config system settings
Configure VDOM settings.
config system settings Description: Configure VDOM settings. set comments {var-string} set opmode [nat|transparent] set forward-domain [enable|disable] set http-external-dest [fortiweb|forticache] set firewall-session-dirty [check-all|check-new|...] set manageip {user} set gateway {ipv4-address} set ip {ipv4-classnet-host} set manageip6 {ipv6-prefix} set gateway6 {ipv6-address} set ip6 {ipv6-prefix} set device {string} set utf8-spam-tagging [enable|disable] set wccp-cache-engine [enable|disable] set wccp-local-route [enable|disable] set vpn-stats-log {option1}, {option2}, ... set vpn-stats-period {integer} set mac-ttl {integer} set fw-session-hairpin [enable|disable] set prp-trailer-action [enable|disable] set snat-hairpin-traffic [enable|disable] set dhcp-proxy [enable|disable] set dhcp-proxy-interface-select-method [auto|specify] set dhcp-proxy-interface {string} set dhcp-server-ip {user} set dhcp6-server-ip {user} set gui-default-policy-columns <name1>, <name2>, ... set link-down-access [enable|disable] set asymroute [enable|disable] set asymroute-icmp [enable|disable] set tcp-session-without-syn [enable|disable] set ses-denied-traffic [enable|disable] set strict-src-check [enable|disable] set allow-linkdown-path [enable|disable] set asymroute6 [enable|disable] set asymroute6-icmp [enable|disable] set sctp-session-without-init [enable|disable] set status [enable|disable] set allow-subnet-overlap [enable|disable] set deny-tcp-with-icmp [enable|disable] set discovered-device-timeout {integer} set email-portal-check-dns [disable|enable] set gui-icap [enable|disable] set gui-implicit-policy [enable|disable] set gui-dns-database [enable|disable] set gui-multicast-policy [enable|disable] set gui-dos-policy [enable|disable] set gui-object-colors [enable|disable] set gui-voip-profile [enable|disable] set gui-security-profile-group [enable|disable] set gui-wanopt-cache [enable|disable] set gui-explicit-proxy [enable|disable] set gui-policy-based-ipsec [enable|disable] set gui-threat-weight [enable|disable] set gui-spamfilter [enable|disable] set gui-file-filter [enable|disable] set gui-application-control [enable|disable] set gui-ips [enable|disable] set gui-endpoint-control [enable|disable] set gui-endpoint-control-advanced [enable|disable] set gui-dhcp-advanced [enable|disable] set gui-vpn [enable|disable] set gui-webfilter-advanced [enable|disable] set gui-traffic-shaping [enable|disable] set gui-antivirus [enable|disable] set gui-webfilter [enable|disable] set gui-videofilter [enable|disable] set gui-dnsfilter [enable|disable] set gui-proxy-inspection [enable|disable] set gui-advanced-policy [enable|disable] set gui-allow-unnamed-policy [enable|disable] set gui-email-collection [enable|disable] set gui-multiple-interface-policy [enable|disable] set gui-policy-disclaimer [enable|disable] set gui-ztna [enable|disable] set gui-ot [enable|disable] set block-land-attack [disable|enable] set default-app-port-as-service [enable|disable] set application-bandwidth-tracking [disable|enable] set default-policy-expiry-days {integer} set gui-enforce-change-summary [disable|require|...] set internet-service-database-cache [disable|enable] end
config system settings
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
comments |
VDOM comments. |
var-string |
Maximum length: 255 |
|
||||||||
opmode |
Firewall operation mode (NAT or Transparent). |
option |
- |
nat |
||||||||
|
|
|||||||||||
forward-domain |
Enable/disable forward domain. |
option |
- |
disable |
||||||||
|
|
|||||||||||
http-external-dest |
Offload HTTP traffic to FortiWeb or FortiCache. |
option |
- |
fortiweb |
||||||||
|
|
|||||||||||
firewall-session-dirty |
Select how to manage sessions affected by firewall policy configuration changes. |
option |
- |
check-all |
||||||||
|
|
|||||||||||
manageip |
Transparent mode IPv4 management IP address and netmask. |
user |
Not Specified |
|
||||||||
gateway |
Transparent mode IPv4 default gateway IP address. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
ip |
IP address and netmask. |
ipv4-classnet-host |
Not Specified |
0.0.0.0 0.0.0.0 |
