Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.6.1
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config vpn ssl web portal

    config vpn ssl web portal

    Note

    This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100F, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 121G, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3201F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F-POE, FortiGate 80F, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 900G, FortiGate 901G, FortiGate-VM ARM64 for Azure, FortiGate-VM ARM64 for GCP BYOL, FortiGate-VM ARM64 for OCI BYOL, FortiGate-VM for Aliyun PAYG, FortiGate-VM for AWS PAYG, FortiGate-VM for Azure BYOL, FortiGate-VM for Azure PAYG, FortiGate-VM for GCP BYOL, FortiGate-VM for OPC BYOL, FortiGate-VM64, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

    It is not available for: FortiGate 40F 3G4G, FortiGate 40F, FortiGate 60F, FortiGate 61F, FortiGate 90G, FortiGate 91G, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60F, FortiWiFi 61F.

    Portal.

    config vpn ssl web portal
    Description: Portal.
    edit <name>
        set allow-user-access {option1}, {option2}, ...
        set auto-connect [enable|disable]
        config bookmark-group
            Description: Portal bookmark group.
            edit <name>
                config bookmarks
                    Description: Bookmark table.
                    edit <name>
                        set additional-params {var-string}
                        set apptype [ftp|rdp|...]
                        set color-depth [32|16|...]
                        set description {var-string}
                        set domain {var-string}
                        set folder {var-string}
                        config form-data
                            Description: Form data.
                            edit <name>
                                set value {var-string}
                            next
                        end
                        set height {integer}
                        set host {var-string}
                        set keyboard-layout [ar-101|ar-102|...]
                        set load-balancing-info {var-string}
                        set logon-password {password}
                        set logon-user {var-string}
                        set port {integer}
                        set preconnection-blob {var-string}
                        set preconnection-id {integer}
                        set restricted-admin [enable|disable]
                        set security [any|rdp|...]
                        set send-preconnection-id [enable|disable]
                        set sso [disable|static|...]
                        set sso-credential [sslvpn-login|alternative]
                        set sso-credential-sent-once [enable|disable]
                        set sso-password {password}
                        set sso-username {var-string}
                        set url {var-string}
                        set vnc-keyboard-layout [default|da|...]
                        set width {integer}
                    next
                end
            next
        end
        set client-src-range [enable|disable]
        set clipboard [enable|disable]
        set custom-lang {string}
        set customize-forticlient-download-url [enable|disable]
        set default-protocol [web|ftp|...]
        set default-window-height {integer}
        set default-window-width {integer}
        set dhcp-ip-overlap [use-new|use-old]
        set dhcp-ra-giaddr {ipv4-address}
        set dhcp-reservation [enable|disable]
        set dhcp6-ra-linkaddr {ipv6-address}
        set display-bookmark [enable|disable]
        set display-connection-tools [enable|disable]
        set display-history [enable|disable]
        set display-status [enable|disable]
        set dns-server1 {ipv4-address}
        set dns-server2 {ipv4-address}
        set dns-suffix {var-string}
        set exclusive-routing [enable|disable]
        set focus-bookmark [enable|disable]
        set forticlient-download [enable|disable]
        set forticlient-download-method [direct|ssl-vpn]
        set heading {string}
        set hide-sso-credential [enable|disable]
        set host-check [none|av|...]
        set host-check-interval {integer}
        set host-check-policy <name1>, <name2>, ...
        set ip-mode [range|user-group|...]
        set ip-pools <name1>, <name2>, ...
        set ipv6-dns-server1 {ipv6-address}
        set ipv6-dns-server2 {ipv6-address}
        set ipv6-exclusive-routing [enable|disable]
        set ipv6-pools <name1>, <name2>, ...
        set ipv6-service-restriction [enable|disable]
        set ipv6-split-tunneling [enable|disable]
        set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
        set ipv6-split-tunneling-routing-negate [enable|disable]
        set ipv6-tunnel-mode [enable|disable]
        set ipv6-wins-server1 {ipv6-address}
        set ipv6-wins-server2 {ipv6-address}
        set keep-alive [enable|disable]
        config landing-page
            Description: Landing page options.
            config form-data
                Description: Form data.
                edit <name>
                    set value {var-string}
                next
            end
            set sso [disable|static|...]
            set sso-credential [sslvpn-login|alternative]
            set sso-password {password}
            set sso-username {var-string}
            set url {var-string}
        end
        set landing-page-mode [enable|disable]
        set limit-user-logins [enable|disable]
        set mac-addr-action [allow|deny]
        set mac-addr-check [enable|disable]
        config mac-addr-check-rule
            Description: Client MAC address check rule.
            edit <name>
                set mac-addr-list <addr1>, <addr2>, ...
                set mac-addr-mask {integer}
            next
        end
        set macos-forticlient-download-url {var-string}
        set os-check [enable|disable]
        config os-check-list
            Description: SSL-VPN OS checks. Read-only.
            edit <name>
                set action [deny|allow|...]
                set latest-patch-level {user}
                set minor-version {integer}
                set tolerance {integer}
            next
        end
        set prefer-ipv6-dns [enable|disable]
        set redir-url {var-string}
        set rewrite-ip-uri-ui [enable|disable]
        set save-password [enable|disable]
        set service-restriction [enable|disable]
        set skip-check-for-browser [enable|disable]
        set skip-check-for-unsupported-os [enable|disable]
        set smb-max-version [smbv1|smbv2|...]
        set smb-min-version [smbv1|smbv2|...]
        set smb-ntlmv1-auth [enable|disable]
        set smbv1 [enable|disable]
        config split-dns
            Description: Split DNS for SSL-VPN.
            edit <id>
                set dns-server1 {ipv4-address}
                set dns-server2 {ipv4-address}
                set domains {var-string}
                set ipv6-dns-server1 {ipv6-address}
                set ipv6-dns-server2 {ipv6-address}
            next
        end
        set split-tunneling [enable|disable]
        set split-tunneling-routing-address <name1>, <name2>, ...
        set split-tunneling-routing-negate [enable|disable]
        set theme [jade|neutrino|...]
        set tunnel-mode [enable|disable]
        set use-sdwan [enable|disable]
        set user-bookmark [enable|disable]
        set user-group-bookmark [enable|disable]
        set web-mode [enable|disable]
        set windows-forticlient-download-url {var-string}
        set wins-server1 {ipv4-address}
        set wins-server2 {ipv4-address}
    next
end

    config vpn ssl web portal

    Parameter

    Description

    Type

    Size

    Default

    allow-user-access

    Allow user access to SSL-VPN applications.

