CLI Reference

alertemail
- alertemail setting
antivirus
- antivirus heuristic
- antivirus profile
- antivirus quarantine
- antivirus settings
application
- application custom
- application group
- application list
- application name
- application rule-settings
authentication
- authentication rule
- authentication scheme
- authentication setting
certificate
- certificate ca
- certificate crl
- certificate local
cifs
- cifs domain-controller
- cifs profile
dlp
- dlp filepattern
- dlp fp-doc-source
- dlp sensitivity
- dlp sensor
- dlp settings
dnsfilter
- dnsfilter domain-filter
- dnsfilter profile
emailfilter
- emailfilter bwl
- emailfilter bword
- emailfilter dnsbl
- emailfilter fortishield
- emailfilter iptrust
- emailfilter mheader
- emailfilter options
- emailfilter profile
endpoint-control
- endpoint-control client
- endpoint-control fctems
- endpoint-control settings
extender-controller
- extender-controller extender
firewall
- firewall DoS-policy
- firewall DoS-policy6
- firewall acl
- firewall acl6
- firewall address
- firewall address6
- firewall address6-template
- firewall addrgrp
- firewall addrgrp6
- firewall auth-portal
- firewall central-snat-map
- firewall consolidated policy
- firewall dnstranslation
- firewall identity-based-route
- firewall interface-policy
- firewall interface-policy6
- firewall internet-service
- firewall internet-service-addition
- firewall internet-service-custom
- firewall internet-service-custom-group
- firewall internet-service-definition
- firewall internet-service-extension
- firewall internet-service-group
- firewall ip-translation
- firewall ipmacbinding setting
- firewall ipmacbinding table
- firewall ippool
- firewall ippool6
- firewall ipv6-eh-filter
- firewall ldb-monitor
- firewall local-in-policy
- firewall local-in-policy6
- firewall multicast-address
- firewall multicast-address6
- firewall multicast-policy
- firewall multicast-policy6
- firewall policy
- firewall policy46
- firewall policy6
- firewall policy64
- firewall profile-group
- firewall profile-protocol-options
- firewall proxy-address
- firewall proxy-addrgrp
- firewall proxy-policy
- firewall schedule group
- firewall schedule onetime
- firewall schedule recurring
- firewall security-policy
- firewall service category
- firewall service custom
- firewall service group
- firewall shaper per-ip-shaper
- firewall shaper traffic-shaper
- firewall shaping-policy
- firewall shaping-profile
- firewall sniffer
- firewall ssh host-key
- firewall ssh local-ca
- firewall ssh local-key
- firewall ssh setting
- firewall ssl setting
- firewall ssl-server
- firewall ssl-ssh-profile
- firewall ttl-policy
- firewall vip
- firewall vip46
- firewall vip6
- firewall vip64
- firewall vipgrp
- firewall vipgrp46
- firewall vipgrp6
- firewall vipgrp64
- firewall wildcard-fqdn custom
- firewall wildcard-fqdn group
ftp-proxy
- ftp-proxy explicit
icap
- icap profile
- icap server
ips
- ips custom
- ips decoder
- ips global
- ips rule
- ips rule-settings
- ips sensor
- ips settings
log
- log custom-field
- log disk filter
- log disk setting
- log eventfilter
- log fortianalyzer filter
- log fortianalyzer override-filter
- log fortianalyzer override-setting
- log fortianalyzer setting
- log fortianalyzer-cloud filter
- log fortianalyzer-cloud override-filter
- log fortianalyzer-cloud override-setting
- log fortianalyzer-cloud setting
- log fortianalyzer2 filter
- log fortianalyzer2 override-filter
- log fortianalyzer2 override-setting
- log fortianalyzer2 setting
- log fortianalyzer3 filter
- log fortianalyzer3 override-filter
- log fortianalyzer3 override-setting
- log fortianalyzer3 setting
- log fortiguard filter
- log fortiguard override-filter
- log fortiguard override-setting
- log fortiguard setting
- log gui-display
- log memory filter
- log memory global-setting
- log memory setting
- log null-device filter
- log null-device setting
- log setting
- log syslogd filter
- log syslogd override-filter
- log syslogd override-setting
- log syslogd setting
- log syslogd2 filter
- log syslogd2 override-filter
- log syslogd2 override-setting
- log syslogd2 setting
- log syslogd3 filter
- log syslogd3 override-filter
- log syslogd3 override-setting
- log syslogd3 setting
- log syslogd4 filter
- log syslogd4 override-filter
- log syslogd4 override-setting
- log syslogd4 setting
- log threat-weight
- log webtrends filter
- log webtrends setting
report
- report chart
- report dataset
- report layout
- report setting
- report style
- report theme
router
- router access-list
- router access-list6
- router aspath-list
- router auth-path
- router bfd
- router bfd6
- router bgp
- router community-list
- router isis
- router key-chain
- router multicast
- router multicast-flow
- router multicast6
- router ospf
- router ospf6
- router policy
- router policy6
- router prefix-list
- router prefix-list6
- router rip
- router ripng
- router route-map
- router setting
- router static
- router static6
ssh-filter
- ssh-filter profile
switch-controller
- switch-controller 802-1X-settings
- switch-controller auto-config custom
- switch-controller auto-config default
- switch-controller auto-config policy
- switch-controller custom-command
- switch-controller flow-tracking
- switch-controller global
- switch-controller igmp-snooping
- switch-controller lldp-profile
- switch-controller lldp-settings
- switch-controller location
- switch-controller mac-sync-settings
- switch-controller managed-switch
- switch-controller network-monitor-settings
- switch-controller qos dot1p-map
- switch-controller qos ip-dscp-map
- switch-controller qos qos-policy
- switch-controller qos queue-policy
- switch-controller quarantine
- switch-controller remote-log
- switch-controller security-policy 802-1X
- switch-controller security-policy captive-portal
- switch-controller security-policy local-access
- switch-controller sflow
- switch-controller snmp-community
- switch-controller snmp-sysinfo
- switch-controller snmp-trap-threshold
- switch-controller snmp-user
- switch-controller storm-control
- switch-controller storm-control-policy
- switch-controller stp-instance
- switch-controller stp-settings
- switch-controller switch-group
- switch-controller switch-interface-tag
- switch-controller switch-log
- switch-controller switch-profile
- switch-controller system
- switch-controller traffic-policy
- switch-controller traffic-sniffer
- switch-controller virtual-port-pool
- switch-controller vlan
system
- system 3g-modem custom
- system accprofile
- system admin
- system alarm
- system alias
- system api-user
- system arp-table
- system auto-install
- system auto-script
- system automation-action
- system automation-destination
- system automation-stitch
- system automation-trigger
- system autoupdate push-update
- system autoupdate schedule
- system autoupdate tunneling
- system central-management
- system cluster-sync
- system console
- system csf
- system custom-language
- system ddns
- system dedicated-mgmt
- system dhcp server
- system dhcp6 server
- system dns
- system dns-database
- system dns-server
- system dscp-based-priority
- system email-server
- system external-resource
- system fips-cc
- system fm
- system fortiguard
- system fortimanager
- system fortisandbox
- system fsso-polling
- system ftm-push
- system geoip-override
- system global
- system gre-tunnel
- system ha
- system ha-monitor
- system interface
- system ipip-tunnel
- system ips-urlfilter-dns
- system ips-urlfilter-dns6
- system ipsec-aggregate
- system ipv6-neighbor-cache
- system ipv6-tunnel
- system link-monitor
- system lldp network-policy
- system lte-modem
- system mac-address-table
- system management-tunnel
- system mobile-tunnel
- system modem
- system nat64
- system nd-proxy
- system netflow
- system network-visibility
- system ntp
- system object-tagging
- system password-policy
- system password-policy-guest-admin
- system physical-switch
- system pppoe-interface
- system probe-response
- system proxy-arp
- system ptp
- system replacemsg admin
- system replacemsg alertmail
- system replacemsg auth
- system replacemsg device-detection-portal
- system replacemsg fortiguard-wf
- system replacemsg ftp
- system replacemsg http
- system replacemsg icap
- system replacemsg mail
- system replacemsg nac-quar
- system replacemsg nntp
- system replacemsg spam
- system replacemsg sslvpn
- system replacemsg traffic-quota
- system replacemsg utm
- system replacemsg webproxy
- system replacemsg-group
- system replacemsg-image
- system resource-limits
- system saml
- system sdn-connector
- system session-helper
- system session-ttl
- system settings
- system sflow
- system sit-tunnel
- system sms-server
- system snmp community
- system snmp sysinfo
- system snmp user
- system speed-test-server
- system sso-admin
- system storage
- system stp
- system switch-interface
- system tos-based-priority
- system vdom
- system vdom-dns
- system vdom-exception
- system vdom-link
- system vdom-netflow
- system vdom-property
- system vdom-radius-server
- system vdom-sflow
- system virtual-switch
- system virtual-wan-link
- system virtual-wire-pair
- system vxlan
- system wccp
- system zone
user
- user adgrp
- user device
- user device-group
- user domain-controller
- user exchange
- user fortitoken
- user fsso
- user fsso-polling
- user group
- user krb-keytab
- user ldap
- user local
- user password-policy
- user peer
- user peergrp
- user pop3
- user quarantine
- user radius
- user security-exempt-list
- user setting
- user tacacs+
voip
- voip profile
vpn
- vpn certificate ca
- vpn certificate crl
- vpn certificate local
- vpn certificate ocsp-server
- vpn certificate remote
- vpn certificate setting
- vpn ipsec concentrator
- vpn ipsec forticlient
- vpn ipsec manualkey
- vpn ipsec manualkey-interface
- vpn ipsec phase1
- vpn ipsec phase1-interface
- vpn ipsec phase2
- vpn ipsec phase2-interface
- vpn l2tp
- vpn ocvpn
- vpn pptp
- vpn ssl settings
- vpn ssl web host-check-software
- vpn ssl web portal
- vpn ssl web realm
- vpn ssl web user-bookmark
- vpn ssl web user-group-bookmark
waf
- waf main-class
- waf profile
- waf signature
- waf sub-class
wanopt
- wanopt auth-group
- wanopt cache-service
- wanopt content-delivery-network-rule
- wanopt peer
- wanopt profile
- wanopt remote-storage
- wanopt settings
- wanopt webcache
web-proxy
- web-proxy debug-url
- web-proxy explicit
- web-proxy forward-server
- web-proxy forward-server-group
- web-proxy global
- web-proxy profile
- web-proxy url-match
- web-proxy wisp
webfilter
- webfilter content
- webfilter content-header
- webfilter fortiguard
- webfilter ftgd-local-cat
- webfilter ftgd-local-rating
- webfilter ips-urlfilter-cache-setting
- webfilter ips-urlfilter-setting
- webfilter ips-urlfilter-setting6
- webfilter override
- webfilter profile
- webfilter search-engine
- webfilter urlfilter
wireless-controller
- wireless-controller address
- wireless-controller addrgrp
- wireless-controller ap-status
- wireless-controller ble-profile
- wireless-controller bonjour-profile
- wireless-controller global
- wireless-controller hotspot20 anqp-3gpp-cellular
- wireless-controller hotspot20 anqp-ip-address-type
- wireless-controller hotspot20 anqp-nai-realm
- wireless-controller hotspot20 anqp-network-auth-type
- wireless-controller hotspot20 anqp-roaming-consortium
- wireless-controller hotspot20 anqp-venue-name
- wireless-controller hotspot20 h2qp-conn-capability
- wireless-controller hotspot20 h2qp-operator-name
- wireless-controller hotspot20 h2qp-osu-provider
- wireless-controller hotspot20 h2qp-wan-metric
- wireless-controller hotspot20 hs-profile
- wireless-controller hotspot20 icon
- wireless-controller hotspot20 qos-map
- wireless-controller inter-controller
- wireless-controller log
- wireless-controller qos-profile
- wireless-controller region
- wireless-controller setting
- wireless-controller snmp
- wireless-controller timers
- wireless-controller utm-profile
- wireless-controller vap
- wireless-controller vap-group
- wireless-controller wids-profile
- wireless-controller wtp
- wireless-controller wtp-group
- wireless-controller wtp-profile

