Administrative host for HTTP and HTTPs. When set, will be used instead of the client's Host header for any redirection (default = null).

Set the lockout duration for FortiAnalyzer administration, in seconds (default = 60).

Set the lockout method for FortiAnalyzer administration (default = ip).

Set the lockout threshold for FortiAnalyzer administration (1 - 10, default = 3).

Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 seconds (one hour), default = 120).

Set the ADOM mode (default = normal).

Enable/disable a pop-up window that allows administrators to select an ADOM after logging in (default = enable).

Enable/disable administrative domains (default = disable).

Set Apache mode to Apache event mode or Apache prefork mode (default = event).

Enable/disable source IP check for JSON API request (default = enable).

Set the backup compression level: high (slowest), low (fastest), none, or normal (default).

Enable/disable the creation of subfolders on server for backup storage (default = disable).

Set the cloned object name option:

• default: Add a Clone of prefix to the name.
• keep: Keep the original name for the user to edit.

Enable/disable requiring a client certificate for GUI login (default = disable).

When both clt-cert-req and admin-https-pki-required are enabled, only PKI administrators can connect to the GUI.

Select how the output is displayed on the console (default = standard).

Select more to pause the output at each full screen until keypress. Select standard for continuous output without pauses.

Enable/disable auto outbreak auto install for FortiGate ADOMs (default = disable).

Enable/disable a country flag icon beside an IP address (default = enable).

Enable/disable create revision by default (default = disable).

Enable/disable daylight saving time (default = enable).

If you enable daylight saving time, the FortiAnalyzer unit automatically adjusts the system time when daylight saving time begins or ends.

Enable/disable log view filter auto-completion (default = enable).

Set the default search mode of log view (default = filter-based).

Enable/disable unregistered log device detection (default = enable).

Set the devices/groups view mode (default = regular).

Disable module list (default = none).

Set SSL communication encryption algorithms:

• custom: SSL communication using custom encryption algorithms.
• high: SSL communication using high encryption algorithms (default).
• medium: SSL communication using high and medium encryption algorithms.
• low: SSL communication using all available encryption algorithms.

Set maximum event correlation cache size in GB (maximum = 8, minimum = 1, default = 4).

Set the disk quota reserved for Fabric Log (MB) (maximum = 50286, default = 50286).

Set the maximum storage pool size (maximum = 50, minimum = 1, default = 20).

Enable/disable FCP service processing configuration requests from web (default = disable).

Set the extra FGFM CA certificates ("" = default certificate will be used).

Enable if the local or CA certificates should be used exclusively (default = disable; certificate is used best-effort).

Set the FGFM local certificate ("" = default certificate will be used).

Set the lowest SSL protocols for fgfmsd (default = tlsv1.2).

Disable FortiManager status.

If FortiManager features are enabled in FortiAnalyzer before upgrading to 6.2, it will continue to be available after upgrading, and can be disabled with this variable.

This variable is only available on some hardware-based FortiAnalyzer devices.

Set the FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port.

Set the GUI cURL timeout in seconds (5-300 default = 30).

Set the GUI polling interval in seconds (1-288000, default = 5).

Enable/disable automatically grouping HA members when the group name is unique in your network (default = enable).

FortiAnalyzer host name.

Enable jsonapi log:

• all: logging both jsonapi request & response.

• disable: disable jsonapi log (default).

• request: logging jsonapi request.

• response: logging jsonapi response.

GUI language:

• english: English (default)
• japanese: Japanese
• simch: Simplified Chinese
• spanish: Spanish
• trach: Traditional Chinese

Set the FortiAnalyzer device's latitude.

LDAP cache timeout, in seconds (default =86400).

LDAP connection timeout, in milliseconds (default = 60000).

Enable/disable the ADOM lock override (default = disable).

Record log file hash value, timestamp, and authentication code at transmission or rolling:

• md5: Record log file’s MD5 hash value only.
• md5-auth: Record log file’s MD5 hash value and authentication code.
• none: Do not record the log file checksum (default).

Enable/disable upload log checksum with log files (default = disable).

Set the log forwarding disk cache size, in gigabytes (default = 15).

Set the maximum workers for running log forward output plugins. The valid range is 2 to 20 (default = 10).

Set the log system operation mode (default = analyzer).

Set the FortiAnalyzer device's longitude.

Set the management IP address of this FortiGate (default = null). Used to log into this FortiGate from another FortiGate in the Security Fabric.

Please input the management IP address in IPv4 or FQDN format.

Set the overriding port for management connection (overrides admin port) (default = 443).

Set the maximum number of concurrent tasks of a log aggregation session (1 - 10, default = 0).

Set the maximum log forwarding and aggregation number (5 - 20).

Maximum running reports number (1 - 10, default = 1).

Enable/disable multiple steps upgrade in an autolink process (default = disable).

Do not perform permission check to block object changes in different adom during copy and install (default = disable).

Enable/disable skipping policy instead of throwing error when VIP has no default or dynamic mapping during policy copy (default = disable).

Allow the normalized interface to be zone only (default = disable).

Maximum revisions for a single database (10000 - 1000000, default = 100000).

Enable/disable mandatory note when creating a revision (default = enable).

Set the maximum revisions for a single object (10 - 1000, default = 100).

Enable/disable creating revisions when modifying objects (default = enable).

Set the lowest SSL protocols for oftpd (default = tlsv1.2).

Enable/disable show icons of policy objects (default= disable).