    option

    -

    web ftp smb sftp telnet ssh vnc rdp ping

    Option

    Description

    web

    HTTP/HTTPS access.

    ftp

    FTP access.

    smb

    SMB/CIFS access.

    sftp

    SFTP access.

    telnet

    TELNET access.

    ssh

    SSH access.

    vnc

    VNC access.

    rdp

    RDP access.

    ping

    PING access.

    auto-connect

    Enable/disable automatic connect by client when system is up.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    client-src-range

    Allow client to add source range for the tunnel traffic.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    clipboard

    Enable to support RDP/VPC clipboard functionality.

    option

    -

    enable

    Option

    Description

    enable

    Enable support of RDP/VNC clipboard.

    disable

    Disable support of RDP/VNC clipboard.

    custom-lang

    Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files.

    string

    Maximum length: 35

    customize-forticlient-download-url

    Enable support of customized download URL for FortiClient.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    default-protocol

    Application type that is set by default.

    option

    -

    web

    Option

    Description

    web

    HTTP/HTTPS.

    ftp

    FTP.

    telnet

    Telnet.

    smb

    SMB/CIFS.

    vnc

    VNC.

    rdp

    RDP.

    ssh

    SSH.

    sftp

    SFTP.

    default-window-height

    Screen height.

    integer

    Minimum value: 0 Maximum value: 65535

    768

    default-window-width

    Screen width.

    integer

    Minimum value: 0 Maximum value: 65535

    1024

    dhcp-ip-overlap

    Configure overlapping DHCP IP allocation assignment.

    option

    -

    use-new

    Option

    Description

    use-new

    Assign DHCP lease to new client and remove old client lease.

    use-old

    Preserve previous client IP allocation and disconnect new client.

    dhcp-ra-giaddr

    Relay agent gateway IP address to use in the giaddr field of DHCP requests.

    ipv4-address

    Not Specified

    0.0.0.0

    dhcp-reservation

    Enable/disable dhcp reservation.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    dhcp6-ra-linkaddr

    Relay agent IPv6 link address to use in DHCP6 requests.

    ipv6-address

    Not Specified

    ::

    display-bookmark

    Enable to display the web portal bookmark widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    display-connection-tools

    Enable to display the web portal connection tools widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    display-history

    Enable to display the web portal user login history widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    display-status

    Enable to display the web portal status widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    dns-server1

    IPv4 DNS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    dns-server2

    IPv4 DNS server 2.

    ipv4-address

    Not Specified

    0.0.0.0

    dns-suffix

    DNS suffix.

    var-string

    Maximum length: 253

    exclusive-routing

    Enable/disable all traffic go through tunnel only.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    focus-bookmark

    Enable to prioritize the placement of the bookmark section over the quick-connection section in the SSL-VPN application.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    forticlient-download

    Enable/disable download option for FortiClient.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    forticlient-download-method

    FortiClient download method.

    option

    -

    direct

    Option

    Description

    direct

    Download via direct link.

    ssl-vpn

    Download via SSL-VPN.

    heading

    Web portal heading message.

    string

    Maximum length: 31

    SSL-VPN Portal

    hide-sso-credential

    Enable to prevent SSO credential being sent to client.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    host-check

    Type of host checking performed on endpoints.

    option

    -

    none

    Option

    Description

    none

    No host checking.

    av

    AntiVirus software recognized by the Windows Security Center.

    fw

    Firewall software recognized by the Windows Security Center.

    av-fw

    AntiVirus and firewall software recognized by the Windows Security Center.

    custom

    Custom.

    host-check-interval

    Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.

    integer

    Minimum value: 120 Maximum value: 259200

    0

    host-check-policy <name>

    One or more policies to require the endpoint to have specific security software.

    Host check software list name.

    string

    Maximum length: 79

    ip-mode

    Method by which users of this SSL-VPN tunnel obtain IP addresses.

    option

    -

    range

    Option

    Description

    range

    Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.

    user-group

    Use the IP addresses associated with individual users or user groups (usually from external auth servers).

    dhcp

    Use IP addresses obtained from external DHCP server.

    no-ip

    Do not assign IP address.

    ip-pools <name>

    IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

    Address name.

    string

    Maximum length: 79

    ipv6-dns-server1

    IPv6 DNS server 1.

    ipv6-address

    Not Specified

    ::

    ipv6-dns-server2

    IPv6 DNS server 2.

    ipv6-address

    Not Specified

    ::

    ipv6-exclusive-routing

    Enable/disable all IPv6 traffic go through tunnel only.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-pools <name>

    IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients.

    Address name.

    string

    Maximum length: 79

    ipv6-service-restriction

    Enable/disable IPv6 tunnel service restriction.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-split-tunneling

    Enable/disable IPv6 split tunneling.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-split-tunneling-routing-address <name>

    IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

    Address name.

    string

    Maximum length: 79

    ipv6-split-tunneling-routing-negate

    Enable to negate IPv6 split tunneling routing address.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-tunnel-mode

    Enable/disable IPv6 SSL-VPN tunnel mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-wins-server1

    IPv6 WINS server 1.

    ipv6-address

    Not Specified

    ::

    ipv6-wins-server2

    IPv6 WINS server 2.

    ipv6-address

    Not Specified

    ::

    keep-alive

    Enable/disable automatic reconnect for FortiClient connections.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    landing-page-mode

    Enable/disable SSL-VPN landing page mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    limit-user-logins

    Enable to limit each user to one SSL-VPN session at a time.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    mac-addr-action

    Client MAC address action.

    option

    -

    allow

    Option

    Description

    allow

    Allow connection when client MAC address is matched.

    deny

    Deny connection when client MAC address is matched.

    mac-addr-check

    Enable/disable MAC address host checking.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    macos-forticlient-download-url

    Download URL for Mac FortiClient.

    var-string

    Maximum length: 1023

    name

    Portal name.

    string

    Maximum length: 35

    os-check

    Enable to let the FortiGate decide action based on client OS.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    prefer-ipv6-dns

    Prefer to query IPv6 DNS server first if enabled.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    redir-url

    Client login redirect URL.

    var-string

    Maximum length: 255

    rewrite-ip-uri-ui

    Rewrite contents for URI contains IP and /ui/.

    option

    -

    disable

    Option

    Description

    enable

    Enable contents rewrite for URI contains "IP-address/ui/".

    disable

    Disable contents rewrite for URI contains "IP-address/ui/".

    save-password

    Enable/disable FortiClient saving the user's password.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    service-restriction

    Enable/disable tunnel service restriction.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    skip-check-for-browser

    Enable to skip host check for browser support.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    skip-check-for-unsupported-os

    Enable to skip host check if client OS does not support it.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    smb-max-version

    SMB maximum client protocol version.

    option

    -

    smbv3

    Option

    Description

    smbv1

    SMB version 1.

    smbv2

    SMB version 2.

    smbv3

    SMB version 3.

    smb-min-version

    SMB minimum client protocol version.

    option

    -

    smbv2

    Option

    Description

    smbv1

    SMB version 1.

    smbv2

    SMB version 2.

    smbv3

    SMB version 3.

    smb-ntlmv1-auth

    Enable support of NTLMv1 for Samba authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    smbv1

    SMB version 1.

    option

    -

    disable

    Option

    Description

    enable

    enable

    disable

    disable

    split-tunneling

    Enable/disable IPv4 split tunneling.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    split-tunneling-routing-address <name>

    IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

    Address name.

    string

    Maximum length: 79

    split-tunneling-routing-negate

    Enable to negate split tunneling routing address.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    theme

    Web portal color scheme.

    option

    -

    security-fabric

    Option

    Description

    jade

    Jade theme.

    neutrino

    Neutrino theme.

    mariner

    Mariner theme.

    graphite

    Graphite theme.

    melongene

    Melongene theme.

    jet-stream

    Jet Stream theme.

    security-fabric

    Security Fabric theme.

    dark-matter

    Dark Matter theme.

    onyx

    Onyx theme.

    eclipse

    Eclipse theme.

    tunnel-mode

    Enable/disable IPv4 SSL-VPN tunnel mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    use-sdwan

    Use SD-WAN rules to get output interface.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    user-bookmark

    Enable to allow web portal users to create their own bookmarks.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    user-group-bookmark

    Enable to allow web portal users to create bookmarks for all users in the same user group.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    web-mode

    Enable/disable SSL-VPN web mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    windows-forticlient-download-url

    Download URL for Windows FortiClient.

    var-string

    Maximum length: 1023

    wins-server1

    IPv4 WINS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    wins-server2

    IPv4 WINS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    config bookmark-group

    Parameter

    Description

    Type

    Size

    Default

    name

    Bookmark group name.

    string

    Maximum length: 35

    config bookmarks

    Parameter

    Description

    Type

    Size

    Default

    additional-params

    Additional parameters.

    var-string

    Maximum length: 128

    apptype

    Application type.

    option

    -

    web

    Option

    Description

    ftp

    FTP.

    rdp

    RDP.

    sftp

    SFTP.

    smb

    SMB/CIFS.

    ssh

    SSH.

    telnet

    Telnet.

    vnc

    VNC.

    web

    HTTP/HTTPS.

    color-depth

    Color depth per pixel.

    option

    -

    16

    Option

    Description

    32

    32bits per pixel.

    16

    16bits per pixel.

    8

    8bits per pixel.

    description

    Description.

    var-string

    Maximum length: 128

    domain

    Login domain.

    var-string

    Maximum length: 128

    folder

    Network shared file folder parameter.

    var-string

    Maximum length: 128

    height

    Screen height.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    host

    Host name/IP parameter.

    var-string

    Maximum length: 128

    keyboard-layout

    Keyboard layout.

    option

    -

    en-us

    Option

    Description

    ar-101

    Arabic (101).

    ar-102

    Arabic (102).

    ar-102-azerty

    Arabic (102) AZERTY.

    can-mul

    Canadian Multilingual Standard.

    cz

    Czech.

    cz-qwerty

    Czech (QWERTY).

    cz-pr

    Czech Programmers.

    da

    Danish.

    nl

    Dutch.

    de

    German.

    de-ch

    German, Switzerland.

    de-ibm

    German (IBM).

    en-uk

    English, United Kingdom.

    en-uk-ext

    English, United Kingdom Extended.

    en-us

    English, United States.

    en-us-dvorak

    English, United States-Dvorak.

    es

    Spanish.

    es-var

    Spanish Variation.

    fi

    Finnish.

    fi-sami

    Finnish with Sami.

    fr

    French.

    fr-apple

    French, Apple.

    fr-ca

    French, Canada.

    fr-ch

    French, Switzerland.

    fr-be

    French, Belgium.

    hr

    Croatian.

    hu

    Hungarian.

    hu-101

    Hungarian 101-Key.

    it

    Italian.

    it-142

    Italian (142).

    ja

    Japanese.

    ja-106

    Japanese 106/109 key.

    ko

    Korean.

    la-am

    Latin American.

    lt

    Lithuanian.

    lt-ibm

    Lithuanian IBM.

    lt-std

    Lithuanian Standard.

    lav-std

    Latvian (Standard).

    lav-leg

    Latvian (Legacy).

    mk

    Macedonian (FYROM).

    mk-std

    Macedonia (FYROM) - Standard.

    no

    Norwegian.

    no-sami

    Norwegian with Sami.

    pol-214

    Polish (214).

    pol-pr

    Polish (Programmers).