||||||||
manageip6 |
Transparent mode IPv6 management IP address and netmask. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||
gateway6 |
Transparent mode IPv4 default gateway IP address. |
ipv6-address |
Not Specified |
:: |
||||||||
ip6 |
IPv6 address prefix for NAT mode. |
ipv6-prefix |
Not Specified |
::/0 |
||||||||
device |
Interface to use for management access for NAT mode. |
string |
Maximum length: 35 |
|
||||||||
utf8-spam-tagging |
Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. |
option |
- |
enable |
||||||||
|
|
|||||||||||
wccp-cache-engine |
Enable/disable WCCP cache engine. |
option |
- |
disable |
||||||||
|
|
|||||||||||
wccp-local-route |
Enable/disable WCCP to use local route. |
option |
- |
disable |
||||||||
|
|
|||||||||||
vpn-stats-log |
Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. |
option |
- |
ipsec pptp l2tp |
||||||||
|
|
|||||||||||
vpn-stats-period |
Period to send VPN log statistics. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
600 |
||||||||
mac-ttl |
Duration of MAC addresses in Transparent mode. |
integer |
Minimum value: 300 Maximum value: 8640000 |
300 |
||||||||
fw-session-hairpin |
Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiProxy. |
option |
- |
disable |
||||||||
|
|
|||||||||||
prp-trailer-action |
Enable/disable action to take on PRP trailer. |
option |
- |
disable |
||||||||
|
|
|||||||||||
snat-hairpin-traffic |
Enable/disable source NAT (SNAT) for hairpin traffic. |
option |
- |
enable |
||||||||
|
|
|||||||||||
dhcp-proxy |
Enable/disable the DHCP Proxy. |
option |
- |
disable |
||||||||
|
|
|||||||||||
dhcp-proxy-interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||
|
|
|||||||||||
dhcp-proxy-interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||||
dhcp-server-ip |
DHCP Server IPv4 address. |
user |
Not Specified |
|
||||||||
dhcp6-server-ip |
DHCPv6 server IPv6 address. |
user |
Not Specified |
|
||||||||
gui-default-policy-columns |
Default columns to display for policy lists on GUI. Select column name. |
string |
Maximum length: 79 |
|
||||||||
link-down-access |
Enable/disable link down access traffic. |
option |
- |
enable |
||||||||
|
|
|||||||||||
asymroute |
Enable/disable IPv4 asymmetric routing. |
option |
- |
disable |
||||||||
|
|
|||||||||||
asymroute-icmp |
Enable/disable ICMP asymmetric routing. |
option |
- |
disable |
||||||||
|
|
|||||||||||
tcp-session-without-syn |
Enable/disable allowing TCP session without SYN flags. |
option |
- |
disable |
||||||||
|
|
|||||||||||
ses-denied-traffic |
Enable/disable including denied session in the session table. |
option |
- |
disable |
||||||||
|
|
|||||||||||
strict-src-check |
Enable/disable strict source verification. |
option |
- |
disable |
||||||||
|
|
|||||||||||
allow-linkdown-path |
Enable/disable link down path. |
option |
- |
disable |
||||||||
|
|
|||||||||||
asymroute6 |
Enable/disable asymmetric IPv6 routing. |
option |
- |
disable |
||||||||
|
|
|||||||||||
asymroute6-icmp |
Enable/disable asymmetric ICMPv6 routing. |
option |
- |
disable |
||||||||
|
|
|||||||||||
sctp-session-without-init |
Enable/disable SCTP session creation without SCTP INIT. |
option |
- |
disable |
||||||||
|
|
|||||||||||
status |
Enable/disable this VDOM. |
option |
- |
enable |
||||||||
|
|
|||||||||||
allow-subnet-overlap |
Enable/disable allowing interface subnets to use overlapping IP addresses. |
option |
- |
disable |
||||||||
|
|
|||||||||||
deny-tcp-with-icmp |
Enable/disable denying TCP by sending an ICMP communication prohibited packet. |
option |
- |
disable |
||||||||
|
|
|||||||||||
discovered-device-timeout |
Timeout for discovered devices. |
integer |
Minimum value: 1 Maximum value: 365 |
28 |
||||||||
email-portal-check-dns |
Enable/disable using DNS to validate email addresses collected by a captive portal. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-icap |
Enable/disable ICAP on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-implicit-policy |
Enable/disable implicit firewall policies on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-dns-database |
Enable/disable DNS database settings on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-multicast-policy |
Enable/disable multicast firewall policies on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-dos-policy |
Enable/disable DoS policies on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-object-colors |
Enable/disable object colors on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-voip-profile |
Enable/disable VoIP profiles on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-security-profile-group |
Enable/disable Security Profile Groups on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-wanopt-cache |
Enable/disable WAN Optimization and Web Caching on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-explicit-proxy |
Enable/disable the explicit proxy on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-policy-based-ipsec |
Enable/disable policy-based IPsec VPN on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-threat-weight |
Enable/disable threat weight on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-spamfilter |
Enable/disable Antispam on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-file-filter |
Enable/disable File-filter on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-application-control |
Enable/disable application control on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-ips |
Enable/disable IPS on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-endpoint-control |
Enable/disable endpoint control on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-endpoint-control-advanced |
Enable/disable advanced endpoint control options on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-dhcp-advanced |
Enable/disable advanced DHCP options on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-vpn |
Enable/disable VPN tunnels on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-webfilter-advanced |
Enable/disable advanced web filtering on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-traffic-shaping |
Enable/disable traffic shaping on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-antivirus |
Enable/disable AntiVirus on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-webfilter |
Enable/disable Web filtering on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-videofilter |
Enable/disable Video filtering on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-dnsfilter |
Enable/disable DNS Filtering on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-proxy-inspection |
Enable/disable the proxy features on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-advanced-policy |
Enable/disable advanced policy configuration on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-allow-unnamed-policy |
Enable/disable the requirement for policy naming on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-email-collection |
Enable/disable email collection on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-multiple-interface-policy |
Enable/disable adding multiple interfaces to a policy on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-policy-disclaimer |
Enable/disable policy disclaimer on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
gui-ztna |
Enable/disable Zero Trust Network Access features on the GUI. |
option |
- |
enable |
||||||||
|
|
|||||||||||
gui-ot |
Enable/disable Operational technology features on the GUI. |
option |
- |
disable |
||||||||
|
|
|||||||||||
block-land-attack |
Enable/disable blocking of land attacks. |
option |
- |
disable |
||||||||
|
|
|||||||||||
default-app-port-as-service |
Enable/disable policy service enforcement based on application default ports. |
option |
- |
enable |
||||||||
|
|
|||||||||||
application-bandwidth-tracking |
Enable/disable application bandwidth tracking. |
option |
- |
disable |
||||||||
|
|
|||||||||||
default-policy-expiry-days |
Default policy expiry in days. |
integer |
Minimum value: 0 Maximum value: 365 |
30 |
||||||||
gui-enforce-change-summary |
Enforce change summaries for select tables in the GUI. |
option |
- |
require |
||||||||
|
|
|||||||||||
internet-service-database-cache |
Enable/disable Internet Service database caching. |
option |
- |
disable |
||||||||
|
|