| Parameter | Choices/Defaults | Comments | 
                
                                                            | host 
                    string
                                                                 |  | FortiOS or FortiGate IP address. | 
                            
                                                            | https 
                    boolean
                                                                 |  | Indicates if the requests towards FortiGate must use HTTPS protocol. | 
                            
                                                            | password 
                    string
                                                                 | Default: 
 "" | FortiOS or FortiGate password. | 
                            
                                                            | ssl_verify 
                    boolean
                                                                 added in 2.9 |  | Ensures FortiGate certificate must be verified by a proper CA. | 
                            
                                                            | system_global 
                    dictionary
                                                                 | Default: 
 null | Configure global attributes. | 
                                                        
                                                |  | admin_concurrent 
                    string
                                                                 |  | Enable/disable concurrent administrator logins. (Use policy-auth-concurrent for firewall authenticated users.) | 
                            
                                                |  | admin_console_timeout 
                    integer
                                                                 |  | Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout. | 
                            
                                                |  | admin_https_pki_required 
                    string
                                                                 |  | Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. | 
                            
                                                |  | admin_https_ssl_versions 
                    list
                                                                 | Choices:
                                                                                                                                                            tlsv1-0tlsv1-1tlsv1-2 | Allowed TLS versions for web administration. | 
                            
                                                |  | admin_lockout_duration 
                    integer
                                                                 |  | Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. | 
                            
                                                |  | admin_lockout_threshold 
                    integer
                                                                 |  | Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. | 
                            
                                                |  | admin_login_max 
                    integer
                                                                 |  | Maximum number of administrators who can be logged in at the same time (1 - 100) | 
                            
                                                |  | admin_maintainer 
                    string
                                                                 |  | Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. | 
                            
                                                |  | admin_port 
                    integer
                                                                 |  | Administrative access port for HTTP. (1 - 65535). | 
                            
                                                |  | admin_restrict_local 
                    string
                                                                 |  | Enable/disable local admin authentication restriction when remote authenticator is up and running. | 
                            
                                                |  | admin_scp 
                    string
                                                                 |  | Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. | 
                            
                                                |  | admin_server_cert 
                    string
                                                                 |  | Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. | 
                            
                                                |  | admin_sport 
                    integer
                                                                 |  | Administrative access port for HTTPS. (1 - 65535). | 
                            
                                                |  | admin_ssh_grace_time 
                    integer
                                                                 |  | Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). | 
                            
                                                |  | admin_ssh_password 
                    string
                                                                 |  | Enable/disable password authentication for SSH admin access. | 
                            
                                                |  | admin_ssh_port 
                    integer
                                                                 |  | Administrative access port for SSH. (1 - 65535). | 
                            
                                                |  | admin_ssh_v1 
                    string
                                                                 |  | Enable/disable SSH v1 compatibility. | 
                            
                                                |  | admin_telnet_port 
                    integer
                                                                 |  | Administrative access port for TELNET. (1 - 65535). | 
                            
                                                |  | admintimeout 
                    integer
                                                                 |  | Number of minutes before an idle administrator session times out (5 - 480 minutes (8 hours)). A shorter idle timeout is more secure. | 
                            
                                                |  | alias 
                    string
                                                                 |  | Alias for your FortiGate unit. | 
                            
                                                |  | allow_traffic_redirect 
                    string
                                                                 |  | Disable to allow traffic to be routed back on a different interface. | 
                            
                                                |  | anti_replay 
                    string
                                                                 | Choices:
                                                                                                                                                            disableloosestrict | Level of checking for packet replay and TCP sequence checking. | 
                            
                                                |  | arp_max_entry 
                    integer
                                                                 |  | Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). | 
                            
                                                |  | asymroute 
                    string
                                                                 |  | Enable/disable asymmetric route. | 
                            
                                                |  | auth_cert 
                    string
                                                                 |  | Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. | 
                            
                                                |  | auth_http_port 
                    integer
                                                                 |  | User authentication HTTP port. (1 - 65535). | 
                            