Home FortiGate / FortiOS 6.2.1 CLI Reference

6.2.1

switch-controller managed-switch

Configure FortiSwitch devices that are managed by this FortiGate.

  config switch-controller managed-switch
      Description: Configure FortiSwitch devices that are managed by this FortiGate.
      edit <switch-id>
          set name {string}
          set description {string}
          set switch-profile {string}
          set access-profile {string}
          set fsw-wan1-peer {string}
          set fsw-wan1-admin [discovered|disable|...]
          set fsw-wan2-peer {string}
          set fsw-wan2-admin [discovered|disable|...]
          set poe-pre-standard-detection [enable|disable]
          set poe-detection-type {integer}
          set poe-lldp-detection [enable|disable]
          set directly-connected {integer}
          set version {integer}
          set max-allowed-trunk-members {integer}
          set pre-provisioned {integer}
          set dynamic-capability {integer}
          set switch-device-tag {string}
          set dynamically-discovered {integer}
          set type [virtual|physical]
          set owner-vdom {string}
          set flow-identity {user}
          set staged-image-version {string}
          set delayed-restart-trigger {integer}
          config ports
              Description: Managed-switch port list.
              edit <port-name>
                  set port-owner {string}
                  set switch-id {string}
                  set speed [10half|10full|...]
                  set speed-mask {integer}
                  set status [up|down]
                  set poe-status [enable|disable]
                  set poe-pre-standard-detection [enable|disable]
                  set port-number {integer}
                  set port-prefix-type {integer}
                  set fortilink-port {integer}
                  set poe-capable {integer}
                  set stacking-port {integer}
                  set fiber-port {integer}
                  set flags {integer}
                  set virtual-port {integer}
                  set isl-local-trunk-name {string}
                  set isl-peer-port-name {string}
                  set isl-peer-device-name {string}
                  set fgt-peer-port-name {string}
                  set fgt-peer-device-name {string}
                  set vlan {string}
                  set allowed-vlans-all [enable|disable]
                  set allowed-vlans <vlan-name1>, <vlan-name2>, ...
                  set untagged-vlans <vlan-name1>, <vlan-name2>, ...
                  set type [physical|trunk]
                  set dhcp-snooping [untrusted|trusted]
                  set dhcp-snoop-option82-trust [enable|disable]
                  set arp-inspection-trust [untrusted|trusted]
                  set igmp-snooping [enable|disable]
                  set igmps-flood-reports [enable|disable]
                  set igmps-flood-traffic [enable|disable]
                  set stp-state [enabled|disabled]
                  set stp-root-guard [enabled|disabled]
                  set stp-bpdu-guard [enabled|disabled]
                  set stp-bpdu-guard-timeout {integer}
                  set edge-port [enable|disable]
                  set discard-mode [none|all-untagged|...]
                  set packet-sampler [enabled|disabled]
                  set packet-sample-rate {integer}
                  set sflow-counter-interval {integer}
                  set sample-direction [tx|rx|...]
                  set loop-guard [enabled|disabled]
                  set loop-guard-timeout {integer}
                  set qos-policy {string}
                  set storm-control-policy {string}
                  set port-security-policy {string}
                  set export-to-pool {string}
                  set export-tags <tag-name1>, <tag-name2>, ...
                  set export-to-pool-flag {integer}
                  set learning-limit {integer}
                  set sticky-mac [enable|disable]
                  set lldp-status [disable|rx-only|...]
                  set lldp-profile {string}
                  set export-to {string}
                  set mac-addr {mac-address}
                  set port-selection-criteria [src-mac|dst-mac|...]
                  set description {string}
                  set lacp-speed [slow|fast]
                  set mode [static|lacp-passive|...]
                  set bundle [enable|disable]
                  set member-withdrawal-behavior [forward|block]
                  set mclag [enable|disable]
                  set min-bundle {integer}
                  set max-bundle {integer}
                  set members <member-name1>, <member-name2>, ...
              next
          end
          config stp-settings
              Description: Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
              set local-override [enable|disable]
              set name {string}
              set status [enable|disable]
              set revision {integer}
              set hello-time {integer}
              set forward-time {integer}
              set max-age {integer}
              set max-hops {integer}
              set pending-timer {integer}
          end
          config switch-stp-settings
              Description: Configure spanning tree protocol (STP).
              set status [enable|disable]
          end
          config stp-instance
              Description: Configuration method to edit Spanning Tree Protocol (STP) instances.
              edit <id>
                  set priority [0|4096|...]
              next
          end
          set override-snmp-sysinfo [disable|enable]
          config snmp-sysinfo
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) system info.
              set status [disable|enable]
              set engine-id {string}
              set description {string}
              set contact-info {string}
              set location {string}
          end
          set override-snmp-trap-threshold [enable|disable]
          config snmp-trap-threshold
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.
              set trap-high-cpu-threshold {integer}
              set trap-low-memory-threshold {integer}
              set trap-log-full-threshold {integer}
          end
          set override-snmp-community [enable|disable]
          config snmp-community
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) communities.
              edit <id>
                  set name {string}
                  set status [disable|enable]
                  config hosts
                      Description: Configure IPv4 SNMP managers (hosts).
                      edit <id>
                          set ip {user}
                      next
                  end
                  set query-v1-status [disable|enable]
                  set query-v1-port {integer}
                  set query-v2c-status [disable|enable]
                  set query-v2c-port {integer}
                  set trap-v1-status [disable|enable]
                  set trap-v1-lport {integer}
                  set trap-v1-rport {integer}
                  set trap-v2c-status [disable|enable]
                  set trap-v2c-lport {integer}
                  set trap-v2c-rport {integer}
                  set events {option1}, {option2}, ...
              next
          end
          set override-snmp-user [enable|disable]
          config snmp-user
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) users.
              edit <name>
                  set queries [disable|enable]
                  set query-port {integer}
                  set security-level [no-auth-no-priv|auth-no-priv|...]
                  set auth-proto [md5|sha]
                  set auth-pwd {password}
                  set priv-proto [aes|des]
                  set priv-pwd {password}
              next
          end
          config switch-log
              Description: Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
              set local-override [enable|disable]
              set status [enable|disable]
              set severity [emergency|alert|...]
          end
          config remote-log
              Description: Configure logging by FortiSwitch device to a remote syslog server.
              edit <name>
                  set status [enable|disable]
                  set server {string}
                  set port {integer}
                  set severity [emergency|alert|...]
                  set csv [enable|disable]
                  set facility [kernel|user|...]
              next
          end
          config storm-control
              Description: Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
              set local-override [enable|disable]
              set rate {integer}
              set unknown-unicast [enable|disable]
              set unknown-multicast [enable|disable]
              set broadcast [enable|disable]
          end
          config mirror
              Description: Configuration method to edit FortiSwitch packet mirror.
              edit <name>
                  set status [active|inactive]
                  set switching-packet [enable|disable]
                  set dst {string}
                  set src-ingress <name1>, <name2>, ...
                  set src-egress <name1>, <name2>, ...
              next
          end
          config static-mac
              Description: Configuration method to edit FortiSwitch Static and Sticky MAC.
              edit <id>
                  set type [static|sticky]
                  set vlan {string}
                  set mac {mac-address}
                  set interface {string}
                  set description {string}
              next
          end
          config custom-command
              Description: Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
              edit <command-entry>
                  set command-name {string}
              next
          end
          config igmp-snooping
              Description: Configure FortiSwitch IGMP snooping global settings.
              set local-override [enable|disable]
              set aging-time {integer}
              set flood-unknown-multicast [enable|disable]
          end
          config 802-1X-settings
              Description: Configuration method to edit FortiSwitch 802.1X global settings.
              set local-override [enable|disable]
              set link-down-auth [set-unauth|no-action]
              set reauth-period {integer}
              set max-reauth-attempt {integer}
          end
      next
  end

config switch-controller managed-switch

Parameter Name	Description	Type	Size
name	Managed-switch name.	string	Maximum length: 35
description	Description.	string	Maximum length: 63
switch-profile	FortiSwitch profile.	string	Maximum length: 35
access-profile	FortiSwitch access profile.	string	Maximum length: 31
fsw-wan1-peer	Fortiswitch WAN1 peer port.	string	Maximum length: 35
fsw-wan1-admin	FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. discovered: Link waiting to be authorized. disable: Link unauthorized. enable: Link authorized.	option	-
fsw-wan2-peer	FortiSwitch WAN2 peer port.	string	Maximum length: 35
fsw-wan2-admin	FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. discovered: Link waiting to be authorized. disable: Link unauthorized. enable: Link authorized.	option	-
poe-pre-standard-detection	Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection.	option	-
poe-detection-type	PoE detection type for FortiSwitch.	integer	Minimum value: 0 Maximum value: 255
poe-lldp-detection	Enable/disable PoE LLDP detection. enable: Enable PoE LLDP detection. disable: Disable PoE LLDP detection.	option	-
directly-connected	Directly connected FortiSwitch.	integer	Minimum value: 0 Maximum value: 1
version	FortiSwitch version.	integer	Minimum value: 0 Maximum value: 255
max-allowed-trunk-members	FortiSwitch maximum allowed trunk members.	integer	Minimum value: 0 Maximum value: 255
pre-provisioned	Pre-provisioned managed switch.	integer	Minimum value: 0 Maximum value: 255
dynamic-capability	List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device.	integer	Minimum value: 0 Maximum value: 4294967295
switch-device-tag	User definable label/tag.	string	Maximum length: 32
dynamically-discovered	Dynamically discovered FortiSwitch.	integer	Minimum value: 0 Maximum value: 1
type	Indication of switch type, physical or virtual. virtual: Switch is of type virtual. physical: Switch is of type physical.	option	-
owner-vdom	VDOM which owner of port belongs to.	string	Maximum length: 31
flow-identity	Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF default=0).	user	Not Specified
staged-image-version	Staged image version for FortiSwitch.	string	Maximum length: 127
delayed-restart-trigger	Delayed restart triggered for this FortiSwitch.	integer	Minimum value: 0 Maximum value: 255
override-snmp-sysinfo	Enable/disable overriding the global SNMP system information. disable: Use the global SNMP system information. enable: Override the global SNMP system information.	option	-
override-snmp-trap-threshold	Enable/disable overriding the global SNMP trap threshold values. enable: Override the global SNMP trap threshold values. disable: Use the global SNMP trap threshold values.	option	-
override-snmp-community	Enable/disable overriding the global SNMP communities. enable: Override the global SNMP communities. disable: Use the global SNMP communities.	option	-
override-snmp-user	Enable/disable overriding the global SNMP users. enable: Override the global SNMPv3 users. disable: Use the global SNMPv3 users.	option	-

