global
Use this command to configure global settings that affect miscellaneous FortiManager features.
Syntax
config system global
set admin-https-pki-required {disable | enable}
set admin-lockout-duration <integer>
set admin-lockout-threshold <integer>
set adom-mode {advanced | normal}sh
set adom-rev-auto-delete {by-days | by-revisions | disable}
set adom-rev-max-backup-revisions <integer>
set adom-rev-max-days <integer>
set adom-rev-max-revisions <integer>
set adom-select {enable | disable}
set adom-status {enable | disable}
set auto-register-device {enable | disable}
set clt-cert-req {disable | enable}
set console-output {more | standard}
set create-revision {disable | enable}
set daylightsavetime {enable | disable}
set default-disk-quota <integer>
set detect-unregistred-log-device {enable | disable}
set device-view-mode {regular | tree}
set faz-status {enable | disable}
set fgfm-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2}
set enc-algorithm {default | high | low}
set ha-member-auto-grouping {enable | disable}
set hostname <string>
set import-ignore-addr-cmt {enable | disable}
set language {english | japanese | simch | trach}
set ldap-cache-timeout <integer>
set ldapconntimeout <integer>
set lock-preempt {enable | disable}
set log-checksum {md5 | md5-auth | none}
set max-log-forward <integer>
set max-running-reports <integer>
set oftp-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2}
set partial-install {enable | disable}
set partial-install-rev {enable | disable}
set perform-improve-by-ha
set policy-hit-count {enable | disable}
set policy-object-in-dual-pane {enable | disable}
set pre-login-banner {disable | enable}
set pre-login-banner-message <string>
set remoteauthtimeout <integer>
set search-all-adoms {enable | disable}
set ssl-low-encryption {enable | disable}
set ssl-protocol {tlsv1 | sslv3}
set ssl-static-key-ciphers {enable | disable}
set swapmem {enable | disable}
set task-list-size <integer>
set timezone <integer>
set tunnel-mtu <integer>
set usg {enable | disable}
set vdom-mirror {enable | disable}
set webservice-proto {tlsv1 | sslv3 | sslv2}
set workflow-max-sessions <integer>
set workspace-mode {disabled | normal | workflow}
end
|
Variable |
Description |
|---|---|
|
admin-https-pki-required {disable | enable} |
Enable/disable HTTPS login page when PKI is enabled. The following options are available:
When both |
|
admin-lockout-duration <integer> |
Set the lockout duration (seconds) for FortiManager administration (default = |
|
admin-lockout-threshold <integer> |
Set the lockout threshold for FortiManager administration (1 - 10, default = |
|
adom-mode {advanced | normal} |
Set the ADOM mode: |
|
adom-rev-auto-delete {by-days | by-revisions | disable} |
Auto delete features for old ADOM revisions:
|
|
adom-rev-max-backup-revisions <integer> |
The maximum number of ADOM revisions to backup (default = 5). |
|
adom-rev-max-days <integer> |
The maximum number of days to keep old ADOM revisions. |
|
adom-rev-max-revisions <integer> |
The maximum number of ADOM revisions to keep (default = 120). |
|
adom-status {enable | disable} |
Enable/disable ADOMs (default = disable). |
|
adom-select {enable | disable} |
Enable/disable a pop-up window that allows administrators to select an ADOM after logging in (default = enable). |
|
auto-register-device {enable | disable} |
Enable or disable device auto registration by log message. |
|
clt-cert-req {disable | enable} |
Enable/disable requiring a client certificate for GUI login. The following options are available:
When both |
|
console-output {more | standard} |
Select how the output is displayed on the console. Select
|
|
create-revision {disable | enable} |
Enable/disable create revision by default (default = disable). |
|
daylightsavetime {enable | disable} |
Enable/disable daylight saving time (default = enable). If you enable daylight saving time, the FortiManager unit automatically adjusts the system time when daylight saving time begins or ends. |
|
default-disk-quota <integer> |
Default disk quota (MB) for registered device (100 - 100000, default = 1000). |
|
detect-unregistered-log-device |
Enable/disable unregistered log device detection (default = enable). |
|
device-view-mode {regular | tree} |
Set the devices' or groups' view mode, either regular or tree view (default = regular). |
|
faz-status {enable | disable} |
Enable/disable FortiAnalyzer features in FortiManager (default = disable). This command is not available on the FMG-100C. |
|
fgfm-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2} |