    pt

    Portuguese.

    pt-br

    Portuguese (Brazilian ABNT).

    pt-br-abnt2

    Portuguese (Brazilian ABNT2).

    ru

    Russian.

    ru-mne

    Russian - Mnemonic.

    ru-t

    Russian (Typewriter).

    sl

    Slovenian.

    sv

    Swedish.

    sv-sami

    Swedish with Sami.

    tuk

    Turkmen.

    tur-f

    Turkish F.

    tur-q

    Turkish Q.

    zh-sym-sg-us

    Chinese (Simplified, Singapore) - US keyboard.

    zh-sym-us

    Chinese (Simplified) - US Keyboard.

    zh-tr-hk

    Chinese (Traditional, Hong Kong S.A.R.).

    zh-tr-mo

    Chinese (Traditional Macao S.A.R.) - US Keyboard.

    zh-tr-us

    Chinese (Traditional) - US keyboard.

    load-balancing-info

    The load balancing information or cookie which should be provided to the connection broker.

    var-string

    Maximum length: 511

    logon-password

    Logon password.

    password

    Not Specified

    logon-user

    Logon user.

    var-string

    Maximum length: 35

    name

    Bookmark name.

    string

    Maximum length: 35

    port

    Remote port.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    preconnection-blob

    An arbitrary string which identifies the RDP source.

    var-string

    Maximum length: 511

    preconnection-id

    The numeric ID of the RDP source.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    restricted-admin

    Enable/disable restricted admin mode for RDP.

    option

    -

    disable

    Option

    Description

    enable

    Enable restricted admin mode for RDP.

    disable

    Disable restricted admin mode for RDP.

    security

    Security mode for RDP connection.

    option

    -

    any

    Option

    Description

    any

    Allow the server to choose the type of security.

    rdp

    Standard RDP encryption.

    nla

    Network Level Authentication.

    tls

    TLS encryption.

    send-preconnection-id

    Enable/disable sending of preconnection ID.

    option

    -

    disable

    Option

    Description

    enable

    Enable sending of preconnection ID.

    disable

    Disable sending of preconnection ID.

    sso

    Single sign-on.

    option

    -

    disable

    Option

    Description

    disable

    Disable SSO.

    static

    Static SSO.

    auto

    Auto SSO.

    sso-credential

    Single sign-on credentials.

    option

    -

    sslvpn-login

    Option

    Description

    sslvpn-login

    SSL-VPN login.

    alternative

    Alternative.

    sso-credential-sent-once

    Single sign-on credentials are only sent once to remote server.

    option

    -

    disable

    Option

    Description

    enable

    Single sign-on credentials are only sent once to remote server.

    disable

    Single sign-on credentials are sent to remote server for every HTTP request.

    sso-password

    SSO password.

    password

    Not Specified

    sso-username

    SSO user name.

    var-string

    Maximum length: 35

    url

    URL parameter.

    var-string

    Maximum length: 128

    vnc-keyboard-layout

    Keyboard layout.

    option

    -

    default

    Option

    Description

    default

    Default.

    da

    Danish.

    nl

    Dutch.

    en-uk

    English, United Kingdom.

    en-uk-ext

    English, United Kingdom Extended.

    fi

    Finnish.

    fr

    French.

    fr-be

    French, Belgium.

    fr-ca-mul

    French, Canadian Multilingual Std.

    de

    German.

    de-ch

    German, Switzerland.

    it

    Italian.

    it-142

    Italian (142).

    pt

    Portuguese.

    pt-br-abnt2

    Portuguese (Brazilian ABNT2).

    no

    Norwegian.

    gd

    Scottish Gaelic.

    es

    Spanish.

    sv

    Swedish.

    us-intl

    United States-International.

    width

    Screen width.

    integer

    Minimum value: 0 Maximum value: 65535

    0
    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config landing-page

    Parameter

    Description

    Type

    Size

    Default

    sso

    Single sign-on.

    option

    -

    disable

    Option

    Description

    disable

    Disable SSO.

    static

    Static SSO.

    auto

    Auto SSO.

    sso-credential

    Single sign-on credentials.

    option

    -

    sslvpn-login

    Option

    Description

    sslvpn-login

    SSL-VPN login.

    alternative

    Alternative.

    sso-password

    SSO password.

    password

    Not Specified

    sso-username

    SSO user name.

    var-string

    Maximum length: 35

    url

    Landing page URL.

    var-string

    Maximum length: 511

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config mac-addr-check-rule

    Parameter

    Description

    Type

    Size

    Default

    mac-addr-list <addr>

    Client MAC address list.

    Client MAC address.

    mac-address

    Not Specified

    mac-addr-mask

    Client MAC address mask.

    integer

    Minimum value: 1 Maximum value: 48

    48

    name

    Client MAC address check rule name.

    string

    Maximum length: 35

    config os-check-list

    Parameter

    Description

    Type

    Size

    Default

    action

    OS check options.

    option

    -

    allow

    Option

    Description

    deny

    Deny all OS versions.

    allow

    Allow any OS version.

    check-up-to-date

    Verify OS is up-to-date.

    latest-patch-level

    Latest OS patch level.

    user

    Not Specified

    0

    minor-version

    Minor version number.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    name

    Name.

    string

    Maximum length: 35

    tolerance

    OS patch level tolerance.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    config split-dns

    Parameter

    Description

    Type

    Size

    Default

    dns-server1

    DNS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    dns-server2

    DNS server 2.

    ipv4-address

    Not Specified

    0.0.0.0

    domains

    Split DNS domains used for SSL-VPN clients separated by comma.

    var-string

    Maximum length: 1024

    id

    ID.

    integer

    Minimum value: 0 Maximum value: 4294967294

    0

    ipv6-dns-server1

    IPv6 DNS server 1.

    ipv6-address

    Not Specified

    ::

    ipv6-dns-server2

    IPv6 DNS server 2.

    ipv6-address

    Not Specified

    ::
    Previous
    Next

    config vpn ssl web portal

    config vpn ssl web portal

    Note

    This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100F, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 121G, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3201F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F-POE, FortiGate 80F, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 900G, FortiGate 901G, FortiGate-VM ARM64 for Azure, FortiGate-VM ARM64 for GCP BYOL, FortiGate-VM ARM64 for OCI BYOL, FortiGate-VM for Aliyun PAYG, FortiGate-VM for AWS PAYG, FortiGate-VM for Azure BYOL, FortiGate-VM for Azure PAYG, FortiGate-VM for GCP BYOL, FortiGate-VM for OPC BYOL, FortiGate-VM64, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

    It is not available for: FortiGate 40F 3G4G, FortiGate 40F, FortiGate 60F, FortiGate 61F, FortiGate 90G, FortiGate 91G, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60F, FortiWiFi 61F.

