config vpn ssl web portal

This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 101E, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 140E-POE, FortiGate 140E, FortiGate 1500DT, FortiGate 1500D, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3201F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 4800F, FortiGate 4801F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 900G, FortiGate 90E, FortiGate 91E, FortiGate-VM64 Aliyun, FortiGate-VM64 AWS, FortiGate-VM64 Azure, FortiGate-VM64 GCP, FortiGate-VM64 OPC, FortiGate-VM64, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 90G.

Portal.

config vpn ssl web portal
    Description: Portal.
    edit <name>
        set allow-user-access {option1}, {option2}, ...
        set auto-connect [enable|disable]
        config bookmark-group
            Description: Portal bookmark group.
            edit <name>
                config bookmarks
                    Description: Bookmark table.
                    edit <name>
                        set additional-params {var-string}
                        set apptype [ftp|rdp|...]
                        set color-depth [32|16|...]
                        set description {var-string}
                        set domain {var-string}
                        set folder {var-string}
                        config form-data
                            Description: Form data.
                            edit <name>
                                set value {var-string}
                            next
                        end
                        set height {integer}
                        set host {var-string}
                        set keyboard-layout [ar-101|ar-102|...]
                        set load-balancing-info {var-string}
                        set logon-password {password}
                        set logon-user {var-string}
                        set port {integer}
                        set preconnection-blob {var-string}
                        set preconnection-id {integer}
                        set restricted-admin [enable|disable]
                        set security [any|rdp|...]
                        set send-preconnection-id [enable|disable]
                        set sso [disable|static|...]
                        set sso-credential [sslvpn-login|alternative]
                        set sso-credential-sent-once [enable|disable]
                        set sso-password {password}
                        set sso-username {var-string}
                        set url {var-string}
                        set vnc-keyboard-layout [default|da|...]
                        set width {integer}
                    next
                end
            next
        end
        set client-src-range [enable|disable]
        set clipboard [enable|disable]
        set custom-lang {string}
        set customize-forticlient-download-url [enable|disable]
        set default-window-height {integer}
        set default-window-width {integer}
        set dhcp-ip-overlap [use-new|use-old]
        set dhcp-ra-giaddr {ipv4-address}
        set dhcp6-ra-linkaddr {ipv6-address}
        set display-bookmark [enable|disable]
        set display-connection-tools [enable|disable]
        set display-history [enable|disable]
        set display-status [enable|disable]
        set dns-server1 {ipv4-address}
        set dns-server2 {ipv4-address}
        set dns-suffix {var-string}
        set exclusive-routing [enable|disable]
        set forticlient-download [enable|disable]
        set forticlient-download-method [direct|ssl-vpn]
        set heading {string}
        set hide-sso-credential [enable|disable]
        set host-check [none|av|...]
        set host-check-interval {integer}
        set host-check-policy <name1>, <name2>, ...
        set ip-mode [range|user-group|...]
        set ip-pools <name1>, <name2>, ...
        set ipv6-dns-server1 {ipv6-address}
        set ipv6-dns-server2 {ipv6-address}
        set ipv6-exclusive-routing [enable|disable]
        set ipv6-pools <name1>, <name2>, ...
        set ipv6-service-restriction [enable|disable]
        set ipv6-split-tunneling [enable|disable]
        set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
        set ipv6-split-tunneling-routing-negate [enable|disable]
        set ipv6-tunnel-mode [enable|disable]
        set ipv6-wins-server1 {ipv6-address}
        set ipv6-wins-server2 {ipv6-address}
        set keep-alive [enable|disable]
        set limit-user-logins [enable|disable]
        set mac-addr-action [allow|deny]
        set mac-addr-check [enable|disable]
        config mac-addr-check-rule
            Description: Client MAC address check rule.
            edit <name>
                set mac-addr-list <addr1>, <addr2>, ...
                set mac-addr-mask {integer}
            next
        end
        set macos-forticlient-download-url {var-string}
        set os-check [enable|disable]
        config os-check-list
            Description: SSL-VPN OS checks. Read-only.
            edit <name>
                set action [deny|allow|...]
                set latest-patch-level {user}
                set minor-version {integer}
                set tolerance {integer}
            next
        end
        set prefer-ipv6-dns [enable|disable]
        set redir-url {var-string}
        set rewrite-ip-uri-ui [enable|disable]
        set save-password [enable|disable]
        set service-restriction [enable|disable]
        set skip-check-for-browser [enable|disable]
        set skip-check-for-unsupported-os [enable|disable]
        set smb-max-version [smbv1|smbv2|...]
        set smb-min-version [smbv1|smbv2|...]
        set smb-ntlmv1-auth [enable|disable]
        set smbv1 [enable|disable]
        config split-dns
            Description: Split DNS for SSL-VPN.
            edit <id>
                set dns-server1 {ipv4-address}
                set dns-server2 {ipv4-address}
                set domains {var-string}
                set ipv6-dns-server1 {ipv6-address}
                set ipv6-dns-server2 {ipv6-address}
            next
        end
        set split-tunneling [enable|disable]
        set split-tunneling-routing-address <name1>, <name2>, ...
        set split-tunneling-routing-negate [enable|disable]
        set theme [jade|neutrino|...]
        set tunnel-mode [enable|disable]
        set use-sdwan [enable|disable]
        set user-bookmark [enable|disable]
        set user-group-bookmark [enable|disable]
        set web-mode [enable|disable]
        set windows-forticlient-download-url {var-string}
        set wins-server1 {ipv4-address}
        set wins-server2 {ipv4-address}
    next
end

config vpn ssl web portal

Parameter

Description

Type

Size

Default

allow-user-access

Allow user access to SSL-VPN applications.

