fortinet / fortinet.fortios / 2.3.6 / module / fortios_system_global Configure global attributes in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_system_global (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and global category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure global attributes. fortinet.fortios.fortios_system_global: vdom: "{{ vdom }}" system_global: admin_concurrent: "enable" admin_console_timeout: "0" admin_forticloud_sso_default_profile: "<your_own_value> (source system.accprofile.name)" admin_forticloud_sso_login: "enable" admin_host: "myhostname" admin_hsts_max_age: "15552000" admin_https_pki_required: "enable" admin_https_redirect: "enable" admin_https_ssl_banned_ciphers: "RSA" admin_https_ssl_ciphersuites: "TLS-AES-128-GCM-SHA256" admin_https_ssl_versions: "tlsv1-1" admin_lockout_duration: "60" admin_lockout_threshold: "3" admin_login_max: "100" admin_maintainer: "enable" admin_port: "80" admin_restrict_local: "enable" admin_scp: "enable" admin_server_cert: "<your_own_value> (source certificate.local.name)" admin_sport: "443" admin_ssh_grace_time: "120" admin_ssh_password: "enable" admin_ssh_port: "22" admin_ssh_v1: "enable" admin_telnet: "enable" admin_telnet_port: "23" admintimeout: "5" alias: "<your_own_value>" allow_traffic_redirect: "enable" anti_replay: "disable" arp_max_entry: "131072" asymroute: "enable" auth_cert: "<your_own_value> (source certificate.local.name)" auth_http_port: "1000" auth_https_port: "1003" auth_ike_saml_port: "1001" auth_keepalive: "enable" auth_session_limit: "block-new" auto_auth_extension_device: "enable" autorun_log_fsck: "enable" av_affinity: "<your_own_value>" av_failopen: "pass" av_failopen_session: "enable" batch_cmdb: "enable" bfd_affinity: "<your_own_value>" block_session_timer: "30" br_fdb_max_entry: "8192" cert_chain_max: "8" cfg_revert_timeout: "600" cfg_save: "automatic" check_protocol_header: "loose" check_reset_range: "strict" cli_audit_log: "enable" cloud_communication: "enable" clt_cert_req: "enable" cmdbsvr_affinity: "<your_own_value>" compliance_check: "enable" compliance_check_time: "<your_own_value>" cpu_use_threshold: "90" csr_ca_attribute: "enable" daily_restart: "enable" default_service_source_port: "<your_own_value>" device_identification_active_scan_delay: "1800" device_idle_timeout: "300" dh_params: "1024" dnsproxy_worker_count: "1" dst: "enable" early_tcp_npu_session: "enable" edit_vdom_prompt: "enable" endpoint_control_fds_access: "enable" endpoint_control_portal_port: "32767" extender_controller_reserved_network: "<your_own_value>" failtime: "5" faz_disk_buffer_size: "0" fds_statistics: "enable" fds_statistics_period: "60" fec_port: "50000" fgd_alert_subscription: "advisory" forticarrier_bypass: "enable" forticonverter_config_upload: "once" forticonverter_integration: "enable" fortiextender: "disable" fortiextender_data_port: "25246" fortiextender_discovery_lockdown: "disable" fortiextender_provision_on_authorization: "enable" fortiextender_vlan_mode: "enable" fortigslb_integration: "disable" fortiipam_integration: "enable" fortiservice_port: "8013" fortitoken_cloud: "enable" fortitoken_cloud_push_status: "enable" fortitoken_cloud_sync_interval: "24" gui_allow_default_hostname: "enable" gui_allow_incompatible_fabric_fgt: "enable" gui_app_detection_sdwan: "enable" gui_auto_upgrade_setup_warning: "enable" gui_cdn_domain_override: "<your_own_value>" gui_cdn_usage: "enable" gui_certificates: "enable" gui_custom_language: "enable" gui_date_format: "yyyy/MM/dd" gui_date_time_source: "system" gui_device_latitude: "<your_own_value>" gui_device_longitude: "<your_own_value>" gui_display_hostname: "enable" gui_firmware_upgrade_warning: "enable" gui_forticare_registration_setup_warning: "enable" gui_fortigate_cloud_sandbox: "enable" gui_fortiguard_resource_fetch: "enable" gui_fortisandbox_cloud: "enable" gui_ipv6: "enable" gui_lines_per_page: "500" gui_local_out: "enable" gui_replacement_message_groups: "enable" gui_rest_api_cache: "enable" gui_theme: "jade" gui_wireless_opensecurity: "enable" gui_workflow_management: "enable" ha_affinity: "<your_own_value>" honor_df: "enable" hostname: "myhostname" igmp_state_limit: "3200" interface_subnet_usage: "disable" internet_service_database: "mini" internet_service_download_list: - id: "128 (source firewall.internet-service.id)" interval: "5" ip_fragment_mem_thresholds: "32" ip_src_port_range: "<your_own_value>" ips_affinity: "<your_own_value>" ipsec_asic_offload: "enable" ipsec_ha_seqjump_rate: "10" ipsec_hmac_offload: "enable" ipsec_round_robin: "enable" ipsec_soft_dec_async: "enable" ipv6_accept_dad: "1" ipv6_allow_anycast_probe: "enable" ipv6_allow_local_in_slient_drop: "enable" ipv6_allow_multicast_probe: "enable" ipv6_allow_traffic_redirect: "enable" irq_time_accounting: "auto" language: "english" ldapconntimeout: "500" lldp_reception: "enable" lldp_transmission: "enable" log_single_cpu_high: "enable" log_ssl_connection: "enable" log_uuid: "disable" log_uuid_address: "enable" log_uuid_policy: "enable" login_timestamp: "enable" long_vdom_name: "enable" management_ip: "<your_own_value>" management_port: "443" management_port_use_admin_sport: "enable" management_vdom: "<your_own_value> (source system.vdom.name)" max_dlpstat_memory: "159" max_route_cache_size: "0" mc_ttl_notchange: "enable" memory_use_threshold_extreme: "95" memory_use_threshold_green: "82" memory_use_threshold_red: "88" miglog_affinity: "<your_own_value>" miglogd_children: "0" multi_factor_authentication: "optional" multicast_forward: "enable" ndp_max_entry: "0" per_user_bal: "enable" per_user_bwl: "enable" pmtu_discovery: "enable" policy_auth_concurrent: "0" post_login_banner: "disable" pre_login_banner: "enable" private_data_encryption: "disable" proxy_auth_lifetime: "enable" proxy_auth_lifetime_timeout: "480" proxy_auth_timeout: "10" proxy_cert_use_mgmt_vdom: "enable" proxy_cipher_hardware_acceleration: "disable" proxy_hardware_acceleration: "disable" proxy_keep_alive_mode: "session" proxy_kxp_hardware_acceleration: "disable" proxy_re_authentication_mode: "session" proxy_re_authentication_time: "30" proxy_resource_mode: "enable" proxy_worker_count: "0" purdue_level: "1" quic_ack_thresold: "3" quic_congestion_control_algo: "cubic" quic_max_datagram_size: "1500" quic_pmtud: "enable" quic_tls_handshake_timeout: "5" quic_udp_payload_size_shaping_per_cid: "enable" radius_port: "1812" reboot_upon_config_restore: "enable" refresh: "0" remoteauthtimeout: "5" reset_sessionless_tcp: "enable" restart_time: "<your_own_value>" revision_backup_on_logout: "enable" revision_image_auto_backup: "enable" scanunit_count: "0" security_rating_result_submission: "enable" security_rating_run_on_schedule: "enable" send_pmtu_icmp: "enable" sflowd_max_children_num: "6" snat_route_change: "enable" special_file_23_support: "disable" speedtest_server: "enable" speedtestd_ctrl_port: "5200" speedtestd_server_port: "5201" split_port: "<your_own_value>" split_port_mode: - interface: "<your_own_value>" split_mode: "disable" ssd_trim_date: "1" ssd_trim_freq: "never" ssd_trim_hour: "1" ssd_trim_min: "60" ssd_trim_weekday: "sunday" ssh_cbc_cipher: "enable" ssh_enc_algo: "chacha20-poly1305@openssh.com" ssh_hmac_md5: "enable" ssh_hostkey: "myhostname" ssh_hostkey_algo: "ssh-rsa" ssh_hostkey_override: "disable" ssh_hostkey_password: "myhostname" ssh_kex_algo: "diffie-hellman-group1-sha1" ssh_kex_sha1: "enable" ssh_mac_algo: "hmac-md5" ssh_mac_weak: "enable" ssl_min_proto_version: "SSLv3" ssl_static_key_ciphers: "enable" sslvpn_cipher_hardware_acceleration: "enable" sslvpn_ems_sn_check: "enable" sslvpn_kxp_hardware_acceleration: "enable" sslvpn_max_worker_count: "0" sslvpn_plugin_version_check: "enable" sslvpn_web_mode: "enable" strict_dirty_session_check: "enable" strong_crypto: "enable" switch_controller: "disable" switch_controller_reserved_network: "<your_own_value>" sys_perf_log_interval: "5" syslog_affinity: "<your_own_value>" tcp_halfclose_timer: "120" tcp_halfopen_timer: "10" tcp_option: "enable" tcp_rst_timer: "5" tcp_timewait_timer: "1" tftp: "enable" timezone: "<your_own_value> (source system.timezone.name)" tp_mc_skip_policy: "enable" traffic_priority: "tos" traffic_priority_level: "low" two_factor_email_expiry: "60" two_factor_fac_expiry: "60" two_factor_ftk_expiry: "60" two_factor_ftm_expiry: "72" two_factor_sms_expiry: "60" udp_idle_timer: "180" url_filter_affinity: "<your_own_value>" url_filter_count: "1" user_device_store_max_devices: "20911" user_device_store_max_unified_mem: "104558182" user_device_store_max_users: "20911" user_server_cert: "<your_own_value> (source certificate.local.name)" vdom_admin: "enable" vdom_mode: "no-vdom" vip_arp_range: "unlimited" virtual_server_count: "20" virtual_server_hardware_acceleration: "disable" virtual_switch_vlan: "enable" vpn_ems_sn_check: "enable" wad_affinity: "<your_own_value>" wad_csvc_cs_count: "1" wad_csvc_db_count: "0" wad_memory_change_granularity: "10" wad_restart_end_time: "<your_own_value>" wad_restart_mode: "none" wad_restart_start_time: "<your_own_value>" wad_source_affinity: "disable" wad_worker_count: "0" wifi_ca_certificate: "<your_own_value> (source certificate.ca.name)" wifi_certificate: "<your_own_value> (source certificate.local.name)" wimax_4g_usb: "enable" wireless_controller: "enable" wireless_controller_port: "5246"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str system_global: default: null description: - Configure global attributes. suboptions: admin_concurrent: choices: - enable - disable description: - Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. type: str admin_console_timeout: description: - Console login timeout that overrides the admin timeout value (15 - 300 seconds). type: int admin_forticloud_sso_default_profile: description: - Override access profile. Source system.accprofile.name. type: str admin_forticloud_sso_login: choices: - enable - disable description: - Enable/disable FortiCloud admin login via SSO. type: str admin_host: description: - Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client"s Host header for any redirection. type: str admin_hsts_max_age: description: - HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. type: int admin_https_pki_required: choices: - enable - disable description: - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. type: str admin_https_redirect: choices: - enable - disable description: - Enable/disable redirection of HTTP administration access to HTTPS. type: str admin_https_ssl_banned_ciphers: choices: - RSA - DHE - ECDHE - DSS - ECDSA - AES - AESGCM - CAMELLIA - 3DES - SHA1 - SHA256 - SHA384 - STATIC - CHACHA20 - ARIA - AESCCM description: - Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. elements: str type: list admin_https_ssl_ciphersuites: choices: - TLS-AES-128-GCM-SHA256 - TLS-AES-256-GCM-SHA384 - TLS-CHACHA20-POLY1305-SHA256 - TLS-AES-128-CCM-SHA256 - TLS-AES-128-CCM-8-SHA256 description: - Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. elements: str type: list admin_https_ssl_versions: choices: - tlsv1-1 - tlsv1-2 - tlsv1-3 - tlsv1-0 description: - Allowed TLS versions for web administration. elements: str type: list admin_lockout_duration: description: - Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. type: int admin_lockout_threshold: description: - Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. type: int admin_login_max: description: - Maximum number of administrators who can be logged in at the same time (1 - 100). type: int admin_maintainer: choices: - enable - disable description: - Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. type: str admin_port: description: - Administrative access port for HTTP. (1 - 65535). type: int admin_restrict_local: choices: - enable - disable description: - Enable/disable local admin authentication restriction when remote authenticator is up and running . type: str admin_scp: choices: - enable - disable description: - Enable/disable SCP support for system configuration backup, restore, and firmware file upload. type: str admin_server_cert: description: - Server certificate that the FortiGate uses for HTTPS administrative connections. Source certificate.local.name. type: str admin_sport: description: - Administrative access port for HTTPS. (1 - 65535). type: int admin_ssh_grace_time: description: - Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour)). type: int admin_ssh_password: choices: - enable - disable description: - Enable/disable password authentication for SSH admin access. type: str admin_ssh_port: description: - Administrative access port for SSH. (1 - 65535). type: int admin_ssh_v1: choices: - enable - disable description: - Enable/disable SSH v1 compatibility. type: str admin_telnet: choices: - enable - disable description: - Enable/disable TELNET service. type: str admin_telnet_port: description: - Administrative access port for TELNET. (1 - 65535). type: int admintimeout: description: - Number of minutes before an idle administrator session times out (1 - 480 minutes (8 hours)). A shorter idle timeout is more secure. type: int alias: description: - Alias for your FortiGate unit. type: str allow_traffic_redirect: choices: - enable - disable description: - Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. type: str anti_replay: choices: - disable - loose - strict description: - Level of checking for packet replay and TCP sequence checking. type: str arp_max_entry: description: - Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647). type: int asymroute: choices: - enable - disable description: - Enable/disable asymmetric route. type: str auth_cert: description: - Server certificate that the FortiGate uses for HTTPS firewall authentication connections. Source certificate.local.name. type: str auth_http_port: description: - User authentication HTTP port. (1 - 65535). type: int auth_https_port: description: - User authentication HTTPS port. (1 - 65535). type: int auth_ike_saml_port: description: - User IKE SAML authentication port (0 - 65535). type: int auth_keepalive: choices: - enable - disable description: - Enable to prevent user authentication sessions from timing out when idle. type: str auth_session_limit: choices: - block-new - logout-inactive description: - Action to take when the number of allowed user authenticated sessions is reached. type: str auto_auth_extension_device: choices: - enable - disable description: - Enable/disable automatic authorization of dedicated Fortinet extension devices. type: str autorun_log_fsck: choices: - enable - disable description: - Enable/disable automatic log partition check after ungraceful shutdown. type: str av_affinity: description: - Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str av_failopen: choices: - pass - 'off' - one-shot description: - Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. type: str av_failopen_session: choices: - enable - disable description: - When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. type: str batch_cmdb: choices: - enable - disable description: - Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. type: str bfd_affinity: description: - Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str block_session_timer: description: - Duration in seconds for blocked sessions (1 - 300 sec (5 minutes)). type: int br_fdb_max_entry: description: - Maximum number of bridge forwarding database (FDB) entries. type: int cert_chain_max: description: - Maximum number of certificates that can be traversed in a certificate chain. type: int cfg_revert_timeout: description: - Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds). type: int cfg_save: choices: - automatic - manual - revert description: - Configuration file save mode for CLI changes. type: str check_protocol_header: choices: - loose - strict description: - Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is OK in most cases. type: str check_reset_range: choices: - strict - disable description: - Configure ICMP error message verification. You can either apply strict RST range checking or disable it. type: str cli_audit_log: choices: - enable - disable description: - Enable/disable CLI audit log. type: str cloud_communication: choices: - enable - disable description: - Enable/disable all cloud communication. type: str clt_cert_req: choices: - enable - disable description: - Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. type: str cmdbsvr_affinity: description: - Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str compliance_check: choices: - enable - disable description: - Enable/disable global PCI DSS compliance check. type: str compliance_check_time: description: - Time of day to run scheduled PCI DSS compliance checks. type: str cpu_use_threshold: description: - Threshold at which CPU usage is reported (% of total CPU). type: int csr_ca_attribute: choices: - enable - disable description: - Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. type: str daily_restart: choices: - enable - disable description: - Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. type: str default_service_source_port: description: - Default service source port range . type: str device_identification_active_scan_delay: description: - Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour)). type: int device_idle_timeout: description: - Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year)). type: int dh_params: choices: - '1024' - '1536' - '2048' - '3072' - '4096' - '6144' - '8192' description: - Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. type: str dnsproxy_worker_count: description: - DNS proxy worker count. For a FortiGate with multiple logical CPUs, you can set the DNS process number from 1 to the number of logical CPUs. type: int dst: choices: - enable - disable description: - Enable/disable daylight saving time. type: str early_tcp_npu_session: choices: - enable - disable description: - Enable/disable early TCP NPU session. type: str edit_vdom_prompt: choices: - enable - disable description: - Enable/disable edit new VDOM prompt. type: str endpoint_control_fds_access: choices: - enable - disable description: - Enable/disable access to the FortiGuard network for non-compliant endpoints. type: str endpoint_control_portal_port: description: - Endpoint control portal port (1 - 65535). type: int extender_controller_reserved_network: description: - Configure reserved network subnet for managed LAN extension FortiExtender units. This is available when the FortiExtender daemon is running. type: str failtime: description: - Fail-time for server lost. type: int faz_disk_buffer_size: description: - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailable. type: int fds_statistics: choices: - enable - disable description: - Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet"s privacy policy. type: str fds_statistics_period: description: - FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours)). type: int fec_port: description: - Local UDP port for Forward Error Correction (49152 - 65535). type: int fgd_alert_subscription: choices: - advisory - latest-threat - latest-virus - latest-attack - new-antivirus-db - new-attack-db description: - Type of alert to retrieve from FortiGuard. elements: str type: list forticarrier_bypass: choices: - enable - disable description: - Enable/disable forticarrier-bypass. type: str forticonverter_config_upload: choices: - once - disable description: - Enable/disable config upload to FortiConverter. type: str forticonverter_integration: choices: - enable - disable description: - Enable/disable FortiConverter integration service. type: str fortiextender: choices: - disable - enable description: - Enable/disable FortiExtender. type: str fortiextender_data_port: description: - FortiExtender data port (1024 - 49150). type: int fortiextender_discovery_lockdown: choices: - disable - enable description: - Enable/disable FortiExtender CAPWAP lockdown. type: str fortiextender_provision_on_authorization: choices: - enable - disable description: - Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. type: str fortiextender_vlan_mode: choices: - enable - disable description: - Enable/disable FortiExtender VLAN mode. type: str fortigslb_integration: choices: - disable - enable description: - Enable/disable integration with the FortiGSLB cloud service. type: str fortiipam_integration: choices: - enable - disable description: - Enable/disable integration with the FortiIPAM cloud service. type: str fortiservice_port: description: - FortiService port (1 - 65535). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: int fortitoken_cloud: choices: - enable - disable description: - Enable/disable FortiToken Cloud service. type: str fortitoken_cloud_push_status: choices: - enable - disable description: - Enable/disable FTM push service of FortiToken Cloud. type: str fortitoken_cloud_sync_interval: description: - Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days)). type: int gui_allow_default_hostname: choices: - enable - disable description: - Enable/disable the factory default hostname warning on the GUI setup wizard. type: str gui_allow_incompatible_fabric_fgt: choices: - enable - disable description: - Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. type: str gui_app_detection_sdwan: choices: - enable - disable description: - Enable/disable Allow app-detection based SD-WAN. type: str gui_auto_upgrade_setup_warning: choices: - enable - disable description: - Enable/disable the automatic patch upgrade setup prompt on the GUI. type: str gui_cdn_domain_override: description: - Domain of CDN server. type: str gui_cdn_usage: choices: - enable - disable description: - Enable/disable Load GUI static files from a CDN. type: str gui_certificates: choices: - enable - disable description: - Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. type: str gui_custom_language: choices: - enable - disable description: - Enable/disable custom languages in GUI. type: str gui_date_format: choices: - yyyy/MM/dd - dd/MM/yyyy - MM/dd/yyyy - yyyy-MM-dd - dd-MM-yyyy - MM-dd-yyyy description: - Default date format used throughout GUI. type: str gui_date_time_source: choices: - system - browser description: - Source from which the FortiGate GUI uses to display date and time entries. type: str gui_device_latitude: description: - Add the latitude of the location of this FortiGate to position it on the Threat Map. type: str gui_device_longitude: description: - Add the longitude of the location of this FortiGate to position it on the Threat Map. type: str gui_display_hostname: choices: - enable - disable description: - Enable/disable displaying the FortiGate"s hostname on the GUI login page. type: str gui_firmware_upgrade_warning: choices: - enable - disable description: - Enable/disable the firmware upgrade warning on the GUI. type: str gui_forticare_registration_setup_warning: choices: - enable - disable description: - Enable/disable the FortiCare registration setup warning on the GUI. type: str gui_fortigate_cloud_sandbox: choices: - enable - disable description: - Enable/disable displaying FortiGate Cloud Sandbox on the GUI. type: str gui_fortiguard_resource_fetch: choices: - enable - disable description: - Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. type: str gui_fortisandbox_cloud: choices: - enable - disable description: - Enable/disable displaying FortiSandbox Cloud on the GUI. type: str gui_ipv6: choices: - enable - disable description: - Enable/disable IPv6 settings on the GUI. type: str gui_lines_per_page: description: - Number of lines to display per page for web administration. type: int gui_local_out: choices: - enable - disable description: - Enable/disable Local-out traffic on the GUI. type: str gui_replacement_message_groups: choices: - enable - disable description: - Enable/disable replacement message groups on the GUI. type: str gui_rest_api_cache: choices: - enable - disable description: - Enable/disable REST API result caching on FortiGate. type: str gui_theme: choices: - jade - neutrino - mariner - graphite - melongene - jet-stream - security-fabric - retro - dark-matter - onyx - eclipse - green - blue - red description: - Color scheme for the administration GUI. type: str gui_wireless_opensecurity: choices: - enable - disable description: - Enable/disable wireless open security option on the GUI. type: str gui_workflow_management: choices: - enable - disable description: - Enable/disable Workflow management features on the GUI. type: str ha_affinity: description: - Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str honor_df: choices: - enable - disable description: - Enable/disable honoring of Don"t-Fragment (DF) flag. type: str hostname: description: - FortiGate unit"s hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. type: str igmp_state_limit: description: - Maximum number of IGMP memberships (96 - 64000). type: int interface_subnet_usage: choices: - disable - enable description: - Enable/disable allowing use of interface-subnet setting in firewall addresses . type: str internet_service_database: choices: - mini - standard - full - on-demand description: - Configure which Internet Service database size to download from FortiGuard and use. type: str internet_service_download_list: description: - Configure which on-demand Internet Service IDs are to be downloaded. elements: dict suboptions: id: description: - Internet Service ID. see <a href='#notes'>Notes</a>. Source firewall.internet-service.id. required: true type: int type: list interval: description: - Dead gateway detection interval. type: int ip_fragment_mem_thresholds: description: - Maximum memory (MB) used to reassemble IPv4/IPv6 fragments. type: int ip_src_port_range: description: - IP source port range used for traffic originating from the FortiGate unit. type: str ips_affinity: description: - Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). type: str ipsec_asic_offload: choices: - enable - disable description: - Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. type: str ipsec_ha_seqjump_rate: description: - ESP jump ahead rate (1G - 10G pps equivalent). type: int ipsec_hmac_offload: choices: - enable - disable description: - Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. type: str ipsec_round_robin: choices: - enable - disable description: - Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. type: str ipsec_soft_dec_async: choices: - enable - disable description: - Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. type: str ipv6_accept_dad: description: - Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). type: int ipv6_allow_anycast_probe: choices: - enable - disable description: - Enable/disable IPv6 address probe through Anycast. type: str ipv6_allow_local_in_slient_drop: choices: - enable - disable description: - Enable/disable silent drop of IPv6 local-in traffic. type: str ipv6_allow_multicast_probe: choices: - enable - disable description: - Enable/disable IPv6 address probe through Multicast. type: str ipv6_allow_traffic_redirect: choices: - enable - disable description: - Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. type: str irq_time_accounting: choices: - auto - force description: - Configure CPU IRQ time accounting mode. type: str language: choices: - english - french - spanish - portuguese - japanese - trach - simch - korean description: - GUI display language. type: str ldapconntimeout: description: - Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000). type: int lldp_reception: choices: - enable - disable description: - Enable/disable Link Layer Discovery Protocol (LLDP) reception. type: str lldp_transmission: choices: - enable - disable description: - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. type: str log_single_cpu_high: choices: - enable - disable description: - Enable/disable logging the event of a single CPU core reaching CPU usage threshold. type: str log_ssl_connection: choices: - enable - disable description: - Enable/disable logging of SSL connection events. type: str log_uuid: choices: - disable - policy-only - extended description: - Whether UUIDs are added to traffic logs. You can disable UUIDs, add firewall policy UUIDs to traffic logs, or add all UUIDs to traffic logs. type: str log_uuid_address: choices: - enable - disable description: - Enable/disable insertion of address UUIDs to traffic logs. type: str log_uuid_policy: choices: - enable - disable description: - Enable/disable insertion of policy UUIDs to traffic logs. type: str login_timestamp: choices: - enable - disable description: - Enable/disable login time recording. type: str long_vdom_name: choices: - enable - disable description: - Enable/disable long VDOM name support. type: str management_ip: description: - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str management_port: description: - Overriding port for management connection (Overrides admin port). type: int management_port_use_admin_sport: choices: - enable - disable description: - Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. type: str management_vdom: description: - Management virtual domain name. Source system.vdom.name. type: str max_dlpstat_memory: description: - Maximum DLP stat memory (0 - 4294967295). type: int max_route_cache_size: description: - Maximum number of IP route cache entries (0 - 2147483647). type: int mc_ttl_notchange: choices: - enable - disable description: - Enable/disable no modification of multicast TTL. type: str memory_use_threshold_extreme: description: - Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM). type: int memory_use_threshold_green: description: - Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM). type: int memory_use_threshold_red: description: - Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM). type: int miglog_affinity: description: - Affinity setting for logging (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str miglogd_children: description: - Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. type: int multi_factor_authentication: choices: - optional - mandatory description: - Enforce all login methods to require an additional authentication factor . type: str multicast_forward: choices: - enable - disable description: - Enable/disable multicast forwarding. type: str ndp_max_entry: description: - Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). type: int per_user_bal: choices: - enable - disable description: - Enable/disable per-user block/allow list filter. type: str per_user_bwl: choices: - enable - disable description: - Enable/disable per-user black/white list filter. type: str pmtu_discovery: choices: - enable - disable description: - Enable/disable path MTU discovery. type: str policy_auth_concurrent: description: - Number of concurrent firewall use logins from the same user (1 - 100). type: int post_login_banner: choices: - disable - enable description: - Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. type: str pre_login_banner: choices: - enable - disable description: - Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. type: str private_data_encryption: choices: - disable - enable description: - Enable/disable private data encryption using an AES 128-bit key or passpharse. type: str proxy_auth_lifetime: choices: - enable - disable description: - Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. type: str proxy_auth_lifetime_timeout: description: - Lifetime timeout in minutes for authenticated users (5 - 65535 min). type: int proxy_auth_timeout: description: - Authentication timeout in minutes for authenticated users (1 - 300 min). type: int proxy_cert_use_mgmt_vdom: choices: - enable - disable description: - Enable/disable using management VDOM to send requests. type: str proxy_cipher_hardware_acceleration: choices: - disable - enable description: - Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. type: str proxy_hardware_acceleration: choices: - disable - enable description: - Enable/disable email proxy hardware acceleration. type: str proxy_keep_alive_mode: choices: - session - traffic - re-authentication description: - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. type: str proxy_kxp_hardware_acceleration: choices: - disable - enable description: - Enable/disable using the content processor to accelerate KXP traffic. type: str proxy_re_authentication_mode: choices: - session - traffic - absolute description: - Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. type: str proxy_re_authentication_time: description: - The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s. type: int proxy_resource_mode: choices: - enable - disable description: - Enable/disable use of the maximum memory usage on the FortiGate unit"s proxy processing of resources, such as block lists, allow lists, and external resources. type: str proxy_worker_count: description: - Proxy worker count. type: int purdue_level: choices: - '1' - '1.5' - '2' - '2.5' - '3' - '3.5' - '4' - '5' - '5.5' description: - Purdue Level of this FortiGate. type: str quic_ack_thresold: description: - Maximum number of unacknowledged packets before sending ACK (2 - 5). type: int quic_congestion_control_algo: choices: - cubic - bbr - bbr2 - reno description: - QUIC congestion control algorithm . type: str quic_max_datagram_size: description: - Maximum transmit datagram size (1200 - 1500). type: int quic_pmtud: choices: - enable - disable description: - Enable/disable path MTU discovery . type: str quic_tls_handshake_timeout: description: - Time-to-live (TTL) for TLS handshake in seconds (1 - 60). type: int quic_udp_payload_size_shaping_per_cid: choices: - enable - disable description: - Enable/disable UDP payload size shaping per connection ID . type: str radius_port: description: - RADIUS service port number. type: int reboot_upon_config_restore: choices: - enable - disable description: - Enable/disable reboot of system upon restoring configuration. type: str refresh: description: - Statistics refresh interval second(s) in GUI. type: int remoteauthtimeout: description: - Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (1-300 sec). type: int reset_sessionless_tcp: choices: - enable - disable description: - Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. type: str restart_time: description: - Daily restart time (hh:mm). type: str revision_backup_on_logout: choices: - enable - disable description: - Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. type: str revision_image_auto_backup: choices: - enable - disable description: - Enable/disable