    Portal.

    config vpn ssl web portal
    Description: Portal.
    edit <name>
        set allow-user-access {option1}, {option2}, ...
        set auto-connect [enable|disable]
        config bookmark-group
            Description: Portal bookmark group.
            edit <name>
                config bookmarks
                    Description: Bookmark table.
                    edit <name>
                        set additional-params {var-string}
                        set apptype [ftp|rdp|...]
                        set color-depth [32|16|...]
                        set description {var-string}
                        set domain {var-string}
                        set folder {var-string}
                        config form-data
                            Description: Form data.
                            edit <name>
                                set value {var-string}
                            next
                        end
                        set height {integer}
                        set host {var-string}
                        set keyboard-layout [ar-101|ar-102|...]
                        set load-balancing-info {var-string}
                        set logon-password {password}
                        set logon-user {var-string}
                        set port {integer}
                        set preconnection-blob {var-string}
                        set preconnection-id {integer}
                        set restricted-admin [enable|disable]
                        set security [any|rdp|...]
                        set send-preconnection-id [enable|disable]
                        set sso [disable|static|...]
                        set sso-credential [sslvpn-login|alternative]
                        set sso-credential-sent-once [enable|disable]
                        set sso-password {password}
                        set sso-username {var-string}
                        set url {var-string}
                        set vnc-keyboard-layout [default|da|...]
                        set width {integer}
                    next
                end
            next
        end
        set client-src-range [enable|disable]
        set clipboard [enable|disable]
        set custom-lang {string}
        set customize-forticlient-download-url [enable|disable]
        set default-protocol [web|ftp|...]
        set default-window-height {integer}
        set default-window-width {integer}
        set dhcp-ip-overlap [use-new|use-old]
        set dhcp-ra-giaddr {ipv4-address}
        set dhcp-reservation [enable|disable]
        set dhcp6-ra-linkaddr {ipv6-address}
        set display-bookmark [enable|disable]
        set display-connection-tools [enable|disable]
        set display-history [enable|disable]
        set display-status [enable|disable]
        set dns-server1 {ipv4-address}
        set dns-server2 {ipv4-address}
        set dns-suffix {var-string}
        set exclusive-routing [enable|disable]
        set focus-bookmark [enable|disable]
        set forticlient-download [enable|disable]
        set forticlient-download-method [direct|ssl-vpn]
        set heading {string}
        set hide-sso-credential [enable|disable]
        set host-check [none|av|...]
        set host-check-interval {integer}
        set host-check-policy <name1>, <name2>, ...
        set ip-mode [range|user-group|...]
        set ip-pools <name1>, <name2>, ...
        set ipv6-dns-server1 {ipv6-address}
        set ipv6-dns-server2 {ipv6-address}
        set ipv6-exclusive-routing [enable|disable]
        set ipv6-pools <name1>, <name2>, ...
        set ipv6-service-restriction [enable|disable]
        set ipv6-split-tunneling [enable|disable]
        set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
        set ipv6-split-tunneling-routing-negate [enable|disable]
        set ipv6-tunnel-mode [enable|disable]
        set ipv6-wins-server1 {ipv6-address}
        set ipv6-wins-server2 {ipv6-address}
        set keep-alive [enable|disable]
        config landing-page
            Description: Landing page options.
            config form-data
                Description: Form data.
                edit <name>
                    set value {var-string}
                next
            end
            set sso [disable|static|...]
            set sso-credential [sslvpn-login|alternative]
            set sso-password {password}
            set sso-username {var-string}
            set url {var-string}
        end
        set landing-page-mode [enable|disable]
        set limit-user-logins [enable|disable]
        set mac-addr-action [allow|deny]
        set mac-addr-check [enable|disable]
        config mac-addr-check-rule
            Description: Client MAC address check rule.
            edit <name>
                set mac-addr-list <addr1>, <addr2>, ...
                set mac-addr-mask {integer}
            next
        end
        set macos-forticlient-download-url {var-string}
        set os-check [enable|disable]
        config os-check-list
            Description: SSL-VPN OS checks. Read-only.
            edit <name>
                set action [deny|allow|...]
                set latest-patch-level {user}
                set minor-version {integer}
                set tolerance {integer}
            next
        end
        set prefer-ipv6-dns [enable|disable]
        set redir-url {var-string}
        set rewrite-ip-uri-ui [enable|disable]
        set save-password [enable|disable]
        set service-restriction [enable|disable]
        set skip-check-for-browser [enable|disable]
        set skip-check-for-unsupported-os [enable|disable]
        set smb-max-version [smbv1|smbv2|...]
        set smb-min-version [smbv1|smbv2|...]
        set smb-ntlmv1-auth [enable|disable]
        set smbv1 [enable|disable]
        config split-dns
            Description: Split DNS for SSL-VPN.
            edit <id>
                set dns-server1 {ipv4-address}
                set dns-server2 {ipv4-address}
                set domains {var-string}
                set ipv6-dns-server1 {ipv6-address}
                set ipv6-dns-server2 {ipv6-address}
            next
        end
        set split-tunneling [enable|disable]
        set split-tunneling-routing-address <name1>, <name2>, ...
        set split-tunneling-routing-negate [enable|disable]
        set theme [jade|neutrino|...]
        set tunnel-mode [enable|disable]
        set use-sdwan [enable|disable]
        set user-bookmark [enable|disable]
        set user-group-bookmark [enable|disable]
        set web-mode [enable|disable]
        set windows-forticlient-download-url {var-string}
        set wins-server1 {ipv4-address}
        set wins-server2 {ipv4-address}
    next
end

    config vpn ssl web portal

    Parameter

    Description

    Type

    Size

    Default

    allow-user-access

    Allow user access to SSL-VPN applications.

    option

    -

    web ftp smb sftp telnet ssh vnc rdp ping

    Option

    Description

    web

    HTTP/HTTPS access.

    ftp

    FTP access.

    smb

    SMB/CIFS access.

    sftp

    SFTP access.

    telnet

    TELNET access.

    ssh

    SSH access.

    vnc

    VNC access.

    rdp

    RDP access.

    ping

    PING access.

    auto-connect

    Enable/disable automatic connect by client when system is up.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    client-src-range

    Allow client to add source range for the tunnel traffic.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    clipboard

    Enable to support RDP/VPC clipboard functionality.

    option

    -

    enable

    Option

    Description

    enable

    Enable support of RDP/VNC clipboard.

    disable

    Disable support of RDP/VNC clipboard.

    custom-lang

    Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files.

    string

    Maximum length: 35

    customize-forticlient-download-url

    Enable support of customized download URL for FortiClient.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    default-protocol

    Application type that is set by default.

    option

    -

    web

    Option

    Description

    web

    HTTP/HTTPS.

    ftp

    FTP.

    telnet

    Telnet.

    smb

    SMB/CIFS.

    vnc

    VNC.

    rdp

    RDP.

    ssh

    SSH.

    sftp

    SFTP.

    default-window-height

    Screen height.

    integer

    Minimum value: 0 Maximum value: 65535

    768

    default-window-width

    Screen width.

    integer

    Minimum value: 0 Maximum value: 65535

    1024

    dhcp-ip-overlap

    Configure overlapping DHCP IP allocation assignment.

    option

    -

    use-new

    Option

    Description

    use-new

    Assign DHCP lease to new client and remove old client lease.

    use-old

    Preserve previous client IP allocation and disconnect new client.

    dhcp-ra-giaddr

    Relay agent gateway IP address to use in the giaddr field of DHCP requests.

    ipv4-address

    Not Specified

    0.0.0.0

    dhcp-reservation

    Enable/disable dhcp reservation.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    dhcp6-ra-linkaddr

    Relay agent IPv6 link address to use in DHCP6 requests.

    ipv6-address

    Not Specified

    ::

    display-bookmark

    Enable to display the web portal bookmark widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    display-connection-tools

    Enable to display the web portal connection tools widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    display-history

    Enable to display the web portal user login history widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    display-status

    Enable to display the web portal status widget.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    dns-server1

    IPv4 DNS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    dns-server2

    IPv4 DNS server 2.

    ipv4-address

    Not Specified

    0.0.0.0

    dns-suffix

    DNS suffix.

    var-string

    Maximum length: 253

    exclusive-routing

    Enable/disable all traffic go through tunnel only.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    focus-bookmark

    Enable to prioritize the placement of the bookmark section over the quick-connection section in the SSL-VPN application.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    forticlient-download

    Enable/disable download option for FortiClient.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    forticlient-download-method

    FortiClient download method.

    option

    -

    direct

    Option

    Description

    direct

    Download via direct link.

    ssl-vpn

    Download via SSL-VPN.

    heading

    Web portal heading message.

    string

    Maximum length: 31

    SSL-VPN Portal

    hide-sso-credential

    Enable to prevent SSO credential being sent to client.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    host-check

    Type of host checking performed on endpoints.

    option

    -

    none

    Option

    Description

    none

    No host checking.

    av

    AntiVirus software recognized by the Windows Security Center.

    fw

    Firewall software recognized by the Windows Security Center.

    av-fw

    AntiVirus and firewall software recognized by the Windows Security Center.

    custom

    Custom.

    host-check-interval

    Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.

    integer

    Minimum value: 120 Maximum value: 259200

    0

    host-check-policy <name>

    One or more policies to require the endpoint to have specific security software.

    Host check software list name.

    string

    Maximum length: 79

    ip-mode

    Method by which users of this SSL-VPN tunnel obtain IP addresses.

    option

    -

    range

    Option

    Description

    range

    Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.

    user-group

    Use the IP addresses associated with individual users or user groups (usually from external auth servers).

    dhcp

    Use IP addresses obtained from external DHCP server.

    no-ip

    Do not assign IP address.

    ip-pools <name>

    IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

    Address name.

    string

    Maximum length: 79

    ipv6-dns-server1

    IPv6 DNS server 1.

    ipv6-address

    Not Specified

    ::

    ipv6-dns-server2

    IPv6 DNS server 2.

    ipv6-address

    Not Specified

    ::

    ipv6-exclusive-routing

    Enable/disable all IPv6 traffic go through tunnel only.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-pools <name>

    IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients.

    Address name.

    string

    Maximum length: 79

    ipv6-service-restriction

    Enable/disable IPv6 tunnel service restriction.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-split-tunneling

    Enable/disable IPv6 split tunneling.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-split-tunneling-routing-address <name>

    IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

    Address name.

    string

    Maximum length: 79

    ipv6-split-tunneling-routing-negate

    Enable to negate IPv6 split tunneling routing address.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-tunnel-mode

    Enable/disable IPv6 SSL-VPN tunnel mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ipv6-wins-server1

    IPv6 WINS server 1.

    ipv6-address

    Not Specified

    ::

    ipv6-wins-server2

    IPv6 WINS server 2.

    ipv6-address

    Not Specified

    ::

    keep-alive

    Enable/disable automatic reconnect for FortiClient connections.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    landing-page-mode

    Enable/disable SSL-VPN landing page mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    limit-user-logins

    Enable to limit each user to one SSL-VPN session at a time.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    mac-addr-action

    Client MAC address action.

    option

    -

    allow

    Option

    Description

    allow

    Allow connection when client MAC address is matched.