option

web ftp smb sftp telnet ssh vnc rdp ping

Option	Description
web	HTTP/HTTPS access.
ftp	FTP access.
smb	SMB/CIFS access.
sftp	SFTP access.
telnet	TELNET access.
ssh	SSH access.
vnc	VNC access.
rdp	RDP access.
ping	PING access.

auto-connect

Enable/disable automatic connect by client when system is up.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

client-src-range

Allow client to add source range for the tunnel traffic.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

clipboard

Enable to support RDP/VPC clipboard functionality.

option

enable

Option	Description
enable	Enable support of RDP/VNC clipboard.
disable	Disable support of RDP/VNC clipboard.

custom-lang

Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files.

string

Maximum length: 35

customize-forticlient-download-url

Enable support of customized download URL for FortiClient.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

default-window-height

Screen height (range from 0 - 65535, default = 768).

integer

Minimum value: 0 Maximum value: 65535

768

default-window-width

Screen width (range from 0 - 65535, default = 1024).

integer

Minimum value: 0 Maximum value: 65535

1024

dhcp-ip-overlap

Configure overlapping DHCP IP allocation assignment.

option

use-new

Option	Description
use-new	Assign DHCP lease to new client and remove old client lease.
use-old	Preserve previous client IP allocation and disconnect new client.

dhcp-ra-giaddr

Relay agent gateway IP address to use in the giaddr field of DHCP requests.

ipv4-address

Not Specified

0.0.0.0

dhcp6-ra-linkaddr

Relay agent IPv6 link address to use in DHCP6 requests.

ipv6-address

Not Specified

display-bookmark

Enable to display the web portal bookmark widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

display-connection-tools

Enable to display the web portal connection tools widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

display-history

Enable to display the web portal user login history widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

display-status

Enable to display the web portal status widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

dns-server1

IPv4 DNS server 1.

ipv4-address

Not Specified

0.0.0.0

dns-server2

IPv4 DNS server 2.

ipv4-address

Not Specified

0.0.0.0

dns-suffix

DNS suffix.

var-string

Maximum length: 253

exclusive-routing

Enable/disable all traffic go through tunnel only.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

forticlient-download

Enable/disable download option for FortiClient.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

forticlient-download-method

FortiClient download method.

option

direct

Option	Description
direct	Download via direct link.
ssl-vpn	Download via SSL-VPN.

heading

Web portal heading message.

string

Maximum length: 31

SSL-VPN Portal

hide-sso-credential

Enable to prevent SSO credential being sent to client.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

host-check

Type of host checking performed on endpoints.

option

none

Option	Description
none	No host checking.
av	AntiVirus software recognized by the Windows Security Center.
fw	Firewall software recognized by the Windows Security Center.
av-fw	AntiVirus and firewall software recognized by the Windows Security Center.
custom	Custom.

host-check-interval

Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.

integer

Minimum value: 120 Maximum value: 259200

host-check-policy <name>

One or more policies to require the endpoint to have specific security software.

Host check software list name.

string

Maximum length: 79

ip-mode

Method by which users of this SSL-VPN tunnel obtain IP addresses.

option

range

Option	Description
range	Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.
user-group	Use the IP addresses associated with individual users or user groups (usually from external auth servers).
dhcp	Use IP addresses obtained from external DHCP server.
no-ip	Do not assign IP address.

ip-pools <name>

IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

Address name.

string

Maximum length: 79

ipv6-dns-server1

IPv6 DNS server 1.

ipv6-address

Not Specified

ipv6-dns-server2

IPv6 DNS server 2.

ipv6-address

Not Specified

ipv6-exclusive-routing

Enable/disable all IPv6 traffic go through tunnel only.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-pools <name>

IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients.

Address name.

string

Maximum length: 79

ipv6-service-restriction

Enable/disable IPv6 tunnel service restriction.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-split-tunneling

Enable/disable IPv6 split tunneling.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-split-tunneling-routing-address <name>

IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

Address name.

string

Maximum length: 79

ipv6-split-tunneling-routing-negate

Enable to negate IPv6 split tunneling routing address.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-tunnel-mode

Enable/disable IPv6 SSL-VPN tunnel mode.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-wins-server1

IPv6 WINS server 1.

ipv6-address

Not Specified

ipv6-wins-server2

IPv6 WINS server 2.

ipv6-address

Not Specified

keep-alive

Enable/disable automatic reconnect for FortiClient connections.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

limit-user-logins

Enable to limit each user to one SSL-VPN session at a time.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

mac-addr-action

Client MAC address action.

option

allow

Option	Description
allow	Allow connection when client MAC address is matched.
deny	Deny connection when client MAC address is matched.

mac-addr-check

Enable/disable MAC address host checking.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

macos-forticlient-download-url

Download URL for Mac FortiClient.

var-string

Maximum length: 1023

name

Portal name.

string

Maximum length: 35

os-check

Enable to let the FortiGate decide action based on client OS.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

prefer-ipv6-dns

Prefer to query IPv6 DNS server first if enabled.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

redir-url

Client login redirect URL.

var-string

Maximum length: 255

rewrite-ip-uri-ui

Rewrite contents for URI contains IP and /ui/ (default = disable).

option

disable

Option	Description
enable	Enable contents rewrite for URI contains "IP-address/ui/".
disable	Disable contents rewrite for URI contains "IP-address/ui/".

save-password

Enable/disable FortiClient saving the user's password.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

service-restriction

Enable/disable tunnel service restriction.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

skip-check-for-browser

Enable to skip host check for browser support.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

skip-check-for-unsupported-os

Enable to skip host check if client OS does not support it.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

smb-max-version

SMB maximum client protocol version.

option

smbv3

Option	Description
smbv1	SMB version 1.
smbv2	SMB version 2.
smbv3	SMB version 3.

smb-min-version

SMB minimum client protocol version.

option

smbv2

Option	Description
smbv1	SMB version 1.
smbv2	SMB version 2.
smbv3	SMB version 3.

smb-ntlmv1-auth

Enable support of NTLMv1 for Samba authentication.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

smbv1

SMB version 1.

option

disable

Option	Description
enable	enable
disable	disable

split-tunneling

Enable/disable IPv4 split tunneling.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

split-tunneling-routing-address <name>

IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

Address name.

string

Maximum length: 79

split-tunneling-routing-negate

Enable to negate split tunneling routing address.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

theme

Web portal color scheme.

option

neutrino

Option	Description
jade	Jade theme.
neutrino	Neutrino theme.
mariner	Mariner theme.
graphite	Graphite theme.
melongene	Melongene theme.
dark-matter	Dark Matter theme.
onyx	Onyx theme.
eclipse	Eclipse theme.

tunnel-mode

Enable/disable IPv4 SSL-VPN tunnel mode.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

use-sdwan

Use SD-WAN rules to get output interface.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

user-bookmark

Enable to allow web portal users to create their own bookmarks.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

user-group-bookmark

Enable to allow web portal users to create bookmarks for all users in the same user group.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

web-mode

Enable/disable SSL-VPN web mode.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

windows-forticlient-download-url

Download URL for Windows FortiClient.

var-string

Maximum length: 1023

wins-server1

IPv4 WINS server 1.

ipv4-address

Not Specified

0.0.0.0

wins-server2

IPv4 WINS server 1.

ipv4-address

Not Specified

0.0.0.0

config bookmark-group

Parameter	Description	Type	Size	Default
name	Bookmark group name.	string	Maximum length: 35

config bookmarks

Parameter

Description

Type

Size

Default

additional-params

Additional parameters.

var-string

Maximum length: 128

apptype

Application type.

option

web

Option	Description
ftp	FTP.
rdp	RDP.
sftp	SFTP.
smb	SMB/CIFS.
ssh	SSH.
telnet	Telnet.
vnc	VNC.
web	HTTP/HTTPS.

color-depth

Color depth per pixel.

option

Option	Description
32	32bits per pixel.
16	16bits per pixel.
8	8bits per pixel.

description

Description.

var-string

Maximum length: 128

domain

var-string

Maximum length: 128

folder

Network shared file folder parameter.

var-string

Maximum length: 128

height

Screen height (range from 0 - 65535, default = 0).

integer

Minimum value: 0 Maximum value: 65535

host

Host name/IP parameter.

var-string

Maximum length: 128

keyboard-layout

Keyboard layout.

option

en-us

Option	Description
ar-101	Arabic (101).
ar-102	Arabic (102).
ar-102-azerty	Arabic (102) AZERTY.
can-mul	Canadian Multilingual Standard.
cz	Czech.
cz-qwerty	Czech (QWERTY).
cz-pr	Czech Programmers.
da	Danish.
nl	Dutch.
de	German.
de-ch	German, Switzerland.
de-ibm	German (IBM).
en-uk	English, United Kingdom.
en-uk-ext	English, United Kingdom Extended.
en-us	English, United States.
en-us-dvorak	English, United States-Dvorak.
es	Spanish.
es-var	Spanish Variation.
fi	Finnish.
fi-sami	Finnish with Sami.
fr	French.
fr-apple	French, Apple.
fr-ca	French, Canada.
fr-ch	French, Switzerland.
fr-be	French, Belgium.
hr	Croatian.
hu	Hungarian.
hu-101	Hungarian 101-Key.
it	Italian.
it-142	Italian (142).
ja	Japanese.
ko	Korean.
la-am	Latin American.
lt	Lithuanian.
lt-ibm	Lithuanian IBM.
lt-std	Lithuanian Standard.
lav-std	Latvian (Standard).
lav-leg	Latvian (Legacy).
mk	Macedonian (FYROM).
mk-std	Macedonia (FYROM) - Standard.
no	Norwegian.
no-sami	Norwegian with Sami.
pol-214	Polish (214).
pol-pr	Polish (Programmers).
pt	Portuguese.
pt-br	Portuguese (Brazilian ABNT).
pt-br-abnt2	Portuguese (Brazilian ABNT2).
ru	Russian.
ru-mne	Russian - Mnemonic.
ru-t	Russian (Typewriter).
sl	Slovenian.
sv	Swedish.
sv-sami	Swedish with Sami.
tuk	Turkmen.
tur-f	Turkish F.
tur-q	Turkish Q.
zh-sym-sg-us	Chinese (Simplified, Singapore) - US keyboard.
zh-sym-us	Chinese (Simplified) - US Keyboard.
zh-tr-hk	Chinese (Traditional, Hong Kong S.A.R.).
zh-tr-mo	Chinese (Traditional Macao S.A.R.) - US Keyboard.
zh-tr-us	Chinese (Traditional) - US keyboard.

load-balancing-info

The load balancing information or cookie which should be provided to the connection broker.

var-string

Maximum length: 511

logon-password

Logon password.

password

Not Specified

logon-user

Logon user.

var-string

Maximum length: 35

name

Bookmark name.

string

Maximum length: 35

port

Remote port.

integer

Minimum value: 0 Maximum value: 65535

preconnection-blob

An arbitrary string which identifies the RDP source.

var-string

Maximum length: 511

preconnection-id

The numeric ID of the RDP source (0-4294967295).

integer

Minimum value: 0 Maximum value: 4294967295

restricted-admin

Enable/disable restricted admin mode for RDP.

option

disable

Option	Description
enable	Enable restricted admin mode for RDP.
disable	Disable restricted admin mode for RDP.

security

Security mode for RDP connection.

option

rdp

Option	Description
any	Allow the server to choose the type of security.
rdp	Standard RDP encryption.
nla	Network Level Authentication.
tls	TLS encryption.

send-preconnection-id

Enable/disable sending of preconnection ID.

option

disable

Option	Description
enable	Enable sending of preconnection ID.
disable	Disable sending of preconnection ID.

sso

Single Sign-On.

option

disable

Option	Description
disable	Disable SSO.
static	Static SSO.
auto	Auto SSO.

sso-credential

Single sign-on credentials.

option

sslvpn-login

Option	Description
sslvpn-login	SSL-VPN login.
alternative	Alternative.

sso-credential-sent-once

Single sign-on credentials are only sent once to remote server.

option

disable

Option	Description
enable	Single sign-on credentials are only sent once to remote server.
disable	Single sign-on credentials are sent to remote server for every HTTP request.

sso-password

SSO password.

password

Not Specified

sso-username

SSO user name.

var-string

Maximum length: 35

url

URL parameter.

var-string

Maximum length: 128

vnc-keyboard-layout

Keyboard layout.

option

default

Option	Description
default	Default.
da	Danish.
nl	Dutch.
en-uk	English, United Kingdom.
en-uk-ext	English, United Kingdom Extended.
fi	Finnish.
fr	French.
fr-be	French, Belgium.
fr-ca-mul	French, Canadian Multilingual Std.
de	German.
de-ch	German, Switzerland.
it	Italian.
it-142	Italian (142).
pt	Portuguese.
pt-br-abnt2	Portuguese (Brazilian ABNT2).
no	Norwegian.
gd	Scottish Gaelic.
es	Spanish.
sv	Swedish.
us-intl	United States-International.

width

Screen width (range from 0 - 65535, default = 0).

integer

Minimum value: 0 Maximum value: 65535

config form-data

Parameter	Description	Type	Size	Default
name	Name.	string	Maximum length: 35
value	Value.	var-string	Maximum length: 63

config mac-addr-check-rule

Parameter

Description

Type

Size

Default

mac-addr-list <addr>

Client MAC address list.

Client MAC address.

mac-address

Not Specified

mac-addr-mask

Client MAC address mask.

integer

Minimum value: 1 Maximum value: 48

name

Client MAC address check rule name.

string

Maximum length: 35

config os-check-list

Parameter

Description

Type

Size

Default

action

OS check options.

option

allow

Option	Description
deny	Deny all OS versions.
allow	Allow any OS version.
check-up-to-date	Verify OS is up-to-date.

latest-patch-level

Latest OS patch level.

user

Not Specified

minor-version

Minor version number.

integer

Minimum value: 0 Maximum value: 65535

name

Name.

string

Maximum length: 35

tolerance

OS patch level tolerance.

integer

Minimum value: 0 Maximum value: 65535

config split-dns

Parameter	Description	Type	Size	Default
dns-server1	DNS server 1.	ipv4-address	Not Specified	0.0.0.0
dns-server2	DNS server 2.	ipv4-address	Not Specified	0.0.0.0
domains	Split DNS domains used for SSL-VPN clients separated by comma.	var-string	Maximum length: 1024
id	ID.	integer	Minimum value: 0 Maximum value: 4294967294	0
ipv6-dns-server1	IPv6 DNS server 1.	ipv6-address	Not Specified	::
ipv6-dns-server2	IPv6 DNS server 2.	ipv6-address	Not Specified	::

config vpn ssl web portal

It is not available for: FortiGate 90G.

