Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Portal.

  config vpn ssl web portal
      Description: Portal.
      edit <name>
          set tunnel-mode [enable|disable]
          set ip-mode [range|user-group]
          set auto-connect [enable|disable]
          set keep-alive [enable|disable]
          set save-password [enable|disable]
          set ip-pools <name1>, <name2>, ...
          set exclusive-routing [enable|disable]
          set service-restriction [enable|disable]
          set split-tunneling [enable|disable]
          set split-tunneling-routing-address <name1>, <name2>, ...
          set dns-server1 {ipv4-address}
          set dns-server2 {ipv4-address}
          set dns-suffix {var-string}
          set wins-server1 {ipv4-address}
          set wins-server2 {ipv4-address}
          set ipv6-tunnel-mode [enable|disable]
          set ipv6-pools <name1>, <name2>, ...
          set ipv6-exclusive-routing [enable|disable]
          set ipv6-service-restriction [enable|disable]
          set ipv6-split-tunneling [enable|disable]
          set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
          set ipv6-dns-server1 {ipv6-address}
          set ipv6-dns-server2 {ipv6-address}
          set ipv6-wins-server1 {ipv6-address}
          set ipv6-wins-server2 {ipv6-address}
          set web-mode [enable|disable]
          set display-bookmark [enable|disable]
          set user-bookmark [enable|disable]
          set allow-user-access {option1}, {option2}, ...
          set user-group-bookmark [enable|disable]
          config bookmark-group
              Description: Portal bookmark group.
              edit <name>
                  config bookmarks
                      Description: Bookmark table.
                      edit <name>
                          set apptype [ftp|rdp|...]
                          set url {var-string}
                          set host {var-string}
                          set folder {var-string}
                          set additional-params {var-string}
                          set listening-port {integer}
                          set remote-port {integer}
                          set show-status-window [enable|disable]
                          set description {var-string}
                          set server-layout [de-de-qwertz|en-gb-qwerty|...]
                          set security [rdp|nla|...]
                          set preconnection-id {integer}
                          set preconnection-blob {var-string}
                          set load-balancing-info {var-string}
                          set port {integer}
                          set logon-user {var-string}
                          set logon-password {password}
                          set sso [disable|static|...]
                          config form-data
                              Description: Form data.
                              edit <name>
                                  set value {var-string}
                              next
                          end
                          set sso-credential [sslvpn-login|alternative]
                          set sso-username {var-string}
                          set sso-password {password}
                          set sso-credential-sent-once [enable|disable]
                      next
                  end
              next
          end
          set display-connection-tools [enable|disable]
          set display-history [enable|disable]
          set display-status [enable|disable]
          set heading {string}
          set redir-url {var-string}
          set theme [blue|green|...]
          set custom-lang {string}
          set smb-ntlmv1-auth [enable|disable]
          set smbv1 [enable|disable]
          set smb-min-version [smbv1|smbv2|...]
          set smb-max-version [smbv1|smbv2|...]
          set host-check [none|av|...]
          set host-check-interval {integer}
          set host-check-policy <name1>, <name2>, ...
          set limit-user-logins [enable|disable]
          set mac-addr-check [enable|disable]
          set mac-addr-action [allow|deny]
          config mac-addr-check-rule
              Description: Client MAC address check rule.
              edit <name>
                  set mac-addr-mask {integer}
                  set mac-addr-list <addr1>, <addr2>, ...
              next
          end
          set os-check [enable|disable]
          config os-check-list
              Description: SSL VPN OS checks.
              edit <name>
                  set action [deny|allow|...]
                  set tolerance {integer}
                  set latest-patch-level {user}
              next
          end
          set forticlient-download [enable|disable]
          set forticlient-download-method [direct|ssl-vpn]
          set customize-forticlient-download-url [enable|disable]
          set windows-forticlient-download-url {var-string}
          set macos-forticlient-download-url {var-string}
          set skip-check-for-unsupported-os [enable|disable]
          set skip-check-for-browser [enable|disable]
          set hide-sso-credential [enable|disable]
          config split-dns
              Description: Split DNS for SSL VPN.
              edit <id>
                  set domains {var-string}
                  set dns-server1 {ipv4-address}
                  set dns-server2 {ipv4-address}
                  set ipv6-dns-server1 {ipv6-address}
                  set ipv6-dns-server2 {ipv6-address}
              next
          end
      next
  end