Enable/disable show policies and objects in dual pane (default= disable).

Enable/disable pre-login banner (default= disable).

Set the pre-login banner message.

Enable/disable private data encryption using an AES 128 bit key (default = disable).

Remote authentication (RADIUS/LDAP) timeout, in seconds (default = 10).

Enable/disable search all ADOMs for where-used queries (default= disable).

Select one or more SSH ciphers.

• aes256-ctr

• aes256-gcm@openssh.com

• chacha20-poly1305@openssh.com

Note that the following are only available when ssh-strong-crypto is set to disable:

• 3des-cbc

• aes128-cbc

• aes128-ctr

• aes128-gcm@openssh.com

• aes192-cbc

• aes192-ctr

• aes256-cbc

• arcfour

• arcfour128

• arcfour256

• blowfish-cbc

• cast128-cbc

• rijndael-cbc@lysator.liu.se

Default = chacha20-poly1305@openssh.com aes256-ctr aes256-gcm@openssh.com

Select one or more SSH hostkey algorithms.

• ecdsa-sha2-nistp521

• rsa-sha2-256

• rsa-sha2-512

• ssh-ed25519

• ssh-rsa (only available when ssh-strong-crypto is set to disable)

Default = ecdsa-sha2-nistp521 rsa-sha2-256 rsa-sha2-512 ssh-ed25519

Select one or more SSH kex algorithms.

• curve25519-sha256@libssh.org

• diffie-hellman-group-exchange-sha1 (only available when ssh-strong-crypto is set to disable)

• diffie-hellman-group-exchange-sha256

• diffie-hellman-group14-sha1 (only available when ssh-strong-crypto is set to disable)

• diffie-hellman-group14-sha256

• diffie-hellman-group16-sha512

• diffie-hellman-group18-sha512

• ecdh-sha2-nistp256

• ecdh-sha2-nistp384

• ecdh-sha2-nistp521

Default = diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521

Select one or more SSH MAC algorithms.

• hmac-sha2-256

• hmac-sha2-256-etm@openssh.com

• hmac-sha2-512

• hmac-sha2-512-etm@openssh.com

Note that the following are only available when ssh-strong-crypto is set to disable:

• hmac-md5

• hmac-md5-96

• hmac-md5-96-etm@openssh.com

• hmac-md5-etm@openssh.com

• hmac-ripemd160

• hmac-ripemd160-etm@openssh.com

• hmac-ripemd160@openssh.com

• hmac-sha1

• hmac-sha1-etm@openssh.com

• umac-128-etm@openssh.com

• umac-128@openssh.com

• umac-64-etm@openssh.com

• umac-64@openssh.com

Default = hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com

Only allow strong ciphers for SSH when enabled (default = enable).

Enable/disable SSL low-grade (40-bit) encryption (default = disable).

Set the SSL protocols (default = tlsv1.3 tlsv1.2).

Enable/disable SSL static key ciphers (default = enable).

Enable/disable table entry blink in the GUI (default = enable).

Set the maximum number of completed tasks to keep (default = 2000).

The time zone for the FortiManager unit (default = Pacific Time). See Time zones.

Set the maximum transportation unit (68 - 9000, default = 1500).

Enable/disable contacting only FortiGuard servers in the USA (default = enable).

Web Service connection (default = tlsv1.3 tlsv1.2).

This variable does not function on FortiAnalyzer.

Configure the ssl-cipher-suites table to enforce the user specified preferred cipher order in the incoming SSL connections.

Note: This command is only available if enc-algorithm is set to custom.

Variables for config ssl-cipher-suites subcommad:

Set the order of the ciphers in the ssl-cipher-suites table.

Enter the SSL cipher name from the list.

(GMT+3:00) Nairobi

(GMT+3:30) Tehran

(GMT+4:00) Abu Dhabi, Muscat

(GMT+4:00) Baku

(GMT+4:30) Kabul

(GMT+5:00) Ekaterinburg

(GMT+5:00) Islamabad, Karachi,Tashkent

(GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi

(GMT+5:45) Kathmandu

(GMT+6:00) Almaty, Novosibirsk

(GMT+6:00) Astana, Dhaka

(GMT+6:00) Sri Jayawardenapura

(GMT+6:30) Rangoon

(GMT+7:00) Bangkok, Hanoi, Jakarta

(GMT+7:00) Krasnoyarsk

(GMT+8:00) Beijing,ChongQing, HongKong,Urumqi

(GMT+8:00) Irkutsk, Ulaanbaatar

(GMT+8:00) Kuala Lumpur, Singapore

(GMT+8:00) Perth

(GMT+8:00) Taipei

(GMT+9:00) Osaka, Sapporo, Tokyo, Seoul

(GMT+9:00) Yakutsk

(GMT+9:30) Adelaide

(GMT+9:30) Darwin

(GMT+10:00) Brisbane

(GMT+10:00) Canberra, Melbourne, Sydney

(GMT+10:00) Guam, Port Moresby

(GMT+10:00) Hobart

(GMT+10:00) Vladivostok

(GMT+11:00) Magadan

(GMT+11:00) Solomon Is., New Caledonia

(GMT+12:00) Auckland, Wellington

(GMT+12:00) Fiji, Kamchatka, Marshall Is

(GMT+13:00) Nuku'alofa

(GMT-4:30) Caracas

(GMT+1:00) Namibia

(GMT-5:00) Brazil-Acre)

(GMT-4:00) Brazil-West

(GMT-3:00) Brazil-East