                                                |  | auth_https_port 
                    integer
                                                                 |  | User authentication HTTPS port. (1 - 65535). | 
                            
                                                |  | auth_keepalive 
                    string
                                                                 |  | Enable to prevent user authentication sessions from timing out when idle. | 
                            
                                                |  | auth_session_limit 
                    string
                                                                 | Choices:
                                                                                                                                                            block-newlogout-inactive | Action to take when the number of allowed user authenticated sessions is reached. | 
                            
                                                |  | auto_auth_extension_device 
                    string
                                                                 |  | Enable/disable automatic authorization of dedicated Fortinet extension devices. | 
                            
                                                |  | av_affinity 
                    string
                                                                 |  | Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). | 
                            
                                                |  | av_failopen 
                    string
                                                                 | Choices:
                                                                                                                                                            passnoone-shot | Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. | 
                            
                                                |  | av_failopen_session 
                    string
                                                                 |  | When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. | 
                            
                                                |  | batch_cmdb 
                    string
                                                                 |  | Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. | 
                            
                                                |  | block_session_timer 
                    integer
                                                                 |  | Duration in seconds for blocked sessions (1 - 300 sec  (5 minutes)). | 
                            
                                                |  | br_fdb_max_entry 
                    integer
                                                                 |  | Maximum number of bridge forwarding database (FDB) entries. | 
                            
                                                |  | cert_chain_max 
                    integer
                                                                 |  | Maximum number of certificates that can be traversed in a certificate chain. | 
                            
                                                |  | cfg_revert_timeout 
                    integer
                                                                 |  | Time-out for reverting to the last saved configuration. | 
                            
                                                |  | cfg_save 
                    string
                                                                 | Choices:
                                                                                                                                                            automaticmanualrevert | Configuration file save mode for CLI changes. | 
                            
                                                |  | check_protocol_header 
                    string
                                                                 |  | Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. | 
                            
                                                |  | check_reset_range 
                    string
                                                                 |  | Configure ICMP error message verification. You can either apply strict RST range checking or disable it. | 
                            
                                                |  | cli_audit_log 
                    string
                                                                 |  | Enable/disable CLI audit log. | 
                            
                                                |  | clt_cert_req 
                    string
                                                                 |  | Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. | 
                            
                                                |  | compliance_check 
                    string
                                                                 |  | Enable/disable global PCI DSS compliance check. | 
                            
                                                |  | compliance_check_time 
                    string
                                                                 |  | Time of day to run scheduled PCI DSS compliance checks. | 
                            
                                                |  | cpu_use_threshold 
                    integer
                                                                 |  | Threshold at which CPU usage is reported. (% of total CPU). | 
                            
                                                |  | csr_ca_attribute 
                    string
                                                                 |  | Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. | 
                            
                                                |  | daily_restart 
                    string
                                                                 |  | Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. | 
                            
                                                |  | device_identification_active_scan_delay 
                    integer
                                                                 |  | Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). | 
                            
                                                |  | device_idle_timeout 
                    integer
                                                                 |  | Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). | 
                            
                                                |  | dh_params 
                    string
                                                                 | Choices:
                                                                                                                                                            1024153620483072409661448192 | Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. | 
                            
                                                |  | dnsproxy_worker_count 
                    integer
                                                                 |  | DNS proxy worker count. | 
                            
                                                |  | dst 
                    string
                                                                 |  | Enable/disable daylight saving time. | 
                            
                                                |  | endpoint_control_fds_access 
                    string
                                                                 |  | Enable/disable access to the FortiGuard network for non-compliant endpoints. | 
                            
                                                |  | endpoint_control_portal_port 
                    integer
                                                                 |  | Endpoint control portal port (1 - 65535). | 
                            
                                                |  | failtime 
                    integer
                                                                 |  | Fail-time for server lost. | 
                            
                                                |  | fds_statistics 
                    string
                                                                 |  | Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. | 
                            
                                                |  | fds_statistics_period 
                    integer
                                                                 |  | FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). | 
                            
