Variable | Description | Default |
admin-port <port_int> | Type the port number on which the FortiWeb appliance will listen for HTTP access to the web UI. The valid range is from 1 to 65,535. | 80 |
admin-sport <port_int> | Type the port number on which the FortiWeb appliance will listen for HTTPS (SSL-secured) access to the web UI. The valid range is from 1 to 65,535. | 443 |
admintimeout <minutes_int> | Type the amount of time in minutes after which an idle administrative session with the web UI or CLI will be automatically logged out. The valid range is from 1 to 480 minutes (8 hours). To improve security, do not increase the idle timeout. | 5 |
adom-admin {enable | disable} | Enable to be able to restrict administrator accounts to specific administrative domains. See also domains <adom_name> in “config system admin”. Note: After you type end, if this setting is enabled, the CLI will terminate your session and restructure the configuration to use ADOMs. Global settings will remain in the global configuration scope, but objects that are configurable separately per ADOM such as services are moved to the root ADOM. To continue by configuring additional ADOMs, log in again, then go to “Defining ADOMs”. | disable |
auth-timeout <milliseconds_int> | Type the number of milliseconds that FortiWeb will wait for the remote authentication server to respond to its query. The valid range is from 1 to 60,000 (60 seconds). If administrator logins often time out, and FortiWeb is configured to query an external RADIUS or LDAP server, increasing this value may help. This setting only affects remote authentication queries for administrator accounts. To configure the query connection timeout for end-user accounts, use auth-timeout <timeout_int> in the HTTP authentication policy instead. | 2000 |
cli-signature {enable | disable} | Enable to be able to enter custom attack signatures via the CLI. Typically, attack signatures should be entered using the web UI, where you can verify syntax and test matching of your regular expression. If you are sure that your expression is correct, you can enable this option to enter your custom signature via the CLI. | disable |
confsync-port <port_int> | Type the port number the local FortiWeb appliance uses to listen for a remote (peer) FortiWeb appliance when configured to synchronize its configuration. The valid range is from 1 to 65,535. Caution: The port number must be different than the port number set using config system conf-sync. | 8333 |
dst {enable | disable} | Enable to automatically adjust the FortiWeb appliance’s clock for daylight savings time (DST). | disable |
hostname <host_name> | Type the host name of this FortiWeb appliance. Host names may include US‑ASCII letters, numbers, hyphens, and underscores. The maximum length is 35 characters. Spaces and special characters are not allowed. The host name of the FortiWeb appliance is used in several places. • It appears in the System Information widget on the Status tab of the web UI, and in the get router all CLI command. • It is used in the command prompt of the CLI. • It is used as the SNMP system name. For information about SNMP, see “config system snmp sysinfo”. The System Information widget and the get router all CLI command will display the full host name. However, if the host name is longer than 16 characters, the CLI and other places display the host name in a truncated form ending with a tilde ( ~ ) to indicate that additional characters exist, but are not displayed. For example, if the host name is FortiWeb1234567890, the CLI prompt would be FortiWeb123456789~#. Note: You can also configure the local domain name. For details, see “config system dns”. | FortiWeb |
ie6workaround {enable | disable} | Enable to use the work around for a navigation bar freeze issue caused by using the web UI with Microsoft Internet Explorer 6. | disable |
language {english |japanese | simch | trach} | Select which language to use when displaying the web UI. The display’s web pages will use UTF-8 encoding, regardless of which language you choose. UTF-8 supports multiple languages, and allows all of them to be displayed correctly, even when multiple languages are used on the same web page. For example, your organization could have web sites in both English and simplified Chinese. Your FortiWeb administrators prefer to work in the English version of the web UI. They could use the web UI in English while writing rules to match content in both English and simplified Chinese without changing this setting. Both the rules and the web UI will display correctly, as long as all rules were input using UTF-8. Usually, your text input method or your management computer’s operating system should match the display, and also use UTF-8. If they do not, you may not be able to correctly display both your input and the web UI at the same time. For example, your web browser’s or operating system’s default encoding for simplified Chinese input may be GB2312. However, you usually should switch it to be UTF-8 when using the web UI, unless you are writing regular expressions that must match HTTP client’s requests, and those requests use GB2312 encoding. For more information on language support in the web UI and CLI, see “Using the CLI Language support & regular expressions”. Note: This setting does not affect the display of the CLI. | english |
ntpserver {<ntp_fqdn> | <ntp_ipv4>} | Type the IP address or fully qualified domain name (FQDN) of a Network Time Protocol (NTP) server or pool, such as pool.ntp.org, to query in order to synchronize the FortiWeb appliance’s clock. The maximum length is 63 characters. For more information about NTP and to find the IP address of an NTP server that you can use, see: | No default. |
ntpsync {enable | disable} | Enable to automatically update the system date and time by connecting to a NTP server. Also configure ntpserver {<ntp_fqdn> | <ntp_ipv4>}, syncinterval <minutes_int> and timezone <time‑zone-code_str>. | disable |
refresh <seconds_int> | Type the automatic refresh interval, in seconds, for the web UI’s System Status Monitor widget. The valid range is from 0 to 9,223,372,036,854,775,807 seconds. To disable automatic refreshes, type 0. | 80 |
single-admin-mode {enable | disable} | Enable to allow only one administrator account to be logged in at any given time. This option may be useful to prevent administrators from inadvertently overwriting each other’s changes. When multiple administrators simultaneously modify the same part of the configuration, they each edit a copy of the current, saved state of the configuration item. As each administrator makes changes, FortiWeb does not update the other administrators’ working copies. Each administrator may therefore make conflicting changes without being aware of the other. The FortiWeb appliance will only use whichever administrator’s configuration is saved last. If only one administrator can be logged in at a time, this problem cannot occur. Disable to allow multiple administrators to be logged in. In this case, administrators should communicate with each other to avoid overwriting each other’s changes. | disable |
strong-password {enable | disable} | Enable to enforce strong password rules for administrator accounts. If the password entered is not strong enough when a new administrator account is created, the FortiWeb appliance displays an error and prompts to enter a stronger password. Strong passwords have the following characteristics: • are between 8 and 16 characters in length • contain at least one upper case and one lower case letter • contain at least one numeric • contain at least one non-alphanumeric character | disable |
syncinterval <minutes_int> | Type how often, in minutes, the FortiWeb appliance should synchronize its time with the Network Time Protocol (NTP) server. The valid range is from 1 to 1440 minutes. To disable time synchronization, type 0. | 60 |
timezone <time‑zone-code_str> | Type the two-digit code for the time zone in which the FortiWeb appliance is located. The valid range is from 00 to 74. To display a list of time zone codes, their associated the GMT time zone offset, and contained major cities, type set timezone ?. | 00 |