config vpn ssl web portal

Parameter Name Description Type Size
tunnel-mode Enable/disable IPv4 SSL-VPN tunnel mode.
enable: Enable setting.
disable: Disable setting.
option -
ip-mode Method by which users of this SSL-VPN tunnel obtain IP addresses.
range: Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.
user-group: Use IP the addresses associated with individual users or user groups (usually from external auth servers).
option -
auto-connect Enable/disable automatic connect by client when system is up.
enable: Enable setting.
disable: Disable setting.
option -
keep-alive Enable/disable automatic reconnect for FortiClient connections.
enable: Enable setting.
disable: Disable setting.
option -
save-password Enable/disable FortiClient saving the user's password.
enable: Enable setting.
disable: Disable setting.
option -
ip-pools <name> IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
Address name.
string Maximum length: 79
exclusive-routing Enable/disable all traffic go through tunnel only.
enable: Enable setting.
disable: Disable setting.
option -
service-restriction Enable/disable tunnel service restriction.
enable: Enable setting.
disable: Disable setting.
option -
split-tunneling Enable/disable IPv4 split tunneling.
enable: Enable setting.
disable: Disable setting.
option -
split-tunneling-routing-address <name> IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
Address name.
string Maximum length: 79
dns-server1 IPv4 DNS server 1. ipv4-address Not Specified
dns-server2 IPv4 DNS server 2. ipv4-address Not Specified
dns-suffix DNS suffix. var-string Maximum length: 253
wins-server1 IPv4 WINS server 1. ipv4-address Not Specified
wins-server2 IPv4 WINS server 1. ipv4-address Not Specified
ipv6-tunnel-mode Enable/disable IPv6 SSL-VPN tunnel mode.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-pools <name> IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
Address name.
string Maximum length: 79
ipv6-exclusive-routing Enable/disable all IPv6 traffic go through tunnel only.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-service-restriction Enable/disable IPv6 tunnel service restriction.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-split-tunneling Enable/disable IPv6 split tunneling.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-split-tunneling-routing-address <name> IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
Address name.
string Maximum length: 79
ipv6-dns-server1 IPv6 DNS server 1. ipv6-address Not Specified
ipv6-dns-server2 IPv6 DNS server 2. ipv6-address Not Specified
ipv6-wins-server1 IPv6 WINS server 1. ipv6-address Not Specified
ipv6-wins-server2 IPv6 WINS server 2. ipv6-address Not Specified
web-mode Enable/disable SSL VPN web mode.
enable: Enable setting.
disable: Disable setting.
option -
display-bookmark Enable to display the web portal bookmark widget.
enable: Enable setting.
disable: Disable setting.
option -
user-bookmark Enable to allow web portal users to create their own bookmarks.
enable: Enable setting.
disable: Disable setting.
option -
allow-user-access Allow user access to SSL-VPN applications.
web: HTTP/HTTPS access.
ftp: FTP access.
smb: SMB/CIFS access.
sftp: SFTP access.
telnet: TELNET access.
ssh: SSH access.
vnc: VNC access.
rdp: RDP access.
ping: PING access.
citrix: CITRIX access.
portforward: Port Forward access.
option -
user-group-bookmark Enable to allow web portal users to create bookmarks for all users in the same user group.
enable: Enable setting.
disable: Disable setting.
option -
display-connection-tools Enable to display the web portal connection tools widget.
enable: Enable setting.
disable: Disable setting.
option -
display-history Enable to display the web portal user login history widget.
enable: Enable setting.
disable: Disable setting.
option -
display-status Enable to display the web portal status widget.
enable: Enable setting.
disable: Disable setting.
option -
heading Web portal heading message. string Maximum length: 31
redir-url Client login redirect URL. var-string Maximum length: 255
theme Web portal color scheme.
blue: Light blue theme.
green: Green theme.
red: Red theme.
melongene: Melongene theme (eggplant color).
mariner: Mariner theme (dark blue color).
option -
custom-lang Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. string Maximum length: 35
smb-ntlmv1-auth Enable support of NTLMv1 for Samba authentication.
enable: Enable setting.
disable: Disable setting.
option -
smbv1 smbv1
enable: enable
disable: disable
option -
smb-min-version SMB minimum client protocol version.
smbv1: SMB version 1.
smbv2: SMB version 2.
smbv3: SMB version 3.
option -
smb-max-version SMB maximum client protocol version.
smbv1: SMB version 1.
smbv2: SMB version 2.
smbv3: SMB version 3.
option -
host-check Type of host checking performed on endpoints.
none: No host checking.
av: AntiVirus software recognized by the Windows Security Center.
fw: Firewall software recognized by the Windows Security Center.
av-fw: AntiVirus and firewall software recognized by the Windows Security Center.
custom: Custom.
option -
host-check-interval Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. integer Minimum value: 120 Maximum value: 259200
host-check-policy <name> One or more policies to require the endpoint to have specific security software.
Host check software list name.
string Maximum length: 79
limit-user-logins Enable to limit each user to one SSL-VPN session at a time.
enable: Enable setting.
disable: Disable setting.
option -
mac-addr-check Enable/disable MAC address host checking.
enable: Enable setting.
disable: Disable setting.
option -
mac-addr-action Client MAC address action.
allow: Allow connection when client MAC address is matched.
deny: Deny connection when client MAC address is matched.
option -
os-check Enable to let the FortiGate decide action based on client OS.
enable: Enable setting.
disable: Disable setting.
option -
forticlient-download Enable/disable download option for FortiClient.
enable: Enable setting.
disable: Disable setting.
option -
forticlient-download-method FortiClient download method.
direct: Download via direct link.
ssl-vpn: Download via SSL-VPN.
option -
customize-forticlient-download-url Enable support of customized download URL for FortiClient.
enable: Enable setting.
disable: Disable setting.
option -
windows-forticlient-download-url Download URL for Windows FortiClient. var-string Maximum length: 1023
macos-forticlient-download-url Download URL for Mac FortiClient. var-string Maximum length: 1023
skip-check-for-unsupported-os Enable to skip host check if client OS does not support it.
enable: Enable setting.
disable: Disable setting.
option -
skip-check-for-browser Enable to skip host check for browser support.
enable: Enable setting.
disable: Disable setting.
option -
hide-sso-credential Enable to prevent SSO credential being sent to client.
enable: Enable setting.
disable: Disable setting.
option -

