config system global

Configure global attributes.

config system global

Description: Configure global attributes.

set language [english|french|...]

set gui-ipv6 [enable|disable]

set gui-certificates [enable|disable]

set gui-custom-language [enable|disable]

set gui-wireless-opensecurity [enable|disable]

set gui-display-hostname [enable|disable]

set gui-fortisandbox-cloud [enable|disable]

set gui-lines-per-page {integer}

set admin-https-ssl-versions {option1}, {option2}, ...

set admintimeout {integer}

set admin-console-timeout {integer}

set ssd-trim-freq [never|hourly|...]

set ssd-trim-hour {integer}

set ssd-trim-min {integer}

set ssd-trim-weekday [sunday|monday|...]

set ssd-trim-date {integer}

set admin-concurrent [enable|disable]

set admin-lockout-threshold {integer}

set admin-lockout-duration {integer}

set refresh {integer}

set interval {integer}

set failtime {integer}

set daily-restart [enable|disable]

set restart-time {user}

set radius-port {integer}

set admin-login-max {integer}

set remoteauthtimeout {integer}

set ldapconntimeout {integer}

set batch-cmdb [enable|disable]

set max-dlpstat-memory {integer}

set multi-factor-authentication [optional|mandatory]

set ssl-min-proto-version [SSLv3|TLSv1|...]

set autorun-log-fsck [enable|disable]

set dst [enable|disable]

set timezone [01|02|...]

set traffic-priority [tos|dscp]

set traffic-priority-level [low|medium|...]

set anti-replay [disable|loose|...]

set send-pmtu-icmp [enable|disable]

set honor-df [enable|disable]

set revision-image-auto-backup [enable|disable]

set revision-backup-on-logout [enable|disable]

set management-vdom {string}

set hostname {string}

set gui-allow-default-hostname [enable|disable]

set alias {string}

set strong-crypto [enable|disable]

set ssh-cbc-cipher [enable|disable]

set ssh-hmac-md5 [enable|disable]

set ssh-kex-sha1 [enable|disable]

set ssh-mac-weak [enable|disable]

set ssl-static-key-ciphers [enable|disable]

set snat-route-change [enable|disable]

set cli-audit-log [enable|disable]

set dh-params [1024|1536|...]

set fds-statistics [enable|disable]

set fds-statistics-period {integer}

set tcp-option [enable|disable]

set lldp-transmission [enable|disable]

set lldp-reception [enable|disable]

set proxy-auth-timeout {integer}

set proxy-re-authentication-mode [session|traffic|...]

set proxy-auth-lifetime [enable|disable]

set proxy-auth-lifetime-timeout {integer}

set sys-perf-log-interval {integer}

set check-protocol-header [loose|strict]

set vip-arp-range [unlimited|restricted]

set reset-sessionless-tcp [enable|disable]

set allow-traffic-redirect [enable|disable]

set strict-dirty-session-check [enable|disable]

set tcp-halfclose-timer {integer}

set tcp-halfopen-timer {integer}

set tcp-timewait-timer {integer}

set udp-idle-timer {integer}

set block-session-timer {integer}

set ip-src-port-range {user}

set pre-login-banner [enable|disable]

set post-login-banner [disable|enable]

set tftp [enable|disable]

set av-failopen [pass|off|...]

set av-failopen-session [enable|disable]

set memory-use-threshold-extreme {integer}

set memory-use-threshold-red {integer}

set memory-use-threshold-green {integer}

set cpu-use-threshold {integer}

set check-reset-range [strict|disable]

set vdom-mode [no-vdom|split-vdom|...]

set long-vdom-name [enable|disable]

set admin-port {integer}

set admin-sport {integer}

set admin-https-redirect [enable|disable]

set admin-hsts-max-age {integer}

set admin-ssh-password [enable|disable]

set admin-restrict-local [enable|disable]

set admin-ssh-port {integer}

set admin-ssh-grace-time {integer}

set admin-ssh-v1 [enable|disable]

set admin-telnet [enable|disable]

set admin-telnet-port {integer}

set default-service-source-port {user}

set admin-maintainer [enable|disable]

set admin-server-cert {string}

set user-server-cert {string}

set admin-https-pki-required [enable|disable]

set wifi-certificate {string}

set wifi-ca-certificate {string}

set auth-http-port {integer}

set auth-https-port {integer}

set auth-keepalive [enable|disable]

set policy-auth-concurrent {integer}

set auth-session-limit [block-new|logout-inactive]

set auth-cert {string}

set clt-cert-req [enable|disable]

set fortiservice-port {integer}

set cfg-save [automatic|manual|...]