Set the lowest SSL protocols for fgfmsd (default = |
|
enc-algorithm {default | high | low} |
Set SSL communication encryption algorithms. The following options are available:
|
|
ha-member-auto-grouping {enable | disable} |
Enable/disable automatically grouping HA members when the group name is unique in your network (default = enable). |
|
hostname <string> |
FortiManager host name. |
|
import-ignore-addr-cmt {enable | disable} |
Enable/disable ignoring address comments when importing. |
|
language {english | japanese | simch | trach} |
GUI language. The following options are available:
|
|
ldap-cache-timeout <integer> |
LDAP cache timeout, in seconds (default: |
|
ldapconntimeout <integer> |
LDAP connection timeout (in milliseconds) (default = |
|
lock-preempt {enable | disable} |
Enable/disable the ADOM lock override (default = disable). |
|
log-checksum {md5 | md5-auth | none} |
Record log file hash value, timestamp, and authentication code at transmission or rolling. The following options are available:
|
|
max-log-forward <integer> |
Set the maximum log forwarding and aggregation number (5 - 20) |
|
max-running-reports <integer> |
Maximum running reports number(1 - 10, default = 1). |
|
oftp-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2} |
Set the lowest SSL protocols for oftpd (default = |
|
partial-install {enable | disable} |
Enable/disable partial install (install only some objects) (default = disable). Use this command to enable pushing individual objects of the policy package down to all FortiGates in the Policy Package. Once enabled, in the GUI you can right-click an object and choose to install it. |
|
partial-install-rev {enable | disable} |
Enable/disable partial install revision (default = disable). |
|
perform-improve-by-ha {enable | disable} |
Enable/Disable performance improvement by distributing tasks to secondary HA units (default = disable). |
|
policy-hit-count {enable | disable} |
Enable/disable show policy hit count (default = disable). The policy hit count is the number of sessions that match to a firewall policy on a FortiGate. When |
|
policy-object-in-dual-pane {enable | disable} |
Enable/disable show policies and objects in dual pane (default = disable). |
|
pre-login-banner {disable | enable} |
Enable/disable pre-login banner (default = disable). |
|
pre-login-banner-message <string> |
Set the pre-login banner message. |
|
remoteauthtimeout <integer> |
Remote authentication (RADIUS/LDAP) timeout (in seconds) (default = |
|
search-all-adoms {enable | disable} |
Enable/disable search all ADOMs for where-used queries (default = disable). |
|
ssl-low-encryption {enable | disable} |
Enable/disable SSL low-grade (40-bit) encryption (default = enable). |
|
ssl-protocol {tlsv1 | sslv3} |
Set the SSL protocols: |
|
ssl-static-key-ciphers {enable | disable} |
Enable/disable SSL static key ciphers (default = enable). |
|
swapmem {enable | disable} |
Enable/disable virtual memory. |
|
task-list-size <integer> |
Set the maximum number of completed tasks to keep (default = |
|
timezone <integer> |
The time zone for the FortiManager unit (default = |
|
tunnel-mtu <integer> |
Set the maximum transportation unit, from 68 to 9000 (default = |
|
usg {enable | disable} |
Enable to contact FortiGuard servers only in the USA. Disable to contact any FortiGuard server (default = enable). |
|
vdom-mirror {enable | disable} |
Enable/disable VDOM mirror (default = disable). Once enabled in the CLI, you can select to enable VDOM Mirror when editing a virtual domain in the System > Virtual Domain device tab in Device Manager. You can then add devices and VDOMs to the list so they may be mirrored. A icon is displayed in the Mirror column of this page to indicate that the VDOM is being mirrored to another device/VDOM. When changes are made to the master device’s VDOM database, a copy is applied to the mirror device’s VDOM database. A revision is created and then installed to the devices. VDOM mirror is intended to be used by MSSP or enterprise companies who need to provide a backup VDOM for their customers. |
|
webservice-proto {tlsv1 | sslv3 | sslv2} |
Web Service connection: |
|
workflow-max-sessions <integer> |
Maximum number of workflow sessions per ADOM (100 - 1000, default = |
|
workspace-mode {disabled | normal | workflow} |
Enable/disable Workspace and Workflow (ADOM locking). The following options are available:
|
Example
The following command turns on daylight saving time, sets the FortiManager unit name to FMG3k, and chooses the Eastern time zone for US & Canada.