config bookmarks

Parameter Name Description Type Size
apptype Application type.
ftp: FTP.
rdp: RDP.
sftp: SFTP.
smb: SMB/CIFS.
ssh: SSH.
telnet: Telnet.
vnc: VNC.
web: HTTP/HTTPS.
option -
url URL parameter. var-string Maximum length: 128
host Host name/IP parameter. var-string Maximum length: 128
folder Network shared file folder parameter. var-string Maximum length: 128
additional-params Additional parameters. var-string Maximum length: 128
listening-port Listening port (0 - 65535). integer Minimum value: 0 Maximum value: 65535
remote-port Remote port (0 - 65535). integer Minimum value: 0 Maximum value: 65535
show-status-window Enable/disable showing of status window.
enable: Enable setting.
disable: Disable setting.
option -
description Description. var-string Maximum length: 128
server-layout Server side keyboard layout.
de-de-qwertz: German (qwertz).
en-gb-qwerty: Engligh (UK).
en-us-qwerty: English (US).
es-es-qwerty: Spanish.
fr-ca-qwerty: Canadian French (qwerty).
fr-fr-azerty: French (azerty).
fr-ch-qwertz: Swiss French (qwertz).
it-it-qwerty: Italian.
ja-jp-qwerty: Japanese.
pt-br-qwerty: Portuguese/Brazilian.
sv-se-qwerty: Swedish.
tr-tr-qwerty: Turkish.
failsafe: Unknown keyboard.
option -
security Security mode for RDP connection.
rdp: Standard RDP encryption.
nla: Network Level Authentication.
tls: TLS encryption.
any: Allow the server to choose the type of security.
option -
preconnection-id The numeric ID of the RDP source (0-2147483648). integer Minimum value: 0 Maximum value: 2147483648
preconnection-blob An arbitrary string which identifies the RDP source. var-string Maximum length: 511
load-balancing-info The load balancing information or cookie which should be provided to the connection broker. var-string Maximum length: 511
port Remote port. integer Minimum value: 0 Maximum value: 65535
logon-user Logon user. var-string Maximum length: 35
logon-password Logon password. password Not Specified
sso Single Sign-On.
disable: Disable SSO.
static: Static SSO.
auto: Auto SSO.
option -
sso-credential Single sign-on credentials.
sslvpn-login: SSL-VPN login.
alternative: Alternative.
option -
sso-username SSO user name. var-string Maximum length: 35
sso-password SSO password. password Not Specified
sso-credential-sent-once Single sign-on credentials are only sent once to remote server.
enable: Single sign-on credentials are only sent once to remote server.
disable: Single sign-on credentials are sent to remote server for every HTTP request.
option -
config form-data
Parameter Name Description Type Size
value Value. var-string Maximum length: 63