                                                |  | fgd_alert_subscription 
                    string
                                                                 | Choices:
                                                                                                                                                            advisorylatest-threatlatest-viruslatest-attacknew-antivirus-dbnew-attack-db | Type of alert to retrieve from FortiGuard. | 
                            
                                                |  | fortiextender 
                    string
                                                                 |  | Enable/disable FortiExtender. | 
                            
                                                |  | fortiextender_data_port 
                    integer
                                                                 |  | FortiExtender data port (1024 - 49150). | 
                            
                                                |  | fortiextender_vlan_mode 
                    string
                                                                 |  | Enable/disable FortiExtender VLAN mode. | 
                            
                                                |  | fortiservice_port 
                    integer
                                                                 |  | FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. | 
                            
                                                |  | gui_certificates 
                    string
                                                                 |  | Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. | 
                            
                                                |  | gui_custom_language 
                    string
                                                                 |  | Enable/disable custom languages in GUI. | 
                            
                                                |  | gui_date_format 
                    string
                                                                 | Choices:
                                                                                                                                                            yyyy/MM/dddd/MM/yyyyMM/dd/yyyyyyyy-MM-dddd-MM-yyyyMM-dd-yyyy | Default date format used throughout GUI. | 
                            
                                                |  | gui_device_latitude 
                    string
                                                                 |  | Add the latitude of the location of this FortiGate to position it on the Threat Map. | 
                            
                                                |  | gui_device_longitude 
                    string
                                                                 |  | Add the longitude of the location of this FortiGate to position it on the Threat Map. | 
                            
                                                |  | gui_display_hostname 
                    string
                                                                 |  | Enable/disable displaying the FortiGate's hostname on the GUI login page. | 
                            
                                                |  | gui_ipv6 
                    string
                                                                 |  | Enable/disable IPv6 settings on the GUI. | 
                            
                                                |  | gui_lines_per_page 
                    integer
                                                                 |  | Number of lines to display per page for web administration. | 
                            
                                                |  | gui_theme 
                    string
                                                                 | Choices:
                                                                                                                                                            greenredbluemelongenemariner | Color scheme for the administration GUI. | 
                            
                                                |  | gui_wireless_opensecurity 
                    string
                                                                 |  | Enable/disable wireless open security option on the GUI. | 
                            
                                                |  | honor_df 
                    string
                                                                 |  | Enable/disable honoring of Don't-Fragment (DF) flag. | 
                            
                                                |  | hostname 
                    string
                                                                 |  | FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. | 
                            
                                                |  | igmp_state_limit 
                    integer
                                                                 |  | Maximum number of IGMP memberships (96 - 64000). | 
                            
                                                |  | interval 
                    integer
                                                                 |  | Dead gateway detection interval. | 
                            
                                                |  | ip_src_port_range 
                    string
                                                                 |  | IP source port range used for traffic originating from the FortiGate unit. | 
                            
                                                |  | ips_affinity 
                    string
                                                                 |  | Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). | 
                            
                                                |  | ipsec_asic_offload 
                    string
                                                                 |  | Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. | 
                            
                                                |  | ipsec_hmac_offload 
                    string
                                                                 |  | Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. | 
                            
                                                |  | ipsec_soft_dec_async 
                    string
                                                                 |  | Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. | 
                            
                                                |  | ipv6_accept_dad 
                    integer
                                                                 |  | Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). | 
                            
                                                |  | ipv6_allow_anycast_probe 
                    string
                                                                 |  | Enable/disable IPv6 address probe through Anycast. | 
                            
                                                |  | language 
                    string
                                                                 | Choices:
                                                                                                                                                            englishfrenchspanishportuguesejapanesetrachsimchkorean | GUI display language. | 
                            
                                                |  | ldapconntimeout 
                    integer
                                                                 |  | Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). | 
                            
                                                |  | lldp_transmission 
                    string
                                                                 |  | Enable/disable Link Layer Discovery Protocol (LLDP) transmission. | 
                            
                                                |  | log_ssl_connection 
                    string
                                                                 |  | Enable/disable logging of SSL connection events. | 
                            