config system global
set daylightsavetime enable
set hostname FMG3k
set timezone 12
end
Time zones
|
Integer |
Time zone |
Integer |
Time zone |
|---|---|---|---|
|
00 |
(GMT-12:00) Eniwetak, Kwajalein |
40 |
(GMT+3:00) Nairobi |
|
01 |
(GMT-11:00) Midway Island, Samoa |
41 |
(GMT+3:30) Tehran |
|
02 |
(GMT-10:00) Hawaii |
42 |
(GMT+4:00) Abu Dhabi, Muscat |
|
03 |
(GMT-9:00) Alaska |
43 |
(GMT+4:00) Baku |
|
04 |
(GMT-8:00) Pacific Time (US & Canada) |
44 |
(GMT+4:30) Kabul |
|
05 |
(GMT-7:00) Arizona |
45 |
(GMT+5:00) Ekaterinburg |
|
06 |
(GMT-7:00) Mountain Time (US & Canada) |
46 |
(GMT+5:00) Islamabad, Karachi,Tashkent |
|
07 |
(GMT-6:00) Central America |
47 |
(GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi |
|
08 |
(GMT-6:00) Central Time (US & Canada) |
48 |
(GMT+5:45) Kathmandu |
|
09 |
(GMT-6:00) Mexico City |
49 |
(GMT+6:00) Almaty, Novosibirsk |
|
10 |
(GMT-6:00) Saskatchewan |
50 |
(GMT+6:00) Astana, Dhaka |
|
11 |
(GMT-5:00) Bogota, Lima, Quito |
51 |
(GMT+6:00) Sri Jayawardenapura |
|
12 |
(GMT-5:00) Eastern Time (US & Canada) |
52 |
(GMT+6:30) Rangoon |
|
13 |
(GMT-5:00) Indiana (East) |
53 |
(GMT+7:00) Bangkok, Hanoi, Jakarta |
|
14 |
(GMT-4:00) Atlantic Time (Canada) |
54 |
(GMT+7:00) Krasnoyarsk |
|
15 |
(GMT-4:00) La Paz |
55 |
(GMT+8:00) Beijing,ChongQing, HongKong,Urumqi |
|
16 |
(GMT-4:00) Santiago |
56 |
(GMT+8:00) Irkutsk, Ulaanbaatar |
|
17 |
(GMT-3:30) Newfoundland |
57 |
(GMT+8:00) Kuala Lumpur, Singapore |
|
18 |
(GMT-3:00) Brasilia |
58 |
(GMT+8:00) Perth |
|
19 |
(GMT-3:00) Buenos Aires, Georgetown |
59 |
(GMT+8:00) Taipei |
|
20 |
(GMT-3:00) Nuuk (Greenland) |
60 |
(GMT+9:00) Osaka, Sapporo, Tokyo, Seoul |
|
21 |
(GMT-2:00) Mid-Atlantic |
61 |
(GMT+9:00) Yakutsk |
|
22 |
(GMT-1:00) Azores |
62 |
(GMT+9:30) Adelaide |
|
23 |
(GMT-1:00) Cape Verde Is |
63 |
(GMT+9:30) Darwin |
|
24 |
(GMT) Casablanca, Monrovia |
64 |
(GMT+10:00) Brisbane |
|
25 |
(GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London |
65 |
(GMT+10:00) Canberra, Melbourne, Sydney |
|
26 |
(GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna |
66 |
(GMT+10:00) Guam, Port Moresby |
|
27 |
(GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague |
67 |
(GMT+10:00) Hobart |
|
28 |
(GMT+1:00) Brussels, Copenhagen, Madrid, Paris |
68 |
(GMT+10:00) Vladivostok |
|
29 |
(GMT+1:00) Sarajevo, Skopje, Sofija, Vilnius, Warsaw, Zagreb |
69 |
(GMT+11:00) Magadan |
|
30 |
(GMT+1:00) West Central Africa |
70 |
(GMT+11:00) Solomon Is., New Caledonia |
|
31 |
(GMT+2:00) Athens, Istanbul, Minsk |
71 |
(GMT+12:00) Auckland, Wellington |
|
32 |
(GMT+2:00) Bucharest |
72 |
(GMT+12:00) Fiji, Kamchatka, Marshall Is |
|
33 |
(GMT+2:00) Cairo |
73 |
(GMT+13:00) Nuku'alofa |
|
34 |
(GMT+2:00) Harare, Pretoria |
74 |
(GMT-4:30) Caracas |
|
35 |
(GMT+2:00) Helsinki, Riga,Tallinn |
75 |
(GMT+1:00) Namibia |
|
36 |
(GMT+2:00) Jerusalem |
76 |
(GMT-5:00) Brazil-Acre) |
|
37 |
(GMT+3:00) Baghdad |
77 |
(GMT-4:00) Brazil-West |
|
38 |
(GMT+3:00) Kuwait, Riyadh |
78 |
(GMT-3:00) Brazil-East |
|
39 |
(GMT+3:00) Moscow, St.Petersburg, Volgograd |
79 |
(GMT-2:00) Brazil-DeNoronha |