    deny

    Deny connection when client MAC address is matched.

    mac-addr-check

    Enable/disable MAC address host checking.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    macos-forticlient-download-url

    Download URL for Mac FortiClient.

    var-string

    Maximum length: 1023

    name

    Portal name.

    string

    Maximum length: 35

    os-check

    Enable to let the FortiGate decide action based on client OS.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    prefer-ipv6-dns

    Prefer to query IPv6 DNS server first if enabled.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    redir-url

    Client login redirect URL.

    var-string

    Maximum length: 255

    rewrite-ip-uri-ui

    Rewrite contents for URI contains IP and /ui/.

    option

    -

    disable

    Option

    Description

    enable

    Enable contents rewrite for URI contains "IP-address/ui/".

    disable

    Disable contents rewrite for URI contains "IP-address/ui/".

    save-password

    Enable/disable FortiClient saving the user's password.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    service-restriction

    Enable/disable tunnel service restriction.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    skip-check-for-browser

    Enable to skip host check for browser support.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    skip-check-for-unsupported-os

    Enable to skip host check if client OS does not support it.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    smb-max-version

    SMB maximum client protocol version.

    option

    -

    smbv3

    Option

    Description

    smbv1

    SMB version 1.

    smbv2

    SMB version 2.

    smbv3

    SMB version 3.

    smb-min-version

    SMB minimum client protocol version.

    option

    -

    smbv2

    Option

    Description

    smbv1

    SMB version 1.

    smbv2

    SMB version 2.

    smbv3

    SMB version 3.

    smb-ntlmv1-auth

    Enable support of NTLMv1 for Samba authentication.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    smbv1

    SMB version 1.

    option

    -

    disable

    Option

    Description

    enable

    enable

    disable

    disable

    split-tunneling

    Enable/disable IPv4 split tunneling.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    split-tunneling-routing-address <name>

    IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

    Address name.

    string

    Maximum length: 79

    split-tunneling-routing-negate

    Enable to negate split tunneling routing address.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    theme

    Web portal color scheme.

    option

    -

    security-fabric

    Option

    Description

    jade

    Jade theme.

    neutrino

    Neutrino theme.

    mariner

    Mariner theme.

    graphite

    Graphite theme.

    melongene

    Melongene theme.

    jet-stream

    Jet Stream theme.

    security-fabric

    Security Fabric theme.

    dark-matter

    Dark Matter theme.

    onyx

    Onyx theme.

    eclipse

    Eclipse theme.

    tunnel-mode

    Enable/disable IPv4 SSL-VPN tunnel mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    use-sdwan

    Use SD-WAN rules to get output interface.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    user-bookmark

    Enable to allow web portal users to create their own bookmarks.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    user-group-bookmark

    Enable to allow web portal users to create bookmarks for all users in the same user group.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    web-mode

    Enable/disable SSL-VPN web mode.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    windows-forticlient-download-url

    Download URL for Windows FortiClient.

    var-string

    Maximum length: 1023

    wins-server1

    IPv4 WINS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    wins-server2

    IPv4 WINS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    config bookmark-group

    Parameter

    Description

    Type

    Size

    Default

    name

    Bookmark group name.

    string

    Maximum length: 35

    config bookmarks

    Parameter

    Description

    Type

    Size

    Default

    additional-params

    Additional parameters.

    var-string

    Maximum length: 128

    apptype

    Application type.

    option

    -

    web

    Option

    Description

    ftp

    FTP.

    rdp

    RDP.

    sftp

    SFTP.

    smb

    SMB/CIFS.

    ssh

    SSH.

    telnet

    Telnet.

    vnc

    VNC.

    web

    HTTP/HTTPS.

    color-depth

    Color depth per pixel.

    option

    -

    16

    Option

    Description

    32

    32bits per pixel.

    16

    16bits per pixel.

    8

    8bits per pixel.

    description

    Description.

    var-string

    Maximum length: 128

    domain

    Login domain.

    var-string

    Maximum length: 128

    folder

    Network shared file folder parameter.

    var-string

    Maximum length: 128

    height

    Screen height.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    host

    Host name/IP parameter.

    var-string

    Maximum length: 128

    keyboard-layout

    Keyboard layout.

    option

    -

    en-us

    Option

    Description

    ar-101

    Arabic (101).

    ar-102

    Arabic (102).

    ar-102-azerty

    Arabic (102) AZERTY.

    can-mul

    Canadian Multilingual Standard.

    cz

    Czech.

    cz-qwerty

    Czech (QWERTY).

    cz-pr

    Czech Programmers.

    da

    Danish.

    nl

    Dutch.

    de

    German.

    de-ch

    German, Switzerland.

    de-ibm

    German (IBM).

    en-uk

    English, United Kingdom.

    en-uk-ext

    English, United Kingdom Extended.

    en-us

    English, United States.

    en-us-dvorak

    English, United States-Dvorak.

    es

    Spanish.

    es-var

    Spanish Variation.

    fi

    Finnish.

    fi-sami

    Finnish with Sami.

    fr

    French.

    fr-apple

    French, Apple.

    fr-ca

    French, Canada.

    fr-ch

    French, Switzerland.

    fr-be

    French, Belgium.

    hr

    Croatian.

    hu

    Hungarian.

    hu-101

    Hungarian 101-Key.

    it

    Italian.

    it-142

    Italian (142).

    ja

    Japanese.

    ja-106

    Japanese 106/109 key.

    ko

    Korean.

    la-am

    Latin American.

    lt

    Lithuanian.

    lt-ibm

    Lithuanian IBM.

    lt-std

    Lithuanian Standard.

    lav-std

    Latvian (Standard).

    lav-leg

    Latvian (Legacy).

    mk

    Macedonian (FYROM).

    mk-std

    Macedonia (FYROM) - Standard.

    no

    Norwegian.

    no-sami

    Norwegian with Sami.

    pol-214

    Polish (214).

    pol-pr

    Polish (Programmers).

    pt

    Portuguese.