                                                |  | log_uuid 
                    string
                                                                 | Choices:
                                                                                                                                                            disablepolicy-onlyextended | Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. | 
                            
                                                |  | login_timestamp 
                    string
                                                                 |  | Enable/disable login time recording. | 
                            
                                                |  | long_vdom_name 
                    string
                                                                 |  | Enable/disable long VDOM name support. | 
                            
                                                |  | management_vdom 
                    string
                                                                 |  | Management virtual domain name. Source system.vdom.name. | 
                            
                                                |  | max_dlpstat_memory 
                    integer
                                                                 |  | Maximum DLP stat memory (0 - 4294967295). | 
                            
                                                |  | max_route_cache_size 
                    integer
                                                                 |  | Maximum number of IP route cache entries (0 - 2147483647). | 
                            
                                                |  | mc_ttl_notchange 
                    string
                                                                 |  | Enable/disable no modification of multicast TTL. | 
                            
                                                |  | memory_use_threshold_extreme 
                    integer
                                                                 |  | Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). | 
                            
                                                |  | memory_use_threshold_green 
                    integer
                                                                 |  | Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). | 
                            
                                                |  | memory_use_threshold_red 
                    integer
                                                                 |  | Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). | 
                            
                                                |  | miglog_affinity 
                    string
                                                                 |  | Affinity setting for logging (64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx). | 
                            
                                                |  | miglogd_children 
                    integer
                                                                 |  | Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. No logs will be dropped or lost if the number is changed. | 
                            
                                                |  | multi_factor_authentication 
                    string
                                                                 | Choices:
                                                                                                                                                            optionalmandatory | Enforce all login methods to require an additional authentication factor . | 
                            
                                                |  | multicast_forward 
                    string
                                                                 |  | Enable/disable multicast forwarding. | 
                            
                                                |  | ndp_max_entry 
                    integer
                                                                 |  | Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). | 
                            
                                                |  | per_user_bwl 
                    string
                                                                 |  | Enable/disable per-user black/white list filter. | 
                            
                                                |  | policy_auth_concurrent 
                    integer
                                                                 |  | Number of concurrent firewall use logins from the same user (1 - 100). | 
                            
                                                |  | post_login_banner 
                    string
                                                                 |  | Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. | 
                            
                                                |  | pre_login_banner 
                    string
                                                                 |  | Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. | 
                            
                                                |  | private_data_encryption 
                    string
                                                                 |  | Enable/disable private data encryption using an AES 128-bit key. | 
                            
                                                |  | proxy_auth_lifetime 
                    string
                                                                 |  | Enable/disable authenticated users lifetime control.  This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. | 
                            
                                                |  | proxy_auth_lifetime_timeout 
                    integer
                                                                 |  | Lifetime timeout in minutes for authenticated users (5  - 65535 min). | 
                            
                                                |  | proxy_auth_timeout 
                    integer
                                                                 |  | Authentication timeout in minutes for authenticated users (1 - 300 min). | 
                            
                                                |  | proxy_cipher_hardware_acceleration 
                    string
                                                                 |  | Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. | 
                            
                                                |  | proxy_kxp_hardware_acceleration 
                    string
                                                                 |  | Enable/disable using the content processor to accelerate KXP traffic. | 
                            
                                                |  | proxy_re_authentication_mode 
                    string
                                                                 | Choices:
                                                                                                                                                            sessiontrafficabsolute | Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. | 
                            
                                                |  | proxy_worker_count 
                    integer
                                                                 |  | Proxy worker count. | 
                            
                                                |  | radius_port 
                    integer
                                                                 |  | RADIUS service port number. | 
                            
                                                |  | reboot_upon_config_restore 
                    string
                                                                 |  | Enable/disable reboot of system upon restoring configuration. | 
                            
                                                |  | refresh 
                    integer
                                                                 |  | Statistics refresh interval in GUI. | 
                            
                                                |  | remoteauthtimeout 
                    integer
                                                                 |  | Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (0-300 sec). | 
                            