config ports

Parameter Name	Description	Type	Size
port-owner	Switch port name.	string	Maximum length: 15
switch-id	Switch id.	string	Maximum length: 16
speed	Switch port speed; default and available settings depend on hardware. 10half: 10M half-duplex. 10full: 10M full-duplex. 100half: 100M half-duplex. 100full: 100M full-duplex. 1000auto: Auto-negotiation (1G full-duplex only). 1000fiber: 1G full-duplex (fiber SFPs only) 1000full: 1G full-duplex 10000: 10G full-duplex 40000: 40G full-duplex auto: Auto-negotiation. auto-module: Auto Module. 100FX-half: 100Mbps half-duplex.100Base-FX. 100FX-full: 100Mbps full-duplex.100Base-FX. 100000full: 100Gbps full-duplex. 2500full: 2.5Gbps full-duplex. 25000full: 25Gbps full-duplex. 50000full: 50Gbps full-duplex. 10000cr: 10Gbps copper interface. 10000sr: 10Gbps SFI interface. 100000sr4: 100Gbps SFI interface. 100000cr4: 100Gbps copper interface. 25000cr4: 25Gbps copper interface. 25000sr4: 25Gbps SFI interface. 5000full: 5Gbps full-duplex.	option	-
speed-mask	Switch port speed mask.	integer	Minimum value: 0 Maximum value: 4294967295
status	Switch port admin status: up or down. up: Set admin status up. down: Set admin status down.	option	-
poe-status	Enable/disable PoE status. enable: Enable PoE status. disable: Disable PoE status.	option	-
poe-pre-standard-detection	Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection.	option	-
port-number	Port number.	integer	Minimum value: 1 Maximum value: 64
port-prefix-type	Port prefix type.	integer	Minimum value: 0 Maximum value: 1
fortilink-port	FortiLink uplink port.	integer	Minimum value: 0 Maximum value: 1
poe-capable	PoE capable.	integer	Minimum value: 0 Maximum value: 1
stacking-port	Stacking port.	integer	Minimum value: 0 Maximum value: 1
fiber-port	Fiber-port.	integer	Minimum value: 0 Maximum value: 1
flags	Port properties flags.	integer	Minimum value: 0 Maximum value: 4294967295
virtual-port	Virtualized switch port.	integer	Minimum value: 0 Maximum value: 1
isl-local-trunk-name	ISL local trunk name.	string	Maximum length: 15
isl-peer-port-name	ISL peer port name.	string	Maximum length: 15
isl-peer-device-name	ISL peer device name.	string	Maximum length: 16
fgt-peer-port-name	FGT peer port name.	string	Maximum length: 15
fgt-peer-device-name	FGT peer device name.	string	Maximum length: 16
vlan	Assign switch ports to a VLAN.	string	Maximum length: 15
allowed-vlans-all	Enable/disable all defined vlans on this port. enable: Enable all defined VLANs on this port. disable: Disable all defined VLANs on this port.	option	-
allowed-vlans `<vlan-name>`	Configure switch port tagged vlans VLAN name.	string	Maximum length: 79
untagged-vlans `<vlan-name>`	Configure switch port untagged vlans VLAN name.	string	Maximum length: 79
type	Interface type: physical or trunk port. physical: Physical port. trunk: Trunk port.	option	-
dhcp-snooping	Trusted or untrusted DHCP-snooping interface. untrusted: Untrusted DHCP snooping interface. trusted: Trusted DHCP snooping interface.	option	-
dhcp-snoop-option82-trust	Enable/disable allowance of DHCP with option-82 on untrusted interface. enable: Enable allowance of DHCP with option-82 on untrusted interface. disable: Disable allowance of DHCP with option-82 on untrusted interface.	option	-
arp-inspection-trust	Trusted or untrusted dynamic ARP inspection. untrusted: Untrusted dynamic ARP inspection. trusted: Trusted dynamic ARP inspection.	option	-
igmp-snooping	Set IGMP snooping mode for the physical port interface. enable: Interface takes part in IGMP snooping. disable: Interface does not take part in IGMP snooping.	option	-
igmps-flood-reports	Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. enable: Enable flooding of IGMP snooping reports to this interface. disable: Disable flooding of IGMP snooping reports to this interface.	option	-
igmps-flood-traffic	Enable/disable flooding of IGMP snooping traffic to this interface. enable: Enable flooding of IGMP snooping traffic to this interface. disable: Disable flooding of IGMP snooping traffic to this interface.	option	-
stp-state	Enable/disable Spanning Tree Protocol (STP) on this interface. enabled: Enable STP on this interface. disabled: Disable STP on this interface.	option	-
stp-root-guard	Enable/disable STP root guard on this interface. enabled: Enable STP root-guard on this interface. disabled: Disable STP root-guard on this interface.	option	-
stp-bpdu-guard	Enable/disable STP BPDU guard on this interface. enabled: Enable STP BPDU guard on this interface. disabled: Disable STP BPDU guard on this interface.	option	-
stp-bpdu-guard-timeout	BPDU Guard disabling protection (0 - 120 min).	integer	Minimum value: 0 Maximum value: 120
edge-port	Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. enable: Enable this interface as an edge port. disable: Disable this interface as an edge port.	option	-
discard-mode	Configure discard mode for port. none: Discard disabled. all-untagged: Discard all frames that are untagged. all-tagged: Discard all frames that are tagged.	option	-
packet-sampler	Enable/disable packet sampling on this interface. enabled: Enable packet sampling on this interface. disabled: Disable packet sampling on this interface.	option	-
packet-sample-rate	Packet sampling rate (0 - 99999 p/sec).	integer	Minimum value: 0 Maximum value: 99999
sflow-counter-interval	sFlow sampling counter polling interval (0 - 255 sec).	integer	Minimum value: 0 Maximum value: 255
sample-direction	Packet sampling direction. tx: Monitor transmitted traffic. rx: Monitor received traffic. both: Monitor transmitted and received traffic.	option	-
loop-guard	Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. enabled: Enable loop-guard on this interface. disabled: Disable loop-guard on this interface.	option	-
loop-guard-timeout	Loop-guard timeout (0 - 120 min, default = 45).	integer	Minimum value: 0 Maximum value: 120
qos-policy	Switch controller QoS policy from available options.	string	Maximum length: 63
storm-control-policy	Switch controller storm control policy from available options.	string	Maximum length: 63
port-security-policy	Switch controller authentication policy to apply to this managed switch from available options.	string	Maximum length: 31
export-to-pool	Switch controller export port to pool-list.	string	Maximum length: 35
export-tags `<tag-name>`	Configure tag name for FortiSwitch port when exported. FortiSwitch port tag name when exported.	string	Maximum length: 63
export-to-pool-flag	Switch controller export port to pool-list.	integer	Minimum value: 0 Maximum value: 1
learning-limit	Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).	integer	Minimum value: 0 Maximum value: 128
sticky-mac	Enable or disable sticky-mac on the interface. enable: Enable sticky mac on the interface. disable: Disable sticky mac on the interface.	option	-
lldp-status	LLDP transmit and receive status. disable: Disable LLDP TX and RX. rx-only: Enable LLDP as RX only. tx-only: Enable LLDP as TX only. tx-rx: Enable LLDP TX and RX.	option	-
lldp-profile	LLDP port TLV profile.	string	Maximum length: 63
export-to	Export managed-switch port to a tenant VDOM.	string	Maximum length: 31
mac-addr	Port/Trunk MAC.	mac-address	Not Specified
port-selection-criteria	Algorithm for aggregate port selection. src-mac: Source MAC address. dst-mac: Destination MAC address. src-dst-mac: Source and destination MAC address. src-ip: Source IP address. dst-ip: Destination IP address. src-dst-ip: Source and destination IP address.	option	-
description	Description for port.	string	Maximum length: 63
lacp-speed	end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). slow: Send LACP message every 30 seconds. fast: Send LACP message every second.	option	-
mode	LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. static: Static aggregation, do not send and ignore any control messages. lacp-passive: Passively use LACP to negotiate 802.3ad aggregation. lacp-active: Actively use LACP to negotiate 802.3ad aggregation.	option	-
bundle	Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. enable: Enable bundling. disable: Disable bundling.	option	-
member-withdrawal-behavior	Port behavior after it withdraws because of loss of control packets. forward: Forward traffic. block: Block traffic.	option	-
mclag	Enable/disable multi-chassis link aggregation (MCLAG). enable: Enable MCLAG. disable: Disable MCLAG.	option	-
min-bundle	Minimum size of LAG bundle (1 - 24, default = 1)	integer	Minimum value: 1 Maximum value: 24
max-bundle	Maximum size of LAG bundle (1 - 24, default = 24)	integer	Minimum value: 1 Maximum value: 24
members `<member-name>`	Aggregated LAG bundle interfaces. Interface name from available options.	string	Maximum length: 79

config stp-settings

Parameter Name	Description	Type	Size
local-override	Enable to configure local STP settings that override global STP settings. enable: Override global STP settings. disable: Use global STP settings.	option	-
name	Name of local STP settings configuration.	string	Maximum length: 31
status	Enable/disable STP. enable: Enable STP. disable: Disable STP.	option	-
revision	STP revision number (0 - 65535).	integer	Minimum value: 0 Maximum value: 65535
hello-time	Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2).	integer	Minimum value: 1 Maximum value: 10
forward-time	Period of time a port is in listening and learning state (4 - 30 sec, default = 15).	integer	Minimum value: 4 Maximum value: 30
max-age	Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20).	integer	Minimum value: 6 Maximum value: 40
max-hops	Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20).	integer	Minimum value: 1 Maximum value: 40
pending-timer	Pending time (1 - 15 sec, default = 4).	integer	Minimum value: 1 Maximum value: 15

config switch-stp-settings

Parameter Name	Description	Type	Size
status	Enable/disable STP. enable: Enable STP. disable: Disable STP.	option	-

config stp-instance

Parameter Name	Description	Type	Size
priority	Priority. 0: 0. 4096: 4096. 8192: 8192. 12288: 12288. 16384: 16384. 20480: 20480. 24576: 24576. 28672: 28672. 32768: 32768. 36864: 36864. 40960: 40960. 45056: 45056. 49152: 49152. 53248: 53248. 57344: 57344. 61440: 61440.	option	-

config snmp-sysinfo

Parameter Name	Description	Type	Size
status	Enable/disable SNMP. disable: Disable SNMP. enable: Enable SNMP.	option	-
engine-id	Local SNMP engine ID string (max 24 char).	string	Maximum length: 24
description	System description.	string	Maximum length: 35
contact-info	Contact information.	string	Maximum length: 35
location	System location.	string	Maximum length: 35

config snmp-trap-threshold

Parameter Name	Description	Type	Size
trap-high-cpu-threshold	CPU usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295
trap-low-memory-threshold	Memory usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295
trap-log-full-threshold	Log disk usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295

config snmp-community

Parameter Name	Description	Type	Size
name	SNMP community name.	string	Maximum length: 35
status	Enable/disable this SNMP community. disable: Disable SNMP community. enable: Enable SNMP community.	option	-
query-v1-status	Enable/disable SNMP v1 queries. disable: Disable SNMP v1 queries. enable: Enable SNMP v1 queries.	option	-
query-v1-port	SNMP v1 query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
query-v2c-status	Enable/disable SNMP v2c queries. disable: Disable SNMP v2c queries. enable: Enable SNMP v2c queries.	option	-
query-v2c-port	SNMP v2c query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
trap-v1-status	Enable/disable SNMP v1 traps. disable: Disable SNMP v1 traps. enable: Enable SNMP v1 traps.	option	-
trap-v1-lport	SNMP v2c trap local port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v1-rport	SNMP v2c trap remote port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v2c-status	Enable/disable SNMP v2c traps. disable: Disable SNMP v2c traps. enable: Enable SNMP v2c traps.	option	-
trap-v2c-lport	SNMP v2c trap local port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v2c-rport	SNMP v2c trap remote port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
events	SNMP notifications (traps) to send. cpu-high: Send a trap when CPU usage too high. mem-low: Send a trap when available memory is low. log-full: Send a trap when log disk space becomes low. intf-ip: Send a trap when an interface IP address is changed. ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133).	option	-

config hosts

Parameter Name	Description	Type	Size
ip	IPv4 address of the SNMP manager (host).	user	Not Specified

config snmp-user

Parameter Name	Description	Type	Size
queries	Enable/disable SNMP queries for this user. disable: Disable SNMP queries for this user. enable: Enable SNMP queries for this user.	option	-
query-port	SNMPv3 query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
security-level	Security level for message authentication and encryption. no-auth-no-priv: Message with no authentication and no privacy (encryption). auth-no-priv: Message with authentication but no privacy (encryption). auth-priv: Message with authentication and privacy (encryption).	option	-
auth-proto	Authentication protocol. md5: HMAC-MD5-96 authentication protocol. sha: HMAC-SHA-96 authentication protocol.	option	-
auth-pwd	Password for authentication protocol.	password	Not Specified
priv-proto	Privacy (encryption) protocol. aes: CFB128-AES-128 symmetric encryption protocol. des: CBC-DES symmetric encryption protocol.	option	-
priv-pwd	Password for privacy (encryption) protocol.	password	Not Specified

config switch-log

Parameter Name	Description	Type	Size
local-override	Enable to configure local logging settings that override global logging settings. enable: Override global logging settings. disable: Use global logging settings.	option	-
status	Enable/disable adding FortiSwitch logs to the FortiGate event log. enable: Add FortiSwitch logs to the FortiGate event log. disable: Do not add FortiSwitch logs to the FortiGate event log.	option	-
severity	Severity of FortiSwitch logs that are added to the FortiGate event log. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level.	option	-

config remote-log

Parameter Name	Description	Type	Size
status	Enable/disable logging by FortiSwitch device to a remote syslog server. enable: Enable logging by FortiSwitch device to a remote syslog server. disable: Disable logging by FortiSwitch device to a remote syslog server.	option	-
server	IPv4 address of the remote syslog server.	string	Maximum length: 63
port	Remote syslog server listening port.	integer	Minimum value: 0 Maximum value: 65535
severity	Severity of logs to be transferred to remote log server. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level.	option	-
csv	Enable/disable comma-separated value (CSV) strings. enable: Enable comma-separated value (CSV) strings. disable: Disable comma-separated value (CSV) strings.	option	-
facility	Facility to log to remote syslog server. kernel: Kernel messages. user: Random user-level messages. mail: Mail system. daemon: System daemons. auth: Security/authorization messages. syslog: Messages generated internally by syslogd. lpr: Line printer subsystem. news: Network news subsystem. uucp: UUCP server messages. cron: Clock daemon. authpriv: Security/authorization messages (private). ftp: FTP daemon. ntp: NTP daemon. audit: Log audit. alert: Log alert. clock: Clock daemon. local0: Reserved for local use. local1: Reserved for local use. local2: Reserved for local use. local3: Reserved for local use. local4: Reserved for local use. local5: Reserved for local use. local6: Reserved for local use. local7: Reserved for local use.	option	-

config storm-control

Parameter Name	Description	Type	Size
local-override	Enable to override global FortiSwitch storm control settings for this FortiSwitch. enable: Override global storm control settings. disable: Use global storm control settings.	option	-
rate	Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold.	integer	Minimum value: 1 Maximum value: 10000000
unknown-unicast	Enable/disable storm control to drop unknown unicast traffic. enable: Drop unknown unicast traffic. disable: Allow unknown unicast traffic.	option	-
unknown-multicast	Enable/disable storm control to drop unknown multicast traffic. enable: Drop unknown multicast traffic. disable: Allow unknown multicast traffic.	option	-
broadcast	Enable/disable storm control to drop broadcast traffic. enable: Drop broadcast traffic. disable: Allow broadcast traffic.	option	-

config mirror

Parameter Name	Description	Type	Size
status	Active/inactive mirror configuration. active: Activate mirror configuration. inactive: Deactivate mirror configuration.	option	-
switching-packet	Enable/disable switching functionality when mirroring. enable: Enable switching functionality when mirroring. disable: Disable switching functionality when mirroring.	option	-
dst	Destination port.	string	Maximum length: 63
src-ingress `<name>`	Source ingress interfaces. Interface name.	string	Maximum length: 79
src-egress `<name>`	Source egress interfaces. Interface name.	string	Maximum length: 79

config static-mac

Parameter Name	Description	Type	Size
type	Type. static: Static MAC. sticky: Sticky MAC.	option	-
vlan	Vlan.	string	Maximum length: 15
mac	MAC address.	mac-address	Not Specified
interface	Interface name.	string	Maximum length: 35
description	Description.	string	Maximum length: 63

config custom-command

Parameter Name	Description	Type	Size
command-name	Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command.	string	Maximum length: 35

config igmp-snooping

Parameter Name	Description	Type	Size
local-override	Enable/disable overriding the global IGMP snooping configuration. enable: Override the global IGMP snooping configuration. disable: Use the global IGMP snooping configuration.	option	-
aging-time	Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300).	integer	Minimum value: 15 Maximum value: 3600
flood-unknown-multicast	Enable/disable unknown multicast flooding. enable: Enable unknown multicast flooding. disable: Disable unknown multicast flooding.	option	-

config 802-1X-settings

Parameter Name	Description	Type	Size
local-override	Enable to override global 802.1X settings on individual FortiSwitches. enable: Override global 802.1X settings. disable: Use global 802.1X settings.	option	-
link-down-auth	Authentication state to set if a link is down. set-unauth: Interface set to unauth when down. Reauthentication is needed. no-action: Interface reauthentication is not needed.	option	-
reauth-period	Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable).	integer	Minimum value: 1 Maximum value: 1440
max-reauth-attempt	Maximum number of authentication attempts (0 - 15, default = 3).	integer	Minimum value: 0 Maximum value: 15

Configure FortiSwitch devices that are managed by this FortiGate.

  config switch-controller managed-switch
      Description: Configure FortiSwitch devices that are managed by this FortiGate.
      edit <switch-id>
          set name {string}
          set description {string}
          set switch-profile {string}
          set access-profile {string}
          set fsw-wan1-peer {string}
          set fsw-wan1-admin [discovered|disable|...]
          set fsw-wan2-peer {string}
          set fsw-wan2-admin [discovered|disable|...]
          set poe-pre-standard-detection [enable|disable]
          set poe-detection-type {integer}
          set poe-lldp-detection [enable|disable]
          set directly-connected {integer}
          set version {integer}
          set max-allowed-trunk-members {integer}
          set pre-provisioned {integer}
          set dynamic-capability {integer}
          set switch-device-tag {string}
          set dynamically-discovered {integer}
          set type [virtual|physical]
          set owner-vdom {string}
          set flow-identity {user}
          set staged-image-version {string}
          set delayed-restart-trigger {integer}
          config ports
              Description: Managed-switch port list.
              edit <port-name>
                  set port-owner {string}
                  set switch-id {string}
                  set speed [10half|10full|...]
                  set speed-mask {integer}
                  set status [up|down]
                  set poe-status [enable|disable]
                  set poe-pre-standard-detection [enable|disable]
                  set port-number {integer}
                  set port-prefix-type {integer}
                  set fortilink-port {integer}
                  set poe-capable {integer}
                  set stacking-port {integer}
                  set fiber-port {integer}
                  set flags {integer}
                  set virtual-port {integer}
                  set isl-local-trunk-name {string}
                  set isl-peer-port-name {string}
                  set isl-peer-device-name {string}
                  set fgt-peer-port-name {string}
                  set fgt-peer-device-name {string}
                  set vlan {string}
                  set allowed-vlans-all [enable|disable]
                  set allowed-vlans <vlan-name1>, <vlan-name2>, ...
                  set untagged-vlans <vlan-name1>, <vlan-name2>, ...
                  set type [physical|trunk]
                  set dhcp-snooping [untrusted|trusted]
                  set dhcp-snoop-option82-trust [enable|disable]
                  set arp-inspection-trust [untrusted|trusted]
                  set igmp-snooping [enable|disable]
                  set igmps-flood-reports [enable|disable]
                  set igmps-flood-traffic [enable|disable]
                  set stp-state [enabled|disabled]
                  set stp-root-guard [enabled|disabled]
                  set stp-bpdu-guard [enabled|disabled]
                  set stp-bpdu-guard-timeout {integer}
                  set edge-port [enable|disable]
                  set discard-mode [none|all-untagged|...]
                  set packet-sampler [enabled|disabled]
                  set packet-sample-rate {integer}
                  set sflow-counter-interval {integer}
                  set sample-direction [tx|rx|...]
                  set loop-guard [enabled|disabled]
                  set loop-guard-timeout {integer}
                  set qos-policy {string}
                  set storm-control-policy {string}
                  set port-security-policy {string}
                  set export-to-pool {string}
                  set export-tags <tag-name1>, <tag-name2>, ...
                  set export-to-pool-flag {integer}
                  set learning-limit {integer}
                  set sticky-mac [enable|disable]
                  set lldp-status [disable|rx-only|...]
                  set lldp-profile {string}
                  set export-to {string}
                  set mac-addr {mac-address}
                  set port-selection-criteria [src-mac|dst-mac|...]
                  set description {string}
                  set lacp-speed [slow|fast]
                  set mode [static|lacp-passive|...]
                  set bundle [enable|disable]
                  set member-withdrawal-behavior [forward|block]
                  set mclag [enable|disable]
                  set min-bundle {integer}
                  set max-bundle {integer}
                  set members <member-name1>, <member-name2>, ...
              next
          end
          config stp-settings
              Description: Configuration method to edit Spanning Tree Protocol (STP) settings used to prevent bridge loops.
              set local-override [enable|disable]
              set name {string}
              set status [enable|disable]
              set revision {integer}
              set hello-time {integer}
              set forward-time {integer}
              set max-age {integer}
              set max-hops {integer}
              set pending-timer {integer}
          end
          config switch-stp-settings
              Description: Configure spanning tree protocol (STP).
              set status [enable|disable]
          end
          config stp-instance
              Description: Configuration method to edit Spanning Tree Protocol (STP) instances.
              edit <id>
                  set priority [0|4096|...]
              next
          end
          set override-snmp-sysinfo [disable|enable]
          config snmp-sysinfo
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) system info.
              set status [disable|enable]
              set engine-id {string}
              set description {string}
              set contact-info {string}
              set location {string}
          end
          set override-snmp-trap-threshold [enable|disable]
          config snmp-trap-threshold
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) trap threshold values.
              set trap-high-cpu-threshold {integer}
              set trap-low-memory-threshold {integer}
              set trap-log-full-threshold {integer}
          end
          set override-snmp-community [enable|disable]
          config snmp-community
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) communities.
              edit <id>
                  set name {string}
                  set status [disable|enable]
                  config hosts
                      Description: Configure IPv4 SNMP managers (hosts).
                      edit <id>
                          set ip {user}
                      next
                  end
                  set query-v1-status [disable|enable]
                  set query-v1-port {integer}
                  set query-v2c-status [disable|enable]
                  set query-v2c-port {integer}
                  set trap-v1-status [disable|enable]
                  set trap-v1-lport {integer}
                  set trap-v1-rport {integer}
                  set trap-v2c-status [disable|enable]
                  set trap-v2c-lport {integer}
                  set trap-v2c-rport {integer}
                  set events {option1}, {option2}, ...
              next
          end
          set override-snmp-user [enable|disable]
          config snmp-user
              Description: Configuration method to edit Simple Network Management Protocol (SNMP) users.
              edit <name>
                  set queries [disable|enable]
                  set query-port {integer}
                  set security-level [no-auth-no-priv|auth-no-priv|...]
                  set auth-proto [md5|sha]
                  set auth-pwd {password}
                  set priv-proto [aes|des]
                  set priv-pwd {password}
              next
          end
          config switch-log
              Description: Configuration method to edit FortiSwitch logging settings (logs are transferred to and inserted into the FortiGate event log).
              set local-override [enable|disable]
              set status [enable|disable]
              set severity [emergency|alert|...]
          end
          config remote-log
              Description: Configure logging by FortiSwitch device to a remote syslog server.
              edit <name>
                  set status [enable|disable]
                  set server {string}
                  set port {integer}
                  set severity [emergency|alert|...]
                  set csv [enable|disable]
                  set facility [kernel|user|...]
              next
          end
          config storm-control
              Description: Configuration method to edit FortiSwitch storm control for measuring traffic activity using data rates to prevent traffic disruption.
              set local-override [enable|disable]
              set rate {integer}
              set unknown-unicast [enable|disable]
              set unknown-multicast [enable|disable]
              set broadcast [enable|disable]
          end
          config mirror
              Description: Configuration method to edit FortiSwitch packet mirror.
              edit <name>
                  set status [active|inactive]
                  set switching-packet [enable|disable]
                  set dst {string}
                  set src-ingress <name1>, <name2>, ...
                  set src-egress <name1>, <name2>, ...
              next
          end
          config static-mac
              Description: Configuration method to edit FortiSwitch Static and Sticky MAC.
              edit <id>
                  set type [static|sticky]
                  set vlan {string}
                  set mac {mac-address}
                  set interface {string}
                  set description {string}
              next
          end
          config custom-command
              Description: Configuration method to edit FortiSwitch commands to be pushed to this FortiSwitch device upon rebooting the FortiGate switch controller or the FortiSwitch.
              edit <command-entry>
                  set command-name {string}
              next
          end
          config igmp-snooping
              Description: Configure FortiSwitch IGMP snooping global settings.
              set local-override [enable|disable]
              set aging-time {integer}
              set flood-unknown-multicast [enable|disable]
          end
          config 802-1X-settings
              Description: Configuration method to edit FortiSwitch 802.1X global settings.
              set local-override [enable|disable]
              set link-down-auth [set-unauth|no-action]
              set reauth-period {integer}
              set max-reauth-attempt {integer}
          end
      next
  end

config switch-controller managed-switch

Parameter Name	Description	Type	Size
name	Managed-switch name.	string	Maximum length: 35
description	Description.	string	Maximum length: 63
switch-profile	FortiSwitch profile.	string	Maximum length: 35
access-profile	FortiSwitch access profile.	string	Maximum length: 31
fsw-wan1-peer	Fortiswitch WAN1 peer port.	string	Maximum length: 35
fsw-wan1-admin	FortiSwitch WAN1 admin status; enable to authorize the FortiSwitch as a managed switch. discovered: Link waiting to be authorized. disable: Link unauthorized. enable: Link authorized.	option	-
fsw-wan2-peer	FortiSwitch WAN2 peer port.	string	Maximum length: 35
fsw-wan2-admin	FortiSwitch WAN2 admin status; enable to authorize the FortiSwitch as a managed switch. discovered: Link waiting to be authorized. disable: Link unauthorized. enable: Link authorized.	option	-
poe-pre-standard-detection	Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection.	option	-
poe-detection-type	PoE detection type for FortiSwitch.	integer	Minimum value: 0 Maximum value: 255
poe-lldp-detection	Enable/disable PoE LLDP detection. enable: Enable PoE LLDP detection. disable: Disable PoE LLDP detection.	option	-
directly-connected	Directly connected FortiSwitch.	integer	Minimum value: 0 Maximum value: 1
version	FortiSwitch version.	integer	Minimum value: 0 Maximum value: 255
max-allowed-trunk-members	FortiSwitch maximum allowed trunk members.	integer	Minimum value: 0 Maximum value: 255
pre-provisioned	Pre-provisioned managed switch.	integer	Minimum value: 0 Maximum value: 255
dynamic-capability	List of features this FortiSwitch supports (not configurable) that is sent to the FortiGate device for subsequent configuration initiated by the FortiGate device.	integer	Minimum value: 0 Maximum value: 4294967295
switch-device-tag	User definable label/tag.	string	Maximum length: 32
dynamically-discovered	Dynamically discovered FortiSwitch.	integer	Minimum value: 0 Maximum value: 1
type	Indication of switch type, physical or virtual. virtual: Switch is of type virtual. physical: Switch is of type physical.	option	-
owner-vdom	VDOM which owner of port belongs to.	string	Maximum length: 31
flow-identity	Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF default=0).	user	Not Specified
staged-image-version	Staged image version for FortiSwitch.	string	Maximum length: 127
delayed-restart-trigger	Delayed restart triggered for this FortiSwitch.	integer	Minimum value: 0 Maximum value: 255
override-snmp-sysinfo	Enable/disable overriding the global SNMP system information. disable: Use the global SNMP system information. enable: Override the global SNMP system information.	option	-
override-snmp-trap-threshold	Enable/disable overriding the global SNMP trap threshold values. enable: Override the global SNMP trap threshold values. disable: Use the global SNMP trap threshold values.	option	-
override-snmp-community	Enable/disable overriding the global SNMP communities. enable: Override the global SNMP communities. disable: Use the global SNMP communities.	option	-
override-snmp-user	Enable/disable overriding the global SNMP users. enable: Override the global SNMPv3 users. disable: Use the global SNMPv3 users.	option	-

config ports

Parameter Name	Description	Type	Size
port-owner	Switch port name.	string	Maximum length: 15
switch-id	Switch id.	string	Maximum length: 16
speed	Switch port speed; default and available settings depend on hardware. 10half: 10M half-duplex. 10full: 10M full-duplex. 100half: 100M half-duplex. 100full: 100M full-duplex. 1000auto: Auto-negotiation (1G full-duplex only). 1000fiber: 1G full-duplex (fiber SFPs only) 1000full: 1G full-duplex 10000: 10G full-duplex 40000: 40G full-duplex auto: Auto-negotiation. auto-module: Auto Module. 100FX-half: 100Mbps half-duplex.100Base-FX. 100FX-full: 100Mbps full-duplex.100Base-FX. 100000full: 100Gbps full-duplex. 2500full: 2.5Gbps full-duplex. 25000full: 25Gbps full-duplex. 50000full: 50Gbps full-duplex. 10000cr: 10Gbps copper interface. 10000sr: 10Gbps SFI interface. 100000sr4: 100Gbps SFI interface. 100000cr4: 100Gbps copper interface. 25000cr4: 25Gbps copper interface. 25000sr4: 25Gbps SFI interface. 5000full: 5Gbps full-duplex.	option	-
speed-mask	Switch port speed mask.	integer	Minimum value: 0 Maximum value: 4294967295
status	Switch port admin status: up or down. up: Set admin status up. down: Set admin status down.	option	-
poe-status	Enable/disable PoE status. enable: Enable PoE status. disable: Disable PoE status.	option	-
poe-pre-standard-detection	Enable/disable PoE pre-standard detection. enable: Enable PoE pre-standard detection. disable: Disable PoE pre-standard detection.	option	-
port-number	Port number.	integer	Minimum value: 1 Maximum value: 64
port-prefix-type	Port prefix type.	integer	Minimum value: 0 Maximum value: 1
fortilink-port	FortiLink uplink port.	integer	Minimum value: 0 Maximum value: 1
poe-capable	PoE capable.	integer	Minimum value: 0 Maximum value: 1
stacking-port	Stacking port.	integer	Minimum value: 0 Maximum value: 1
fiber-port	Fiber-port.	integer	Minimum value: 0 Maximum value: 1
flags	Port properties flags.	integer	Minimum value: 0 Maximum value: 4294967295
virtual-port	Virtualized switch port.	integer	Minimum value: 0 Maximum value: 1
isl-local-trunk-name	ISL local trunk name.	string	Maximum length: 15
isl-peer-port-name	ISL peer port name.	string	Maximum length: 15
isl-peer-device-name	ISL peer device name.	string	Maximum length: 16
fgt-peer-port-name	FGT peer port name.	string	Maximum length: 15
fgt-peer-device-name	FGT peer device name.	string	Maximum length: 16
vlan	Assign switch ports to a VLAN.	string	Maximum length: 15
allowed-vlans-all	Enable/disable all defined vlans on this port. enable: Enable all defined VLANs on this port. disable: Disable all defined VLANs on this port.	option	-
allowed-vlans `<vlan-name>`	Configure switch port tagged vlans VLAN name.	string	Maximum length: 79
untagged-vlans `<vlan-name>`	Configure switch port untagged vlans VLAN name.	string	Maximum length: 79
type	Interface type: physical or trunk port. physical: Physical port. trunk: Trunk port.	option	-
dhcp-snooping	Trusted or untrusted DHCP-snooping interface. untrusted: Untrusted DHCP snooping interface. trusted: Trusted DHCP snooping interface.	option	-
dhcp-snoop-option82-trust	Enable/disable allowance of DHCP with option-82 on untrusted interface. enable: Enable allowance of DHCP with option-82 on untrusted interface. disable: Disable allowance of DHCP with option-82 on untrusted interface.	option	-
arp-inspection-trust	Trusted or untrusted dynamic ARP inspection. untrusted: Untrusted dynamic ARP inspection. trusted: Trusted dynamic ARP inspection.	option	-
igmp-snooping	Set IGMP snooping mode for the physical port interface. enable: Interface takes part in IGMP snooping. disable: Interface does not take part in IGMP snooping.	option	-
igmps-flood-reports	Enable/disable flooding of IGMP reports to this interface when igmp-snooping enabled. enable: Enable flooding of IGMP snooping reports to this interface. disable: Disable flooding of IGMP snooping reports to this interface.	option	-
igmps-flood-traffic	Enable/disable flooding of IGMP snooping traffic to this interface. enable: Enable flooding of IGMP snooping traffic to this interface. disable: Disable flooding of IGMP snooping traffic to this interface.	option	-
stp-state	Enable/disable Spanning Tree Protocol (STP) on this interface. enabled: Enable STP on this interface. disabled: Disable STP on this interface.	option	-
stp-root-guard	Enable/disable STP root guard on this interface. enabled: Enable STP root-guard on this interface. disabled: Disable STP root-guard on this interface.	option	-
stp-bpdu-guard	Enable/disable STP BPDU guard on this interface. enabled: Enable STP BPDU guard on this interface. disabled: Disable STP BPDU guard on this interface.	option	-
stp-bpdu-guard-timeout	BPDU Guard disabling protection (0 - 120 min).	integer	Minimum value: 0 Maximum value: 120
edge-port	Enable/disable this interface as an edge port, bridging connections between workstations and/or computers. enable: Enable this interface as an edge port. disable: Disable this interface as an edge port.	option	-
discard-mode	Configure discard mode for port. none: Discard disabled. all-untagged: Discard all frames that are untagged. all-tagged: Discard all frames that are tagged.	option	-
packet-sampler	Enable/disable packet sampling on this interface. enabled: Enable packet sampling on this interface. disabled: Disable packet sampling on this interface.	option	-
packet-sample-rate	Packet sampling rate (0 - 99999 p/sec).	integer	Minimum value: 0 Maximum value: 99999
sflow-counter-interval	sFlow sampling counter polling interval (0 - 255 sec).	integer	Minimum value: 0 Maximum value: 255
sample-direction	Packet sampling direction. tx: Monitor transmitted traffic. rx: Monitor received traffic. both: Monitor transmitted and received traffic.	option	-
loop-guard	Enable/disable loop-guard on this interface, an STP optimization used to prevent network loops. enabled: Enable loop-guard on this interface. disabled: Disable loop-guard on this interface.	option	-
loop-guard-timeout	Loop-guard timeout (0 - 120 min, default = 45).	integer	Minimum value: 0 Maximum value: 120
qos-policy	Switch controller QoS policy from available options.	string	Maximum length: 63
storm-control-policy	Switch controller storm control policy from available options.	string	Maximum length: 63
port-security-policy	Switch controller authentication policy to apply to this managed switch from available options.	string	Maximum length: 31
export-to-pool	Switch controller export port to pool-list.	string	Maximum length: 35
export-tags `<tag-name>`	Configure tag name for FortiSwitch port when exported. FortiSwitch port tag name when exported.	string	Maximum length: 63
export-to-pool-flag	Switch controller export port to pool-list.	integer	Minimum value: 0 Maximum value: 1
learning-limit	Limit the number of dynamic MAC addresses on this Port (1 - 128, 0 = no limit, default).	integer	Minimum value: 0 Maximum value: 128
sticky-mac	Enable or disable sticky-mac on the interface. enable: Enable sticky mac on the interface. disable: Disable sticky mac on the interface.	option	-
lldp-status	LLDP transmit and receive status. disable: Disable LLDP TX and RX. rx-only: Enable LLDP as RX only. tx-only: Enable LLDP as TX only. tx-rx: Enable LLDP TX and RX.	option	-
lldp-profile	LLDP port TLV profile.	string	Maximum length: 63
export-to	Export managed-switch port to a tenant VDOM.	string	Maximum length: 31
mac-addr	Port/Trunk MAC.	mac-address	Not Specified
port-selection-criteria	Algorithm for aggregate port selection. src-mac: Source MAC address. dst-mac: Destination MAC address. src-dst-mac: Source and destination MAC address. src-ip: Source IP address. dst-ip: Destination IP address. src-dst-ip: Source and destination IP address.	option	-
description	Description for port.	string	Maximum length: 63
lacp-speed	end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). slow: Send LACP message every 30 seconds. fast: Send LACP message every second.	option	-
mode	LACP mode: ignore and do not send control messages, or negotiate 802.3ad aggregation passively or actively. static: Static aggregation, do not send and ignore any control messages. lacp-passive: Passively use LACP to negotiate 802.3ad aggregation. lacp-active: Actively use LACP to negotiate 802.3ad aggregation.	option	-
bundle	Enable/disable Link Aggregation Group (LAG) bundling for non-FortiLink interfaces. enable: Enable bundling. disable: Disable bundling.	option	-
member-withdrawal-behavior	Port behavior after it withdraws because of loss of control packets. forward: Forward traffic. block: Block traffic.	option	-
mclag	Enable/disable multi-chassis link aggregation (MCLAG). enable: Enable MCLAG. disable: Disable MCLAG.	option	-
min-bundle	Minimum size of LAG bundle (1 - 24, default = 1)	integer	Minimum value: 1 Maximum value: 24
max-bundle	Maximum size of LAG bundle (1 - 24, default = 24)	integer	Minimum value: 1 Maximum value: 24
members `<member-name>`	Aggregated LAG bundle interfaces. Interface name from available options.	string	Maximum length: 79

config stp-settings

Parameter Name	Description	Type	Size
local-override	Enable to configure local STP settings that override global STP settings. enable: Override global STP settings. disable: Use global STP settings.	option	-
name	Name of local STP settings configuration.	string	Maximum length: 31
status	Enable/disable STP. enable: Enable STP. disable: Disable STP.	option	-
revision	STP revision number (0 - 65535).	integer	Minimum value: 0 Maximum value: 65535
hello-time	Period of time between successive STP frame Bridge Protocol Data Units (BPDUs) sent on a port (1 - 10 sec, default = 2).	integer	Minimum value: 1 Maximum value: 10
forward-time	Period of time a port is in listening and learning state (4 - 30 sec, default = 15).	integer	Minimum value: 4 Maximum value: 30
max-age	Maximum time before a bridge port saves its configuration BPDU information (6 - 40 sec, default = 20).	integer	Minimum value: 6 Maximum value: 40
max-hops	Maximum number of hops between the root bridge and the furthest bridge (1- 40, default = 20).	integer	Minimum value: 1 Maximum value: 40
pending-timer	Pending time (1 - 15 sec, default = 4).	integer	Minimum value: 1 Maximum value: 15

config switch-stp-settings

Parameter Name	Description	Type	Size
status	Enable/disable STP. enable: Enable STP. disable: Disable STP.	option	-

config stp-instance

Parameter Name	Description	Type	Size
priority	Priority. 0: 0. 4096: 4096. 8192: 8192. 12288: 12288. 16384: 16384. 20480: 20480. 24576: 24576. 28672: 28672. 32768: 32768. 36864: 36864. 40960: 40960. 45056: 45056. 49152: 49152. 53248: 53248. 57344: 57344. 61440: 61440.	option	-

config snmp-sysinfo

Parameter Name	Description	Type	Size
status	Enable/disable SNMP. disable: Disable SNMP. enable: Enable SNMP.	option	-
engine-id	Local SNMP engine ID string (max 24 char).	string	Maximum length: 24
description	System description.	string	Maximum length: 35
contact-info	Contact information.	string	Maximum length: 35
location	System location.	string	Maximum length: 35

config snmp-trap-threshold

Parameter Name	Description	Type	Size
trap-high-cpu-threshold	CPU usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295
trap-low-memory-threshold	Memory usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295
trap-log-full-threshold	Log disk usage when trap is sent.	integer	Minimum value: 0 Maximum value: 4294967295

config snmp-community

Parameter Name	Description	Type	Size
name	SNMP community name.	string	Maximum length: 35
status	Enable/disable this SNMP community. disable: Disable SNMP community. enable: Enable SNMP community.	option	-
query-v1-status	Enable/disable SNMP v1 queries. disable: Disable SNMP v1 queries. enable: Enable SNMP v1 queries.	option	-
query-v1-port	SNMP v1 query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
query-v2c-status	Enable/disable SNMP v2c queries. disable: Disable SNMP v2c queries. enable: Enable SNMP v2c queries.	option	-
query-v2c-port	SNMP v2c query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
trap-v1-status	Enable/disable SNMP v1 traps. disable: Disable SNMP v1 traps. enable: Enable SNMP v1 traps.	option	-
trap-v1-lport	SNMP v2c trap local port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v1-rport	SNMP v2c trap remote port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v2c-status	Enable/disable SNMP v2c traps. disable: Disable SNMP v2c traps. enable: Enable SNMP v2c traps.	option	-
trap-v2c-lport	SNMP v2c trap local port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
trap-v2c-rport	SNMP v2c trap remote port (default = 162).	integer	Minimum value: 0 Maximum value: 65535
events	SNMP notifications (traps) to send. cpu-high: Send a trap when CPU usage too high. mem-low: Send a trap when available memory is low. log-full: Send a trap when log disk space becomes low. intf-ip: Send a trap when an interface IP address is changed. ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133).	option	-

config hosts

Parameter Name	Description	Type	Size
ip	IPv4 address of the SNMP manager (host).	user	Not Specified

config snmp-user

Parameter Name	Description	Type	Size
queries	Enable/disable SNMP queries for this user. disable: Disable SNMP queries for this user. enable: Enable SNMP queries for this user.	option	-
query-port	SNMPv3 query port (default = 161).	integer	Minimum value: 0 Maximum value: 65535
security-level	Security level for message authentication and encryption. no-auth-no-priv: Message with no authentication and no privacy (encryption). auth-no-priv: Message with authentication but no privacy (encryption). auth-priv: Message with authentication and privacy (encryption).	option	-
auth-proto	Authentication protocol. md5: HMAC-MD5-96 authentication protocol. sha: HMAC-SHA-96 authentication protocol.	option	-
auth-pwd	Password for authentication protocol.	password	Not Specified
priv-proto	Privacy (encryption) protocol. aes: CFB128-AES-128 symmetric encryption protocol. des: CBC-DES symmetric encryption protocol.	option	-
priv-pwd	Password for privacy (encryption) protocol.	password	Not Specified

config switch-log

Parameter Name	Description	Type	Size
local-override	Enable to configure local logging settings that override global logging settings. enable: Override global logging settings. disable: Use global logging settings.	option	-
status	Enable/disable adding FortiSwitch logs to the FortiGate event log. enable: Add FortiSwitch logs to the FortiGate event log. disable: Do not add FortiSwitch logs to the FortiGate event log.	option	-
severity	Severity of FortiSwitch logs that are added to the FortiGate event log. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level.	option	-

config remote-log

Parameter Name	Description	Type	Size
status	Enable/disable logging by FortiSwitch device to a remote syslog server. enable: Enable logging by FortiSwitch device to a remote syslog server. disable: Disable logging by FortiSwitch device to a remote syslog server.	option	-
server	IPv4 address of the remote syslog server.	string	Maximum length: 63
port	Remote syslog server listening port.	integer	Minimum value: 0 Maximum value: 65535
severity	Severity of logs to be transferred to remote log server. emergency: Emergency level. alert: Alert level. critical: Critical level. error: Error level. warning: Warning level. notification: Notification level. information: Information level. debug: Debug level.	option	-
csv	Enable/disable comma-separated value (CSV) strings. enable: Enable comma-separated value (CSV) strings. disable: Disable comma-separated value (CSV) strings.	option	-
facility	Facility to log to remote syslog server. kernel: Kernel messages. user: Random user-level messages. mail: Mail system. daemon: System daemons. auth: Security/authorization messages. syslog: Messages generated internally by syslogd. lpr: Line printer subsystem. news: Network news subsystem. uucp: UUCP server messages. cron: Clock daemon. authpriv: Security/authorization messages (private). ftp: FTP daemon. ntp: NTP daemon. audit: Log audit. alert: Log alert. clock: Clock daemon. local0: Reserved for local use. local1: Reserved for local use. local2: Reserved for local use. local3: Reserved for local use. local4: Reserved for local use. local5: Reserved for local use. local6: Reserved for local use. local7: Reserved for local use.	option	-

config storm-control

Parameter Name	Description	Type	Size
local-override	Enable to override global FortiSwitch storm control settings for this FortiSwitch. enable: Override global storm control settings. disable: Use global storm control settings.	option	-
rate	Rate in packets per second at which storm traffic is controlled (1 - 10000000, default = 500). Storm control drops excess traffic data rates beyond this threshold.	integer	Minimum value: 1 Maximum value: 10000000
unknown-unicast	Enable/disable storm control to drop unknown unicast traffic. enable: Drop unknown unicast traffic. disable: Allow unknown unicast traffic.	option	-
unknown-multicast	Enable/disable storm control to drop unknown multicast traffic. enable: Drop unknown multicast traffic. disable: Allow unknown multicast traffic.	option	-
broadcast	Enable/disable storm control to drop broadcast traffic. enable: Drop broadcast traffic. disable: Allow broadcast traffic.	option	-

config mirror

Parameter Name	Description	Type	Size
status	Active/inactive mirror configuration. active: Activate mirror configuration. inactive: Deactivate mirror configuration.	option	-
switching-packet	Enable/disable switching functionality when mirroring. enable: Enable switching functionality when mirroring. disable: Disable switching functionality when mirroring.	option	-
dst	Destination port.	string	Maximum length: 63
src-ingress `<name>`	Source ingress interfaces. Interface name.	string	Maximum length: 79
src-egress `<name>`	Source egress interfaces. Interface name.	string	Maximum length: 79

config static-mac

Parameter Name	Description	Type	Size
type	Type. static: Static MAC. sticky: Sticky MAC.	option	-
vlan	Vlan.	string	Maximum length: 15
mac	MAC address.	mac-address	Not Specified
interface	Interface name.	string	Maximum length: 35
description	Description.	string	Maximum length: 63

config custom-command

Parameter Name	Description	Type	Size
command-name	Names of commands to be pushed to this FortiSwitch device, as configured under config switch-controller custom-command.	string	Maximum length: 35

config igmp-snooping

Parameter Name	Description	Type	Size
local-override	Enable/disable overriding the global IGMP snooping configuration. enable: Override the global IGMP snooping configuration. disable: Use the global IGMP snooping configuration.	option	-
aging-time	Maximum time to retain a multicast snooping entry for which no packets have been seen (15 - 3600 sec, default = 300).	integer	Minimum value: 15 Maximum value: 3600
flood-unknown-multicast	Enable/disable unknown multicast flooding. enable: Enable unknown multicast flooding. disable: Disable unknown multicast flooding.	option	-

config 802-1X-settings

Parameter Name	Description	Type	Size
local-override	Enable to override global 802.1X settings on individual FortiSwitches. enable: Override global 802.1X settings. disable: Use global 802.1X settings.	option	-
link-down-auth	Authentication state to set if a link is down. set-unauth: Interface set to unauth when down. Reauthentication is needed. no-action: Interface reauthentication is not needed.	option	-
reauth-period	Reauthentication time interval (1 - 1440 min, default = 60, 0 = disable).	integer	Minimum value: 1 Maximum value: 1440
max-reauth-attempt	Maximum number of authentication attempts (0 - 15, default = 3).	integer	Minimum value: 0 Maximum value: 15

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

switch-controller managed-switch

Configure FortiSwitch devices that are managed by this FortiGate.

config switch-controller managed-switch

config ports

config stp-settings

config switch-stp-settings

config stp-instance

config snmp-sysinfo

config snmp-trap-threshold

config snmp-community

config hosts

config snmp-user

config switch-log