back-up of the latest image revision after the firmware is upgraded. type: str scanunit_count: description: - Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. type: int security_rating_result_submission: choices: - enable - disable description: - Enable/disable the submission of Security Rating results to FortiGuard. type: str security_rating_run_on_schedule: choices: - enable - disable description: - Enable/disable scheduled runs of Security Rating. type: str send_pmtu_icmp: choices: - enable - disable description: - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. type: str sflowd_max_children_num: description: - Maximum number of sflowd child processes allowed to run. type: int snat_route_change: choices: - enable - disable description: - Enable/disable the ability to change the source NAT route. type: str special_file_23_support: choices: - disable - enable description: - Enable/disable detection of those special format files when using Data Leak Prevention. type: str speedtest_server: choices: - enable - disable description: - Enable/disable speed test server. type: str speedtestd_ctrl_port: description: - Speedtest server controller port number. type: int speedtestd_server_port: description: - Speedtest server port number. type: int split_port: description: - Split port(s) to multiple 10Gbps ports. elements: str type: list split_port_mode: description: - Configure split port mode of ports. elements: dict suboptions: interface: description: - Split port interface. required: true type: str split_mode: choices: - disable - 4x10G - 4x25G - 4x50G - 8x25G - 8x50G - 4x100G - 2x200G description: - The configuration mode for the split port interface. type: str type: list ssd_trim_date: description: - Date within a month to run ssd trim. type: int ssd_trim_freq: choices: - never - hourly - daily - weekly - monthly description: - How often to run SSD Trim . SSD Trim prevents SSD drive data loss by finding and isolating errors. type: str ssd_trim_hour: description: - Hour of the day on which to run SSD Trim (0 - 23). type: int ssd_trim_min: description: - Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). type: int ssd_trim_weekday: choices: - sunday - monday - tuesday - wednesday - thursday - friday - saturday description: - Day of week to run SSD Trim. type: str ssh_cbc_cipher: choices: - enable - disable description: - Enable/disable CBC cipher for SSH access. type: str ssh_enc_algo: choices: - chacha20-poly1305@openssh.com - aes128-ctr - aes192-ctr - aes256-ctr - arcfour256 - arcfour128 - aes128-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - aes192-cbc - aes256-cbc - arcfour - rijndael-cbc@lysator.liu.se - aes128-gcm@openssh.com - aes256-gcm@openssh.com description: - Select one or more SSH ciphers. elements: str type: list ssh_hmac_md5: choices: - enable - disable description: - Enable/disable HMAC-MD5 for SSH access. type: str ssh_hostkey: description: - Config SSH host key. type: str ssh_hostkey_algo: choices: - ssh-rsa - ecdsa-sha2-nistp521 - ecdsa-sha2-nistp384 - ecdsa-sha2-nistp256 - rsa-sha2-256 - rsa-sha2-512 - ssh-ed25519 description: - Select one or more SSH hostkey algorithms. elements: str type: list ssh_hostkey_override: choices: - disable - enable description: - Enable/disable SSH host key override in SSH daemon. type: str ssh_hostkey_password: description: - Password for ssh-hostkey. type: str ssh_kex_algo: choices: - diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - curve25519-sha256@libssh.org - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 description: - Select one or more SSH kex algorithms. elements: str type: list ssh_kex_sha1: choices: - enable - disable description: - Enable/disable SHA1 key exchange for SSH access. type: str ssh_mac_algo: choices: - hmac-md5 - hmac-md5-etm@openssh.com - hmac-md5-96 - hmac-md5-96-etm@openssh.com - hmac-sha1 - hmac-sha1-etm@openssh.com - hmac-sha2-256 - hmac-sha2-256-etm@openssh.com - hmac-sha2-512 - hmac-sha2-512-etm@openssh.com - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com - umac-64@openssh.com - umac-128@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com description: - Select one or more SSH MAC algorithms. elements: str type: list ssh_mac_weak: choices: - enable - disable description: - Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. type: str ssl_min_proto_version: choices: - SSLv3 - TLSv1 - TLSv1-1 - TLSv1-2 - TLSv1-3 description: - Minimum supported protocol version for SSL/TLS connections . type: str ssl_static_key_ciphers: choices: - enable - disable description: - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). type: str sslvpn_cipher_hardware_acceleration: choices: - enable - disable description: - sslvpn-cipher-hardware-acceleration type: str sslvpn_ems_sn_check: choices: - enable - disable description: - Enable/disable verification of EMS serial number in SSL-VPN connection. type: str sslvpn_kxp_hardware_acceleration: choices: - enable - disable description: - sslvpn-kxp-hardware-acceleration type: str sslvpn_max_worker_count: description: - Maximum number of SSL-VPN processes. Upper limit for this value is the number of CPUs and depends on the model. Default value of zero means the SSLVPN daemon decides the number of worker processes. type: int sslvpn_plugin_version_check: choices: - enable - disable description: - sslvpn-plugin-version-check type: str sslvpn_web_mode: choices: - enable - disable description: - Enable/disable SSL-VPN web mode. type: str strict_dirty_session_check: choices: - enable - disable description: - Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. type: str strong_crypto: choices: - enable - disable description: - Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. type: str switch_controller: choices: - disable - enable description: - Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. type: str switch_controller_reserved_network: description: - Configure reserved network subnet for managed switches. This is available when the switch controller is enabled. type: str sys_perf_log_interval: description: - Time in minutes between updates of performance statistics logging. (1 - 15 min). type: int syslog_affinity: description: - Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str tcp_halfclose_timer: description: - Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day)). type: int tcp_halfopen_timer: description: - Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day)). type: int tcp_option: choices: - enable - disable description: - Enable SACK, timestamp and MSS TCP options. type: str tcp_rst_timer: description: - Length of the TCP CLOSE state in seconds (5 - 300 sec). type: int tcp_timewait_timer: description: - Length of the TCP TIME-WAIT state in seconds (1 - 300 sec). type: int tftp: choices: - enable - disable description: - Enable/disable TFTP. type: str timezone: description: - Timezone database name. Enter ? to view the list of timezone. Source system.timezone.name. type: str tp_mc_skip_policy: choices: - enable - disable description: - Enable/disable skip policy check and allow multicast through. type: str traffic_priority: choices: - tos - dscp description: - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. type: str traffic_priority_level: choices: - low - medium - high description: - Default system-wide level of priority for traffic prioritization. type: str two_factor_email_expiry: description: - Email-based two-factor authentication session timeout (30 - 300 seconds (5 minutes)). type: int two_factor_fac_expiry: description: - FortiAuthenticator token authentication session timeout (10 - 3600 seconds (1 hour)). type: int two_factor_ftk_expiry: description: - FortiToken authentication session timeout (60 - 600 sec (10 minutes)). type: int two_factor_ftm_expiry: description: - FortiToken Mobile session timeout (1 - 168 hours (7 days)). type: int two_factor_sms_expiry: description: - SMS-based two-factor authentication session timeout (30 - 300 sec). type: int udp_idle_timer: description: - UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day)). type: int url_filter_affinity: description: - URL filter CPU affinity. type: str url_filter_count: description: - URL filter daemon count. type: int user_device_store_max_devices: description: - Maximum number of devices allowed in user device store. type: int user_device_store_max_unified_mem: description: - Maximum unified memory allowed in user device store. type: int user_device_store_max_users: description: - Maximum number of users allowed in user device store. type: int user_server_cert: description: - Certificate to use for https user authentication. Source certificate.local.name. type: str vdom_admin: choices: - enable - disable description: - vdom-admin type: str vdom_mode: choices: - no-vdom - multi-vdom - split-vdom description: - Enable/disable support for multiple virtual domains (VDOMs). type: str vip_arp_range: choices: - unlimited - restricted description: - Controls the number of ARPs that the FortiGate sends for a Virtual IP (VIP) address range. type: str virtual_server_count: description: - Maximum number of virtual server processes to create. The maximum is the number of CPU cores. This is not available on single-core CPUs. type: int virtual_server_hardware_acceleration: choices: - disable - enable description: - Enable/disable virtual server hardware acceleration. type: str virtual_switch_vlan: choices: - enable - disable description: - Enable/disable virtual switch VLAN. type: str vpn_ems_sn_check: choices: - enable - disable description: - Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. type: str wad_affinity: description: - Affinity setting for wad (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str wad_csvc_cs_count: description: - Number of concurrent WAD-cache-service object-cache processes. type: int wad_csvc_db_count: description: - Number of concurrent WAD-cache-service byte-cache processes. type: int wad_memory_change_granularity: description: - Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any active connection. type: int wad_restart_end_time: description: - WAD workers daily restart end time (hh:mm). type: str wad_restart_mode: choices: - none - time - memory description: - WAD worker restart mode . type: str wad_restart_start_time: description: - WAD workers daily restart time (hh:mm). type: str wad_source_affinity: choices: - disable - enable description: - Enable/disable dispatching traffic to WAD workers based on source affinity. type: str wad_worker_count: description: - Number of explicit proxy WAN optimization daemon (WAD) processes. By default WAN optimization, explicit proxy, and web caching is handled by all of the CPU cores in a FortiGate unit. type: int wifi_ca_certificate: description: - CA certificate that verifies the WiFi certificate. Source certificate.ca.name. type: str wifi_certificate: description: - Certificate to use for WiFi authentication. Source certificate.local.name. type: str wimax_4g_usb: choices: - enable - disable description: - Enable/disable comparability with WiMAX 4G USB devices. type: str wireless_controller: choices: - enable - disable description: - Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. type: str wireless_controller_port: description: - Port used for the control channel in wireless controller mode (wireless-mode is ac). The data channel port is the control channel port number plus one (1024 - 49150). type: int type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str