                                                |  | reset_sessionless_tcp 
                    string
                                                                 |  | Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. | 
                            
                                                |  | restart_time 
                    string
                                                                 |  | Daily restart time (hh:mm). | 
                            
                                                |  | revision_backup_on_logout 
                    string
                                                                 |  | Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. | 
                            
                                                |  | revision_image_auto_backup 
                    string
                                                                 |  | Enable/disable back-up of the latest configuration revision after the firmware is upgraded. | 
                            
                                                |  | scanunit_count 
                    integer
                                                                 |  | Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. | 
                            
                                                |  | security_rating_result_submission 
                    string
                                                                 |  | Enable/disable the submission of Security Rating results to FortiGuard. | 
                            
                                                |  | security_rating_run_on_schedule 
                    string
                                                                 |  | Enable/disable scheduled runs of Security Rating. | 
                            
                                                |  | send_pmtu_icmp 
                    string
                                                                 |  | Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. | 
                            
                                                |  | snat_route_change 
                    string
                                                                 |  | Enable/disable the ability to change the static NAT route. | 
                            
                                                |  | special_file_23_support 
                    string
                                                                 |  | Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. | 
                            
                                                |  | ssd_trim_date 
                    integer
                                                                 |  | Date within a month to run ssd trim. | 
                            
                                                |  | ssd_trim_freq 
                    string
                                                                 | Choices:
                                                                                                                                                            neverhourlydailyweeklymonthly | How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. | 
                            
                                                |  | ssd_trim_hour 
                    integer
                                                                 |  | Hour of the day on which to run SSD Trim (0 - 23). | 
                            
                                                |  | ssd_trim_min 
                    integer
                                                                 |  | Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). | 
                            
                                                |  | ssd_trim_weekday 
                    string
                                                                 | Choices:
                                                                                                                                                            sundaymondaytuesdaywednesdaythursdayfridaysaturday | Day of week to run SSD Trim. | 
                            
                                                |  | ssh_cbc_cipher 
                    string
                                                                 |  | Enable/disable CBC cipher for SSH access. | 
                            
                                                |  | ssh_hmac_md5 
                    string
                                                                 |  | Enable/disable HMAC-MD5 for SSH access. | 
                            
                                                |  | ssh_kex_sha1 
                    string
                                                                 |  | Enable/disable SHA1 key exchange for SSH access. | 
                            
                                                |  | ssl_min_proto_version 
                    string
                                                                 | Choices:
                                                                                                                                                            SSLv3TLSv1TLSv1-1TLSv1-2 | Minimum supported protocol version for SSL/TLS connections . | 
                            
                                                |  | ssl_static_key_ciphers 
                    string
                                                                 |  | Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). | 
                            
                                                |  | sslvpn_cipher_hardware_acceleration 
                    string
                                                                 |  | Enable/disable SSL VPN hardware acceleration. | 
                            
                                                |  | sslvpn_kxp_hardware_acceleration 
                    string
                                                                 |  | Enable/disable SSL VPN KXP hardware acceleration. | 
                            
                                                |  | sslvpn_max_worker_count 
                    integer
                                                                 |  | Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. | 
                            
                                                |  | sslvpn_plugin_version_check 
                    string
                                                                 |  | Enable/disable checking browser's plugin version by SSL VPN. | 
                            
                                                |  | strict_dirty_session_check 
                    string
                                                                 |  | Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. | 
                            
                                                |  | strong_crypto 
                    string
                                                                 |  | Enable to use strong encryption and only allow strong ciphers (AES, 3DES) and digest (SHA1) for HTTPS/SSH/TLS/SSL functions. | 
                            
                                                |  | switch_controller 
                    string
                                                                 |  | Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. | 
                            
                                                |  | switch_controller_reserved_network 
                    string
                                                                 |  | Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled. | 
                            
                                                |  | sys_perf_log_interval 
                    integer
                                                                 |  | Time in minutes between updates of performance statistics logging. (1 - 15 min). | 
                            
                                                |  | tcp_halfclose_timer 
                    integer
                                                                 |  | Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). | 
                            