set cfg-revert-timeout {integer}

set reboot-upon-config-restore [enable|disable]

set admin-scp [enable|disable]

set security-rating-result-submission [enable|disable]

set security-rating-run-on-schedule [enable|disable]

set wireless-controller [enable|disable]

set wireless-controller-port {integer}

set fortiextender-data-port {integer}

set fortiextender [disable|enable]

set fortiextender-vlan-mode [enable|disable]

set switch-controller [disable|enable]

set switch-controller-reserved-network {ipv4-classnet}

set dnsproxy-worker-count {integer}

set url-filter-count {integer}

set proxy-worker-count {integer}

set scanunit-count {integer}

set proxy-kxp-hardware-acceleration [disable|enable]

set proxy-cipher-hardware-acceleration [disable|enable]

set fgd-alert-subscription {option1}, {option2}, ...

set ipsec-hmac-offload [enable|disable]

set ipv6-accept-dad {integer}

set ipv6-allow-anycast-probe [enable|disable]

set csr-ca-attribute [enable|disable]

set wimax-4g-usb [enable|disable]

set cert-chain-max {integer}

set sslvpn-max-worker-count {integer}

set sslvpn-kxp-hardware-acceleration [enable|disable]

set sslvpn-cipher-hardware-acceleration [enable|disable]

set sslvpn-plugin-version-check [enable|disable]

set two-factor-ftk-expiry {integer}

set two-factor-email-expiry {integer}

set two-factor-sms-expiry {integer}

set two-factor-fac-expiry {integer}

set two-factor-ftm-expiry {integer}

set per-user-bwl [enable|disable]

set wad-worker-count {integer}

set wad-csvc-cs-count {integer}

set wad-csvc-db-count {integer}

set wad-source-affinity [disable|enable]

set wad-memory-change-granularity {integer}

set login-timestamp [enable|disable]

set miglogd-children {integer}

set special-file-23-support [disable|enable]

set log-uuid-policy [enable|disable]

set log-uuid-address [enable|disable]

set log-ssl-connection [enable|disable]

set arp-max-entry {integer}

set av-affinity {string}

set wad-affinity {string}

set ips-affinity {string}

set miglog-affinity {string}

set url-filter-affinity {string}

set ndp-max-entry {integer}

set br-fdb-max-entry {integer}

set max-route-cache-size {integer}

set ipsec-asic-offload [enable|disable]

set ipsec-soft-dec-async [enable|disable]

set device-idle-timeout {integer}

set device-identification-active-scan-delay {integer}

set gui-device-latitude {string}

set gui-device-longitude {string}

set private-data-encryption [disable|enable]

set auto-auth-extension-device [enable|disable]

set gui-theme [green|neutrino|...]

set gui-date-format [yyyy/MM/dd|dd/MM/yyyy|...]

set gui-date-time-source [system|browser]

set igmp-state-limit {integer}

set cloud-communication [enable|disable]

set fec-port {integer}

set fortitoken-cloud [enable|disable]

end

config system global

Parameter name

Description

Type

Size

language

GUI display language.

option

-

 

Option

Description

english

English.

french

French.

spanish

Spanish.

portuguese

Portuguese.

japanese

Japanese.

trach

Traditional Chinese.

simch

Simplified Chinese.

korean

Korean.

gui-ipv6

Enable/disable IPv6 settings on the GUI.

option

-

 

Option

Description

enable

Display the feature in GUI.

disable

Do not display the feature in GUI.

gui-certificates

Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI.

option

-

 

Option

Description

enable

Display the feature in GUI.

disable

Do not display the feature in GUI.

gui-custom-language

Enable/disable custom languages in GUI.

option

-

 

Option

Description

enable

Display the feature in GUI.

disable

Do not display the feature in GUI.

gui-wireless-opensecurity

Enable/disable wireless open security option on the GUI.

option

-

 

Option

Description

enable

Display the feature in GUI.

disable

Do not display the feature in GUI.

gui-display-hostname

Enable/disable displaying the FortiGate's hostname on the GUI login page.

option

-

 

Option

Description

enable

Display the feature in GUI.

disable

Do not display the feature in GUI.

gui-fortisandbox-cloud

Enable/disable displaying FortiSandbox Cloud on the GUI.

option

-

 

Option

Description

enable

Display the feature in GUI.

disable

Do not display the feature in GUI.

gui-lines-per-page

Number of lines to display per page for web administration.

integer

Minimum value: 20 Maximum value: 1000

admin-https-ssl-versions

Allowed TLS versions for web administration.

option

-

 

Option

Description

tlsv1-1

TLS 1.1.

tlsv1-2

TLS 1.2.

tlsv1-3

TLS 1.3.

admintimeout

Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours), default = 5). A shorter idle timeout is more secure.

integer

Minimum value: 1 Maximum value: 480

admin-console-timeout

Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout.

integer

Minimum value: 15 Maximum value: 300

ssd-trim-freq

How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors.

option

-

 

Option

Description

never

Never Run SSD Trim.

hourly

Run SSD Trim Hourly.

daily

Run SSD Trim Daily.

weekly

Run SSD Trim Weekly.

monthly

Run SSD Trim Monthly.

ssd-trim-hour

Hour of the day on which to run SSD Trim (0 - 23, default = 1).

integer

Minimum value: 0 Maximum value: 23

ssd-trim-min

Minute of the hour on which to run SSD Trim (0 - 59, 60 for random).

integer

Minimum value: 0 Maximum value: 60

ssd-trim-weekday

Day of week to run SSD Trim.

option

-

 

Option

Description

sunday

Sunday

monday

Monday

tuesday

Tuesday

wednesday

Wednesday

thursday

Thursday

friday

Friday

saturday

Saturday

ssd-trim-date

Date within a month to run ssd trim.

integer

Minimum value: 1 Maximum value: 31

admin-concurrent

Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.)

option

-

 

Option

Description

enable

Enable admin concurrent login.

disable

Disable admin concurrent login.

admin-lockout-threshold

Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration.

integer

Minimum value: 1 Maximum value: 10

admin-lockout-duration

Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts.

integer

Minimum value: 1 Maximum value: 2147483647

refresh

Statistics refresh interval in GUI.

integer

Minimum value: 0 Maximum value: 4294967295

interval

Dead gateway detection interval.

integer

Minimum value: 0 Maximum value: 4294967295

failtime

Fail-time for server lost.

integer

Minimum value: 0 Maximum value: 4294967295

daily-restart

Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart.

option

-

 

Option

Description

enable

Enable daily reboot of the FortiGate.

disable

Disable daily reboot of the FortiGate.

restart-time

Daily restart time (hh:mm).

user

Not Specified

radius-port

RADIUS service port number.

integer

Minimum value: 1 Maximum value: 65535

admin-login-max

Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100)

integer

Minimum value: 1 Maximum value: 100

remoteauthtimeout

Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec, default = 5, 0 means no timeout).

integer

Minimum value: 1 Maximum value: 300

ldapconntimeout

Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500).

integer

Minimum value: 1 Maximum value: 300000

batch-cmdb

Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded.

option

-

 

Option

Description

enable

Enable batch mode to execute in CMDB server.

disable

Disable batch mode to execute in CMDB server.

max-dlpstat-memory

Maximum DLP stat memory (0 - 4294967295).

integer

Not Specified

multi-factor-authentication

Enforce all login methods to require an additional authentication factor (default = optional).

option

-

 

Option

Description

optional

Do not enforce all login methods to require an additional authentication factor (controlled by user settings).

mandatory

Enforce all login methods to require an additional authentication factor.

ssl-min-proto-version

Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2).

option

-

 

Option

Description

SSLv3

SSLv3.

TLSv1

TLSv1.

TLSv1-1

TLSv1.1.

TLSv1-2

TLSv1.2.

TLSv1-3

TLSv1.3.

autorun-log-fsck

Enable/disable automatic log partition check after ungraceful shutdown.

option

-

 

Option

Description

enable

Enable automatic log partition check after ungraceful shutdown.

disable

Disable automatic log partition check after ungraceful shutdown.

dst

Enable/disable daylight saving time.

option

-

 

Option

Description

enable

Enable daylight saving time.

disable

Disable daylight saving time.

timezone

Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them.

option

-

 

Option

Description

01

(GMT-11:00) Midway Island, Samoa

02

(GMT-10:00) Hawaii

03

(GMT-9:00) Alaska

04

(GMT-8:00) Pacific Time (US & Canada)

05

(GMT-7:00) Arizona

81

(GMT-7:00) Baja California Sur, Chihuahua

06

(GMT-7:00) Mountain Time (US & Canada)

07

(GMT-6:00) Central America

08

(GMT-6:00) Central Time (US & Canada)

09

(GMT-6:00) Mexico City

10

(GMT-6:00) Saskatchewan

11

(GMT-5:00) Bogota, Lima,Quito

12

(GMT-5:00) Eastern Time (US & Canada)

13

(GMT-5:00) Indiana (East)

74

(GMT-4:00) Caracas

14

(GMT-4:00) Atlantic Time (Canada)

77

(GMT-4:00) Georgetown

15

(GMT-4:00) La Paz

87

(GMT-4:00) Paraguay

16

(GMT-3:00) Santiago

17

(GMT-3:30) Newfoundland

18

(GMT-3:00) Brasilia

19

(GMT-3:00) Buenos Aires

20

(GMT-3:00) Nuuk (Greenland)

75

(GMT-3:00) Uruguay

21

(GMT-2:00) Mid-Atlantic

22

(GMT-1:00) Azores

23

(GMT-1:00) Cape Verde Is.

24

(GMT) Monrovia

80

(GMT) Greenwich Mean Time

79

(GMT) Casablanca

25

(GMT) Dublin, Edinburgh, Lisbon, London, Canary Is.

26

(GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna

27

(GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague

28

(GMT+1:00) Brussels, Copenhagen, Madrid, Paris

78

(GMT+1:00) Namibia

29

(GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb

30

(GMT+1:00) West Central Africa

31

(GMT+2:00) Athens, Sofia, Vilnius

32

(GMT+2:00) Bucharest

33

(GMT+2:00) Cairo

34

(GMT+2:00) Harare, Pretoria

35

(GMT+2:00) Helsinki, Riga, Tallinn

36

(GMT+2:00) Jerusalem

37

(GMT+3:00) Baghdad

38

(GMT+3:00) Kuwait, Riyadh

83

(GMT+3:00) Moscow

84

(GMT+3:00) Minsk

40

(GMT+3:00) Nairobi

85

(GMT+3:00) Istanbul

41

(GMT+3:30) Tehran

42

(GMT+4:00) Abu Dhabi, Muscat

43

(GMT+4:00) Baku

39

(GMT+3:00) St. Petersburg, Volgograd

44

(GMT+4:30) Kabul

46

(GMT+5:00) Islamabad, Karachi, Tashkent

47

(GMT+5:30) Kolkata, Chennai, Mumbai, New Delhi

51

(GMT+5:30) Sri Jayawardenepara

48

(GMT+5:45) Kathmandu

45

(GMT+5:00) Ekaterinburg

49

(GMT+6:00) Almaty, Novosibirsk

50

(GMT+6:00) Astana, Dhaka

52

(GMT+6:30) Rangoon

53

(GMT+7:00) Bangkok, Hanoi, Jakarta

54

(GMT+7:00) Krasnoyarsk

55

(GMT+8:00) Beijing, ChongQing, HongKong, Urumgi, Irkutsk

56

(GMT+8:00) Ulaan Bataar

57

(GMT+8:00) Kuala Lumpur, Singapore

58

(GMT+8:00) Perth

59

(GMT+8:00) Taipei

60

(GMT+9:00) Osaka, Sapporo, Tokyo, Seoul

62

(GMT+9:30) Adelaide

63

(GMT+9:30) Darwin

61

(GMT+9:00) Yakutsk

64

(GMT+10:00) Brisbane

65

(GMT+10:00) Canberra, Melbourne, Sydney

66

(GMT+10:00) Guam, Port Moresby

67

(GMT+10:00) Hobart

68

(GMT+10:00) Vladivostok

69

(GMT+10:00) Magadan

70

(GMT+11:00) Solomon Is., New Caledonia

71

(GMT+12:00) Auckland, Wellington

72

(GMT+12:00) Fiji, Kamchatka, Marshall Is.

00

(GMT+12:00) Eniwetok, Kwajalein

82

(GMT+12:45) Chatham Islands

73

(GMT+13:00) Nuku'alofa

86

(GMT+13:00) Samoa

76

(GMT+14:00) Kiritimati

traffic-priority

Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping.

option

-

 

Option

Description

tos

IP TOS.

dscp

DSCP (DiffServ) DS.

traffic-priority-level

Default system-wide level of priority for traffic prioritization.

option

-

 

Option

Description

low

Low priority.

medium

Medium priority.

high

High priority.

anti-replay

Level of checking for packet replay and TCP sequence checking.

option

-

 

Option

Description

disable

Disable anti-replay check.

loose

Loose anti-replay check.

strict

Strict anti-replay check.

send-pmtu-icmp

Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets.

option

-

 

Option

Description

enable

Enable sending of PMTU ICMP destination unreachable packet.

disable

Disable sending of PMTU ICMP destination unreachable packet.

honor-df

Enable/disable honoring of Don't-Fragment (DF) flag.

option

-

 

Option

Description

enable

Enable honoring of Don't-Fragment flag.

disable

Disable honoring of Don't-Fragment flag.

revision-image-auto-backup

Enable/disable back-up of the latest configuration revision after the firmware is upgraded.

option

-

 

Option

Description

enable

Enable revision image backup automatically when upgrading image.

disable

Disable revision image backup automatically when upgrading image.

revision-backup-on-logout

Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI.

option

-

 

Option

Description

enable

Enable revision config backup automatically when logout.

disable

Disable revision config backup automatically when logout.

management-vdom

Management virtual domain name.

string

Maximum length: 31

hostname

FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters.

string

Maximum length: 35

gui-allow-default-hostname

Enable/disable the GUI warning about using a default hostname

option

-

 

Option

Description

enable

Stop the warning in the GUI.

disable

Show the warning in the GUI.

alias

Alias for your FortiGate unit.

string

Maximum length: 35

strong-crypto

Enable to use strong encryption and only allow strong ciphers (AES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions.

option

-

 

Option

Description

enable

Enable strong crypto for HTTPS/SSH/TLS/SSL.

disable

Disable strong crypto for HTTPS/SSH/TLS/SSL.

ssh-cbc-cipher

Enable/disable CBC cipher for SSH access.

option

-

 

Option

Description

enable

Enable CBC cipher for SSH access.

disable

Disable CBC cipher for SSH access.

ssh-hmac-md5

Enable/disable HMAC-MD5 for SSH access.

option

-

 

Option

Description

enable

Enable HMAC-MD5 for SSH access.

disable

Disable HMAC-MD5 for SSH access.

ssh-kex-sha1

Enable/disable SHA1 key exchange for SSH access.

option

-

 

Option

Description

enable

Enable SHA1 for SSH key exchanges.

disable

Disable SHA1 for SSH key exchanges.

ssh-mac-weak

Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access.

option

-

 

Option

Description

enable

Enable HMAC-SHA1 and UMAC-64-ETM for SSH access.

disable

Disable HMAC-SHA1 and UMAC-64-ETM for SSH access.

ssl-static-key-ciphers

Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).

option

-

 

Option

Description

enable

Enable static key ciphers in SSL/TLS connections.

disable

Disable static key ciphers in SSL/TLS connections.

snat-route-change

Enable/disable the ability to change the static NAT route.

option

-

 

Option

Description

enable

Enable SNAT route change.

disable

Disable SNAT route change.

cli-audit-log

Enable/disable CLI audit log.

option

-

 

Option

Description

enable

Enable CLI audit log.

disable

Disable CLI audit log.

dh-params

Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols.

option

-

 

Option

Description

1024

1024 bits.

1536

1536 bits.

2048

2048 bits.

3072

3072 bits.

4096

4096 bits.

6144

6144 bits.

8192

8192 bits.

fds-statistics

Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy.

option

-

 

Option

Description

enable

Enable FortiGuard statistics.

disable

Disable FortiGuard statistics.

fds-statistics-period

FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60).

integer

Minimum value: 1 Maximum value: 1440

tcp-option

Enable SACK, timestamp and MSS TCP options.

option

-

 

Option

Description

enable

Enable TCP option.

disable

Disable TCP option.

lldp-transmission

Enable/disable Link Layer Discovery Protocol (LLDP) transmission.

option

-

 

Option

Description