config mac-addr-check-rule

Parameter Name Description Type Size
mac-addr-mask Client MAC address mask. integer Minimum value: 1 Maximum value: 48
mac-addr-list <addr> Client MAC address list.
Client MAC address.
mac-address Not Specified

config os-check-list

Parameter Name Description Type Size
action OS check options.
deny: Deny all OS versions.
allow: Allow any OS version.
check-up-to-date: Verify OS is up-to-date.
option -
tolerance OS patch level tolerance. integer Minimum value: 0 Maximum value: 255
latest-patch-level Latest OS patch level. user Not Specified

config split-dns

Parameter Name Description Type Size
domains Split DNS domains used for SSL-VPN clients separated by comma(,). var-string Maximum length: 1024
dns-server1 DNS server 1. ipv4-address Not Specified
dns-server2 DNS server 2. ipv4-address Not Specified
ipv6-dns-server1 IPv6 DNS server 1. ipv6-address Not Specified
ipv6-dns-server2 IPv6 DNS server 2. ipv6-address Not Specified

Portal.

  config vpn ssl web portal
      Description: Portal.
      edit <name>
          set tunnel-mode [enable|disable]
          set ip-mode [range|user-group]
          set auto-connect [enable|disable]
          set keep-alive [enable|disable]
          set save-password [enable|disable]
          set ip-pools <name1>, <name2>, ...
          set exclusive-routing [enable|disable]
          set service-restriction [enable|disable]
          set split-tunneling [enable|disable]
          set split-tunneling-routing-address <name1>, <name2>, ...
          set dns-server1 {ipv4-address}
          set dns-server2 {ipv4-address}
          set dns-suffix {var-string}
          set wins-server1 {ipv4-address}
          set wins-server2 {ipv4-address}
          set ipv6-tunnel-mode [enable|disable]
          set ipv6-pools <name1>, <name2>, ...
          set ipv6-exclusive-routing [enable|disable]
          set ipv6-service-restriction [enable|disable]
          set ipv6-split-tunneling [enable|disable]
          set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
          set ipv6-dns-server1 {ipv6-address}
          set ipv6-dns-server2 {ipv6-address}
          set ipv6-wins-server1 {ipv6-address}
          set ipv6-wins-server2 {ipv6-address}
          set web-mode [enable|disable]
          set display-bookmark [enable|disable]
          set user-bookmark [enable|disable]
          set allow-user-access {option1}, {option2}, ...
          set user-group-bookmark [enable|disable]
          config bookmark-group
              Description: Portal bookmark group.
              edit <name>
                  config bookmarks
                      Description: Bookmark table.
                      edit <name>
                          set apptype [ftp|rdp|...]
                          set url {var-string}
                          set host {var-string}
                          set folder {var-string}
                          set additional-params {var-string}
                          set listening-port {integer}
                          set remote-port {integer}
                          set show-status-window [enable|disable]
                          set description {var-string}
                          set server-layout [de-de-qwertz|en-gb-qwerty|...]
                          set security [rdp|nla|...]
                          set preconnection-id {integer}
                          set preconnection-blob {var-string}
                          set load-balancing-info {var-string}
                          set port {integer}
                          set logon-user {var-string}
                          set logon-password {password}
                          set sso [disable|static|...]
                          config form-data
                              Description: Form data.
                              edit <name>
                                  set value {var-string}
                              next
                          end
                          set sso-credential [sslvpn-login|alternative]
                          set sso-username {var-string}
                          set sso-password {password}
                          set sso-credential-sent-once [enable|disable]
                      next
                  end
              next
          end
          set display-connection-tools [enable|disable]
          set display-history [enable|disable]
          set display-status [enable|disable]
          set heading {string}
          set redir-url {var-string}
          set theme [blue|green|...]
          set custom-lang {string}
          set smb-ntlmv1-auth [enable|disable]
          set smbv1 [enable|disable]
          set smb-min-version [smbv1|smbv2|...]
          set smb-max-version [smbv1|smbv2|...]
          set host-check [none|av|...]
          set host-check-interval {integer}
          set host-check-policy <name1>, <name2>, ...
          set limit-user-logins [enable|disable]
          set mac-addr-check [enable|disable]
          set mac-addr-action [allow|deny]
          config mac-addr-check-rule
              Description: Client MAC address check rule.
              edit <name>
                  set mac-addr-mask {integer}
                  set mac-addr-list <addr1>, <addr2>, ...
              next
          end
          set os-check [enable|disable]
          config os-check-list
              Description: SSL VPN OS checks.
              edit <name>
                  set action [deny|allow|...]
                  set tolerance {integer}
                  set latest-patch-level {user}
              next
          end
          set forticlient-download [enable|disable]
          set forticlient-download-method [direct|ssl-vpn]
          set customize-forticlient-download-url [enable|disable]
          set windows-forticlient-download-url {var-string}
          set macos-forticlient-download-url {var-string}
          set skip-check-for-unsupported-os [enable|disable]
          set skip-check-for-browser [enable|disable]
          set hide-sso-credential [enable|disable]
          config split-dns
              Description: Split DNS for SSL VPN.
              edit <id>
                  set domains {var-string}
                  set dns-server1 {ipv4-address}
                  set dns-server2 {ipv4-address}
                  set ipv6-dns-server1 {ipv6-address}
                  set ipv6-dns-server2 {ipv6-address}
              next
          end
      next
  end

