell access. This is disabled by default. |
shell-username |
Specify the username to login to the shell. |
shell-password |
Specify the password to access the shell. |
shell-timeout |
The expire time, in minutes, after the shell access is enabled. (Range: 1-1200 minutes). |
Example
FortiADC-VM # get system global default-certificate : Factory hostname : FortiADC-VM vdom-admin : disable admin-idle-timeout : 480 port-http : 80 port-https : 443 port-ssh : 22 port-telnet : 23 share-ip-address : enable snat-match-local-traffics : enable ipvs-fullnat-min-port : 5000 ipvs-fullnat-max-port : 21846 snat-min-port : 21847 snat-max-port : 43690 socket-min-port : 43691 socket-max-port : 65535 language : english hardware-ssl : enable gui-system : enable gui-router : enable gui-log : enable ssh-cbc-cipher : disable ssh-hmac-md5 : disable config-sync-enable : disable pre-login-banner : enable sync-slb-statistics : enable gslb-ca-verify : enable shell-access : enable shell-username : user shell-password : 123456 shell-expire-time : 10