Set the lockout duration for FortiManager administration, in seconds (default = 60).

Set the lockout threshold for FortiManager administration (1 - 10, default = 3).

Set the ADOM mode (default = normal).

Auto delete features for old ADOM revisions:

• by-days: Auto delete ADOM revisions by maximum days.
• by-revisions: Auto delete ADOM revisions by maximum number of revisions (default).
• disable: Disable auto delete function for ADOM revision.

The maximum number of ADOM revisions to be included in the system configuration backup (default = 5).

The maximum number of days to keep old ADOM revisions (default = 30).

The maximum number of ADOM revisions to keep (default = 120).

Enable/disable a pop-up window that allows administrators to select an ADOM after logging in (default = enable).

Enable/disable administrative domains (default = disable).

Set the cloned object name option:

• default: Add a Clone of prefix to the name.
• keep: Keep the original name for the user to edit.

Enable/disable requiring a client certificate for GUI login (default = disable).

When both clt-cert-req and admin-https-pki-required are enabled, only PKI administrators can connect to the GUI.

Select how the output is displayed on the console (default = standard).

Select more to pause the output at each full screen until keypress. Select standard for continuous output without pauses.

Enable/disable a country flag icon beside an IP address (default = enable).

Enable/disable create revision by default (default = disable).

Enable/disable daylight saving time (default = enable).

If you enable daylight saving time, the FortiManager unit automatically adjusts the system time when daylight saving time begins or ends.

Enable/disable unregistered log device detection (default = enable).

Set the devices/groups view mode (default = regular).

Set the minimum size of the Diffie-Hellman prime for SSH/HTTPS, in bits (default = 2048).

Disable module list.

Set SSL communication encryption algorithms:

• custom: SSL communication using custom-selected encryption algorithms.
• high: SSL communication using high encryption algorithms (default).
• medium: SSL communication using high and medium encryption algorithms.
• low: SSL communication using all available encryption algorithms.

Enable/disable FortiAnalyzer features in FortiManager (default = disable).

This command is not available on the FMG-100C.

Set the extra FGFM CA certificates ("" = default certificate will be used).

Set the FGFM local certificate ("" = default certificate will be used).

Set the lowest SSL protocols for fgfmsd (default = tlsv1.2).

Enable/disable automatically grouping HA members when the group name is unique in your network (default = enable).

FortiManager host name.

Enable/disable import ignore of address comments (default = disable).

GUI language:

• english: English (default)
• japanese: Japanese
• simch: Simplified Chinese
• spanish: Spanish
• trach: Traditional Chinese

Set the FortiManager device's latitude.

LDAP cache timeout, in seconds (default =86400).

LDAP connection timeout, in milliseconds (default = 60000).

Enable/disable the ADOM lock override (default = disable).

Record log file hash value, timestamp, and authentication code at transmission or rolling:

• md5: Record log file’s MD5 hash value only.
• md5-auth: Record log file’s MD5 hash value and authentication code.
• none: Do not record the log file checksum (default).

Set the log forwarding disk cache size, in gigabytes (default = 0).

Set the FortiManager device's longitude.

Set the maximum log forwarding and aggregation number (5 - 20).

Maximum running reports number (1 - 10, default = 1).

Set the multicast policy disabled ADOMs, separated by spaces. Only ADOMs below version 6.0 can be included.

Enable/disable multiple steps upgrade in an autolink process (default = disable).

Allow the normalized interface to be zone only (default = disable).

Set the lowest SSL protocols for oftpd (default = tlsv1.2).

Enable/disable partial install (install only some objects) (default= disable).

Use this command to enable pushing individual objects of the policy package down to all FortiGates in the Policy Package.

Once enabled, in the GUI you can right-click an object and choose to install it.

Enable/disable partial install when the Dev database is modified (default= disable).

This option is only available when partial-install is enabled.

Enable/disable partial install revision (default= disable).

This option is only available when partial-install is enabled.

Enable/disable performance improvement by distributing tasks to secondary HA units (default= disable).

Enable/disable per policy lock (default= disable).