config vpn ssl web portal

Parameter Name Description Type Size
tunnel-mode Enable/disable IPv4 SSL-VPN tunnel mode.
enable: Enable setting.
disable: Disable setting.
option -
ip-mode Method by which users of this SSL-VPN tunnel obtain IP addresses.
range: Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.
user-group: Use IP the addresses associated with individual users or user groups (usually from external auth servers).
option -
auto-connect Enable/disable automatic connect by client when system is up.
enable: Enable setting.
disable: Disable setting.
option -
keep-alive Enable/disable automatic reconnect for FortiClient connections.
enable: Enable setting.
disable: Disable setting.
option -
save-password Enable/disable FortiClient saving the user's password.
enable: Enable setting.
disable: Disable setting.
option -
ip-pools <name> IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
Address name.
string Maximum length: 79
exclusive-routing Enable/disable all traffic go through tunnel only.
enable: Enable setting.
disable: Disable setting.
option -
service-restriction Enable/disable tunnel service restriction.
enable: Enable setting.
disable: Disable setting.
option -
split-tunneling Enable/disable IPv4 split tunneling.
enable: Enable setting.
disable: Disable setting.
option -
split-tunneling-routing-address <name> IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
Address name.
string Maximum length: 79
dns-server1 IPv4 DNS server 1. ipv4-address Not Specified
dns-server2 IPv4 DNS server 2. ipv4-address Not Specified
dns-suffix DNS suffix. var-string Maximum length: 253
wins-server1 IPv4 WINS server 1. ipv4-address Not Specified
wins-server2 IPv4 WINS server 1. ipv4-address Not Specified
ipv6-tunnel-mode Enable/disable IPv6 SSL-VPN tunnel mode.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-pools <name> IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
Address name.
string Maximum length: 79
ipv6-exclusive-routing Enable/disable all IPv6 traffic go through tunnel only.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-service-restriction Enable/disable IPv6 tunnel service restriction.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-split-tunneling Enable/disable IPv6 split tunneling.
enable: Enable setting.
disable: Disable setting.
option -
ipv6-split-tunneling-routing-address <name> IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
Address name.
string Maximum length: 79
ipv6-dns-server1 IPv6 DNS server 1. ipv6-address Not Specified
ipv6-dns-server2 IPv6 DNS server 2. ipv6-address Not Specified
ipv6-wins-server1 IPv6 WINS server 1. ipv6-address Not Specified
ipv6-wins-server2 IPv6 WINS server 2. ipv6-address Not Specified
web-mode Enable/disable SSL VPN web mode.
enable: Enable setting.
disable: Disable setting.
option -
display-bookmark Enable to display the web portal bookmark widget.
enable: Enable setting.
disable: Disable setting.
option -
user-bookmark Enable to allow web portal users to create their own bookmarks.
enable: Enable setting.
disable: Disable setting.
option -
allow-user-access Allow user access to SSL-VPN applications.
web: HTTP/HTTPS access.
ftp: FTP access.
smb: SMB/CIFS access.
sftp: SFTP access.
telnet: TELNET access.
ssh: SSH access.
vnc: VNC access.
rdp: RDP access.
ping: PING access.
citrix: CITRIX access.
portforward: Port Forward access.
option -
user-group-bookmark Enable to allow web portal users to create bookmarks for all users in the same user group.