Portal.

config vpn ssl web portal
    Description: Portal.
    edit <name>
        set allow-user-access {option1}, {option2}, ...
        set auto-connect [enable|disable]
        config bookmark-group
            Description: Portal bookmark group.
            edit <name>
                config bookmarks
                    Description: Bookmark table.
                    edit <name>
                        set additional-params {var-string}
                        set apptype [ftp|rdp|...]
                        set color-depth [32|16|...]
                        set description {var-string}
                        set domain {var-string}
                        set folder {var-string}
                        config form-data
                            Description: Form data.
                            edit <name>
                                set value {var-string}
                            next
                        end
                        set height {integer}
                        set host {var-string}
                        set keyboard-layout [ar-101|ar-102|...]
                        set load-balancing-info {var-string}
                        set logon-password {password}
                        set logon-user {var-string}
                        set port {integer}
                        set preconnection-blob {var-string}
                        set preconnection-id {integer}
                        set restricted-admin [enable|disable]
                        set security [any|rdp|...]
                        set send-preconnection-id [enable|disable]
                        set sso [disable|static|...]
                        set sso-credential [sslvpn-login|alternative]
                        set sso-credential-sent-once [enable|disable]
                        set sso-password {password}
                        set sso-username {var-string}
                        set url {var-string}
                        set vnc-keyboard-layout [default|da|...]
                        set width {integer}
                    next
                end
            next
        end
        set client-src-range [enable|disable]
        set clipboard [enable|disable]
        set custom-lang {string}
        set customize-forticlient-download-url [enable|disable]
        set default-window-height {integer}
        set default-window-width {integer}
        set dhcp-ip-overlap [use-new|use-old]
        set dhcp-ra-giaddr {ipv4-address}
        set dhcp6-ra-linkaddr {ipv6-address}
        set display-bookmark [enable|disable]
        set display-connection-tools [enable|disable]
        set display-history [enable|disable]
        set display-status [enable|disable]
        set dns-server1 {ipv4-address}
        set dns-server2 {ipv4-address}
        set dns-suffix {var-string}
        set exclusive-routing [enable|disable]
        set forticlient-download [enable|disable]
        set forticlient-download-method [direct|ssl-vpn]
        set heading {string}
        set hide-sso-credential [enable|disable]
        set host-check [none|av|...]
        set host-check-interval {integer}
        set host-check-policy <name1>, <name2>, ...
        set ip-mode [range|user-group|...]
        set ip-pools <name1>, <name2>, ...
        set ipv6-dns-server1 {ipv6-address}
        set ipv6-dns-server2 {ipv6-address}
        set ipv6-exclusive-routing [enable|disable]
        set ipv6-pools <name1>, <name2>, ...
        set ipv6-service-restriction [enable|disable]
        set ipv6-split-tunneling [enable|disable]
        set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
        set ipv6-split-tunneling-routing-negate [enable|disable]
        set ipv6-tunnel-mode [enable|disable]
        set ipv6-wins-server1 {ipv6-address}
        set ipv6-wins-server2 {ipv6-address}
        set keep-alive [enable|disable]
        set limit-user-logins [enable|disable]
        set mac-addr-action [allow|deny]
        set mac-addr-check [enable|disable]
        config mac-addr-check-rule
            Description: Client MAC address check rule.
            edit <name>
                set mac-addr-list <addr1>, <addr2>, ...
                set mac-addr-mask {integer}
            next
        end
        set macos-forticlient-download-url {var-string}
        set os-check [enable|disable]
        config os-check-list
            Description: SSL-VPN OS checks. Read-only.
            edit <name>
                set action [deny|allow|...]
                set latest-patch-level {user}
                set minor-version {integer}
                set tolerance {integer}
            next
        end
        set prefer-ipv6-dns [enable|disable]
        set redir-url {var-string}
        set rewrite-ip-uri-ui [enable|disable]
        set save-password [enable|disable]
        set service-restriction [enable|disable]
        set skip-check-for-browser [enable|disable]
        set skip-check-for-unsupported-os [enable|disable]
        set smb-max-version [smbv1|smbv2|...]
        set smb-min-version [smbv1|smbv2|...]
        set smb-ntlmv1-auth [enable|disable]
        set smbv1 [enable|disable]
        config split-dns
            Description: Split DNS for SSL-VPN.
            edit <id>
                set dns-server1 {ipv4-address}
                set dns-server2 {ipv4-address}
                set domains {var-string}
                set ipv6-dns-server1 {ipv6-address}
                set ipv6-dns-server2 {ipv6-address}
            next
        end
        set split-tunneling [enable|disable]
        set split-tunneling-routing-address <name1>, <name2>, ...
        set split-tunneling-routing-negate [enable|disable]
        set theme [jade|neutrino|...]
        set tunnel-mode [enable|disable]
        set use-sdwan [enable|disable]
        set user-bookmark [enable|disable]
        set user-group-bookmark [enable|disable]
        set web-mode [enable|disable]
        set windows-forticlient-download-url {var-string}
        set wins-server1 {ipv4-address}
        set wins-server2 {ipv4-address}
    next
end

config vpn ssl web portal

Parameter

Description

Type

Size

Default

allow-user-access

Allow user access to SSL-VPN applications.

option

web ftp smb sftp telnet ssh vnc rdp ping

Option	Description
web	HTTP/HTTPS access.
ftp	FTP access.
smb	SMB/CIFS access.
sftp	SFTP access.
telnet	TELNET access.
ssh	SSH access.
vnc	VNC access.
rdp	RDP access.
ping	PING access.

auto-connect

Enable/disable automatic connect by client when system is up.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

client-src-range

Allow client to add source range for the tunnel traffic.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

clipboard

Enable to support RDP/VPC clipboard functionality.

option

enable

Option	Description
enable	Enable support of RDP/VNC clipboard.
disable	Disable support of RDP/VNC clipboard.

custom-lang

Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files.

string

Maximum length: 35

customize-forticlient-download-url

Enable support of customized download URL for FortiClient.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

default-window-height

Screen height (range from 0 - 65535, default = 768).

integer

Minimum value: 0 Maximum value: 65535

768

default-window-width

Screen width (range from 0 - 65535, default = 1024).

integer

Minimum value: 0 Maximum value: 65535

1024

dhcp-ip-overlap

Configure overlapping DHCP IP allocation assignment.

option

use-new

Option	Description
use-new	Assign DHCP lease to new client and remove old client lease.
use-old	Preserve previous client IP allocation and disconnect new client.

dhcp-ra-giaddr

Relay agent gateway IP address to use in the giaddr field of DHCP requests.

ipv4-address

Not Specified

0.0.0.0

dhcp6-ra-linkaddr

Relay agent IPv6 link address to use in DHCP6 requests.

ipv6-address

Not Specified

display-bookmark

Enable to display the web portal bookmark widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

display-connection-tools

Enable to display the web portal connection tools widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

display-history

Enable to display the web portal user login history widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

display-status

Enable to display the web portal status widget.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

dns-server1

IPv4 DNS server 1.

ipv4-address

Not Specified

0.0.0.0

dns-server2

IPv4 DNS server 2.

ipv4-address

Not Specified

0.0.0.0

dns-suffix

DNS suffix.

var-string

Maximum length: 253

exclusive-routing

Enable/disable all traffic go through tunnel only.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

forticlient-download

Enable/disable download option for FortiClient.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

forticlient-download-method

FortiClient download method.

option

direct

Option	Description
direct	Download via direct link.
ssl-vpn	Download via SSL-VPN.

heading

Web portal heading message.

string

Maximum length: 31

SSL-VPN Portal

hide-sso-credential

Enable to prevent SSO credential being sent to client.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

host-check

Type of host checking performed on endpoints.

option

none

Option	Description
none	No host checking.
av	AntiVirus software recognized by the Windows Security Center.
fw	Firewall software recognized by the Windows Security Center.
av-fw	AntiVirus and firewall software recognized by the Windows Security Center.
custom	Custom.

host-check-interval

Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.

integer

Minimum value: 120 Maximum value: 259200

host-check-policy <name>

One or more policies to require the endpoint to have specific security software.

Host check software list name.

string

Maximum length: 79

ip-mode

Method by which users of this SSL-VPN tunnel obtain IP addresses.

option

range

Option	Description
range	Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.
user-group	Use the IP addresses associated with individual users or user groups (usually from external auth servers).
dhcp	Use IP addresses obtained from external DHCP server.
no-ip	Do not assign IP address.

ip-pools <name>

IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

Address name.

string

Maximum length: 79

ipv6-dns-server1

IPv6 DNS server 1.

ipv6-address

Not Specified

ipv6-dns-server2

IPv6 DNS server 2.

ipv6-address

Not Specified

ipv6-exclusive-routing

Enable/disable all IPv6 traffic go through tunnel only.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-pools <name>

IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients.

Address name.

string

Maximum length: 79

ipv6-service-restriction

Enable/disable IPv6 tunnel service restriction.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-split-tunneling

Enable/disable IPv6 split tunneling.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-split-tunneling-routing-address <name>

IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

Address name.

string

Maximum length: 79

ipv6-split-tunneling-routing-negate

Enable to negate IPv6 split tunneling routing address.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-tunnel-mode

Enable/disable IPv6 SSL-VPN tunnel mode.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ipv6-wins-server1

IPv6 WINS server 1.

ipv6-address

Not Specified

ipv6-wins-server2

IPv6 WINS server 2.

ipv6-address

Not Specified

keep-alive

Enable/disable automatic reconnect for FortiClient connections.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

limit-user-logins

Enable to limit each user to one SSL-VPN session at a time.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

mac-addr-action

Client MAC address action.

option

allow

Option	Description
allow	Allow connection when client MAC address is matched.
deny	Deny connection when client MAC address is matched.

mac-addr-check

Enable/disable MAC address host checking.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

macos-forticlient-download-url

Download URL for Mac FortiClient.

var-string

Maximum length: 1023

name

Portal name.

string

Maximum length: 35

os-check

Enable to let the FortiGate decide action based on client OS.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

prefer-ipv6-dns

Prefer to query IPv6 DNS server first if enabled.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

redir-url

Client login redirect URL.

var-string

Maximum length: 255

rewrite-ip-uri-ui

Rewrite contents for URI contains IP and /ui/ (default = disable).

option

disable

Option	Description
enable	Enable contents rewrite for URI contains "IP-address/ui/".
disable	Disable contents rewrite for URI contains "IP-address/ui/".

save-password

Enable/disable FortiClient saving the user's password.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

service-restriction

Enable/disable tunnel service restriction.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

skip-check-for-browser

Enable to skip host check for browser support.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

skip-check-for-unsupported-os

Enable to skip host check if client OS does not support it.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

smb-max-version

SMB maximum client protocol version.

option

smbv3

Option	Description
smbv1	SMB version 1.
smbv2	SMB version 2.
smbv3	SMB version 3.

smb-min-version

SMB minimum client protocol version.

option

smbv2

Option	Description
smbv1	SMB version 1.
smbv2	SMB version 2.
smbv3	SMB version 3.

smb-ntlmv1-auth

Enable support of NTLMv1 for Samba authentication.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

smbv1

SMB version 1.

option

disable

Option	Description
enable	enable
disable	disable

split-tunneling

Enable/disable IPv4 split tunneling.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

split-tunneling-routing-address <name>

IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

Address name.

string

Maximum length: 79

split-tunneling-routing-negate

Enable to negate split tunneling routing address.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

theme

Web portal color scheme.

option

neutrino

Option	Description
jade	Jade theme.
neutrino	Neutrino theme.
mariner	Mariner theme.
graphite	Graphite theme.
melongene	Melongene theme.
dark-matter	Dark Matter theme.
onyx	Onyx theme.
eclipse	Eclipse theme.

tunnel-mode

Enable/disable IPv4 SSL-VPN tunnel mode.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

use-sdwan

Use SD-WAN rules to get output interface.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

user-bookmark

Enable to allow web portal users to create their own bookmarks.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

user-group-bookmark

Enable to allow web portal users to create bookmarks for all users in the same user group.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

web-mode

Enable/disable SSL-VPN web mode.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

windows-forticlient-download-url

Download URL for Windows FortiClient.

var-string

Maximum length: 1023

wins-server1

IPv4 WINS server 1.

ipv4-address

Not Specified

0.0.0.0

wins-server2

IPv4 WINS server 1.

ipv4-address

Not Specified

0.0.0.0

config bookmark-group

Parameter	Description	Type	Size	Default
name	Bookmark group name.	string	Maximum length: 35

config bookmarks

Parameter

Description

Type

Size

Default

additional-params

Additional parameters.

var-string

Maximum length: 128

apptype

Application type.

option

web

Option	Description
ftp	FTP.
rdp	RDP.
sftp	SFTP.
smb	SMB/CIFS.
ssh	SSH.
telnet	Telnet.
vnc	VNC.
web	HTTP/HTTPS.

color-depth

Color depth per pixel.

option

Option	Description
32	32bits per pixel.
16	16bits per pixel.
8	8bits per pixel.

description

Description.

var-string

Maximum length: 128

domain

var-string

Maximum length: 128

folder

Network shared file folder parameter.

var-string

Maximum length: 128

height

Screen height (range from 0 - 65535, default = 0).

integer

Minimum value: 0 Maximum value: 65535

host

Host name/IP parameter.

var-string

Maximum length: 128

keyboard-layout

Keyboard layout.

option

en-us

Option	Description
ar-101	Arabic (101).
ar-102	Arabic (102).
ar-102-azerty	Arabic (102) AZERTY.
can-mul	Canadian Multilingual Standard.
cz	Czech.
cz-qwerty	Czech (QWERTY).
cz-pr	Czech Programmers.
da	Danish.
nl	Dutch.
de	German.
de-ch	German, Switzerland.
de-ibm	German (IBM).
en-uk	English, United Kingdom.
en-uk-ext	English, United Kingdom Extended.
en-us	English, United States.
en-us-dvorak	English, United States-Dvorak.
es	Spanish.
es-var	Spanish Variation.
fi	Finnish.
fi-sami	Finnish with Sami.
fr	French.
fr-apple	French, Apple.
fr-ca	French, Canada.
fr-ch	French, Switzerland.
fr-be	French, Belgium.
hr	Croatian.
hu	Hungarian.
hu-101	Hungarian 101-Key.
it	Italian.
it-142	Italian (142).
ja	Japanese.
ko	Korean.
la-am	Latin American.
lt	Lithuanian.
lt-ibm	Lithuanian IBM.
lt-std	Lithuanian Standard.
lav-std	Latvian (Standard).
lav-leg	Latvian (Legacy).
mk	Macedonian (FYROM).
mk-std	Macedonia (FYROM) - Standard.
no	Norwegian.
no-sami	Norwegian with Sami.
pol-214	Polish (214).
pol-pr	Polish (Programmers).
pt	Portuguese.
pt-br	Portuguese (Brazilian ABNT).
pt-br-abnt2	Portuguese (Brazilian ABNT2).
ru	Russian.
ru-mne	Russian - Mnemonic.
ru-t	Russian (Typewriter).
sl	Slovenian.
sv	Swedish.
sv-sami	Swedish with Sami.
tuk	Turkmen.
tur-f	Turkish F.
tur-q	Turkish Q.
zh-sym-sg-us	Chinese (Simplified, Singapore) - US keyboard.
zh-sym-us	Chinese (Simplified) - US Keyboard.
zh-tr-hk	Chinese (Traditional, Hong Kong S.A.R.).
zh-tr-mo	Chinese (Traditional Macao S.A.R.) - US Keyboard.
zh-tr-us	Chinese (Traditional) - US keyboard.

load-balancing-info

The load balancing information or cookie which should be provided to the connection broker.

var-string

Maximum length: 511

logon-password

Logon password.

password

Not Specified

logon-user

Logon user.

var-string

Maximum length: 35

name

Bookmark name.

string

Maximum length: 35

port

Remote port.

integer

Minimum value: 0 Maximum value: 65535

preconnection-blob

An arbitrary string which identifies the RDP source.

var-string

Maximum length: 511

preconnection-id

The numeric ID of the RDP source (0-4294967295).

integer

Minimum value: 0 Maximum value: 4294967295

restricted-admin

Enable/disable restricted admin mode for RDP.

option

disable

Option	Description
enable	Enable restricted admin mode for RDP.
disable	Disable restricted admin mode for RDP.

security

Security mode for RDP connection.

option

rdp

Option	Description
any	Allow the server to choose the type of security.
rdp	Standard RDP encryption.
nla	Network Level Authentication.
tls	TLS encryption.

send-preconnection-id

Enable/disable sending of preconnection ID.

option

disable

Option	Description
enable	Enable sending of preconnection ID.
disable	Disable sending of preconnection ID.

sso

Single Sign-On.

option

disable

Option	Description
disable	Disable SSO.
static	Static SSO.
auto	Auto SSO.

sso-credential

Single sign-on credentials.

option

sslvpn-login

Option	Description
sslvpn-login	SSL-VPN login.
alternative	Alternative.

sso-credential-sent-once

Single sign-on credentials are only sent once to remote server.

option

disable

Option	Description
enable	Single sign-on credentials are only sent once to remote server.
disable	Single sign-on credentials are sent to remote server for every HTTP request.

sso-password

SSO password.

password

Not Specified

sso-username

SSO user name.

var-string

Maximum length: 35

url

URL parameter.

var-string

Maximum length: 128

vnc-keyboard-layout

Keyboard layout.

option

default

Option	Description
default	Default.
da	Danish.
nl	Dutch.
en-uk	English, United Kingdom.
en-uk-ext	English, United Kingdom Extended.
fi	Finnish.
fr	French.
fr-be	French, Belgium.
fr-ca-mul	French, Canadian Multilingual Std.
de	German.
de-ch	German, Switzerland.
it	Italian.
it-142	Italian (142).
pt	Portuguese.
pt-br-abnt2	Portuguese (Brazilian ABNT2).
no	Norwegian.
gd	Scottish Gaelic.
es	Spanish.
sv	Swedish.
us-intl	United States-International.

width

Screen width (range from 0 - 65535, default = 0).

integer

Minimum value: 0 Maximum value: 65535

config form-data

Parameter	Description	Type	Size	Default
name	Name.	string	Maximum length: 35
value	Value.	var-string	Maximum length: 63

config mac-addr-check-rule

Parameter

Description

Type

Size

Default

mac-addr-list <addr>

Client MAC address list.

Client MAC address.

mac-address

Not Specified

mac-addr-mask

Client MAC address mask.

integer

Minimum value: 1 Maximum value: 48

name

Client MAC address check rule name.

string

Maximum length: 35

config os-check-list

Parameter

Description

Type

Size

Default

action

OS check options.

option

allow

Option	Description
deny	Deny all OS versions.
allow	Allow any OS version.
check-up-to-date	Verify OS is up-to-date.

latest-patch-level

Latest OS patch level.

user

Not Specified

minor-version

Minor version number.

integer

Minimum value: 0 Maximum value: 65535

name

Name.

string

Maximum length: 35

tolerance

OS patch level tolerance.

integer

Minimum value: 0 Maximum value: 65535

config split-dns

Parameter	Description	Type	Size	Default
dns-server1	DNS server 1.	ipv4-address	Not Specified	0.0.0.0
dns-server2	DNS server 2.	ipv4-address	Not Specified	0.0.0.0
domains	Split DNS domains used for SSL-VPN clients separated by comma.	var-string	Maximum length: 1024
id	ID.	integer	Minimum value: 0 Maximum value: 4294967294	0
ipv6-dns-server1	IPv6 DNS server 1.	ipv6-address	Not Specified	::
ipv6-dns-server2	IPv6 DNS server 2.	ipv6-address	Not Specified	::

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config vpn ssl web portal

config vpn ssl web portal

config vpn ssl web portal

config bookmark-group

config bookmarks

config form-data

config mac-addr-check-rule

config os-check-list

config split-dns

config vpn ssl web portal

config vpn ssl web portal