    pt-br

    Portuguese (Brazilian ABNT).

    pt-br-abnt2

    Portuguese (Brazilian ABNT2).

    ru

    Russian.

    ru-mne

    Russian - Mnemonic.

    ru-t

    Russian (Typewriter).

    sl

    Slovenian.

    sv

    Swedish.

    sv-sami

    Swedish with Sami.

    tuk

    Turkmen.

    tur-f

    Turkish F.

    tur-q

    Turkish Q.

    zh-sym-sg-us

    Chinese (Simplified, Singapore) - US keyboard.

    zh-sym-us

    Chinese (Simplified) - US Keyboard.

    zh-tr-hk

    Chinese (Traditional, Hong Kong S.A.R.).

    zh-tr-mo

    Chinese (Traditional Macao S.A.R.) - US Keyboard.

    zh-tr-us

    Chinese (Traditional) - US keyboard.

    load-balancing-info

    The load balancing information or cookie which should be provided to the connection broker.

    var-string

    Maximum length: 511

    logon-password

    Logon password.

    password

    Not Specified

    logon-user

    Logon user.

    var-string

    Maximum length: 35

    name

    Bookmark name.

    string

    Maximum length: 35

    port

    Remote port.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    preconnection-blob

    An arbitrary string which identifies the RDP source.

    var-string

    Maximum length: 511

    preconnection-id

    The numeric ID of the RDP source.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    restricted-admin

    Enable/disable restricted admin mode for RDP.

    option

    -

    disable

    Option

    Description

    enable

    Enable restricted admin mode for RDP.

    disable

    Disable restricted admin mode for RDP.

    security

    Security mode for RDP connection.

    option

    -

    any

    Option

    Description

    any

    Allow the server to choose the type of security.

    rdp

    Standard RDP encryption.

    nla

    Network Level Authentication.

    tls

    TLS encryption.

    send-preconnection-id

    Enable/disable sending of preconnection ID.

    option

    -

    disable

    Option

    Description

    enable

    Enable sending of preconnection ID.

    disable

    Disable sending of preconnection ID.

    sso

    Single sign-on.

    option

    -

    disable

    Option

    Description

    disable

    Disable SSO.

    static

    Static SSO.

    auto

    Auto SSO.

    sso-credential

    Single sign-on credentials.

    option

    -

    sslvpn-login

    Option

    Description

    sslvpn-login

    SSL-VPN login.

    alternative

    Alternative.

    sso-credential-sent-once

    Single sign-on credentials are only sent once to remote server.

    option

    -

    disable

    Option

    Description

    enable

    Single sign-on credentials are only sent once to remote server.

    disable

    Single sign-on credentials are sent to remote server for every HTTP request.

    sso-password

    SSO password.

    password

    Not Specified

    sso-username

    SSO user name.

    var-string

    Maximum length: 35

    url

    URL parameter.

    var-string

    Maximum length: 128

    vnc-keyboard-layout

    Keyboard layout.

    option

    -

    default

    Option

    Description

    default

    Default.

    da

    Danish.

    nl

    Dutch.

    en-uk

    English, United Kingdom.

    en-uk-ext

    English, United Kingdom Extended.

    fi

    Finnish.

    fr

    French.

    fr-be

    French, Belgium.

    fr-ca-mul

    French, Canadian Multilingual Std.

    de

    German.

    de-ch

    German, Switzerland.

    it

    Italian.

    it-142

    Italian (142).

    pt

    Portuguese.

    pt-br-abnt2

    Portuguese (Brazilian ABNT2).

    no

    Norwegian.

    gd

    Scottish Gaelic.

    es

    Spanish.

    sv

    Swedish.

    us-intl

    United States-International.

    width

    Screen width.

    integer

    Minimum value: 0 Maximum value: 65535

    0
    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config landing-page

    Parameter

    Description

    Type

    Size

    Default

    sso

    Single sign-on.

    option

    -

    disable

    Option

    Description

    disable

    Disable SSO.

    static

    Static SSO.

    auto

    Auto SSO.

    sso-credential

    Single sign-on credentials.

    option

    -

    sslvpn-login

    Option

    Description

    sslvpn-login

    SSL-VPN login.

    alternative

    Alternative.

    sso-password

    SSO password.

    password

    Not Specified

    sso-username

    SSO user name.

    var-string

    Maximum length: 35

    url

    Landing page URL.

    var-string

    Maximum length: 511

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config form-data

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    value

    Value.

    var-string

    Maximum length: 63

    config mac-addr-check-rule

    Parameter

    Description

    Type

    Size

    Default

    mac-addr-list <addr>

    Client MAC address list.

    Client MAC address.

    mac-address

    Not Specified

    mac-addr-mask

    Client MAC address mask.

    integer

    Minimum value: 1 Maximum value: 48

    48

    name

    Client MAC address check rule name.

    string

    Maximum length: 35

    config os-check-list

    Parameter

    Description

    Type

    Size

    Default

    action

    OS check options.

    option

    -

    allow

    Option

    Description

    deny

    Deny all OS versions.

    allow

    Allow any OS version.

    check-up-to-date

    Verify OS is up-to-date.

    latest-patch-level

    Latest OS patch level.

    user

    Not Specified

    0

    minor-version

    Minor version number.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    name

    Name.

    string

    Maximum length: 35

    tolerance

    OS patch level tolerance.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    config split-dns

    Parameter

    Description

    Type

    Size

    Default

    dns-server1

    DNS server 1.

    ipv4-address

    Not Specified

    0.0.0.0

    dns-server2

    DNS server 2.

    ipv4-address

    Not Specified

    0.0.0.0

    domains

    Split DNS domains used for SSL-VPN clients separated by comma.

    var-string

    Maximum length: 1024

    id

    ID.

    integer

    Minimum value: 0 Maximum value: 4294967294

    0

    ipv6-dns-server1

    IPv6 DNS server 1.

    ipv6-address

    Not Specified

    ::

    ipv6-dns-server2

    IPv6 DNS server 2.

    ipv6-address

    Not Specified

    ::
    Previous
    Next