enable: Enable setting.
disable: Disable setting.
option -
display-connection-tools Enable to display the web portal connection tools widget.
enable: Enable setting.
disable: Disable setting.
option -
display-history Enable to display the web portal user login history widget.
enable: Enable setting.
disable: Disable setting.
option -
display-status Enable to display the web portal status widget.
enable: Enable setting.
disable: Disable setting.
option -
heading Web portal heading message. string Maximum length: 31
redir-url Client login redirect URL. var-string Maximum length: 255
theme Web portal color scheme.
blue: Light blue theme.
green: Green theme.
red: Red theme.
melongene: Melongene theme (eggplant color).
mariner: Mariner theme (dark blue color).
option -
custom-lang Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. string Maximum length: 35
smb-ntlmv1-auth Enable support of NTLMv1 for Samba authentication.
enable: Enable setting.
disable: Disable setting.
option -
smbv1 smbv1
enable: enable
disable: disable
option -
smb-min-version SMB minimum client protocol version.
smbv1: SMB version 1.
smbv2: SMB version 2.
smbv3: SMB version 3.
option -
smb-max-version SMB maximum client protocol version.
smbv1: SMB version 1.
smbv2: SMB version 2.
smbv3: SMB version 3.
option -
host-check Type of host checking performed on endpoints.
none: No host checking.
av: AntiVirus software recognized by the Windows Security Center.
fw: Firewall software recognized by the Windows Security Center.
av-fw: AntiVirus and firewall software recognized by the Windows Security Center.
custom: Custom.
option -
host-check-interval Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. integer Minimum value: 120 Maximum value: 259200
host-check-policy <name> One or more policies to require the endpoint to have specific security software.
Host check software list name.
string Maximum length: 79
limit-user-logins Enable to limit each user to one SSL-VPN session at a time.
enable: Enable setting.
disable: Disable setting.
option -
mac-addr-check Enable/disable MAC address host checking.
enable: Enable setting.
disable: Disable setting.
option -
mac-addr-action Client MAC address action.
allow: Allow connection when client MAC address is matched.
deny: Deny connection when client MAC address is matched.
option -
os-check Enable to let the FortiGate decide action based on client OS.
enable: Enable setting.
disable: Disable setting.
option -
forticlient-download Enable/disable download option for FortiClient.
enable: Enable setting.
disable: Disable setting.
option -
forticlient-download-method FortiClient download method.
direct: Download via direct link.
ssl-vpn: Download via SSL-VPN.
option -
customize-forticlient-download-url Enable support of customized download URL for FortiClient.
enable: Enable setting.
disable: Disable setting.
option -
windows-forticlient-download-url Download URL for Windows FortiClient. var-string Maximum length: 1023
macos-forticlient-download-url Download URL for Mac FortiClient. var-string Maximum length: 1023
skip-check-for-unsupported-os Enable to skip host check if client OS does not support it.
enable: Enable setting.
disable: Disable setting.
option -
skip-check-for-browser Enable to skip host check for browser support.
enable: Enable setting.
disable: Disable setting.
option -
hide-sso-credential Enable to prevent SSO credential being sent to client.
enable: Enable setting.
disable: Disable setting.
option -

config bookmarks

Parameter Name Description Type Size
apptype Application type.
ftp: FTP.
rdp: RDP.
sftp: SFTP.
smb: SMB/CIFS.
ssh: SSH.
telnet: Telnet.
vnc: VNC.
web: HTTP/HTTPS.
option -
url URL parameter. var-string Maximum length: 128
host Host name/IP parameter. var-string Maximum length: 128
folder Network shared file folder parameter. var-string Maximum length: 128
additional-params Additional parameters. var-string Maximum length: 128
listening-port Listening port (0 - 65535). integer Minimum value: 0 Maximum value: 65535
remote-port Remote port (0 - 65535). integer Minimum value: 0 Maximum value: 65535
show-status-window Enable/disable showing of status window.
enable: Enable setting.
disable: Disable setting.
option -
description Description. var-string Maximum length: 128
server-layout Server side keyboard layout.
de-de-qwertz: German (qwertz).
en-gb-qwerty: Engligh (UK).
en-us-qwerty: English (US).
es-es-qwerty: Spanish.
fr-ca-qwerty: Canadian French (qwerty).
fr-fr-azerty: French (azerty).
fr-ch-qwertz: Swiss French (qwertz).
it-it-qwerty: Italian.
ja-jp-qwerty: Japanese.
pt-br-qwerty: Portuguese/Brazilian.
sv-se-qwerty: Swedish.
tr-tr-qwerty: Turkish.
failsafe: Unknown keyboard.
option -
security Security mode for RDP connection.
rdp: Standard RDP encryption.
nla: Network Level Authentication.
tls: TLS encryption.
any: Allow the server to choose the type of security.
option -
preconnection-id The numeric ID of the RDP source (0-2147483648). integer Minimum value: 0 Maximum value: 2147483648
preconnection-blob An arbitrary string which identifies the RDP source. var-string Maximum length: 511
load-balancing-info The load balancing information or cookie which should be provided to the connection broker. var-string Maximum length: 511
port Remote port. integer Minimum value: 0 Maximum value: 65535
logon-user Logon user. var-string Maximum length: 35
logon-password Logon password. password Not Specified
sso Single Sign-On.
disable: Disable SSO.
static: Static SSO.
auto: Auto SSO.
option -
sso-credential Single sign-on credentials.
sslvpn-login: SSL-VPN login.
alternative: Alternative.
option -
sso-username SSO user name. var-string Maximum length: 35
sso-password SSO password. password Not Specified
sso-credential-sent-once Single sign-on credentials are only sent once to remote server.
enable: Single sign-on credentials are only sent once to remote server.
disable: Single sign-on credentials are sent to remote server for every HTTP request.
option -
config form-data
Parameter Name Description Type Size
value Value. var-string Maximum length: 63

config mac-addr-check-rule

Parameter Name Description Type Size
mac-addr-mask Client MAC address mask. integer Minimum value: 1 Maximum value: 48
mac-addr-list <addr> Client MAC address list.
Client MAC address.
mac-address Not Specified

config os-check-list

Parameter Name Description Type Size
action OS check options.
deny: Deny all OS versions.
allow: Allow any OS version.
check-up-to-date: Verify OS is up-to-date.
option -
tolerance OS patch level tolerance. integer Minimum value: 0 Maximum value: 255
latest-patch-level Latest OS patch level. user Not Specified

config split-dns

Parameter Name Description Type Size
domains Split DNS domains used for SSL-VPN clients separated by comma(,). var-string Maximum length: 1024
dns-server1 DNS server 1. ipv4-address Not Specified
dns-server2 DNS server 2. ipv4-address Not Specified
ipv6-dns-server1 IPv6 DNS server 1. ipv6-address Not Specified
ipv6-dns-server2 IPv6 DNS server 2. ipv6-address Not Specified