This option is only available in workspace lock mode.

Enable/disable show icons of policy objects (default= disable).

Enable/disable show policies and objects in dual pane (default= disable).

Enable/disable pre-login banner (default= disable).

Set the pre-login banner message.

Enable/disable private data encryption using an AES 128 bit key (default = disable).

Remote authentication (RADIUS/LDAP) timeout, in seconds (default = 10).

Enable/disable search all ADOMs for where-used queries (default= disable).

Enable/disable SSL low-grade (40-bit) encryption (default= disable).

Set the SSL protocols (default = tlsv1.3 tlsv1.2).

Enable/disable SSL static key ciphers (default = enable).

Enable/disable virtual memory.

Set the maximum number of completed tasks to keep (default = 2000).

The time zone for the FortiManager unit (default = Pacific Time). See Time zones

Set the maximum transportation unit (68 - 9000, default = 1500).

Enable/disable contacting only FortiGuard servers in the USA (default = enable).

Enable/disable VDOM mirror (default = disable).

Once enabled in the CLI, you can select to enable VDOM Mirror when editing a virtual domain in the System > Virtual Domain device tab in Device Manager. You can then add devices and VDOMs to the list so they may be mirrored. An icon is displayed in the Mirror column of the page to indicate that the VDOM is being mirrored to another device/VDOM.

When changes are made to the primary device’s VDOM database, a copy is applied to the mirror device’s VDOM database. A revision is created and then installed to the devices.

VDOM mirror is intended to be used by MSSP or enterprise companies who need to provide a backup VDOM for their customers.

Web Service connection (default = tlsv1.3 tlsv1.2).

Enable/disable Workspace and Workflow (ADOM locking):

• disabled: Workspace is disabled (default).
• normal: Workspace lock mode enabled.
• per-adom: Per-ADOM workspace mode enabled.
• workspace: Workspace workflow mode enabled.

Configure the ssl-cipher-suites table to enforce the user specified preferred cipher order in the incoming SSL connections.

Note: This command is only available if enc-algorithm is set to custom.

Variables for config ssl-cipher-suites subcommad:

Set the order of the ciphers in the ssl-cipher-suites table.

Enter the SSL cipher name from the list.

(GMT+3:00) Nairobi

(GMT+3:30) Tehran

(GMT+4:00) Abu Dhabi, Muscat

(GMT+4:00) Baku

(GMT+4:30) Kabul

(GMT+5:00) Ekaterinburg

(GMT+5:00) Islamabad, Karachi,Tashkent

(GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi

(GMT+5:45) Kathmandu

(GMT+6:00) Almaty, Novosibirsk

(GMT+6:00) Astana, Dhaka

(GMT+6:00) Sri Jayawardenapura

(GMT+6:30) Rangoon

(GMT+7:00) Bangkok, Hanoi, Jakarta

(GMT+7:00) Krasnoyarsk

(GMT+8:00) Beijing,ChongQing, HongKong,Urumqi

(GMT+8:00) Irkutsk, Ulaanbaatar

(GMT+8:00) Kuala Lumpur, Singapore

(GMT+8:00) Perth

(GMT+8:00) Taipei

(GMT+9:00) Osaka, Sapporo, Tokyo, Seoul

(GMT+9:00) Yakutsk

(GMT+9:30) Adelaide

(GMT+9:30) Darwin

(GMT+10:00) Brisbane

(GMT+10:00) Canberra, Melbourne, Sydney

(GMT+10:00) Guam, Port Moresby

(GMT+10:00) Hobart

(GMT+10:00) Vladivostok

(GMT+11:00) Magadan

(GMT+11:00) Solomon Is., New Caledonia

(GMT+12:00) Auckland, Wellington

(GMT+12:00) Fiji, Kamchatka, Marshall Is

(GMT+13:00) Nuku'alofa

(GMT-4:30) Caracas

(GMT+1:00) Namibia

(GMT-5:00) Brazil-Acre)

(GMT-4:00) Brazil-West

(GMT-3:00) Brazil-East