                                                |  | tcp_halfopen_timer 
                    integer
                                                                 |  | Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). | 
                            
                                                |  | tcp_option 
                    string
                                                                 |  | Enable SACK, timestamp and MSS TCP options. | 
                            
                                                |  | tcp_timewait_timer 
                    integer
                                                                 |  | Length of the TCP TIME-WAIT state in seconds. | 
                            
                                                |  | tftp 
                    string
                                                                 |  | Enable/disable TFTP. | 
                            
                                                |  | timezone 
                    string
                                                                 | Choices:
                                                                                                                                                            123458167080910111213741477158716171819207521222324807925262728782930313233343536373883844085414243394446475148454950525354555657585960626361646566676869707172082738676 | Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. | 
                            
                                                |  | tp_mc_skip_policy 
                    string
                                                                 |  | Enable/disable skip policy check and allow multicast through. | 
                            
                                                |  | traffic_priority 
                    string
                                                                 |  | Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. | 
                            
                                                |  | traffic_priority_level 
                    string
                                                                 |  | Default system-wide level of priority for traffic prioritization. | 
                            
                                                |  | two_factor_email_expiry 
                    integer
                                                                 |  | Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). | 
                            
                                                |  | two_factor_fac_expiry 
                    integer
                                                                 |  | FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). | 
                            
                                                |  | two_factor_ftk_expiry 
                    integer
                                                                 |  | FortiToken authentication session timeout (60 - 600 sec (10 minutes)). | 
                            
                                                |  | two_factor_ftm_expiry 
                    integer
                                                                 |  | FortiToken Mobile session timeout (1 - 168 hours (7 days)). | 
                            
                                                |  | two_factor_sms_expiry 
                    integer
                                                                 |  | SMS-based two-factor authentication session timeout (30 - 300 sec). | 
                            
                                                |  | udp_idle_timer 
                    integer
                                                                 |  | UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). | 
                            
                                                |  | user_server_cert 
                    string
                                                                 |  | Certificate to use for https user authentication. Source certificate.local.name. | 
                            
                                                |  | vdom_admin 
                    string
                                                                 |  | Enable/disable support for multiple virtual domains (VDOMs). | 
                            
                                                |  | vip_arp_range 
                    string
                                                                 | Choices:
                                                                                                                                                            unlimitedrestricted | Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. | 
                            
                                                |  | virtual_server_count 
                    integer
                                                                 |  | Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. | 
                            
                                                |  | virtual_server_hardware_acceleration 
                    string
                                                                 |  | Enable/disable virtual server hardware acceleration. | 
                            
                                                |  | wad_affinity 
                    string
                                                                 |  | Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). | 
                            
                                                |  | wad_csvc_cs_count 
                    integer
                                                                 |  | Number of concurrent WAD-cache-service object-cache processes. | 
                            
                                                |  | wad_csvc_db_count 
                    integer
                                                                 |  | Number of concurrent WAD-cache-service byte-cache processes. | 
                            
                                                |  | wad_source_affinity 
                    string
                                                                 |  | Enable/disable dispatching traffic to WAD workers based on source affinity. | 
                            
                                                |  | wad_worker_count 
                    integer
                                                                 |  | Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. | 
                            
                                                |  | wifi_ca_certificate 
                    string
                                                                 |  | CA certificate that verifies the WiFi certificate. Source certificate.ca.name. | 
                            
                                                |  | wifi_certificate 
                    string
                                                                 |  | Certificate to use for WiFi authentication. Source certificate.local.name. | 
                            
                                                |  | wimax_4g_usb 
                    string
                                                                 |  | Enable/disable comparability with WiMAX 4G USB devices. | 
                            
                                                |  | wireless_controller 
                    string
                                                                 |  | Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. | 
                            
                                                |  | wireless_controller_port 
                    integer
                                                                 |  | Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). | 
                                            
                                                            | username 
                    string
                                                                 |  | FortiOS or FortiGate username. | 
                            
                                                            | vdom 
                    string
                                                                 | Default: 
 "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |