Tree-5.4.0: Unterschied zwischen den Versionen

Aus Fortinet Wiki
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
Zeile 6.854: Zeile 6.854:
                                 |- fortiap-download -- <id>    (0)
                                 |- fortiap-download -- <id>    (0)
                                 +- central-mgmt-status  
                                 +- central-mgmt-status  
                         |- extender -- atcmd -- <at-command> -- <nowiki> <mark>  -- <sn>  (0)
                         |- extender -- atcmd -- <at-command>  -- <sn>  (0)
                                     |- cmd -- <Integer> -- <sn>        (0)
                                     |- cmd -- <Integer> -- <sn>        (0)
                                     +- modem-list  
                                     +- modem-list  
Zeile 8.188: Zeile 8.188:
             +- <nstd> -- <Integer>      (0)
             +- <nstd> -- <Integer>      (0)
     +- extender -- <sys-info> -- <sn>  (0)
     +- extender -- <sys-info> -- <sn>  (0)
                 +- <modem-status> -- <sn> </nowiki>      (0)
                 +- <modem-status> -- <sn>     (0)
    
    
   --------------- output Tree-5.4.0 ---------------
   --------------- output Tree-5.4.0 ---------------

Version vom 29. Dezember 2015, 09:54 Uhr

FortiGate-5.4:FAQ

 --------------- output Tree-5.4.0 --------------- 
 
--  -- system -- [vdom] --*name         (12)
                       |- vcluster-id  (0,4294967295)
                       +- temporary    (0,4294967295)
             |- <global> -- language 
                         |- gui-ipv6 
                         |- gui-certificates 
                         |- gui-custom-language 
                         |- gui-wireless-opensecurity 
                         |- gui-display-hostname 
                         |- gui-lines-per-page         (20,1000)
                         |- admin-https-ssl-versions 
                         |- admin-https-banned-cipher 
                         |- admintimeout       (1,480)
                         |- admin-console-timeout      (0,4294967295)
                         |- admin-concurrent 
                         |- admin-lockout-threshold    (1,10)
                         |- admin-lockout-duration     (1,2147483647)
                         |- refresh    (0,2147483647)
                         |- interval   (0,4294967295)
                         |- failtime   (0,4294967295)
                         |- daily-restart 
                         |- restart-time 
                         |- radius-port        (0,4294967295)
                         |- admin-login-max    (1,100)
                         |- remoteauthtimeout  (0,300)
                         |- ldapconntimeout    (0,2147483647)
                         |- batch-cmdb 
                         |- max-dlpstat-memory         (0,4294967295)
                         |- dst 
                         |- timezone 
                         |- ntpserver  (64)
                         |- ntpsync 
                         |- syncinterval       (1,1440)
                         |- traffic-priority 
                         |- traffic-priority-level 
                         |- anti-replay 
                         |- send-pmtu-icmp 
                         |- honor-df 
                         |- revision-image-auto-backup 
                         |- revision-backup-on-logout 
                         |- management-vdom    (12)
                         |- hostname   (36)
                         |- strong-crypto 
                         |- ssh-cbc-cipher 
                         |- ssh-hmac-md5 
                         |- snat-route-change 
                         |- cli-audit-log 
                         |- dh-params 
                         |- fds-statistics 
                         |- fds-statistics-period      (1,1440)
                         |- multicast-forward 
                         |- mc-ttl-notchange 
                         |- asymroute 
                         |- tcp-option 
                         |- phase1-rekey 
                         |- lldp-transmission 
                         |- explicit-proxy-auth-timeout        (1,600)
                         |- sys-perf-log-interval      (0,4294967295)
                         |- check-protocol-header 
                         |- vip-arp-range 
                         |- optimize 
                         |- reset-sessionless-tcp 
                         |- allow-traffic-redirect 
                         |- strict-dirty-session-check 
                         |- tcp-halfclose-timer        (0,4294967295)
                         |- tcp-halfopen-timer         (0,4294967295)
                         |- tcp-timewait-timer         (0,300)
                         |- udp-idle-timer     (0,4294967295)
                         |- block-session-timer        (1,300)
                         |- ip-src-port-range 
                         |- pre-login-banner 
                         |- post-login-banner 
                         |- tftp 
                         |- av-failopen 
                         |- av-failopen-session 
                         |- check-reset-range 
                         |- vdom-admin 
                         |- admin-port         (1,65535)
                         |- admin-sport        (1,65535)
                         |- admin-https-redirect 
                         |- admin-ssh-password 
                         |- admin-ssh-port     (1,65535)
                         |- admin-ssh-grace-time       (10,3600)
                         |- admin-ssh-v1 
                         |- admin-telnet-port  (1,65535)
                         |- admin-maintainer 
                         |- admin-reset-button 
                         |- admin-server-cert  (36)
                         |- user-server-cert   (36)
                         |- admin-https-pki-required 
                         |- wifi-certificate   (36)
                         |- wifi-ca-certificate        (36)
                         |- auth-http-port     (1,65535)
                         |- auth-https-port    (1,65535)
                         |- auth-keepalive 
                         |- policy-auth-concurrent     (0,100)
                         |- auth-cert  (36)
                         |- clt-cert-req 
                         |- endpoint-control-portal-port       (1,65535)
                         |- endpoint-control-fds-access 
                         |- tp-mc-skip-policy 
                         |- cfg-save 
                         |- cfg-revert-timeout         (10,2147483647)
                         |- reboot-upon-config-restore 
                         |- admin-scp 
                         |- internal-switch-mode 
                         |- internal-switch-speed 
                         |- registration-notification 
                         |- service-expire-notification 
                         |- wireless-controller 
                         |- wireless-controller-port   (1024,49150)
                         |- fortiextender-data-port    (1024,49150)
                         |- fortiextender 
                         |- fortiextender-vlan-mode 
                         |- switch-controller 
                         |- switch-controller-reserved-network 
                         |- proxy-worker-count         (1,1)
                         |- scanunit-count     (1,1)
                         |- ssl-worker-count   (0,4294967295)
                         |- fgd-alert-subscription 
                         |- ipsec-hmac-offload 
                         |- ipv6-accept-dad    (0,2)
                         |- csr-ca-attribute 
                         |- wimax-4g-usb 
                         |- cert-chain-max     (0,4294967295)
                         |- sslvpn-max-worker-count    (1,1)
                         |- sslvpn-kxp-hardware-acceleration 
                         |- sslvpn-cipher-hardware-acceleration 
                         |- sslvpn-plugin-version-check 
                         |- two-factor-email-expiry    (30,300)
                         |- two-factor-sms-expiry      (30,300)
                         |- two-factor-ftm-expiry      (1,168)
                         |- virtual-server-count       (1,1)
                         |- wad-worker-count   (1,1)
                         |- login-timestamp 
                         |- miglogd-children   (0,15)
                         |- special-file-23-support 
                         |- log-uuid 
                         |- arp-max-entry      (131072,2147483647)
                         |- av-affinity        (20)
                         |- miglog-affinity    (20)
                         |- ndp-max-entry      (0,4294967295)
                         |- br-fdb-max-entry   (8192,2147483647)
                         |- ipsec-asic-offload 
                         |- device-idle-timeout        (30,31536000)
                         |- compliance-check 
                         |- compliance-check-time 
                         |- gui-device-latitude        (20)
                         |- gui-device-longitude       (20)
                         |- private-data-encryption 
                         |- auto-auth-extension-device 
                         +- gui-theme 
             |- [accprofile] --*name   (36)
                             |- scope 
                             |- comments 
                             |- mntgrp 
                             |- admingrp 
                             |- updategrp 
                             |- authgrp 
                             |- sysgrp 
                             |- netgrp 
                             |- loggrp 
                             |- routegrp 
                             |- fwgrp 
                             |- vpngrp 
                             |- utmgrp 
                             |- wanoptgrp 
                             |- endpoint-control-grp 
                             |- wifi 
                             |- <fwgrp-permission> -- policy 
                                                   |- address 
                                                   |- service 
                                                   |- schedule 
                                                   |- packet-capture 
                                                   +- others 
                             |- <loggrp-permission> -- config 
                                                    |- data-access 
                                                    |- report-access 
                                                    +- threat-weight 
                             +- <utmgrp-permission> -- antivirus 
                                                    |- ips 
                                                    |- webfilter 
                                                    |- spamfilter 
                                                    |- data-loss-prevention 
                                                    |- application-control 
                                                    |- icap 
                                                    |- casi 
                                                    |- voip 
                                                    |- waf 
                                                    +- dnsfilter 
             |- <npu> -- enc-offload-antireplay 
                      |- dec-offload-antireplay 
                      +- offload-ipsec-host 
             |- [vdom-link] --*name    (12)
                            |- vcluster 
                            +- type 
             |- [switch-interface] --*name     (16)
                                   |- vdom     (12)
                                   |- span-dest-port   (16)
                                   |- [span-source-port] --*interface-name     (65)
                                   |- [member] --*interface-name       (65)
                                   |- type 
                                   |- intra-switch-policy 
                                   |- span 
                                   +- span-direction 
             |- [object-tag] --*name   (64)
             |- <lte-modem> -- status 
                            |- extra-init      (128 xss)
                            |- authtype 
                            |- username        (64 xss)
                            |- passwd 
                            |- apn     (128 xss)
                            |- modem-port      (0,10)
                            |- mode 
                            |- holddown-timer  (10,60)
                            +- interface       (64)
             |- [interface] --*name    (16)
                            |- vdom    (12)
                            |- cli-conn-status         (0,4294967295)
                            |- mode 
                            |- distance        (1,255)
                            |- priority        (0,4294967295)
                            |- dhcp-relay-service 
                            |- dhcp-relay-ip 
                            |- dhcp-relay-type 
                            |- ip 
                            |- allowaccess 
                            |- gwdetect 
                            |- ping-serv-status        (0,4294967295)
                            |- detectserver 
                            |- detectprotocol 
                            |- ha-priority     (1,50)
                            |- fail-detect 
                            |- fail-detect-option 
                            |- fail-alert-method 
                            |- fail-action-on-extender 
                            |- [fail-alert-interfaces] --*name         (65)
                            |- dhcp-client-identifier  (49)
                            |- ipunnumbered 
                            |- username        (65 xss)
                            |- pppoe-unnumbered-negotiate 
                            |- password 
                            |- idle-timeout    (0,4294967295)
                            |- detected-peer-mtu       (0,4294967295)
                            |- disc-retry-timeout      (0,4294967295)
                            |- padt-retry-timeout      (0,4294967295)
                            |- service-name    (64)
                            |- ac-name         (64)
                            |- lcp-echo-interval       (0,4294967295)
                            |- lcp-max-echo-fails      (0,4294967295)
                            |- defaultgw 
                            |- dns-server-override 
                            |- auth-type 
                            |- pptp-client 
                            |- pptp-user       (65)
                            |- pptp-password 
                            |- pptp-server-ip 
                            |- pptp-auth-type 
                            |- pptp-timeout    (0,4294967295)
                            |- arpforward 
                            |- ndiscforward 
                            |- broadcast-forward 
                            |- bfd 
                            |- bfd-desired-min-tx      (0,4294967295)
                            |- bfd-detect-mult         (0,4294967295)
                            |- bfd-required-min-rx     (0,4294967295)
                            |- l2forward 
                            |- icmp-redirect 
                            |- vlanforward 
                            |- stpforward 
                            |- stpforward-mode 
                            |- ips-sniffer-mode 
                            |- ident-accept 
                            |- ipmac 
                            |- subst 
                            |- macaddr 
                            |- substitute-dst-mac 
                            |- speed 
                            |- status 
                            |- netbios-forward 
                            |- wins-ip 
                            |- type 
                            |- dedicated-to 
                            |- trust-ip-1 
                            |- trust-ip-2 
                            |- trust-ip-3 
                            |- trust-ip6-1 
                            |- trust-ip6-2 
                            |- trust-ip6-3 
                            |- mtu-override 
                            |- mtu     (0,4294967295)
                            |- wccp 
                            |- nst 
                            |- netflow-sampler 
                            |- sflow-sampler 
                            |- drop-overlapped-fragment 
                            |- drop-fragment 
                            |- scan-botnet-connections 
                            |- sample-rate     (10,99999)
                            |- polling-interval        (1,255)
                            |- sample-direction 
                            |- explicit-web-proxy 
                            |- explicit-ftp-proxy 
                            |- tcp-mss         (0,4294967295)
                            |- mediatype 
                            |- if-media 
                            |- fp-anomaly 
                            |- inbandwidth     (0,16776000)
                            |- outbandwidth    (0,16776000)
                            |- spillover-threshold     (0,16776000)
                            |- ingress-spillover-threshold     (0,16776000)
                            |- weight  (0,255)
                            |- interface       (16)
                            |- external 
                            |- vlanid  (0,4294967295)
                            |- forward-domain  (0,2147483647)
                            |- remote-ip 
                            |- managed-device  (36)
                            |- devindex        (0,4294967295)
                            |- vindex  (0,4294967295)
                            |- switch  (16)
                            |- description 
                            |- alias   (26)
                            |- l2tp-client 
                            |- <l2tp-client-settings> -- user  (128)
                                                      |- password 
                                                      |- peer-host     (256)
                                                      |- peer-mask 
                                                      |- peer-port     (1,65535)
                                                      |- auth-type 
                                                      |- mtu   (40,65535)
                                                      |- distance      (1,255)
                                                      |- priority      (0,4294967295)
                                                      |- defaultgw 
                                                      +- ip 
                            |- security-mode 
                            |- security-mac-auth-bypass 
                            |- security-external-web   (128)
                            |- replacemsg-override-group       (36)
                            |- security-redirect-url   (128)
                            |- security-exempt-list    (36)
                            |- [security-groups] --*name       (65)
                            |- stp 
                            |- stp-ha-slave 
                            |- device-identification 
                            |- device-user-identification 
                            |- device-identification-active-scan 
                            |- device-access-list      (36)
                            |- device-netscan 
                            |- lldp-transmission 
                            |- listen-forticlient-connection 
                            |- broadcast-forticlient-discovery 
                            |- endpoint-compliance 
                            |- estimated-upstream-bandwidth    (0,4294967295)
                            |- estimated-downstream-bandwidth  (0,4294967295)
                            |- vrrp-virtual-mac 
                            |- [vrrp] --*vrid  (1,255)
                                      |- vrgrp         (1,65535)
                                      |- vrip 
                                      |- priority      (1,255)
                                      |- adv-interval  (1,255)
                                      |- start-time    (1,255)
                                      |- preempt 
                                      |- vrdst 
                                      +- status 
                            |- role 
                            |- snmp-index      (0,4294967295)
                            |- secondary-IP 
                            |- [secondaryip] --*id     (0,4294967295)
                                             |- ip 
                                             |- allowaccess 
                                             |- gwdetect 
                                             |- ping-serv-status       (0,4294967295)
                                             |- detectserver 
                                             |- detectprotocol 
                                             +- ha-priority    (1,50)
                            |- auto-auth-extension-device 
                            |- ap-discover 
                            +- <ipv6> -- ip6-mode 
                                      |- ip6-dns-server-override 
                                      |- ip6-address 
                                      |- [ip6-extra-addr] --*prefix 
                                      |- ip6-allowaccess 
                                      |- ip6-send-adv 
                                      |- ip6-manage-flag 
                                      |- ip6-other-flag 
                                      |- ip6-max-interval      (0,4294967295)
                                      |- ip6-min-interval      (0,4294967295)
                                      |- ip6-link-mtu  (0,4294967295)
                                      |- ip6-reachable-time    (0,4294967295)
                                      |- ip6-retrans-time      (0,4294967295)
                                      |- ip6-default-life      (0,4294967295)
                                      |- ip6-hop-limit         (0,4294967295)
                                      |- autoconf 
                                      |- ip6-upstream-interface        (16)
                                      |- ip6-subnet 
                                      |- [ip6-prefix-list] --*prefix 
                                                           |- autonomous-flag 
                                                           |- onlink-flag 
                                                           |- valid-life-time  (0,4294967295)
                                                           +- preferred-life-time      (0,4294967295)
                                      |- [ip6-delegated-prefix-list] --*prefix-id      (0,4294967295)
                                                                     |- upstream-interface     (16)
                                                                     |- autonomous-flag 
                                                                     |- onlink-flag 
                                                                     +- subnet 
                                      |- dhcp6-relay-service 
                                      |- dhcp6-relay-type 
                                      |- dhcp6-relay-ip 
                                      |- dhcp6-client-options 
                                      +- dhcp6-prefix-delegation 
             |- [physical-switch] --*name      (16)
                                  |- age-enable 
                                  |- age-val   (0,4294967295)
                                  +- [port] --*name    (16)
                                            |- speed 
                                            +- status 
             |- [virtual-switch] --*name       (16)
                                 |- physical-switch    (16)
                                 |- [port] --*name     (16)
                                           |- speed 
                                           |- status 
                                           +- alias    (26)
                                 |- span 
                                 |- span-source-port   (16)
                                 |- span-dest-port     (16)
                                 +- span-direction 
             |- <stp> -- region-name   (32)
                      |- status 
                      |- config-revision       (0,4294967295)
                      |- switch-priority 
                      |- hello-time    (0,4294967295)
                      |- forward-delay         (0,4294967295)
                      |- max-age       (0,4294967295)
                      +- max-hops      (0,4294967295)
             |- <password-policy> -- status 
                                  |- apply-to 
                                  |- minimum-length    (8,128)
                                  |- min-lower-case-letter     (0,128)
                                  |- min-upper-case-letter     (0,128)
                                  |- min-non-alphanumeric      (0,128)
                                  |- min-number        (0,128)
                                  |- change-4-characters 
                                  |- expire-status 
                                  |- expire-day        (1,999)
                                  +- reuse-password 
             |- <password-policy-guest-admin> -- status 
                                              |- apply-to 
                                              |- minimum-length        (8,128)
                                              |- min-lower-case-letter         (0,128)
                                              |- min-upper-case-letter         (0,128)
                                              |- min-non-alphanumeric  (0,128)
                                              |- min-number    (0,128)
                                              |- change-4-characters 
                                              |- expire-status 
                                              |- expire-day    (1,999)
                                              +- reuse-password 
             |- [sms-server] --*name   (36)
                             +- mail-server    (64 xss)
             |- [custom-language] --*name      (36)
                                  |- filename  (64)
                                  +- comments 
             |- [admin] --*name        (36)
                        |- wildcard 
                        |- remote-auth 
                        |- remote-group        (36)
                        |- password 
                        |- peer-auth 
                        |- peer-group  (36)
                        |- trusthost1 
                        |- trusthost2 
                        |- trusthost3 
                        |- trusthost4 
                        |- trusthost5 
                        |- trusthost6 
                        |- trusthost7 
                        |- trusthost8 
                        |- trusthost9 
                        |- trusthost10 
                        |- ip6-trusthost1 
                        |- ip6-trusthost2 
                        |- ip6-trusthost3 
                        |- ip6-trusthost4 
                        |- ip6-trusthost5 
                        |- ip6-trusthost6 
                        |- ip6-trusthost7 
                        |- ip6-trusthost8 
                        |- ip6-trusthost9 
                        |- ip6-trusthost10 
                        |- accprofile  (36)
                        |- allow-remove-admin-session 
                        |- comments 
                        |- hidden      (0,4294967295)
                        |- [vdom] --*name      (65)
                        |- is-admin    (0,4294967295)
                        |- ssh-public-key1 
                        |- ssh-public-key2 
                        |- ssh-public-key3 
                        |- ssh-certificate     (36)
                        |- schedule    (36)
                        |- accprofile-override 
                        |- radius-vdom-override 
                        |- password-expire 
                        |- force-password-change 
                        |- [dashboard] --*id   (0,4294967295)
                                       |- widget-type 
                                       |- name         (36)
                                       |- column       (1,2)
                                       |- refresh-interval     (0,4294967295)
                                       |- time-period  (0,4294967295)
                                       |- chart-color  (0,32)
                                       |- top-n        (10,100)
                                       |- sort-by 
                                       |- report-by 
                                       |- ip-version 
                                       |- resolve-host 
                                       |- resolve-service 
                                       |- aggregate-hosts 
                                       |- resolve-apps 
                                       |- display-format 
                                       |- view-type 
                                       |- cpu-display-type 
                                       |- interface    (16)
                                       |- dst-interface        (16)
                                       |- tr-history-period1   (0,4294967295)
                                       |- tr-history-period2   (0,4294967295)
                                       |- tr-history-period3   (0,4294967295)
                                       |- vdom         (12)
                                       |- refresh 
                                       |- status 
                                       |- protocols    (0,4294967295)
                                       |- show-system-restart 
                                       |- show-conserve-mode 
                                       |- show-firmware-change 
                                       |- show-fds-update 
                                       |- show-device-update 
                                       |- show-fds-quota 
                                       |- show-disk-failure 
                                       |- show-power-supply 
                                       |- show-admin-auth 
                                       |- show-fgd-alert 
                                       |- show-fcc-license 
                                       +- show-policy-overflow 
                        |- two-factor 
                        |- fortitoken  (17)
                        |- email-to    (64)
                        |- sms-server 
                        |- sms-custom-server   (36)
                        |- sms-phone   (16)
                        |- guest-auth 
                        |- [guest-usergroups] --*name  (65 xss)
                        |- guest-lang  (36)
                        |- history0 
                        |- history1 
                        +- [login-time] --*usr-name    (36)
                                        |- last-login 
                                        +- last-failed-login 
             |- <settings> -- comments 
                           |- opmode 
                           |- inspection-mode 
                           |- http-external-dest 
                           |- firewall-session-dirty 
                           |- manageip 
                           |- gateway 
                           |- ip 
                           |- manageip6 
                           |- gateway6 
                           |- ip6 
                           |- device   (36)
                           |- bfd 
                           |- bfd-desired-min-tx       (1,100000)
                           |- bfd-required-min-rx      (1,100000)
                           |- bfd-detect-mult  (1,50)
                           |- bfd-dont-enforce-src-port 
                           |- utf8-spam-tagging 
                           |- wccp-cache-engine 
                           |- vpn-stats-log 
                           |- vpn-stats-period         (60,86400)
                           |- v4-ecmp-mode 
                           |- mac-ttl  (300,8640000)
                           |- fw-session-hairpin 
                           |- snat-hairpin-traffic 
                           |- dhcp-proxy 
                           |- dhcp-server-ip 
                           |- dhcp6-server-ip 
                           |- central-nat 
                           |- [gui-default-policy-columns] --*name     (65 xss)
                           |- lldp-transmission 
                           |- asymroute 
                           |- asymroute-icmp 
                           |- tcp-session-without-syn 
                           |- ses-denied-traffic 
                           |- strict-src-check 
                           |- asymroute6 
                           |- asymroute6-icmp 
                           |- sip-helper 
                           |- sip-nat-trace 
                           |- status 
                           |- sip-tcp-port     (0,65535)
                           |- sip-udp-port     (0,65535)
                           |- sccp-port        (0,65535)
                           |- multicast-forward 
                           |- multicast-ttl-notchange 
                           |- multicast-skip-policy 
                           |- allow-subnet-overlap 
                           |- deny-tcp-with-icmp 
                           |- ecmp-max-paths   (0,4294967295)
                           |- discovered-device-timeout        (1,365)
                           |- email-portal-check-dns 
                           |- default-voip-alg-mode 
                           |- gui-icap 
                           |- gui-nat46-64 
                           |- gui-implicit-policy 
                           |- gui-dns-database 
                           |- gui-load-balance 
                           |- gui-multicast-policy 
                           |- gui-dos-policy 
                           |- gui-object-colors 
                           |- gui-replacement-message-groups 
                           |- gui-voip-profile 
                           |- gui-ap-profile 
                           |- gui-dynamic-profile-display 
                           |- gui-ipsec-manual-key 
                           |- gui-local-in-policy 
                           |- gui-wanopt-cache 
                           |- gui-explicit-proxy 
                           |- gui-dynamic-routing 
                           |- gui-dlp 
                           |- gui-sslvpn-personal-bookmarks 
                           |- gui-sslvpn-realms 
                           |- gui-policy-based-ipsec 
                           |- gui-threat-weight 
                           |- gui-multiple-utm-profiles 
                           |- gui-spamfilter 
                           |- gui-application-control 
                           |- gui-casi 
                           |- gui-ips 
                           |- gui-endpoint-control 
                           |- gui-dhcp-advanced 
                           |- gui-vpn 
                           |- gui-wireless-controller 
                           |- gui-switch-controller 
                           |- gui-fortiap-split-tunneling 
                           |- gui-webfilter-advanced 
                           |- gui-traffic-shaping 
                           |- gui-wan-load-balancing 
                           |- gui-antivirus 
                           |- gui-webfilter 
                           |- gui-dnsfilter 
                           |- gui-waf-profile 
                           |- gui-fortiextender-controller 
                           |- gui-advanced-policy 
                           |- gui-allow-unnamed-policy 
                           |- gui-email-collection 
                           |- gui-domain-ip-reputation 
                           |- compliance-check 
                           |- ike-session-resume 
                           +- ike-quick-crash-detect 
             |- [sit-tunnel] --*name   (16)
                             |- source 
                             |- destination 
                             |- ip6 
                             +- interface      (16)
             |- <fsso-polling> -- status 
                               |- listening-port       (1,65535)
                               |- authentication 
                               +- auth-password 
             |- <ha> -- group-id       (0,255)
                     |- group-name     (33)
                     |- mode 
                     |- password 
                     |- key 
                     |- hbdev 
                     |- session-sync-dev 
                     |- route-ttl      (5,3600)
                     |- route-wait     (0,3600)
                     |- route-hold     (0,3600)
                     |- load-balance-all 
                     |- sync-config 
                     |- encryption 
                     |- authentication 
                     |- hb-interval    (1,20)
                     |- hb-lost-threshold      (1,60)
                     |- helo-holddown  (5,300)
                     |- gratuitous-arps 
                     |- arps   (1,60)
                     |- arps-interval  (1,20)
                     |- session-pickup 
                     |- session-pickup-connectionless 
                     |- session-pickup-expectation 
                     |- session-pickup-nat 
                     |- session-pickup-delay 
                     |- session-sync-daemon-number     (1,15)
                     |- link-failed-signal 
                     |- uninterruptible-upgrade 
                     |- standalone-mgmt-vdom 
                     |- ha-mgmt-status 
                     |- ha-mgmt-interface      (16)
                     |- ha-mgmt-interface-gateway 
                     |- ha-mgmt-interface-gateway6 
                     |- ha-eth-type    (5)
                     |- hc-eth-type    (5)
                     |- l2ep-eth-type  (5)
                     |- ha-uptime-diff-margin  (1,65535)
                     |- standalone-config-sync 
                     |- vcluster2 
                     |- vcluster-id    (0,4294967295)
                     |- override 
                     |- priority       (0,255)
                     |- override-wait-time     (0,3600)
                     |- schedule 
                     |- weight 
                     |- cpu-threshold 
                     |- memory-threshold 
                     |- http-proxy-threshold 
                     |- ftp-proxy-threshold 
                     |- imap-proxy-threshold 
                     |- nntp-proxy-threshold 
                     |- pop3-proxy-threshold 
                     |- smtp-proxy-threshold 
                     |- monitor 
                     |- pingserver-monitor-interface 
                     |- pingserver-failover-threshold  (0,50)
                     |- pingserver-slave-force-reset 
                     |- pingserver-flip-timeout        (6,2147483647)
                     |- vdom 
                     |- <secondary-vcluster> -- vcluster-id    (0,4294967295)
                                             |- override 
                                             |- priority       (0,255)
                                             |- override-wait-time     (0,3600)
                                             |- monitor 
                                             |- pingserver-monitor-interface 
                                             |- pingserver-failover-threshold  (0,50)
                                             |- pingserver-slave-force-reset 
                                             +- vdom 
                     +- ha-direct 
             |- <ha-monitor> -- monitor-vlan 
                             |- vlan-hb-interval       (1,30)
                             +- vlan-hb-lost-threshold         (1,60)
             |- [storage] --*name      (36)
                          |- partition         (17)
                          |- media-type        (5)
                          |- device    (13)
                          +- size      (0,4294967295)
             |- <dedicated-mgmt> -- status 
                                 |- interface  (16)
                                 |- default-gateway 
                                 |- dhcp-server 
                                 |- dhcp-netmask 
                                 |- dhcp-start-ip 
                                 +- dhcp-end-ip 
             |- [arp-table] --*id      (0,4294967295)
                            |- interface       (16)
                            |- ip 
                            +- mac 
             |- [ipv6-neighbor-cache] --*id    (0,4294967295)
                                      |- interface     (16)
                                      |- ipv6 
                                      +- mac 
             |- <dns> -- primary 
                      |- secondary 
                      |- domain        (128)
                      |- ip6-primary 
                      |- ip6-secondary 
                      |- dns-cache-limit       (0,4294967295)
                      |- dns-cache-ttl         (60,86400)
                      |- cache-notfound-responses 
                      +- source-ip 
             |- [ddns] --*ddnsid       (0,4294967295)
                       |- ddns-server 
                       |- ddns-server-ip 
                       |- ddns-zone    (65)
                       |- ddns-ttl     (60,86400)
                       |- ddns-auth 
                       |- ddns-keyname         (65)
                       |- ddns-key 
                       |- ddns-domain  (65)
                       |- ddns-username        (65)
                       |- ddns-sn      (65)
                       |- ddns-password 
                       |- use-public-ip 
                       |- bound-ip 
                       +- [monitor-interface] --*interface-name        (65)
             |- <sflow> -- collector-ip 
                        |- collector-port      (0,65535)
                        +- source-ip 
             |- <vdom-sflow> -- vdom-sflow 
                             |- collector-ip 
                             |- collector-port         (0,65535)
                             +- source-ip 
             |- <netflow> -- collector-ip 
                          |- collector-port    (0,65535)
                          |- source-ip 
                          |- active-flow-timeout       (1,60)
                          |- inactive-flow-timeout     (10,600)
                          |- template-tx-timeout       (1,1440)
                          +- template-tx-counter       (10,6000)
             |- <vdom-netflow> -- vdom-netflow 
                               |- collector-ip 
                               |- collector-port       (0,65535)
                               +- source-ip 
             |- <vdom-dns> -- vdom-dns 
                           |- primary 
                           |- secondary 
                           |- ip6-primary 
                           |- ip6-secondary 
                           +- source-ip 
             |- [replacemsg-image] --*name     (24)
                                   |- image-type 
                                   +- image-base64 
             |- replacemsg -- [mail] --*msg-type       (29)
                                     |- buffer 
                                     |- header 
                                     +- format 
                           |- [http] --*msg-type       (29)
                                     |- buffer 
                                     |- header 
                                     +- format 
                           |- [webproxy] --*msg-type   (29)
                                         |- buffer 
                                         |- header 
                                         +- format 
                           |- [ftp] --*msg-type        (29)
                                    |- buffer 
                                    |- header 
                                    +- format 
                           |- [nntp] --*msg-type       (29)
                                     |- buffer 
                                     |- header 
                                     +- format 
                           |- [fortiguard-wf] --*msg-type      (29)
                                              |- buffer 
                                              |- header 
                                              +- format 
                           |- [spam] --*msg-type       (29)
                                     |- buffer 
                                     |- header 
                                     +- format 
                           |- [alertmail] --*msg-type  (29)
                                          |- buffer 
                                          |- header 
                                          +- format 
                           |- [admin] --*msg-type      (29)
                                      |- buffer 
                                      |- header 
                                      +- format 
                           |- [auth] --*msg-type       (29)
                                     |- buffer 
                                     |- header 
                                     +- format 
                           |- [sslvpn] --*msg-type     (29)
                                       |- buffer 
                                       |- header 
                                       +- format 
                           |- [ec] --*msg-type         (29)
                                   |- buffer 
                                   |- header 
                                   +- format 
                           |- [device-detection-portal] --*msg-type    (29)
                                                        |- buffer 
                                                        |- header 
                                                        +- format 
                           |- [nac-quar] --*msg-type   (29)
                                         |- buffer 
                                         |- header 
                                         +- format 
                           |- [traffic-quota] --*msg-type      (29)
                                              |- buffer 
                                              |- header 
                                              +- format 
                           +- [utm] --*msg-type        (29)
                                    |- buffer 
                                    |- header 
                                    +- format 
             |- [replacemsg-group] --*name     (36)
                                   |- comment 
                                   |- group-type 
                                   |- [mail] --*msg-type       (29)
                                             |- buffer 
                                             |- header 
                                             +- format 
                                   |- [http] --*msg-type       (29)
                                             |- buffer 
                                             |- header 
                                             +- format 
                                   |- [webproxy] --*msg-type   (29)
                                                 |- buffer 
                                                 |- header 
                                                 +- format 
                                   |- [ftp] --*msg-type        (29)
                                            |- buffer 
                                            |- header 
                                            +- format 
                                   |- [nntp] --*msg-type       (29)
                                             |- buffer 
                                             |- header 
                                             +- format 
                                   |- [fortiguard-wf] --*msg-type      (29)
                                                      |- buffer 
                                                      |- header 
                                                      +- format 
                                   |- [spam] --*msg-type       (29)
                                             |- buffer 
                                             |- header 
                                             +- format 
                                   |- [alertmail] --*msg-type  (29)
                                                  |- buffer 
                                                  |- header 
                                                  +- format 
                                   |- [admin] --*msg-type      (29)
                                              |- buffer 
                                              |- header 
                                              +- format 
                                   |- [auth] --*msg-type       (29)
                                             |- buffer 
                                             |- header 
                                             +- format 
                                   |- [sslvpn] --*msg-type     (29)
                                               |- buffer 
                                               |- header 
                                               +- format 
                                   |- [ec] --*msg-type         (29)
                                           |- buffer 
                                           |- header 
                                           +- format 
                                   |- [device-detection-portal] --*msg-type    (29)
                                                                |- buffer 
                                                                |- header 
                                                                +- format 
                                   |- [nac-quar] --*msg-type   (29)
                                                 |- buffer 
                                                 |- header 
                                                 +- format 
                                   |- [traffic-quota] --*msg-type      (29)
                                                      |- buffer 
                                                      |- header 
                                                      +- format 
                                   |- [utm] --*msg-type        (29)
                                            |- buffer 
                                            |- header 
                                            +- format 
                                   +- [custom-message] --*msg-type     (29)
                                                       |- buffer 
                                                       |- header 
                                                       +- format 
             |- snmp -- <sysinfo> -- status 
                                  |- engine-id         (25)
                                  |- description       (36)
                                  |- contact-info      (36)
                                  |- location  (128 xss)
                                  |- trap-high-cpu-threshold   (0,4294967295)
                                  |- trap-low-memory-threshold         (0,4294967295)
                                  +- trap-log-full-threshold   (0,4294967295)
                     |- [community] --*id      (0,4294967295)
                                    |- name    (36)
                                    |- status 
                                    |- [hosts] --*id   (0,4294967295)
                                               |- source-ip 
                                               |- ip 
                                               |- interface    (36)
                                               |- ha-direct 
                                               +- host-type 
                                    |- [hosts6] --*id  (0,4294967295)
                                                |- source-ipv6 
                                                |- ipv6 
                                                |- ha-direct 
                                                |- interface   (36)
                                                +- host-type 
                                    |- query-v1-status 
                                    |- query-v1-port   (0,4294967295)
                                    |- query-v2c-status 
                                    |- query-v2c-port  (0,4294967295)
                                    |- trap-v1-status 
                                    |- trap-v1-lport   (0,4294967295)
                                    |- trap-v1-rport   (0,4294967295)
                                    |- trap-v2c-status 
                                    |- trap-v2c-lport  (0,4294967295)
                                    |- trap-v2c-rport  (0,4294967295)
                                    +- events 
                     +- [user] --*name         (33)
                               |- status 
                               |- trap-status 
                               |- trap-lport   (0,4294967295)
                               |- trap-rport   (0,4294967295)
                               |- queries 
                               |- query-port   (0,4294967295)
                               |- notify-hosts 
                               |- notify-hosts6 
                               |- source-ip 
                               |- source-ipv6 
                               |- ha-direct 
                               |- events 
                               |- security-level 
                               |- auth-proto 
                               |- auth-pwd 
                               |- priv-proto 
                               +- priv-pwd 
             |- autoupdate -- <push-update> -- status 
                                            |- override 
                                            |- address 
                                            +- port    (0,65535)
                           |- <schedule> -- status 
                                         |- frequency 
                                         |- time 
                                         +- day 
                           +- <tunneling> -- status 
                                          |- address   (64)
                                          |- port      (0,65535)
                                          |- username  (50)
                                          +- password 
             |- <session-ttl> -- default 
                              +- [port] --*id  (0,65535)
                                        |- protocol    (0,255)
                                        |- start-port  (0,65535)
                                        |- end-port    (0,65535)
                                        +- timeout 
             |- dhcp -- [server] --*id         (0,4294967295)
                                 |- status 
                                 |- lease-time         (0,4294967295)
                                 |- mac-acl-default-action 
                                 |- forticlient-on-net-status 
                                 |- dns-service 
                                 |- dns-server1 
                                 |- dns-server2 
                                 |- dns-server3 
                                 |- wifi-ac1 
                                 |- wifi-ac2 
                                 |- wifi-ac3 
                                 |- ntp-service 
                                 |- ntp-server1 
                                 |- ntp-server2 
                                 |- ntp-server3 
                                 |- domain     (36)
                                 |- wins-server1 
                                 |- wins-server2 
                                 |- default-gateway 
                                 |- next-server 
                                 |- netmask 
                                 |- interface  (16)
                                 |- [ip-range] --*id   (0,4294967295)
                                               |- start-ip 
                                               +- end-ip 
                                 |- timezone-option 
                                 |- timezone 
                                 |- tftp-server        (64)
                                 |- filename   (128)
                                 |- option1 
                                 |- option2 
                                 |- option3 
                                 |- option4 
                                 |- option5 
                                 |- option6 
                                 |- server-type 
                                 |- ip-mode 
                                 |- conflicted-ip-timeout      (0,4294967295)
                                 |- ipsec-lease-hold   (0,4294967295)
                                 |- auto-configuration 
                                 |- ddns-update 
                                 |- ddns-server-ip 
                                 |- ddns-zone  (65)
                                 |- ddns-auth 
                                 |- ddns-keyname       (65)
                                 |- ddns-key 
                                 |- ddns-ttl   (60,86400)
                                 |- vci-match 
                                 |- [vci-string] --*vci-string         (256)
                                 |- [exclude-range] --*id      (0,4294967295)
                                                    |- start-ip 
                                                    +- end-ip 
                                 +- [reserved-address] --*id   (0,4294967295)
                                                       |- ip 
                                                       |- mac 
                                                       |- action 
                                                       +- description 
             |- dhcp6 -- [server] --*id        (0,4294967295)
                                  |- status 
                                  |- rapid-commit 
                                  |- lease-time        (0,4294967295)
                                  |- dns-service 
                                  |- dns-server1 
                                  |- dns-server2 
                                  |- dns-server3 
                                  |- domain    (36)
                                  |- subnet 
                                  |- interface         (16)
                                  |- option1 
                                  |- option2 
                                  |- option3 
                                  |- upstream-interface        (16)
                                  |- ip-mode 
                                  +- [ip-range] --*id  (0,4294967295)
                                                |- start-ip 
                                                +- end-ip 
             |- [virtual-wire-pair] --*name    (36)
                                    |- [member] --*interface-name      (65)
                                    +- wildcard-vlan 
             |- <modem> -- status 
                        |- pin-init    (128 xss)
                        |- network-init        (128 xss)
                        |- lockdown-lac        (128 xss)
                        |- mode 
                        |- auto-dial 
                        |- dial-on-demand 
                        |- idle-timer  (0,4294967295)
                        |- redial 
                        |- reset       (0,10)
                        |- holddown-timer      (1,60)
                        |- connect-timeout     (30,255)
                        |- interface   (64)
                        |- wireless-port       (0,4294967295)
                        |- dont-send-CR1 
                        |- phone1      (64 xss)
                        |- dial-cmd1   (64)
                        |- username1   (64 xss)
                        |- passwd1 
                        |- extra-init1         (128 xss)
                        |- peer-modem1 
                        |- ppp-echo-request1 
                        |- authtype1 
                        |- dont-send-CR2 
                        |- phone2      (64 xss)
                        |- dial-cmd2   (64)
                        |- username2   (64 xss)
                        |- passwd2 
                        |- extra-init2         (128 xss)
                        |- peer-modem2 
                        |- ppp-echo-request2 
                        |- authtype2 
                        |- dont-send-CR3 
                        |- phone3      (64 xss)
                        |- dial-cmd3   (64)
                        |- username3   (64 xss)
                        |- passwd3 
                        |- extra-init3         (128 xss)
                        |- peer-modem3 
                        |- ppp-echo-request3 
                        |- altmode 
                        |- authtype3 
                        |- traffic-check 
                        |- action 
                        |- distance    (1,255)
                        +- priority    (0,4294967295)
             |- 3g-modem -- [custom] --*id     (0,4294967295)
                                     |- vendor         (36)
                                     |- model  (36)
                                     |- vendor-id 
                                     |- product-id 
                                     |- class-id 
                                     +- init-string    (128)
             |- <dialinsvr> -- status 
                            |- server-ip 
                            |- client-ip 
                            |- usrgrp  (36)
                            +- allowaccess 
             |- <status> 
             |- performance -- <status> 
                            |- <top> -- <delay> -- <lines>     (0)
                            +- firewall -- <packet-distribution> 
                                        +- <statistics> 
             |- <session> 
             |- <cmdb> 
             |- <fortiguard-service> 
             |- <fortianalyzer-connectivity> 
             |- checksum -- <status> 
             |- <mgmt-csum> 
             |- <ha-nonsync-csum> 
             |- <fortiguard-log-service> 
             |- <central-mgmt> 
             |- [auto-script] --*name  (36)
                              |- interval      (0,4294967295)
                              |- repeat        (0,4294967295)
                              |- start 
                              +- script 
             |- info -- admin -- <status> 
                              +- <ssh> 
             |- <management-tunnel> -- status 
                                    |- allow-config-restore 
                                    |- allow-push-configuration 
                                    |- allow-push-firmware 
                                    |- allow-collect-statistics 
                                    |- authorized-manager-only 
                                    +- serial-number 
             |- <fortimanager> -- ip 
                               |- vdom         (12)
                               |- ipsec 
                               |- central-management 
                               |- central-mgmt-auto-backup 
                               |- central-mgmt-schedule-config-restore 
                               +- central-mgmt-schedule-script-restore 
             |- <fm> -- status 
                     |- id     (36)
                     |- ip 
                     |- vdom   (12)
                     |- auto-backup 
                     |- scheduled-config-restore 
                     +- ipsec 
             |- <central-management> -- mode 
                                     |- type 
                                     |- schedule-config-restore 
                                     |- schedule-script-restore 
                                     |- allow-push-configuration 
                                     |- allow-pushd-firmware 
                                     |- allow-remote-firmware-upgrade 
                                     |- allow-monitor 
                                     |- serial-number 
                                     |- fmg    (256)
                                     |- fmg-source-ip 
                                     |- fmg-source-ip6 
                                     |- vdom   (12)
                                     |- [server-list] --*id    (0,4294967295)
                                                      |- server-type 
                                                      |- addr-type 
                                                      |- server-address 
                                                      +- server-address6 
                                     |- include-default-servers 
                                     +- enc-algorithm 
             |- [zone] --*name         (36)
                       |- intrazone 
                       +- [interface] --*interface-name        (65)
             |- [geoip-country] --*id  (3)
                                +- name        (64)
             |- [ipv6-tunnel] --*name  (16)
                              |- source 
                              |- destination 
                              +- interface     (16)
             |- [ips-urlfilter-dns] --*address 
                                    +- status 
             |- <network-visibility> -- destination-visibility 
                                     |- source-location 
                                     |- destination-hostname-visibility 
                                     |- hostname-ttl   (60,86400)
                                     |- hostname-limit         (0,50000)
                                     +- destination-location 
             |- [gre-tunnel] --*name   (16)
                             |- interface      (16)
                             |- remote-gw 
                             |- local-gw 
                             |- keepalive-interval     (0,32767)
                             +- keepalive-failtimes    (1,255)
             |- [ipip-tunnel] --*name  (16)
                              |- interface     (16)
                              |- remote-gw 
                              +- local-gw 
             |- [mobile-tunnel] --*name        (16)
                                |- status 
                                |- roaming-interface   (16)
                                |- home-agent 
                                |- home-address 
                                |- renew-interval      (5,60)
                                |- lifetime    (180,65535)
                                |- reg-interval        (5,300)
                                |- reg-retry   (1,30)
                                |- n-mhae-spi  (0,4294967295)
                                |- n-mhae-key-type 
                                |- n-mhae-key 
                                |- hash-algorithm 
                                |- tunnel-mode 
                                +- [network] --*id     (0,4294967295)
                                             |- interface      (16)
                                             +- prefix 
             |- [dns-database] --*name         (36)
                               |- status 
                               |- domain       (256)
                               |- allow-transfer 
                               |- type 
                               |- view 
                               |- ip-master 
                               |- primary-name         (256)
                               |- contact      (256)
                               |- ttl  (0,2147483647)
                               |- authoritative 
                               |- forwarder 
                               |- source-ip 
                               +- [dns-entry] --*id    (0,4294967295)
                                              |- status 
                                              |- type 
                                              |- ttl   (0,2147483647)
                                              |- preference    (0,65535)
                                              |- ip 
                                              |- ipv6 
                                              |- hostname      (256)
                                              +- canonical-name        (256)
             |- [dns-server] --*name   (16)
                             |- mode 
                             +- dnsfilter-profile      (36)
             |- <resource-limits> -- session   (0,4294967295)
                                  |- ipsec-phase1      (0,4294967295)
                                  |- ipsec-phase2      (0,4294967295)
                                  |- dialup-tunnel     (0,4294967295)
                                  |- firewall-policy   (0,4294967295)
                                  |- firewall-address  (0,4294967295)
                                  |- firewall-addrgrp  (0,4294967295)
                                  |- custom-service    (0,4294967295)
                                  |- service-group     (0,4294967295)
                                  |- onetime-schedule  (0,4294967295)
                                  |- recurring-schedule        (0,4294967295)
                                  |- user      (0,4294967295)
                                  |- user-group        (0,4294967295)
                                  |- sslvpn    (0,4294967295)
                                  |- proxy     (0,4294967295)
                                  +- log-disk-quota    (0,4294967295)
             |- [vdom-property] --*name        (12)
                                |- description         (128)
                                |- snmp-index  (0,4294967295)
                                |- session 
                                |- ipsec-phase1 
                                |- ipsec-phase2 
                                |- dialup-tunnel 
                                |- firewall-policy 
                                |- firewall-address 
                                |- firewall-addrgrp 
                                |- custom-service 
                                |- service-group 
                                |- onetime-schedule 
                                |- recurring-schedule 
                                |- user 
                                |- user-group 
                                |- sslvpn 
                                |- proxy 
                                +- log-disk-quota 
             |- <virtual-wan-link> -- status 
                                   |- load-balance-mode 
                                   |- fail-detect 
                                   |- [fail-alert-interfaces] --*name  (65)
                                   |- [members] --*seq-num     (0,255)
                                                |- interface   (16)
                                                |- gateway 
                                                |- weight      (0,255)
                                                |- priority    (0,4294967295)
                                                |- spillover-threshold         (0,16776000)
                                                |- ingress-spillover-threshold         (0,16776000)
                                                |- volume-ratio        (0,255)
                                                +- status 
                                   |- [health-check] --*name   (36)
                                                     |- server         (64)
                                                     |- protocol 
                                                     |- port   (1,65535)
                                                     |- security-mode 
                                                     |- password 
                                                     |- packet-size    (64,1024)
                                                     |- http-get       (1025)
                                                     |- http-match     (1025)
                                                     |- interval       (1,3600)
                                                     |- timeout        (1,255)
                                                     |- failtime       (1,10)
                                                     |- recoverytime   (1,10)
                                                     |- update-cascade-interface 
                                                     |- update-static-route 
                                                     |- threshold-warning-packetloss   (0,100)
                                                     |- threshold-alert-packetloss     (0,100)
                                                     |- threshold-warning-latency      (0,4294967295)
                                                     |- threshold-alert-latency        (0,4294967295)
                                                     |- threshold-warning-jitter       (0,4294967295)
                                                     +- threshold-alert-jitter         (0,4294967295)
                                   +- [service] --*name        (36)
                                                |- mode 
                                                |- quality-link        (0,255)
                                                |- member      (0,4294967295)
                                                |- tos 
                                                |- tos-mask 
                                                |- protocol    (0,255)
                                                |- start-port  (0,65535)
                                                |- end-port    (0,65535)
                                                |- [dst] --*name       (65)
                                                |- [src] --*name       (65)
                                                |- [users] --*name     (65)
                                                |- [groups] --*name    (65)
                                                |- internet-service 
                                                |- [internet-service-custom] --*name   (65)
                                                |- [internet-service-id] --*id         (0,4294967295)
                                                |- health-check        (36)
                                                |- link-cost-factor 
                                                +- [priority-members] --*seq-num       (0,4294967295)
             |- <nst> -- status 
                      |- upstream-ip 
                      |- upstream-port         (1,65535)
                      |- listen-port   (1,65535)
                      |- group-name    (36)
                      +- group-password 
             |- [cluster-sync] --*sync-id      (0,4294967295)
                               |- peervd       (12)
                               |- peerip 
                               |- [syncvd] --*name     (65)
                               +- <session-sync-filter> -- srcintf     (16)
                                                        |- dstintf     (16)
                                                        |- srcaddr 
                                                        |- dstaddr 
                                                        |- srcaddr6 
                                                        |- dstaddr6 
                                                        +- [custom-service] --*id      (0,4294967295)
                                                                            |- src-port-range 
                                                                            +- dst-port-range 
             |- <fortiguard> -- port 
                             |- service-account-id     (51 xss)
                             |- load-balance-servers   (1,266)
                             |- auto-join-forticloud 
                             |- antispam-force-off 
                             |- antispam-cache 
                             |- antispam-cache-ttl     (0,4294967295)
                             |- antispam-cache-mpercent        (1,15)
                             |- antispam-license       (0,4294967295)
                             |- antispam-expiration    (0,4294967295)
                             |- antispam-timeout       (1,30)
                             |- avquery-force-off 
                             |- avquery-cache 
                             |- avquery-cache-ttl      (0,4294967295)
                             |- avquery-cache-mpercent         (0,4294967295)
                             |- avquery-license        (0,4294967295)
                             |- avquery-timeout        (0,4294967295)
                             |- webfilter-force-off 
                             |- webfilter-cache 
                             |- webfilter-cache-ttl    (0,4294967295)
                             |- webfilter-license      (0,4294967295)
                             |- webfilter-expiration   (0,4294967295)
                             |- webfilter-timeout      (1,30)
                             |- sdns-server-ip 
                             |- sdns-server-port       (0,4294967295)
                             |- source-ip 
                             |- source-ip6 
                             |- ddns-server-ip 
                             +- ddns-server-port       (0,4294967295)
             |- <arp> 
             |- <email-server> -- type 
                               |- reply-to     (64)
                               |- server       (64)
                               |- port         (0,4294967295)
                               |- source-ip 
                               |- source-ip6 
                               |- authenticate 
                               |- validate-server 
                               |- username     (36)
                               |- password 
                               +- security 
             |- <alarm> -- status 
                        |- audible 
                        |- sequence    (0,4294967295)
                        +- [groups] --*id      (0,4294967295)
                                    |- period  (0,4294967295)
                                    |- admin-auth-failure-threshold    (0,4294967295)
                                    |- admin-auth-lockout-threshold    (0,4294967295)
                                    |- user-auth-failure-threshold     (0,4294967295)
                                    |- user-auth-lockout-threshold     (0,4294967295)
                                    |- replay-attempt-threshold        (0,4294967295)
                                    |- self-test-failure-threshold     (0,1)
                                    |- log-full-warning-threshold      (0,4294967295)
                                    |- encryption-failure-threshold    (0,4294967295)
                                    |- decryption-failure-threshold    (0,4294967295)
                                    |- [fw-policy-violations] --*id    (0,4294967295)
                                                              |- threshold     (0,4294967295)
                                                              |- src-ip 
                                                              |- dst-ip 
                                                              |- src-port      (0,65535)
                                                              +- dst-port      (0,65535)
                                    |- fw-policy-id    (0,4294967295)
                                    +- fw-policy-id-threshold  (0,4294967295)
             |- [mac-address-table] --*mac 
                                    |- interface       (36)
                                    +- reply-substitute 
             |- [session-helper] --*id         (0,4294967295)
                                 |- name 
                                 |- protocol   (0,255)
                                 +- port       (1,65535)
             |- [proxy-arp] --*id      (0,4294967295)
                            |- interface       (16)
                            |- ip 
                            +- end-ip 
             |- <fips-cc> -- status 
                          |- entropy-token 
                          |- error-flag 
                          |- error-cause 
                          |- self-test-period  (1,1440)
                          +- key-generation-self-test 
             |- [tos-based-priority] --*id     (0,4294967295)
                                     |- tos    (0,15)
                                     +- priority 
             |- [dscp-based-priority] --*id    (0,4294967295)
                                      |- ds    (0,63)
                                      +- priority 
             |- <probe-response> -- port       (1,65535)
                                 |- http-probe-value   (1025)
                                 |- ttl-mode 
                                 |- mode 
                                 |- security-mode 
                                 |- password 
                                 +- timeout    (10,3600)
             |- [link-monitor] --*name         (36 xss)
                               |- srcintf      (16)
                               |- [server] --*address  (65)
                               |- protocol 
                               |- port         (1,65535)
                               |- gateway-ip 
                               |- source-ip 
                               |- http-get     (1025)
                               |- http-match   (1025)
                               |- interval     (1,3600)
                               |- timeout      (1,255)
                               |- failtime     (1,10)
                               |- recoverytime         (1,10)
                               |- security-mode 
                               |- password 
                               |- packet-size  (64,1024)
                               |- ha-priority  (1,50)
                               |- update-cascade-interface 
                               |- update-static-route 
                               +- status 
             |- <auto-install> -- auto-install-config 
                               |- auto-install-image 
                               |- default-config-file  (128)
                               +- default-image-file   (128)
             |- <console> -- mode 
                          |- baudrate 
                          |- output 
                          |- login 
                          +- fortiexplorer 
             |- <ntp> -- ntpsync 
                      |- type 
                      |- syncinterval  (1,1440)
                      |- [ntpserver] --*id     (0,4294967295)
                                     |- server         (64)
                                     |- ntpv3 
                                     |- authentication 
                                     |- key 
                                     +- key-id         (0,4294967295)
                      |- source-ip 
                      |- server-mode 
                      +- [interface] --*interface-name         (65)
             |- [wccp] --*service-id   (4)
                       |- router-id 
                       |- cache-id 
                       |- group-address 
                       |- server-list 
                       |- router-list 
                       |- ports-defined 
                       |- ports 
                       |- authentication 
                       |- password 
                       |- forward-method 
                       |- cache-engine-method 
                       |- service-type 
                       |- primary-hash 
                       |- priority     (0,255)
                       |- protocol     (0,255)
                       |- assignment-weight    (0,255)
                       |- assignment-bucket-format 
                       |- return-method 
                       +- assignment-method 
             |- <nat64> -- status 
                        |- nat64-prefix 
                        |- always-synthesize-aaaa-record 
                        +- generate-ipv6-fragment-header 
             |- [vdom-radius-server] --*name   (12)
                                     |- status 
                                     +- radius-server-vdom     (12)
             |- <startup-error-log> 
             |- source-ip -- <status> 
             |- auto-update -- <status> 
                            +- <versions> 
             |- session-info -- <list> 
                             |- <expectation> 
                             |- <full-stat> 
                             |- <statistics> 
                             +- <ttl> 
             |- session-helper-info -- <list> 
             |- ip-conflict -- <status> 
             |- [geoip-override] --*name       (64)
                                 |- description        (128)
                                 |- country-id         (3)
                                 +- [ip-range] --*id   (0,4294967295)
                                               |- start-ip 
                                               +- end-ip 
             +- <fortisandbox> -- status 
                               |- server 
                               |- source-ip 
                               |- enc-algorithm 
                               +- email        (64)
   |- wireless-controller -- <global> -- name  (36)
                                      |- location      (36)
                                      |- max-retransmit        (0,64)
                                      |- data-ethernet-II 
                                      |- mesh-eth-type         (0,4294967295)
                                      |- discovery-mc-addr 
                                      |- max-clients   (0,4294967295)
                                      |- rogue-scan-mac-adjacency      (0,31)
                                      |- ap-log-server 
                                      |- ap-log-server-ip 
                                      +- ap-log-server-port    (0,4294967295)
                          |- [vap] --*name     (16)
                                   |- vdom     (12)
                                   |- fast-roaming 
                                   |- external-fast-roaming 
                                   |- mesh-backhaul 
                                   |- max-clients      (0,4294967295)
                                   |- max-clients-ap   (0,4294967295)
                                   |- ssid     (33 xss)
                                   |- broadcast-ssid 
                                   |- security-obsolete-option 
                                   |- security 
                                   |- pmf 
                                   |- pmf-assoc-comeback-timeout       (1,20)
                                   |- pmf-sa-query-retry-timeout       (1,5)
                                   |- okc 
                                   |- tkip-counter-measure 
                                   |- external-web     (128)
                                   |- radius-mac-auth 
                                   |- radius-mac-auth-server   (36)
                                   |- auth 
                                   |- encrypt 
                                   |- keyindex         (1,4)
                                   |- key 
                                   |- passphrase 
                                   |- radius-server    (36)
                                   |- acct-interim-interval    (60,86400)
                                   |- [usergroup] --*name      (65)
                                   |- portal-message-override-group    (36)
                                   |- <portal-message-overrides> -- auth-disclaimer-page       (36)
                                                                 |- auth-reject-page   (36)
                                                                 |- auth-login-page    (36)
                                                                 +- auth-login-failed-page     (36)
                                   |- portal-type 
                                   |- [selected-usergroups] --*name    (65)
                                   |- security-exempt-list     (36)
                                   |- security-redirect-url    (128)
                                   |- intra-vap-privacy 
                                   |- schedule         (36)
                                   |- local-standalone 
                                   |- local-standalone-nat 
                                   |- ip 
                                   |- local-bridging 
                                   |- split-tunneling 
                                   |- local-authentication 
                                   |- local-switching 
                                   |- vlanid   (0,4094)
                                   |- vlan-auto 
                                   |- dynamic-vlan 
                                   |- alias    (26)
                                   |- multicast-rate 
                                   |- multicast-enhance 
                                   |- broadcast-suppression 
                                   |- me-disable-thresh        (2,256)
                                   |- probe-resp-suppression 
                                   |- probe-resp-threshold     (8)
                                   |- vlan-pooling 
                                   |- [vlan-pool] --*id        (0,4094)
                                                  +- wtp-group         (36)
                                   |- ptk-rekey 
                                   |- ptk-rekey-intv   (1800,864000)
                                   |- gtk-rekey 
                                   |- gtk-rekey-intv   (1800,864000)
                                   |- eap-reauth 
                                   |- eap-reauth-intv  (1800,864000)
                                   |- rates-11a 
                                   |- rates-11bg 
                                   |- rates-11n-ss12 
                                   |- rates-11n-ss34 
                                   |- rates-11ac-ss12 
                                   |- rates-11ac-ss34 
                                   |- mac-filter 
                                   |- mac-filter-policy-other 
                                   +- [mac-filter-list] --*id  (0,4294967295)
                                                        |- mac 
                                                        +- mac-filter-policy 
                          |- <timers> -- echo-interval         (1,255)
                                      |- discovery-interval    (2,180)
                                      |- client-idle-timeout   (0,4294967295)
                                      |- rogue-ap-log  (0,1440)
                                      |- fake-ap-log   (1,1440)
                                      |- darrp-optimize        (0,86400)
                                      |- darrp-day 
                                      |- [darrp-time] --*time  (6)
                                      |- sta-stats-interval    (1,255)
                                      |- vap-stats-interval    (1,255)
                                      |- radio-stats-interval  (1,255)
                                      |- sta-capability-interval       (1,255)
                                      +- sta-locate-timer      (0,86400)
                          |- <setting> -- account-id   (64)
                                       +- country 
                          |- [vap-group] --*name       (36)
                                         |- comment 
                                         +- [vaps] --*name     (36)
                          |- [wids-profile] --*name    (36)
                                            |- comment         (64)
                                            |- ap-scan 
                                            |- ap-bgscan-period        (60,3600)
                                            |- ap-bgscan-intv  (1,600)
                                            |- ap-bgscan-duration      (10,1000)
                                            |- ap-bgscan-idle  (0,1000)
                                            |- ap-bgscan-report-intv   (15,600)
                                            |- ap-bgscan-disable-day 
                                            |- ap-bgscan-disable-start 
                                            |- ap-bgscan-disable-end 
                                            |- ap-fgscan-report-intv   (15,600)
                                            |- ap-scan-passive 
                                            |- rogue-scan 
                                            |- ap-auto-suppress 
                                            |- wireless-bridge 
                                            |- deauth-broadcast 
                                            |- null-ssid-probe-resp 
                                            |- long-duration-attack 
                                            |- long-duration-thresh    (1000,32767)
                                            |- invalid-mac-oui 
                                            |- weak-wep-iv 
                                            |- auth-frame-flood 
                                            |- auth-flood-time         (5,120)
                                            |- auth-flood-thresh       (1,100)
                                            |- assoc-frame-flood 
                                            |- assoc-flood-time        (5,120)
                                            |- assoc-flood-thresh      (1,100)
                                            |- spoofed-deauth 
                                            |- asleap-attack 
                                            |- eapol-start-flood 
                                            |- eapol-start-thresh      (2,100)
                                            |- eapol-start-intv        (1,3600)
                                            |- eapol-logoff-flood 
                                            |- eapol-logoff-thresh     (2,100)
                                            |- eapol-logoff-intv       (1,3600)
                                            |- eapol-succ-flood 
                                            |- eapol-succ-thresh       (2,100)
                                            |- eapol-succ-intv         (1,3600)
                                            |- eapol-fail-flood 
                                            |- eapol-fail-thresh       (2,100)
                                            |- eapol-fail-intv         (1,3600)
                                            |- eapol-pre-succ-flood 
                                            |- eapol-pre-succ-thresh   (2,100)
                                            |- eapol-pre-succ-intv     (1,3600)
                                            |- eapol-pre-fail-flood 
                                            |- eapol-pre-fail-thresh   (2,100)
                                            |- eapol-pre-fail-intv     (1,3600)
                                            +- deauth-unknown-src-thresh       (0,65535)
                          |- [wtp-profile] --*name     (36)
                                           |- comment 
                                           |- <platform> -- type 
                                           |- wan-port-mode 
                                           |- <lan> -- port-mode 
                                                    |- port-ssid       (16)
                                                    |- port1-mode 
                                                    |- port1-ssid      (16)
                                                    |- port2-mode 
                                                    |- port2-ssid      (16)
                                                    |- port3-mode 
                                                    |- port3-ssid      (16)
                                                    |- port4-mode 
                                                    |- port4-ssid      (16)
                                                    |- port5-mode 
                                                    |- port5-ssid      (16)
                                                    |- port6-mode 
                                                    |- port6-ssid      (16)
                                                    |- port7-mode 
                                                    |- port7-ssid      (16)
                                                    |- port8-mode 
                                                    +- port8-ssid      (16)
                                           |- led-state 
                                           |- dtls-policy 
                                           |- dtls-in-kernel 
                                           |- max-clients      (0,4294967295)
                                           |- handoff-rssi     (20,30)
                                           |- handoff-sta-thresh       (5,35)
                                           |- handoff-roaming 
                                           |- [deny-mac-list] --*id    (0,4294967295)
                                                              +- mac 
                                           |- ap-country 
                                           |- ip-fragment-preventing 
                                           |- tun-mtu-uplink   (0,4294967295)
                                           |- tun-mtu-downlink         (0,4294967295)
                                           |- split-tunneling-acl-local-ap-subnet 
                                           |- [split-tunneling-acl] --*id      (0,4294967295)
                                                                    +- dest-ip 
                                           |- allowaccess 
                                           |- login-passwd-change 
                                           |- login-passwd 
                                           |- lldp 
                                           |- <radio-1> -- radio-id    (0,2)
                                                        |- mode 
                                                        |- band 
                                                        |- protection-mode 
                                                        |- powersave-optimize 
                                                        |- amsdu 
                                                        |- coexistence 
                                                        |- short-guard-interval 
                                                        |- channel-bonding 
                                                        |- auto-power-level 
                                                        |- auto-power-high     (0,4294967295)
                                                        |- auto-power-low      (0,4294967295)
                                                        |- power-level         (0,100)
                                                        |- dtim        (1,255)
                                                        |- beacon-interval     (0,4294967295)
                                                        |- rts-threshold       (256,2346)
                                                        |- frag-threshold      (800,2346)
                                                        |- ap-sniffer-bufsize  (1,32)
                                                        |- ap-sniffer-chan     (0,4294967295)
                                                        |- ap-sniffer-addr 
                                                        |- ap-sniffer-mgmt-beacon 
                                                        |- ap-sniffer-mgmt-probe 
                                                        |- ap-sniffer-mgmt-other 
                                                        |- ap-sniffer-ctl 
                                                        |- ap-sniffer-data 
                                                        |- spectrum-analysis 
                                                        |- wids-profile        (36)
                                                        |- darrp 
                                                        |- max-clients         (0,4294967295)
                                                        |- max-distance        (0,54000)
                                                        |- frequency-handoff 
                                                        |- ap-handoff 
                                                        |- vap-all 
                                                        |- [vaps] --*name      (36)
                                                        +- [channel] --*chan   (4)
                                           |- <radio-2> -- radio-id    (0,2)
                                                        |- mode 
                                                        |- band 
                                                        |- protection-mode 
                                                        |- powersave-optimize 
                                                        |- amsdu 
                                                        |- coexistence 
                                                        |- short-guard-interval 
                                                        |- channel-bonding 
                                                        |- auto-power-level 
                                                        |- auto-power-high     (0,4294967295)
                                                        |- auto-power-low      (0,4294967295)
                                                        |- power-level         (0,100)
                                                        |- dtim        (1,255)
                                                        |- beacon-interval     (0,4294967295)
                                                        |- rts-threshold       (256,2346)
                                                        |- frag-threshold      (800,2346)
                                                        |- ap-sniffer-bufsize  (1,32)
                                                        |- ap-sniffer-chan     (0,4294967295)
                                                        |- ap-sniffer-addr 
                                                        |- ap-sniffer-mgmt-beacon 
                                                        |- ap-sniffer-mgmt-probe 
                                                        |- ap-sniffer-mgmt-other 
                                                        |- ap-sniffer-ctl 
                                                        |- ap-sniffer-data 
                                                        |- spectrum-analysis 
                                                        |- wids-profile        (36)
                                                        |- darrp 
                                                        |- max-clients         (0,4294967295)
                                                        |- max-distance        (0,54000)
                                                        |- frequency-handoff 
                                                        |- ap-handoff 
                                                        |- vap-all 
                                                        |- [vaps] --*name      (36)
                                                        +- [channel] --*chan   (4)
                                           +- <lbs> -- ekahau-blink-mode 
                                                    |- ekahau-tag 
                                                    |- erc-server-ip 
                                                    |- erc-server-port         (1024,65535)
                                                    |- aeroscout 
                                                    |- aeroscout-server-ip 
                                                    |- aeroscout-server-port   (1024,65535)
                                                    |- aeroscout-mu-factor     (0,4294967295)
                                                    |- aeroscout-mu-timeout    (0,4294967295)
                                                    |- fortipresence 
                                                    |- fortipresence-server 
                                                    |- fortipresence-port      (300,65535)
                                                    |- fortipresence-secret 
                                                    |- fortipresence-project   (17)
                                                    |- fortipresence-frequency         (5,65535)
                                                    |- fortipresence-rogue 
                                                    |- fortipresence-unassoc 
                                                    +- station-locate 
                          |- [wtp] --*wtp-id   (36)
                                   |- index    (0,4294967295)
                                   |- admin 
                                   |- name     (36)
                                   |- location         (36)
                                   |- wtp-mode 
                                   |- wtp-profile      (36)
                                   |- override-led-state 
                                   |- led-state 
                                   |- override-wan-port-mode 
                                   |- wan-port-mode 
                                   |- override-ip-fragment 
                                   |- ip-fragment-preventing 
                                   |- tun-mtu-uplink   (0,4294967295)
                                   |- tun-mtu-downlink         (0,4294967295)
                                   |- override-split-tunnel 
                                   |- split-tunneling-acl-local-ap-subnet 
                                   |- [split-tunneling-acl] --*id      (0,4294967295)
                                                            +- dest-ip 
                                   |- override-lan 
                                   |- <lan> -- port-mode 
                                            |- port-ssid       (16)
                                            |- port1-mode 
                                            |- port1-ssid      (16)
                                            |- port2-mode 
                                            |- port2-ssid      (16)
                                            |- port3-mode 
                                            |- port3-ssid      (16)
                                            |- port4-mode 
                                            |- port4-ssid      (16)
                                            |- port5-mode 
                                            |- port5-ssid      (16)
                                            |- port6-mode 
                                            |- port6-ssid      (16)
                                            |- port7-mode 
                                            |- port7-ssid      (16)
                                            |- port8-mode 
                                            +- port8-ssid      (16)
                                   |- override-allowaccess 
                                   |- allowaccess 
                                   |- override-login-passwd-change 
                                   |- login-passwd-change 
                                   |- login-passwd 
                                   |- <radio-1> -- radio-id    (0,2)
                                                |- override-band 
                                                |- band 
                                                |- override-analysis 
                                                |- spectrum-analysis 
                                                |- override-txpower 
                                                |- auto-power-level 
                                                |- auto-power-high     (0,4294967295)
                                                |- auto-power-low      (0,4294967295)
                                                |- power-level         (0,100)
                                                |- override-vaps 
                                                |- vap-all 
                                                |- [vaps] --*name      (36)
                                                |- override-channel 
                                                +- [channel] --*chan   (4)
                                   |- <radio-2> -- radio-id    (0,2)
                                                |- override-band 
                                                |- band 
                                                |- override-analysis 
                                                |- spectrum-analysis 
                                                |- override-txpower 
                                                |- auto-power-level 
                                                |- auto-power-high     (0,4294967295)
                                                |- auto-power-low      (0,4294967295)
                                                |- power-level         (0,100)
                                                |- override-vaps 
                                                |- vap-all 
                                                |- [vaps] --*name      (36)
                                                |- override-channel 
                                                +- [channel] --*chan   (4)
                                   |- image-download 
                                   |- mesh-bridge-enable 
                                   |- coordinate-enable 
                                   |- coordinate-x     (16)
                                   +- coordinate-y     (16)
                          |- [wtp-group] --*name       (36)
                                         |- platform-type 
                                         +- [wtp-list] --*wtp-id       (36)
                          |- <scan> 
                          |- [ap-status] --*id         (0,4294967295)
                                         |- bssid 
                                         |- ssid       (33 xss)
                                         +- status 
                          |- <wlchanlistlic> 
                          |- <status> -- [1|2]         (0)
                          |- <wtp-status> -- <wtp-id>  (0)
                          |- <client-info> -- <vfid> -- <intf> -- <ip>         (0)
                          |- <vap-status> -- [1]       (0)
                          |- <rf-analysis> -- <wtp-id>         (0)
                          +- <spectral-info> -- [wtp-id] -- <radio-id>         (0)
   |- extender-controller -- [extender] --*id  (20)
                                        |- admin 
                                        |- ifname      (16)
                                        |- vdom        (0,4294967295)
                                        |- role 
                                        |- mode 
                                        |- dial-mode 
                                        |- redial 
                                        |- redundant-intf      (16)
                                        |- dial-status         (0,4294967295)
                                        |- conn-status         (0,4294967295)
                                        |- ext-name    (32)
                                        |- description         (32)
                                        |- quota-limit-mb      (0,10485760)
                                        |- billing-start-day   (1,28)
                                        |- at-dial-script      (128 xss)
                                        |- modem-passwd 
                                        |- initiated-update 
                                        |- modem-type 
                                        |- ppp-username        (32)
                                        |- ppp-password 
                                        |- ppp-auth-protocol 
                                        |- ppp-echo-request 
                                        |- wimax-carrier       (32)
                                        |- wimax-realm         (32)
                                        |- wimax-auth-protocol 
                                        |- sim-pin 
                                        |- access-point-name   (32)
                                        |- multi-mode 
                                        |- roaming 
                                        |- cdma-nai    (32)
                                        |- aaa-shared-secret 
                                        |- ha-shared-secret 
                                        |- primary-ha  (32)
                                        |- secondary-ha        (32)
                                        |- cdma-aaa-spi        (32)
                                        +- cdma-ha-spi         (32)
   |- ipsec -- <tunnel> 
   |- firewall -- [address] --*name    (64)
                            |- uuid 
                            |- subnet 
                            |- type 
                            |- start-ip 
                            |- end-ip 
                            |- fqdn    (256)
                            |- country         (3)
                            |- wildcard-fqdn   (256)
                            |- cache-ttl       (0,86400)
                            |- wildcard 
                            |- comment 
                            |- visibility 
                            |- associated-interface    (36)
                            |- color   (0,32)
                            |- [tags] --*name  (65)
                            +- allow-routing 
               |- [multicast-address] --*name  (64)
                                      |- type 
                                      |- subnet 
                                      |- start-ip 
                                      |- end-ip 
                                      |- comment 
                                      |- visibility 
                                      |- associated-interface  (36)
                                      |- color         (0,32)
                                      +- [tags] --*name        (65)
               |- [address6] --*name   (64)
                             |- uuid 
                             |- type 
                             |- ip6 
                             |- start-ip 
                             |- end-ip 
                             |- visibility 
                             |- color  (0,32)
                             |- [tags] --*name         (65)
                             +- comment 
               |- [multicast-address6] --*name         (140)
                                       |- ip6 
                                       |- comment 
                                       |- visibility 
                                       |- color        (0,32)
                                       +- [tags] --*name       (65)
               |- [addrgrp] --*name    (64)
                            |- uuid 
                            |- [member] --*name        (65)
                            |- comment 
                            |- visibility 
                            |- color   (0,32)
                            |- [tags] --*name  (65)
                            +- allow-routing 
               |- [addrgrp6] --*name   (64)
                             |- uuid 
                             |- visibility 
                             |- color  (0,32)
                             |- comment 
                             |- [member] --*name       (65)
                             +- [tags] --*name         (65)
               |- service -- [category] --*name        (64)
                                        +- comment 
                          |- [custom] --*name  (64)
                                      |- explicit-proxy 
                                      |- category      (64)
                                      |- protocol 
                                      |- iprange 
                                      |- fqdn  (256)
                                      |- protocol-number       (0,4294967295)
                                      |- icmptype      (0,4294967295)
                                      |- icmpcode      (0,4294967295)
                                      |- tcp-portrange 
                                      |- udp-portrange 
                                      |- sctp-portrange 
                                      |- tcp-halfclose-timer   (0,86400)
                                      |- tcp-halfopen-timer    (0,86400)
                                      |- tcp-timewait-timer    (0,300)
                                      |- udp-idle-timer        (0,86400)
                                      |- session-ttl   (0,4294967295)
                                      |- check-reset-range 
                                      |- comment 
                                      |- color         (0,32)
                                      +- visibility 
                          +- [group] --*name   (36)
                                     |- [member] --*name       (65)
                                     |- explicit-proxy 
                                     |- comment 
                                     +- color  (0,32)
               |- shaper -- [traffic-shaper] --*name   (36)
                                             |- guaranteed-bandwidth   (0,16776000)
                                             |- maximum-bandwidth      (0,16776000)
                                             |- bandwidth-unit 
                                             |- priority 
                                             |- per-policy 
                                             |- diffserv 
                                             +- diffservcode 
                         |- [per-ip-shaper] --*name    (36)
                                            |- max-bandwidth   (0,16776000)
                                            |- bandwidth-unit 
                                            |- max-concurrent-session  (0,2097000)
                                            |- diffserv-forward 
                                            |- diffserv-reverse 
                                            |- diffservcode-forward 
                                            +- diffservcode-rev 
                         |- <traffic> 
                         +- <per-ip> 
               |- schedule -- [onetime] --*name        (32)
                                        |- start 
                                        |- end 
                                        |- color       (0,32)
                                        +- expiration-days     (0,100)
                           |- [recurring] --*name      (32)
                                          |- start 
                                          |- end 
                                          |- day 
                                          +- color     (0,32)
                           +- [group] --*name  (32)
                                      |- [member] --*name      (65)
                                      +- color         (0,32)
               |- [ippool] --*name     (36)
                           |- type 
                           |- startip 
                           |- endip 
                           |- source-startip 
                           |- source-endip 
                           |- block-size       (64,4096)
                           |- num-blocks-per-user      (1,128)
                           |- permit-any-host 
                           |- arp-reply 
                           |- arp-intf         (16)
                           +- comments 
               |- [ippool6] --*name    (36)
                            |- startip 
                            |- endip 
                            +- comments 
               |- [ldb-monitor] --*name        (36)
                                |- type 
                                |- interval    (5,65535)
                                |- timeout     (1,255)
                                |- retry       (1,255)
                                |- port        (0,65535)
                                |- http-get    (256)
                                |- http-match  (256)
                                +- http-max-redirects  (0,5)
               |- [vip] --*name        (64)
                        |- id  (0,65535)
                        |- uuid 
                        |- comment 
                        |- type 
                        |- dns-mapping-ttl     (0,604800)
                        |- ldb-method 
                        |- [src-filter] --*range       (65)
                        |- extip 
                        |- [mappedip] --*range         (65)
                        |- mapped-addr         (64)
                        |- extintf     (36)
                        |- arp-reply 
                        |- server-type 
                        |- persistence 
                        |- nat-source-vip 
                        |- portforward 
                        |- protocol 
                        |- extport 
                        |- mappedport 
                        |- gratuitous-arp-interval     (0,4294967295)
                        |- [srcintf-filter] --*interface-name  (65)
                        |- portmapping-type 
                        |- [realservers] --*id         (0,4294967295)
                                         |- ip 
                                         |- port       (1,65535)
                                         |- status 
                                         |- weight     (1,255)
                                         |- holddown-interval  (0,4294967295)
                                         |- healthcheck 
                                         |- http-host  (64)
                                         |- max-connections    (0,2147483647)
                                         |- monitor    (65)
                                         +- client-ip 
                        |- http-cookie-domain-from-host 
                        |- http-cookie-domain  (36)
                        |- http-cookie-path    (36)
                        |- http-cookie-generation      (0,4294967295)
                        |- http-cookie-age     (0,525600)
                        |- http-cookie-share 
                        |- http-multiplex 
                        |- http-ip-header 
                        |- http-ip-header-name         (36)
                        |- outlook-web-access 
                        |- weblogic-server 
                        |- websphere-server 
                        |- monitor     (65)
                        |- max-embryonic-connections   (0,100000)
                        +- color       (0,32)
               |- [vip46] --*name      (64)
                          |- id        (0,65535)
                          |- uuid 
                          |- comment 
                          |- [src-filter] --*range     (80)
                          |- extip 
                          |- mappedip 
                          |- arp-reply 
                          |- portforward 
                          |- protocol 
                          |- extport 
                          |- mappedport 
                          +- color     (0,32)
               |- [vip6] --*name       (64)
                         |- id         (0,65535)
                         |- uuid 
                         |- comment 
                         |- type 
                         |- [src-filter] --*range      (80)
                         |- extip 
                         |- mappedip 
                         |- arp-reply 
                         |- portforward 
                         |- protocol 
                         |- extport 
                         |- mappedport 
                         +- color      (0,32)
               |- [vip64] --*name      (64)
                          |- id        (0,65535)
                          |- uuid 
                          |- comment 
                          |- [src-filter] --*range     (80)
                          |- extip 
                          |- mappedip 
                          |- arp-reply 
                          |- portforward 
                          |- protocol 
                          |- extport 
                          |- mappedport 
                          +- color     (0,32)
               |- [vipgrp] --*name     (64)
                           |- uuid 
                           |- interface        (36)
                           |- color    (0,32)
                           |- comments 
                           +- [member] --*name         (65)
               |- [vipgrp46] --*name   (64)
                             |- uuid 
                             |- color  (0,32)
                             |- comments 
                             +- [member] --*name       (65)
               |- [vipgrp6] --*name    (64)
                            |- uuid 
                            |- color   (0,32)
                            |- comments 
                            +- [member] --*name        (65)
               |- [vipgrp64] --*name   (64)
                             |- uuid 
                             |- color  (0,32)
                             |- comments 
                             +- [member] --*name       (65)
               |- ipmacbinding -- <setting> -- bindthroughfw 
                                            |- bindtofw 
                                            +- undefinedhost 
                               +- [table] --*seq-num   (0,4294967295)
                                          |- ip 
                                          |- mac 
                                          |- name      (36)
                                          +- status 
               |- [profile-protocol-options] --*name   (36)
                                             |- comment 
                                             |- replacemsg-group       (36)
                                             |- oversize-log 
                                             |- switching-protocols-log 
                                             |- <http> -- ports        (1,65535)
                                                       |- status 
                                                       |- inspect-all 
                                                       |- options 
                                                       |- comfort-interval     (1,900)
                                                       |- comfort-amount       (1,10240)
                                                       |- range-block 
                                                       |- post-lang 
                                                       |- fortinet-bar 
                                                       |- fortinet-bar-port    (0,4294967295)
                                                       |- streaming-content-bypass 
                                                       |- switching-protocols 
                                                       |- oversize-limit       (1,183)
                                                       |- uncompressed-oversize-limit  (0,183)
                                                       |- uncompressed-nest-limit      (2,100)
                                                       |- scan-bzip2 
                                                       |- block-page-status-code       (100,599)
                                                       +- retry-count  (0,100)
                                             |- <ftp> -- ports         (1,65535)
                                                      |- status 
                                                      |- inspect-all 
                                                      |- options 
                                                      |- comfort-interval      (1,900)
                                                      |- comfort-amount        (1,10240)
                                                      |- oversize-limit        (1,183)
                                                      |- uncompressed-oversize-limit   (0,183)
                                                      |- uncompressed-nest-limit       (2,100)
                                                      +- scan-bzip2 
                                             |- <imap> -- ports        (1,65535)
                                                       |- status 
                                                       |- inspect-all 
                                                       |- options 
                                                       |- oversize-limit       (1,183)
                                                       |- uncompressed-oversize-limit  (0,183)
                                                       |- uncompressed-nest-limit      (2,100)
                                                       +- scan-bzip2 
                                             |- <mapi> -- ports        (1,65535)
                                                       |- status 
                                                       |- options 
                                                       |- oversize-limit       (1,183)
                                                       |- uncompressed-oversize-limit  (0,183)
                                                       |- uncompressed-nest-limit      (2,100)
                                                       +- scan-bzip2 
                                             |- <pop3> -- ports        (1,65535)
                                                       |- status 
                                                       |- inspect-all 
                                                       |- options 
                                                       |- oversize-limit       (1,183)
                                                       |- uncompressed-oversize-limit  (0,183)
                                                       |- uncompressed-nest-limit      (2,100)
                                                       +- scan-bzip2 
                                             |- <smtp> -- ports        (1,65535)
                                                       |- status 
                                                       |- inspect-all 
                                                       |- options 
                                                       |- oversize-limit       (1,183)
                                                       |- uncompressed-oversize-limit  (0,183)
                                                       |- uncompressed-nest-limit      (2,100)
                                                       |- scan-bzip2 
                                                       +- server-busy 
                                             |- <nntp> -- ports        (1,65535)
                                                       |- status 
                                                       |- inspect-all 
                                                       |- options 
                                                       |- oversize-limit       (1,183)
                                                       |- uncompressed-oversize-limit  (0,183)
                                                       |- uncompressed-nest-limit      (2,100)
                                                       +- scan-bzip2 
                                             |- <dns> -- ports         (1,65535)
                                                      +- status 
                                             |- <mail-signature> -- status 
                                                                 +- signature  (1024 xss)
                                             +- rpc-over-http 
               |- [ssl-ssh-profile] --*name    (36)
                                    |- comment 
                                    |- <ssl> -- inspect-all 
                                             |- client-cert-request 
                                             |- unsupported-ssl 
                                             |- allow-invalid-server-cert 
                                             +- untrusted-cert 
                                    |- <https> -- ports        (1,65535)
                                               |- status 
                                               |- client-cert-request 
                                               |- unsupported-ssl 
                                               |- allow-invalid-server-cert 
                                               +- untrusted-cert 
                                    |- <ftps> -- ports         (1,65535)
                                              |- status 
                                              |- client-cert-request 
                                              |- unsupported-ssl 
                                              |- allow-invalid-server-cert 
                                              +- untrusted-cert 
                                    |- <imaps> -- ports        (1,65535)
                                               |- status 
                                               |- client-cert-request 
                                               |- unsupported-ssl 
                                               |- allow-invalid-server-cert 
                                               +- untrusted-cert 
                                    |- <pop3s> -- ports        (1,65535)
                                               |- status 
                                               |- client-cert-request 
                                               |- unsupported-ssl 
                                               |- allow-invalid-server-cert 
                                               +- untrusted-cert 
                                    |- <smtps> -- ports        (1,65535)
                                               |- status 
                                               |- client-cert-request 
                                               |- unsupported-ssl 
                                               |- allow-invalid-server-cert 
                                               +- untrusted-cert 
                                    |- whitelist 
                                    |- [ssl-exempt] --*id      (0,4294967295)
                                                    |- type 
                                                    |- fortiguard-category     (0,4294967295)
                                                    |- address         (64)
                                                    +- address6        (64)
                                    |- server-cert-mode 
                                    |- use-ssl-server 
                                    |- caname  (36)
                                    |- untrusted-caname        (36)
                                    |- certname        (36)
                                    |- server-cert     (36)
                                    |- [ssl-server] --*id      (0,4294967295)
                                                    |- ip 
                                                    |- https-client-cert-request 
                                                    |- smtps-client-cert-request 
                                                    |- pop3s-client-cert-request 
                                                    |- imaps-client-cert-request 
                                                    |- ftps-client-cert-request 
                                                    +- ssl-other-client-cert-request 
                                    |- ssl-invalid-server-cert-log 
                                    +- rpc-over-https 
               |- [profile-group] --*name      (36)
                                  |- av-profile        (36)
                                  |- webfilter-profile         (36)
                                  |- dnsfilter-profile         (36)
                                  |- spamfilter-profile        (36)
                                  |- dlp-sensor        (36)
                                  |- ips-sensor        (36)
                                  |- application-list  (36)
                                  |- casi-profile      (36)
                                  |- voip-profile      (36)
                                  |- icap-profile      (36)
                                  |- waf-profile       (36)
                                  |- profile-protocol-options  (36)
                                  +- ssl-ssh-profile   (36)
               |- [ssl-server] --*name         (36)
                               |- ip 
                               |- port         (1,65535)
                               |- ssl-mode 
                               |- add-header-x-forwarded-proto 
                               |- mapped-port  (1,65535)
                               |- ssl-cert     (36)
                               |- ssl-dh-bits 
                               |- ssl-algorithm 
                               |- ssl-client-renegotiation 
                               |- ssl-min-version 
                               |- ssl-max-version 
                               |- ssl-send-empty-frags 
                               +- url-rewrite 
               |- [identity-based-route] --*name       (36)
                                         |- comments   (128 xss)
                                         +- [rule] --*id       (0,4294967295)
                                                   |- gateway 
                                                   |- device   (36)
                                                   +- [groups] --*name         (65)
               |- <auth-portal> -- [groups] --*name    (65)
                                |- portal-addr         (64)
                                |- portal-addr6        (64)
                                +- identity-based-route        (36)
               |- [policy] --*policyid         (0,4294967294)
                           |- name     (36 xss)
                           |- uuid 
                           |- [srcintf] --*name        (65)
                           |- [dstintf] --*name        (65)
                           |- [srcaddr] --*name        (65)
                           |- [dstaddr] --*name        (65)
                           |- rtp-nat 
                           |- [rtp-addr] --*name       (65)
                           |- action 
                           |- send-deny-packet 
                           |- firewall-session-dirty 
                           |- status 
                           |- schedule         (36)
                           |- schedule-timeout 
                           |- [service] --*name        (65)
                           |- utm-status 
                           |- profile-type 
                           |- profile-group    (36)
                           |- av-profile       (36)
                           |- webfilter-profile        (36)
                           |- dnsfilter-profile        (36)
                           |- spamfilter-profile       (36)
                           |- dlp-sensor       (36)
                           |- ips-sensor       (36)
                           |- application-list         (36)
                           |- casi-profile     (36)
                           |- voip-profile     (36)
                           |- icap-profile     (36)
                           |- waf-profile      (36)
                           |- profile-protocol-options         (36)
                           |- ssl-ssh-profile  (36)
                           |- logtraffic 
                           |- logtraffic-start 
                           |- capture-packet 
                           |- auto-asic-offload 
                           |- wanopt 
                           |- wanopt-detection 
                           |- wanopt-passive-opt 
                           |- wanopt-profile   (36)
                           |- wanopt-peer      (36)
                           |- webcache 
                           |- webcache-https 
                           |- traffic-shaper   (36)
                           |- traffic-shaper-reverse   (36)
                           |- per-ip-shaper    (36)
                           |- nat 
                           |- permit-any-host 
                           |- permit-stun-host 
                           |- fixedport 
                           |- ippool 
                           |- [poolname] --*name       (65)
                           |- session-ttl      (0,4294967295)
                           |- vlan-cos-fwd     (0,4294967295)
                           |- vlan-cos-rev     (0,4294967295)
                           |- inbound 
                           |- outbound 
                           |- natinbound 
                           |- natoutbound 
                           |- wccp 
                           |- ntlm 
                           |- ntlm-guest 
                           |- [ntlm-enabled-browsers] --*user-agent-string     (65)
                           |- fsso 
                           |- wsso 
                           |- rsso 
                           |- fsso-agent-for-ntlm      (36)
                           |- [groups] --*name         (65)
                           |- [users] --*name  (65)
                           |- [devices] --*name        (36)
                           |- auth-path 
                           |- disclaimer 
                           |- vpntunnel        (36)
                           |- natip 
                           |- match-vip 
                           |- diffserv-forward 
                           |- diffserv-reverse 
                           |- diffservcode-forward 
                           |- diffservcode-rev 
                           |- tcp-mss-sender   (0,65535)
                           |- tcp-mss-receiver         (0,65535)
                           |- comments 
                           |- label    (64 xss)
                           |- global-label     (64 xss)
                           |- auth-cert        (36)
                           |- auth-redirect-addr       (64)
                           |- redirect-url     (256)
                           |- identity-based-route     (36)
                           |- block-notification 
                           |- [custom-log-fields] --*field_id  (36)
                           |- [tags] --*name   (65)
                           |- replacemsg-override-group        (36)
                           |- srcaddr-negate 
                           |- dstaddr-negate 
                           |- service-negate 
                           |- timeout-send-rst 
                           |- captive-portal-exempt 
                           |- ssl-mirror 
                           |- [ssl-mirror-intf] --*name        (65)
                           |- scan-botnet-connections 
                           +- dsri 
               |- [shaping-policy] --*id       (0,4294967295)
                                   |- status 
                                   |- ip-version 
                                   |- [srcaddr] --*name        (65)
                                   |- [dstaddr] --*name        (65)
                                   |- [srcaddr6] --*name       (65)
                                   |- [dstaddr6] --*name       (65)
                                   |- [service] --*name        (65)
                                   |- [users] --*name  (65)
                                   |- [groups] --*name         (65)
                                   |- [application] --*id      (0,4294967295)
                                   |- [app-category] --*id     (0,4294967295)
                                   |- [url-category] --*id     (0,4294967295)
                                   |- [dstintf] --*name        (65)
                                   |- traffic-shaper   (36)
                                   |- traffic-shaper-reverse   (36)
                                   +- per-ip-shaper    (36)
               |- [local-in-policy] --*policyid        (0,4294967295)
                                    |- ha-mgmt-intf-only 
                                    |- intf    (36)
                                    |- [srcaddr] --*name       (65)
                                    |- [dstaddr] --*name       (65)
                                    |- action 
                                    |- [service] --*name       (65)
                                    |- schedule        (36)
                                    |- auto-asic-offload 
                                    +- status 
               |- [policy6] --*policyid        (0,4294967294)
                            |- name    (36 xss)
                            |- uuid 
                            |- [srcintf] --*name       (65)
                            |- [dstintf] --*name       (65)
                            |- [srcaddr] --*name       (65)
                            |- [dstaddr] --*name       (65)
                            |- action 
                            |- firewall-session-dirty 
                            |- status 
                            |- vlan-cos-fwd    (0,4294967295)
                            |- vlan-cos-rev    (0,4294967295)
                            |- schedule        (36)
                            |- [service] --*name       (65)
                            |- utm-status 
                            |- profile-type 
                            |- profile-group   (36)
                            |- av-profile      (36)
                            |- webfilter-profile       (36)
                            |- spamfilter-profile      (36)
                            |- dlp-sensor      (36)
                            |- ips-sensor      (36)
                            |- application-list        (36)
                            |- casi-profile    (36)
                            |- voip-profile    (36)
                            |- icap-profile    (36)
                            |- profile-protocol-options        (36)
                            |- ssl-ssh-profile         (36)
                            |- logtraffic 
                            |- logtraffic-start 
                            |- auto-asic-offload 
                            |- traffic-shaper  (36)
                            |- traffic-shaper-reverse  (36)
                            |- per-ip-shaper   (36)
                            |- nat 
                            |- fixedport 
                            |- ippool 
                            |- [poolname] --*name      (65)
                            |- inbound 
                            |- outbound 
                            |- natinbound 
                            |- natoutbound 
                            |- send-deny-packet 
                            |- vpntunnel       (36)
                            |- diffserv-forward 
                            |- diffserv-reverse 
                            |- diffservcode-forward 
                            |- diffservcode-rev 
                            |- tcp-mss-sender  (0,65535)
                            |- tcp-mss-receiver        (0,65535)
                            |- comments 
                            |- label   (64 xss)
                            |- global-label    (64 xss)
                            |- rsso 
                            |- [tags] --*name  (65)
                            |- replacemsg-override-group       (36)
                            |- srcaddr-negate 
                            |- dstaddr-negate 
                            |- service-negate 
                            |- [groups] --*name        (65)
                            |- [users] --*name         (65)
                            |- [devices] --*name       (36)
                            |- timeout-send-rst 
                            |- ssl-mirror 
                            |- [ssl-mirror-intf] --*name       (65)
                            +- dsri 
               |- [local-in-policy6] --*policyid       (0,4294967295)
                                     |- intf   (36)
                                     |- [srcaddr] --*name      (65)
                                     |- [dstaddr] --*name      (65)
                                     |- action 
                                     |- [service] --*name      (65)
                                     |- schedule       (36)
                                     +- status 
               |- [ttl-policy] --*id   (0,4294967295)
                               |- status 
                               |- action 
                               |- srcintf      (36)
                               |- [srcaddr] --*name    (65)
                               |- [service] --*name    (65)
                               |- schedule     (36)
                               +- ttl 
               |- [policy64] --*policyid       (0,4294967295)
                             |- uuid 
                             |- srcintf        (36)
                             |- dstintf        (36)
                             |- [srcaddr] --*name      (65)
                             |- [dstaddr] --*name      (65)
                             |- action 
                             |- status 
                             |- schedule       (36)
                             |- [service] --*name      (65)
                             |- logtraffic 
                             |- permit-any-host 
                             |- traffic-shaper         (36)
                             |- traffic-shaper-reverse         (36)
                             |- per-ip-shaper  (36)
                             |- fixedport 
                             |- ippool 
                             |- [poolname] --*name     (65)
                             |- tcp-mss-sender         (0,4294967295)
                             |- tcp-mss-receiver       (0,4294967295)
                             |- comments 
                             +- [tags] --*name         (65)
               |- [policy46] -- permit-any-host 
                             |-*policyid       (0,4294967295)
                             |- uuid 
                             |- srcintf        (36)
                             |- dstintf        (36)
                             |- [srcaddr] --*name      (65)
                             |- [dstaddr] --*name      (65)
                             |- action 
                             |- status 
                             |- schedule       (36)
                             |- [service] --*name      (65)
                             |- logtraffic 
                             |- traffic-shaper         (36)
                             |- traffic-shaper-reverse         (36)
                             |- per-ip-shaper  (36)
                             |- fixedport 
                             |- tcp-mss-sender         (0,4294967295)
                             |- tcp-mss-receiver       (0,4294967295)
                             |- comments 
                             +- [tags] --*name         (65)
               |- [explicit-proxy-address] --*name     (36)
                                           |- uuid 
                                           |- type 
                                           |- host     (36)
                                           |- host-regex       (256 xss)
                                           |- path     (256 xss)
                                           |- [category] --*id         (0,4294967295)
                                           |- method 
                                           |- ua 
                                           |- header-name      (80)
                                           |- header   (256 xss)
                                           |- case-sensitivity 
                                           |- [header-group] --*id     (0,4294967295)
                                                             |- header-name    (80)
                                                             |- header         (256 xss)
                                                             +- case-sensitivity 
                                           |- color    (0,32)
                                           |- [tags] --*name   (65)
                                           |- comment 
                                           +- visibility 
               |- [explicit-proxy-addrgrp] --*name     (64)
                                           |- type 
                                           |- uuid 
                                           |- [member] --*name         (65)
                                           |- color    (0,32)
                                           |- [tags] --*name   (65)
                                           |- comment 
                                           +- visibility 
               |- [explicit-proxy-policy] -- uuid 
                                          |-*policyid  (0,4294967295)
                                          |- proxy 
                                          |- [dstintf] --*name         (65)
                                          |- [srcaddr] --*name         (65)
                                          |- [dstaddr] --*name         (65)
                                          |- [service] --*name         (65)
                                          |- srcaddr-negate 
                                          |- dstaddr-negate 
                                          |- service-negate 
                                          |- action 
                                          |- status 
                                          |- schedule  (36)
                                          |- logtraffic 
                                          |- [srcaddr6] --*name        (65)
                                          |- [dstaddr6] --*name        (65)
                                          |- identity-based 
                                          |- ip-based 
                                          |- active-auth-method 
                                          |- sso-auth-method 
                                          |- require-tfa 
                                          |- web-auth-cookie 
                                          |- transaction-based 
                                          |- [identity-based-policy] --*id     (0,4294967295)
                                                                     |- schedule       (36)
                                                                     |- logtraffic 
                                                                     |- logtraffic-start 
                                                                     |- scan-botnet-connections 
                                                                     |- utm-status 
                                                                     |- profile-type 
                                                                     |- profile-group  (36)
                                                                     |- av-profile     (36)
                                                                     |- webfilter-profile      (36)
                                                                     |- spamfilter-profile     (36)
                                                                     |- dlp-sensor     (36)
                                                                     |- ips-sensor     (36)
                                                                     |- application-list       (36)
                                                                     |- casi-profile   (36)
                                                                     |- icap-profile   (36)
                                                                     |- waf-profile    (36)
                                                                     |- profile-protocol-options       (36)
                                                                     |- ssl-ssh-profile        (36)
                                                                     |- [groups] --*name       (65)
                                                                     |- [users] --*name        (65)
                                                                     |- disclaimer 
                                                                     +- replacemsg-override-group      (36)
                                          |- webproxy-forward-server   (64)
                                          |- webproxy-profile  (64)
                                          |- transparent 
                                          |- webcache 
                                          |- webcache-https 
                                          |- disclaimer 
                                          |- utm-status 
                                          |- profile-type 
                                          |- profile-group     (36)
                                          |- av-profile        (36)
                                          |- webfilter-profile         (36)
                                          |- spamfilter-profile        (36)
                                          |- dlp-sensor        (36)
                                          |- ips-sensor        (36)
                                          |- application-list  (36)
                                          |- casi-profile      (36)
                                          |- icap-profile      (36)
                                          |- waf-profile       (36)
                                          |- profile-protocol-options  (36)
                                          |- ssl-ssh-profile   (36)
                                          |- replacemsg-override-group         (36)
                                          |- logtraffic-start 
                                          |- [tags] --*name    (65)
                                          |- label     (64 xss)
                                          |- global-label      (64 xss)
                                          |- scan-botnet-connections 
                                          +- comments 
               |- [dnstranslation] --*id       (0,4294967295)
                                   |- src 
                                   |- dst 
                                   +- netmask 
               |- [multicast-policy] --*id     (0,4294967295)
                                     |- status 
                                     |- logtraffic 
                                     |- srcintf        (36)
                                     |- dstintf        (36)
                                     |- [srcaddr] --*name      (65)
                                     |- [dstaddr] --*name      (65)
                                     |- snat 
                                     |- snat-ip 
                                     |- dnat 
                                     |- action 
                                     |- protocol       (0,4294967295)
                                     |- start-port     (0,65535)
                                     |- end-port       (0,65535)
                                     +- auto-asic-offload 
               |- [multicast-policy6] --*id    (0,4294967295)
                                      |- status 
                                      |- logtraffic 
                                      |- srcintf       (36)
                                      |- dstintf       (36)
                                      |- [srcaddr] --*name     (80)
                                      |- [dstaddr] --*name     (80)
                                      |- action 
                                      |- protocol      (0,4294967295)
                                      |- start-port    (0,65535)
                                      |- end-port      (0,65535)
                                      +- auto-asic-offload 
               |- [interface-policy] --*policyid       (0,4294967295)
                                     |- status 
                                     |- logtraffic 
                                     |- address-type 
                                     |- interface      (36)
                                     |- [srcaddr] --*name      (65)
                                     |- [dstaddr] --*name      (65)
                                     |- [service] --*name      (65)
                                     |- application-list-status 
                                     |- application-list       (36)
                                     |- casi-profile-status 
                                     |- casi-profile   (36)
                                     |- ips-sensor-status 
                                     |- ips-sensor     (36)
                                     |- dsri 
                                     |- av-profile-status 
                                     |- av-profile     (36)
                                     |- webfilter-profile-status 
                                     |- webfilter-profile      (36)
                                     |- spamfilter-profile-status 
                                     |- spamfilter-profile     (36)
                                     |- dlp-sensor-status 
                                     |- dlp-sensor     (36)
                                     |- scan-botnet-connections 
                                     +- label  (64 xss)
               |- [interface-policy6] --*policyid      (0,4294967295)
                                      |- status 
                                      |- logtraffic 
                                      |- address-type 
                                      |- interface     (36)
                                      |- [srcaddr6] --*name    (65)
                                      |- [dstaddr6] --*name    (65)
                                      |- [service6] --*name    (65)
                                      |- application-list-status 
                                      |- application-list      (36)
                                      |- casi-profile-status 
                                      |- casi-profile  (36)
                                      |- ips-sensor-status 
                                      |- ips-sensor    (36)
                                      |- dsri 
                                      |- av-profile-status 
                                      |- av-profile    (36)
                                      |- webfilter-profile-status 
                                      |- webfilter-profile     (36)
                                      |- spamfilter-profile-status 
                                      |- spamfilter-profile    (36)
                                      |- dlp-sensor-status 
                                      |- dlp-sensor    (36)
                                      |- scan-botnet-connections 
                                      +- label         (64 xss)
               |- [DoS-policy] --*policyid     (0,9999)
                               |- status 
                               |- interface    (36)
                               |- [srcaddr] --*name    (65)
                               |- [dstaddr] --*name    (65)
                               |- [service] --*name    (65)
                               +- [anomaly] --*name    (64)
                                            |- status 
                                            |- log 
                                            |- action 
                                            |- quarantine 
                                            |- quarantine-expiry 
                                            |- quarantine-log 
                                            |- threshold       (1,2147483647)
                                            +- threshold(default)      (0,4294967295)
               |- [DoS-policy6] --*policyid    (0,9999)
                                |- status 
                                |- interface   (36)
                                |- [srcaddr] --*name   (65)
                                |- [dstaddr] --*name   (65)
                                |- [service] --*name   (65)
                                +- [anomaly] --*name   (64)
                                             |- status 
                                             |- log 
                                             |- action 
                                             |- quarantine 
                                             |- quarantine-expiry 
                                             |- quarantine-log 
                                             |- threshold      (1,2147483647)
                                             +- threshold(default)     (0,4294967295)
               |- [sniffer] --*id      (0,9999)
                            |- status 
                            |- logtraffic 
                            |- ipv6 
                            |- non-ip 
                            |- interface       (36)
                            |- host    (64 xss)
                            |- port    (64 xss)
                            |- protocol        (64 xss)
                            |- vlan    (64 xss)
                            |- application-list-status 
                            |- application-list        (36)
                            |- casi-profile-status 
                            |- casi-profile    (36)
                            |- ips-sensor-status 
                            |- ips-sensor      (36)
                            |- dsri 
                            |- av-profile-status 
                            |- av-profile      (36)
                            |- webfilter-profile-status 
                            |- webfilter-profile       (36)
                            |- spamfilter-profile-status 
                            |- spamfilter-profile      (36)
                            |- dlp-sensor-status 
                            |- dlp-sensor      (36)
                            |- ips-dos-status 
                            |- [anomaly] --*name       (64)
                                         |- status 
                                         |- log 
                                         |- action 
                                         |- quarantine 
                                         |- quarantine-expiry 
                                         |- quarantine-log 
                                         |- threshold  (1,2147483647)
                                         +- threshold(default)         (0,4294967295)
                            |- scan-botnet-connections 
                            +- max-packet-count        (1,10000)
               |- [central-snat-map] --*policyid       (0,4294967295)
                                     |- status 
                                     |- [orig-addr] --*name    (65)
                                     |- [dst-addr] --*name     (65)
                                     |- [nat-ippool] --*name   (65)
                                     |- protocol       (0,255)
                                     |- orig-port      (0,65535)
                                     +- nat-port 
               |- ssl -- <setting> -- proxy-connect-timeout    (1,60)
                                   |- ssl-dh-bits 
                                   |- ssl-send-empty-frags 
                                   |- no-matching-cipher-action 
                                   |- cert-cache-capacity      (0,500)
                                   |- cert-cache-timeout       (1,120)
                                   |- session-cache-capacity   (0,1000)
                                   +- session-cache-timeout    (1,60)
               |- [ip-translation] --*transid  (0,4294967295)
                                   |- type 
                                   |- startip 
                                   |- endip 
                                   +- map-startip 
               |- <ipv6-eh-filter> -- hop-opt 
                                   |- dest-opt 
                                   |- hdopt-type       (0,4294967295)
                                   |- routing 
                                   |- routing-type     (0,4294967295)
                                   |- fragment 
                                   |- auth 
                                   +- no-next 
               |- iprope -- <list> -- <group_number>   (0)
                         +- appctrl -- <list> 
                                    +- <status> 
               |- <proute> -- <policy route id>        (0)
               +- <proute6> 
   |- webfilter -- [ftgd-local-cat] -- id      (0,4294967295)
                                    +-*desc    (80)
                |- [content] --*id     (0,4294967295)
                             |- name   (36)
                             |- comment 
                             +- [entries] --*name      (128 xss)
                                          |- pattern-type 
                                          |- status 
                                          |- lang 
                                          |- score     (0,4294967295)
                                          +- action 
                |- [content-header] --*id      (0,4294967295)
                                    |- name    (36)
                                    |- comment 
                                    +- [entries] --*pattern    (32 xss)
                                                 |- action 
                                                 +- category 
                |- [urlfilter] --*id   (0,4294967295)
                               |- name         (36)
                               |- comment 
                               |- one-arm-ips-urlfilter 
                               |- ip-addr-block 
                               +- [entries] --*id      (0,4294967295)
                                            |- url     (512 xss)
                                            |- type 
                                            |- action 
                                            |- status 
                                            |- exempt 
                                            |- web-proxy-profile       (64)
                                            +- referrer-host   (256)
                |- <ips-urlfilter-setting> -- device   (36)
                                           |- distance         (1,255)
                                           +- gateway 
                |- <ips-urlfilter-cache-setting> -- dns-retry-interval         (0,2147483)
                                                 +- extended-ttl       (0,2147483)
                |- [profile] --*name   (36)
                             |- comment 
                             |- replacemsg-group       (36)
                             |- inspection-mode 
                             |- options 
                             |- https-replacemsg 
                             |- ovrd-perm 
                             |- post-action 
                             |- <override> -- ovrd-cookie 
                                           |- ovrd-scope 
                                           |- profile-type 
                                           |- ovrd-dur-mode 
                                           |- ovrd-dur 
                                           |- profile-attribute 
                                           |- [ovrd-user-group] --*name        (65)
                                           +- [profile] --*name        (65)
                             |- <web> -- bword-threshold       (0,2147483647)
                                      |- bword-table   (0,4294967295)
                                      |- urlfilter-table       (0,4294967295)
                                      |- content-header-list   (0,4294967295)
                                      |- blacklist 
                                      |- whitelist 
                                      |- safe-search 
                                      |- youtube-edu-filter-id         (45)
                                      |- log-search 
                                      +- [keyword-match] --*pattern    (65)
                             |- <ftgd-wf> -- options 
                                          |- category-override 
                                          |- exempt-quota 
                                          |- ovrd 
                                          |- [filters] --*id   (0,4294967295)
                                                       |- category     (0,4294967295)
                                                       |- action 
                                                       |- warn-duration 
                                                       |- [auth-usr-grp] --*name       (65)
                                                       |- log 
                                                       |- override-replacemsg  (29)
                                                       |- warning-prompt 
                                                       +- warning-duration-type 
                                          |- [quota] --*id     (0,4294967295)
                                                     |- category 
                                                     |- type 
                                                     |- unit 
                                                     |- value  (0,4294967295)
                                                     |- duration 
                                                     +- override-replacemsg    (29)
                                          |- max-quota-timeout         (1,86400)
                                          |- rate-image-urls 
                                          |- rate-javascript-urls 
                                          |- rate-css-urls 
                                          +- rate-crl-urls 
                             |- wisp 
                             |- log-all-url 
                             |- web-content-log 
                             |- web-filter-activex-log 
                             |- web-filter-command-block-log 
                             |- web-filter-cookie-log 
                             |- web-filter-applet-log 
                             |- web-filter-jscript-log 
                             |- web-filter-js-log 
                             |- web-filter-vbs-log 
                             |- web-filter-unknown-log 
                             |- web-filter-referer-log 
                             |- web-filter-cookie-removal-log 
                             |- web-url-log 
                             |- web-invalid-domain-log 
                             |- web-ftgd-err-log 
                             +- web-ftgd-quota-usage 
                |- <fortiguard> -- cache-mode 
                                |- cache-prefix-match 
                                |- cache-mem-percent   (1,15)
                                |- ovrd-auth-port-http         (0,4294967295)
                                |- ovrd-auth-port-https        (0,4294967295)
                                |- ovrd-auth-port-warning      (0,4294967295)
                                |- ovrd-auth-https 
                                |- warn-auth-https 
                                |- close-ports 
                                |- request-packet-size-limit   (0,4294967295)
                                +- ovrd-auth-port      (0,4294967295)
                |- <categories> 
                |- [override] --*id    (0,4294967295)
                              |- status 
                              |- scope 
                              |- ip 
                              |- user  (65)
                              |- user-group    (64)
                              |- old-profile   (36)
                              |- new-profile   (36)
                              |- ip6 
                              |- expires 
                              +- initiator     (65)
                |- [override-user] --*id       (0,4294967295)
                                   |- status 
                                   |- scope 
                                   |- ip 
                                   |- user     (65)
                                   |- user-group       (64)
                                   |- old-profile      (36)
                                   |- new-profile      (36)
                                   |- ip6 
                                   |- expires 
                                   +- initiator        (65)
                |- [ftgd-warning] --*id        (0,4294967295)
                                  |- status 
                                  |- scope 
                                  |- ip 
                                  |- user      (65)
                                  |- user-group        (64)
                                  |- old-profile       (36)
                                  |- expires 
                                  +- rating    (0,4294967295)
                |- [ftgd-local-rating] --*url  (512 xss)
                                       |- status 
                                       +- rating 
                |- [search-engine] --*name     (36)
                                   |- hostname         (128 xss)
                                   |- url      (128 xss)
                                   |- query    (16 xss)
                                   |- safesearch 
                                   |- charset 
                                   +- safesearch-str   (80 xss)
                |- <cookie-ovrd> -- redir-host         (256)
                                 +- redir-port         (0,4294967295)
                |- <ftgd-statistics> 
                +- <status> -- <refresh-rate>  (0)
   |- ips -- [sensor] --*name  (36)
                      |- comment 
                      |- replacemsg-group      (36)
                      |- block-malicious-url 
                      |- [entries] --*id       (0,4294967295)
                                   |- [rule] --*id     (0,4294967295)
                                   |- location 
                                   |- severity 
                                   |- protocol 
                                   |- os 
                                   |- application 
                                   |- [tags] --*name   (65)
                                   |- status 
                                   |- log 
                                   |- log-packet 
                                   |- log-attack-context 
                                   |- action 
                                   |- rate-count       (0,65535)
                                   |- rate-duration    (1,65535)
                                   |- rate-mode 
                                   |- rate-track 
                                   |- [exempt-ip] --*id        (0,4294967295)
                                                  |- src-ip 
                                                  +- dst-ip 
                                   |- quarantine 
                                   |- quarantine-expiry 
                                   +- quarantine-log 
                      |- [filter] --*name      (32)
                                  |- location 
                                  |- severity 
                                  |- protocol 
                                  |- os 
                                  |- application 
                                  |- status 
                                  |- log 
                                  |- log-packet 
                                  |- action 
                                  |- quarantine 
                                  |- quarantine-expiry         (1,2147483647)
                                  +- quarantine-log 
                      +- [override] --*rule-id         (0,4294967295)
                                    |- status 
                                    |- log 
                                    |- log-packet 
                                    |- action 
                                    |- quarantine 
                                    |- quarantine-expiry       (1,2147483647)
                                    |- quarantine-log 
                                    +- [exempt-ip] --*id       (0,4294967295)
                                                   |- src-ip 
                                                   +- dst-ip 
          |- [attr-map] --*id  (0,4294967295)
                        |- name        (32)
                        +- [children] --*map-id        (0,4294967295)
          |- [metadata-map] --*id      (0,4294967295)
                            |- type    (0,4294967295)
                            |- name    (32)
                            +- [values] --*subid       (0,4294967295)
                                        +- subname     (32)
          |- [view-map] --*id  (0,4294967295)
                        |- vdom-id     (0,4294967295)
                        |- policy-id   (0,4294967295)
                        |- id-policy-id        (0,4294967295)
                        +- which 
          |- [decoder] --*name         (64)
                       +- [parameter] --*name  (32)
                                      +- value         (200)
          |- [rule] --*name    (64)
                    |- status 
                    |- log 
                    |- log-packet 
                    |- action 
                    |- group   (64)
                    |- severity 
                    |- location 
                    |- os 
                    |- application 
                    |- service 
                    |- rule-id         (0,4294967295)
                    |- rev     (0,4294967295)
                    |- date    (0,4294967295)
                    +- [metadata] --*id        (0,4294967295)
                                  |- metaid    (0,4294967295)
                                  +- valueid   (0,4294967295)
          |- [rule-settings] --*id     (0,4294967295)
                             +- [tags] --*name         (65)
          |- [custom] --*tag   (64)
                      |- signature     (1024 xss)
                      |- sig-name      (64)
                      |- rule-id       (0,4294967295)
                      |- severity 
                      |- location 
                      |- os 
                      |- application 
                      |- protocol 
                      |- status 
                      |- log 
                      |- log-packet 
                      |- action 
                      +- comment       (64 xss)
          |- <global> -- fail-open 
                      |- database 
                      |- traffic-submit 
                      |- anomaly-mode 
                      |- session-limit-mode 
                      |- intelligent-mode 
                      |- socket-size   (0,4294967295)
                      |- engine-count  (0,4294967295)
                      |- algorithm 
                      |- sync-session-ttl 
                      |- cp-accel-mode 
                      |- skype-client-public-ipaddr 
                      |- default-app-cat-mask 
                      |- deep-app-insp-timeout         (0,4294967295)
                      |- deep-app-insp-db-limit        (0,4294967295)
                      +- exclude-signatures 
          |- <settings> -- packet-log-history  (1,255)
                        |- packet-log-post-attack      (0,255)
                        |- packet-log-memory   (0,4294967295)
                        +- ips-packet-quota    (0,4294967295)
          |- <dbinfo> -- version       (0,4294967295)
          +- <session> 
   |- web-proxy -- [profile] --*name   (64)
                             |- header-client-ip 
                             |- header-via-request 
                             |- header-via-response 
                             |- header-x-forwarded-for 
                             |- header-front-end-https 
                             +- [headers] --*id        (0,4294967295)
                                          |- name      (80)
                                          |- action 
                                          +- content   (256)
                |- <global> -- proxy-fqdn      (256)
                            |- max-request-length      (2,64)
                            |- max-message-length      (16,256)
                            |- strict-web-check 
                            |- forward-proxy-auth 
                            |- tunnel-non-http 
                            |- unknown-http-version 
                            |- forward-server-affinity-timeout         (6,60)
                            |- max-waf-body-cache-length       (10,1024)
                            +- webproxy-profile        (64)
                |- <explicit> -- status 
                              |- ftp-over-http 
                              |- socks 
                              |- http-incoming-port    (1,65535)
                              |- https-incoming-port   (0,65535)
                              |- ftp-incoming-port     (0,65535)
                              |- socks-incoming-port   (0,65535)
                              |- incoming-ip 
                              |- outgoing-ip 
                              |- ipv6-status 
                              |- incoming-ip6 
                              |- outgoing-ip6 
                              |- strict-guest 
                              |- pref-dns-result 
                              |- unknown-http-version 
                              |- realm         (64)
                              |- sec-default-action 
                              |- https-replacement-message 
                              |- message-upon-server-error 
                              |- pac-file-server-status 
                              |- pac-file-server-port  (0,65535)
                              |- pac-file-name         (64)
                              |- pac-file-data 
                              |- pac-file-url 
                              +- ssl-algorithm 
                |- [forward-server] --*name    (64)
                                    |- ip 
                                    |- fqdn    (256)
                                    |- addr-type 
                                    |- port    (1,65535)
                                    |- healthcheck 
                                    |- monitor         (256)
                                    |- server-down-option 
                                    +- comment         (64 xss)
                |- [forward-server-group] --*name      (64)
                                          |- affinity 
                                          |- ldb-method 
                                          |- group-down-option 
                                          +- [server-list] --*name     (64)
                                                           +- weight   (1,100)
                |- [debug-url] --*name         (64)
                               |- url-pattern  (512)
                               |- status 
                               +- exact 
                |- <wisp> -- status 
                          |- server-ip 
                          |- server-port       (1,65535)
                          +- max-connections   (4,4096)
                +- [url-match] --*name         (64)
                               |- status 
                               |- url-pattern  (512)
                               |- forward-server       (36)
                               |- cache-exemption 
                               +- comment 
   |- wanopt -- <webcache> -- max-object-size  (1,2147483)
                           |- neg-resp-time    (0,4294967295)
                           |- fresh-factor     (1,100)
                           |- max-ttl  (1,5256000)
                           |- min-ttl  (1,5256000)
                           |- default-ttl      (1,5256000)
                           |- ignore-ims 
                           |- ignore-conditional 
                           |- ignore-pnc 
                           |- ignore-ie-reload 
                           |- cache-expired 
                           |- cache-cookie 
                           |- reval-pnc 
                           |- always-revalidate 
                           |- cache-by-default 
                           |- host-validate 
                           +- external 
             |- <settings> -- host-id  (36)
                           |- tunnel-ssl-algorithm 
                           +- auto-detect-algorithm 
             |- [storage] --*name      (36)
                          |- size      (0,4294967295)
                          |- webcache-storage-percentage       (0,100)
                          |- webcache-storage-size 
                          +- wan-optimization-cache-storage-size 
             |- [peer] --*peer-host-id         (36)
                       +- ip 
             |- [auth-group] --*name   (36)
                             |- auth-method 
                             |- psk 
                             |- cert   (36)
                             |- peer-accept 
                             +- peer   (36)
             +- [profile] --*name      (36)
                          |- transparent 
                          |- comments 
                          |- auth-group        (36)
                          |- <http> -- status 
                                    |- secure-tunnel 
                                    |- byte-caching 
                                    |- prefer-chunking 
                                    |- tunnel-sharing 
                                    |- log-traffic 
                                    |- port    (1,65535)
                                    |- ssl 
                                    |- ssl-port        (1,65535)
                                    |- unknown-http-version 
                                    +- tunnel-non-http 
                          |- <cifs> -- status 
                                    |- secure-tunnel 
                                    |- byte-caching 
                                    |- prefer-chunking 
                                    |- tunnel-sharing 
                                    |- log-traffic 
                                    +- port    (1,65535)
                          |- <mapi> -- status 
                                    |- secure-tunnel 
                                    |- byte-caching 
                                    |- tunnel-sharing 
                                    |- log-traffic 
                                    +- port    (1,65535)
                          |- <ftp> -- status 
                                   |- secure-tunnel 
                                   |- byte-caching 
                                   |- prefer-chunking 
                                   |- tunnel-sharing 
                                   |- log-traffic 
                                   +- port     (1,65535)
                          +- <tcp> -- status 
                                   |- secure-tunnel 
                                   |- byte-caching 
                                   |- byte-caching-opt 
                                   |- tunnel-sharing 
                                   |- log-traffic 
                                   |- port 
                                   |- ssl 
                                   +- ssl-port         (1,65535)
   |- ftp-proxy -- <explicit> -- status 
                              |- incoming-port         (1,65535)
                              |- incoming-ip 
                              |- outgoing-ip 
                              +- sec-default-action 
   |- application -- [internet-service] --*id  (0,4294967295)
                                        |- name        (64 xss)
                                        |- offset      (0,4294967295)
                                        +- [entry] --*id       (0,4294967295)
                                                   |- protocol         (0,255)
                                                   |- port     (0,65535)
                                                   |- ip-range-number  (0,4294967295)
                                                   +- ip-number        (0,4294967295)
                  |- [internet-service-custom] --*name         (64 xss)
                                               |- master-service-id    (0,4294967295)
                                               |- comment      (64 xss)
                                               |- [entry] --*id        (0,255)
                                                          |- protocol  (0,255)
                                                          |- [port-range] --*id        (0,4294967295)
                                                                          |- start-port        (1,65535)
                                                                          +- end-port  (1,65535)
                                                          +- [dst] --*name     (65)
                                               +- [disable-entry] --*id        (0,4294967295)
                                                                  |- protocol  (0,255)
                                                                  |- port      (0,65535)
                                                                  +- [ip-range] --*id  (0,4294967295)
                                                                                |- start-ip 
                                                                                +- end-ip 
                  |- <internet-service-summary> 
                  |- [name] --*name    (64)
                            |- id      (0,4294967295)
                            |- category        (0,4294967295)
                            |- sub-category    (0,4294967295)
                            |- popularity      (0,4294967295)
                            |- risk    (0,4294967295)
                            |- protocol 
                            |- technology 
                            |- behavior 
                            |- vendor 
                            |- parameter       (36)
                            +- [metadata] --*id        (0,4294967295)
                                          |- metaid    (0,4294967295)
                                          +- valueid   (0,4294967295)
                  |- [custom] --*tag   (64)
                              |- name  (64)
                              |- id    (0,4294967295)
                              |- comment       (64 xss)
                              |- signature     (1024 xss)
                              |- category      (0,4294967295)
                              |- protocol 
                              |- technology 
                              |- behavior 
                              +- vendor 
                  |- [rule-settings] --*id     (0,4294967295)
                                     +- [tags] --*name         (65)
                  |- [list] --*name    (36)
                            |- comment 
                            |- replacemsg-group        (36)
                            |- other-application-action 
                            |- app-replacemsg 
                            |- other-application-log 
                            |- unknown-application-action 
                            |- unknown-application-log 
                            |- p2p-black-list 
                            |- deep-app-inspection 
                            |- options 
                            +- [entries] --*id         (0,4294967295)
                                         |- [risk] --*level    (0,4294967295)
                                         |- [category] --*id   (0,4294967295)
                                         |- [sub-category] --*id       (0,4294967295)
                                         |- [application] --*id        (0,4294967295)
                                         |- protocols 
                                         |- vendor 
                                         |- technology 
                                         |- behavior 
                                         |- popularity 
                                         |- [tags] --*name     (65)
                                         |- [parameters] --*id         (0,4294967295)
                                                         +- value      (64 xss)
                                         |- action 
                                         |- log 
                                         |- log-packet 
                                         |- rate-count         (0,65535)
                                         |- rate-duration      (1,65535)
                                         |- rate-mode 
                                         |- rate-track 
                                         |- session-ttl        (0,4294967295)
                                         |- shaper     (36)
                                         |- shaper-reverse     (36)
                                         |- per-ip-shaper      (36)
                                         |- quarantine 
                                         |- quarantine-expiry 
                                         +- quarantine-log 
                  +- casi -- <application> 
                          +- [profile] --*name         (36)
                                       |- comment 
                                       |- replacemsg-group     (36)
                                       |- app-replacemsg 
                                       +- [entries] --*id      (0,4294967295)
                                                    |- [application] --*id     (0,4294967295)
                                                    |- action 
                                                    +- log 
   |- dlp -- [filepattern] --*id       (0,4294967295)
                           |- name     (36)
                           |- comment 
                           +- [entries] -- filter-type 
                                        |-*pattern     (80 xss)
                                        +- file-type 
          |- [fp-sensitivity] --*name  (36)
          |- [fp-doc-source] --*name   (36)
                             |- server-type 
                             |- server         (36)
                             |- period 
                             |- vdom 
                             |- scan-subdirectories 
                             |- scan-on-creation 
                             |- remove-deleted 
                             |- keep-modified 
                             |- username       (36)
                             |- password 
                             |- file-path      (120)
                             |- file-pattern   (36)
                             |- sensitivity    (36)
                             |- tod-hour       (0,23)
                             |- tod-min        (0,59)
                             |- weekday 
                             +- date   (1,31)
          |- [sensor] --*name  (36)
                      |- comment 
                      |- replacemsg-group      (36)
                      |- [filter] --*id        (0,4294967295)
                                  |- name      (36)
                                  |- severity 
                                  |- type 
                                  |- proto 
                                  |- filter-by 
                                  |- file-size         (0,4294967295)
                                  |- company-identifier        (36)
                                  |- [fp-sensitivity] --*name  (36)
                                  |- match-percentage  (0,100)
                                  |- file-type         (0,4294967295)
                                  |- regexp    (256 xss)
                                  |- archive 
                                  |- action 
                                  +- expiry 
                      |- dlp-log 
                      |- nac-quar-log 
                      |- flow-based 
                      |- options 
                      |- full-archive-proto 
                      +- summary-proto 
          +- <settings> -- storage-device      (36)
                        |- size        (0,4294967295)
                        |- db-mode 
                        |- cache-mem-percent   (1,15)
                        +- chunk-size  (100,100000)
   |- spamfilter -- [bword] --*id      (0,4294967295)
                            |- name    (36)
                            |- comment 
                            +- [entries] -- status 
                                         |-*id         (0,4294967295)
                                         |- pattern    (128 xss)
                                         |- pattern-type 
                                         |- action 
                                         |- where 
                                         |- language 
                                         +- score      (1,99999)
                 |- [bwl] --*id        (0,4294967295)
                          |- name      (36)
                          |- comment 
                          +- [entries] -- status 
                                       |-*id   (0,4294967295)
                                       |- type 
                                       |- action 
                                       |- addr-type 
                                       |- ip4-subnet 
                                       |- ip6-subnet 
                                       |- pattern-type 
                                       +- email-pattern        (128 xss)
                 |- [mheader] --*id    (0,4294967295)
                              |- name  (36)
                              |- comment 
                              +- [entries] -- status 
                                           |-*id       (0,4294967295)
                                           |- fieldname        (64 xss)
                                           |- fieldbody        (128 xss)
                                           |- pattern-type 
                                           +- action 
                 |- [dnsbl] --*id      (0,4294967295)
                            |- name    (36)
                            |- comment 
                            +- [entries] -- status 
                                         |-*id         (0,4294967295)
                                         |- server     (128)
                                         +- action 
                 |- [iptrust] --*id    (0,4294967295)
                              |- name  (36)
                              |- comment 
                              +- [entries] -- status 
                                           |-*id       (0,4294967295)
                                           |- addr-type 
                                           |- ip4-subnet 
                                           +- ip6-subnet 
                 |- [profile] --*name  (36)
                              |- comment 
                              |- flow-based 
                              |- replacemsg-group      (36)
                              |- spam-log 
                              |- spam-filtering 
                              |- external 
                              |- options 
                              |- <imap> -- log 
                                        |- action 
                                        |- tag-type 
                                        +- tag-msg     (64)
                              |- <pop3> -- log 
                                        |- action 
                                        |- tag-type 
                                        +- tag-msg     (64)
                              |- <smtp> -- log 
                                        |- action 
                                        |- tag-type 
                                        |- tag-msg     (64)
                                        |- hdrip 
                                        +- local-override 
                              |- <mapi> -- log 
                                        +- action 
                              |- <msn-hotmail> -- log 
                              |- <yahoo-mail> -- log 
                              |- <gmail> -- log 
                              |- spam-bword-threshold  (0,2147483647)
                              |- spam-bword-table      (0,4294967295)
                              |- spam-bwl-table        (0,4294967295)
                              |- spam-mheader-table    (0,4294967295)
                              |- spam-rbl-table        (0,4294967295)
                              +- spam-iptrust-table    (0,4294967295)
                 |- <fortishield> -- spam-submit-srv   (64)
                                  |- spam-submit-force 
                                  +- spam-submit-txt2htm 
                 +- <options> -- dns-timeout   (1,30)
   |- log -- <threat-weight> -- status 
                             |- <level> -- low         (1,100)
                                        |- medium      (1,100)
                                        |- high        (1,100)
                                        +- critical    (1,100)
                             |- blocked-connection 
                             |- failed-connection 
                             |- malware-detected 
                             |- url-block-detected 
                             |- botnet-connection-detected 
                             |- <ips> -- info-severity 
                                      |- low-severity 
                                      |- medium-severity 
                                      |- high-severity 
                                      +- critical-severity 
                             |- [web] --*id    (0,4294967295)
                                      |- category      (0,4294967295)
                                      +- level 
                             |- [geolocation] --*id    (0,4294967295)
                                              |- country       (3)
                                              +- level 
                             +- [application] --*id    (0,4294967295)
                                              |- category      (0,4294967295)
                                              +- level 
          |- [custom-field] --*id      (36)
                            |- name    (16)
                            +- value   (16)
          |- syslogd -- <setting> -- status 
                                  |- server    (64)
                                  |- reliable 
                                  |- port      (0,4294967295)
                                  |- csv 
                                  |- facility 
                                  +- source-ip         (64)
                     |- <override-setting> -- override 
                                           |- status 
                                           |- server   (64)
                                           |- reliable 
                                           |- port     (0,4294967295)
                                           |- csv 
                                           |- facility 
                                           +- source-ip        (64)
                     |- <filter> -- severity 
                                 |- forward-traffic 
                                 |- local-traffic 
                                 |- multicast-traffic 
                                 |- sniffer-traffic 
                                 |- anomaly 
                                 |- netscan-discovery 
                                 |- netscan-vulnerability 
                                 |- voip 
                                 |- filter     (512 xss)
                                 +- filter-type 
                     +- <override-filter> -- severity 
                                          |- forward-traffic 
                                          |- local-traffic 
                                          |- multicast-traffic 
                                          |- sniffer-traffic 
                                          |- anomaly 
                                          |- netscan-discovery 
                                          |- netscan-vulnerability 
                                          |- voip 
                                          |- filter    (512 xss)
                                          +- filter-type 
          |- syslogd2 -- <setting> -- status 
                                   |- server   (64)
                                   |- reliable 
                                   |- port     (0,4294967295)
                                   |- csv 
                                   |- facility 
                                   +- source-ip        (64)
                      +- <filter> -- severity 
                                  |- forward-traffic 
                                  |- local-traffic 
                                  |- multicast-traffic 
                                  |- sniffer-traffic 
                                  |- anomaly 
                                  |- netscan-discovery 
                                  |- netscan-vulnerability 
                                  |- voip 
                                  |- filter    (512 xss)
                                  +- filter-type 
          |- syslogd3 -- <setting> -- status 
                                   |- server   (64)
                                   |- reliable 
                                   |- port     (0,4294967295)
                                   |- csv 
                                   |- facility 
                                   +- source-ip        (64)
                      +- <filter> -- severity 
                                  |- forward-traffic 
                                  |- local-traffic 
                                  |- multicast-traffic 
                                  |- sniffer-traffic 
                                  |- anomaly 
                                  |- netscan-discovery 
                                  |- netscan-vulnerability 
                                  |- voip 
                                  |- filter    (512 xss)
                                  +- filter-type 
          |- syslogd4 -- <setting> -- status 
                                   |- server   (64)
                                   |- reliable 
                                   |- port     (0,4294967295)
                                   |- csv 
                                   |- facility 
                                   +- source-ip        (64)
                      +- <filter> -- severity 
                                  |- forward-traffic 
                                  |- local-traffic 
                                  |- multicast-traffic 
                                  |- sniffer-traffic 
                                  |- anomaly 
                                  |- netscan-discovery 
                                  |- netscan-vulnerability 
                                  |- voip 
                                  |- filter    (512 xss)
                                  +- filter-type 
          |- webtrends -- <setting> -- status 
                                    +- server  (64)
                       +- <filter> -- severity 
                                   |- forward-traffic 
                                   |- local-traffic 
                                   |- multicast-traffic 
                                   |- sniffer-traffic 
                                   |- anomaly 
                                   |- netscan-discovery 
                                   |- netscan-vulnerability 
                                   |- voip 
                                   |- filter   (512 xss)
                                   +- filter-type 
          |- memory -- <global-setting> -- max-size    (0,4294967295)
                                        |- full-first-warning-threshold        (1,98)
                                        |- full-second-warning-threshold       (2,99)
                                        +- full-final-warning-threshold        (3,100)
                    |- <setting> -- status 
                                 +- diskfull 
                    +- <filter> -- severity 
                                |- forward-traffic 
                                |- local-traffic 
                                |- multicast-traffic 
                                |- sniffer-traffic 
                                |- anomaly 
                                |- netscan-discovery 
                                |- netscan-vulnerability 
                                |- voip 
                                |- event 
                                |- system 
                                |- radius 
                                |- ipsec 
                                |- dhcp 
                                |- ppp 
                                |- admin 
                                |- ha 
                                |- auth 
                                |- pattern 
                                |- sslvpn-log-auth 
                                |- sslvpn-log-adm 
                                |- sslvpn-log-session 
                                |- ldb-monitor 
                                |- wan-opt 
                                |- wireless-activity 
                                |- cpu-memory-usage 
                                |- filter      (512 xss)
                                +- filter-type 
          |- disk -- <setting> -- status 
                               |- ips-archive 
                               |- max-log-file-size    (0,4294967295)
                               |- max-policy-packet-capture-size       (0,4294967295)
                               |- roll-schedule 
                               |- roll-day 
                               |- roll-time 
                               |- diskfull 
                               |- log-quota    (0,4294967295)
                               |- dlp-archive-quota    (0,4294967295)
                               |- maximum-log-age      (0,4294967295)
                               |- upload 
                               |- upload-destination 
                               |- uploadip 
                               |- uploadport   (0,4294967295)
                               |- source-ip 
                               |- uploaduser   (36)
                               |- uploadpass 
                               |- uploaddir    (64)
                               |- uploadtype 
                               |- uploadzip 
                               |- uploadsched 
                               |- uploadtime   (0,4294967295)
                               |- upload-delete-files 
                               |- upload-ssl-conn 
                               |- full-first-warning-threshold         (1,98)
                               |- full-second-warning-threshold        (2,99)
                               +- full-final-warning-threshold         (3,100)
                  +- <filter> -- severity 
                              |- forward-traffic 
                              |- local-traffic 
                              |- multicast-traffic 
                              |- sniffer-traffic 
                              |- anomaly 
                              |- netscan-discovery 
                              |- netscan-vulnerability 
                              |- voip 
                              |- event 
                              |- system 
                              |- radius 
                              |- ipsec 
                              |- dhcp 
                              |- ppp 
                              |- admin 
                              |- ha 
                              |- auth 
                              |- pattern 
                              |- sslvpn-log-auth 
                              |- sslvpn-log-adm 
                              |- sslvpn-log-session 
                              |- ldb-monitor 
                              |- wan-opt 
                              |- wireless-activity 
                              |- cpu-memory-usage 
                              |- filter        (512 xss)
                              +- filter-type 
          |- <eventfilter> -- event 
                           |- system 
                           |- vpn 
                           |- user 
                           |- router 
                           |- wireless-activity 
                           |- wan-opt 
                           |- endpoint 
                           |- ha 
                           +- compliance-check 
          |- fortiguard -- <setting> -- status 
                                     |- upload-option 
                                     |- upload-interval 
                                     |- upload-day 
                                     |- upload-time 
                                     |- enc-algorithm 
                                     +- source-ip 
                        |- <override-setting> -- override 
                                              |- status 
                                              |- upload-option 
                                              |- upload-interval 
                                              |- upload-day 
                                              +- upload-time 
                        |- <filter> -- severity 
                                    |- forward-traffic 
                                    |- local-traffic 
                                    |- multicast-traffic 
                                    |- sniffer-traffic 
                                    |- anomaly 
                                    |- netscan-discovery 
                                    |- netscan-vulnerability 
                                    |- voip 
                                    |- dlp-archive 
                                    |- filter  (512 xss)
                                    +- filter-type 
                        +- <override-filter> -- severity 
                                             |- forward-traffic 
                                             |- local-traffic 
                                             |- multicast-traffic 
                                             |- sniffer-traffic 
                                             |- anomaly 
                                             |- netscan-discovery 
                                             |- netscan-vulnerability 
                                             |- voip 
                                             |- dlp-archive 
                                             |- filter         (512 xss)
                                             +- filter-type 
          |- null-device -- <setting> -- status 
                         +- <filter> -- severity 
                                     |- forward-traffic 
                                     |- local-traffic 
                                     |- multicast-traffic 
                                     |- sniffer-traffic 
                                     |- anomaly 
                                     |- netscan-discovery 
                                     |- netscan-vulnerability 
                                     |- voip 
                                     |- filter         (512 xss)
                                     +- filter-type 
          |- <setting> -- resolve-ip 
                       |- resolve-port 
                       |- log-user-in-upper 
                       |- fwpolicy-implicit-log 
                       |- fwpolicy6-implicit-log 
                       |- log-invalid-packet 
                       |- local-in-allow 
                       |- local-in-deny-unicast 
                       |- local-in-deny-broadcast 
                       |- local-out 
                       |- daemon-log 
                       |- neighbor-event 
                       |- brief-traffic-format 
                       +- user-anonymize 
          |- <gui-display> -- resolve-hosts 
                           |- resolve-apps 
                           |- fortiview-unscanned-apps 
                           |- fortiview-local-traffic 
                           +- location 
          |- fortianalyzer -- <setting> -- status 
                                        |- ips-archive 
                                        |- server      (64)
                                        |- hmac-algorithm 
                                        |- enc-algorithm 
                                        |- conn-timeout        (1,3600)
                                        |- monitor-keepalive-period    (1,120)
                                        |- monitor-failure-retry-period        (1,86400)
                                        |- mgmt-name   (36)
                                        |- faz-type    (0,4294967295)
                                        |- source-ip   (64)
                                        |- __change_ip         (0,4294967295)
                                        |- upload-option 
                                        |- upload-interval 
                                        |- upload-day 
                                        |- upload-time 
                                        +- reliable 
                           |- <override-setting> -- override 
                                                 |- use-management-vdom 
                                                 |- status 
                                                 |- ips-archive 
                                                 |- server     (64)
                                                 |- hmac-algorithm 
                                                 |- enc-algorithm 
                                                 |- conn-timeout       (1,3600)
                                                 |- monitor-keepalive-period   (1,120)
                                                 |- monitor-failure-retry-period       (1,86400)
                                                 |- mgmt-name  (36)
                                                 |- faz-type   (0,4294967295)
                                                 |- source-ip  (64)
                                                 |- __change_ip        (0,4294967295)
                                                 |- upload-option 
                                                 |- upload-interval 
                                                 |- upload-day 
                                                 |- upload-time 
                                                 +- reliable 
                           |- <filter> -- severity 
                                       |- forward-traffic 
                                       |- local-traffic 
                                       |- multicast-traffic 
                                       |- sniffer-traffic 
                                       |- anomaly 
                                       |- netscan-discovery 
                                       |- netscan-vulnerability 
                                       |- voip 
                                       |- dlp-archive 
                                       |- filter       (512 xss)
                                       +- filter-type 
                           +- <override-filter> -- severity 
                                                |- forward-traffic 
                                                |- local-traffic 
                                                |- multicast-traffic 
                                                |- sniffer-traffic 
                                                |- anomaly 
                                                |- netscan-discovery 
                                                |- netscan-vulnerability 
                                                |- voip 
                                                |- dlp-archive 
                                                |- filter      (512 xss)
                                                +- filter-type 
          |- fortianalyzer2 -- <setting> -- status 
                                         |- ips-archive 
                                         |- server     (64)
                                         |- hmac-algorithm 
                                         |- enc-algorithm 
                                         |- conn-timeout       (1,3600)
                                         |- monitor-keepalive-period   (1,120)
                                         |- monitor-failure-retry-period       (1,86400)
                                         |- mgmt-name  (36)
                                         |- faz-type   (0,4294967295)
                                         |- source-ip  (64)
                                         |- __change_ip        (0,4294967295)
                                         |- upload-option 
                                         |- upload-interval 
                                         |- upload-day 
                                         |- upload-time 
                                         +- reliable 
                            +- <filter> -- severity 
                                        |- forward-traffic 
                                        |- local-traffic 
                                        |- multicast-traffic 
                                        |- sniffer-traffic 
                                        |- anomaly 
                                        |- netscan-discovery 
                                        |- netscan-vulnerability 
                                        |- voip 
                                        |- dlp-archive 
                                        |- filter      (512 xss)
                                        +- filter-type 
          +- fortianalyzer3 -- <setting> -- status 
                                         |- ips-archive 
                                         |- server     (64)
                                         |- hmac-algorithm 
                                         |- enc-algorithm 
                                         |- conn-timeout       (1,3600)
                                         |- monitor-keepalive-period   (1,120)
                                         |- monitor-failure-retry-period       (1,86400)
                                         |- mgmt-name  (36)
                                         |- faz-type   (0,4294967295)
                                         |- source-ip  (64)
                                         |- __change_ip        (0,4294967295)
                                         |- upload-option 
                                         |- upload-interval 
                                         |- upload-day 
                                         |- upload-time 
                                         +- reliable 
                            +- <filter> -- severity 
                                        |- forward-traffic 
                                        |- local-traffic 
                                        |- multicast-traffic 
                                        |- sniffer-traffic 
                                        |- anomaly 
                                        |- netscan-discovery 
                                        |- netscan-vulnerability 
                                        |- voip 
                                        |- filter      (512 xss)
                                        +- filter-type 
   |- netscan -- [assets] --*asset-id  (0,4294967295)
                          |- name      (64)
                          |- scheduled 
                          |- addr-type 
                          |- start-ip 
                          |- end-ip 
                          |- auth-windows 
                          |- auth-unix 
                          |- win-username      (128 xss)
                          |- win-password 
                          |- unix-username     (128 xss)
                          +- unix-password 
              +- <settings> -- scan-mode 
                            |- scheduled-pause 
                            |- time 
                            |- pause-from 
                            |- pause-to 
                            |- recurrence 
                            |- day-of-week 
                            |- day-of-month    (1,31)
                            |- tcp-ports 
                            |- udp-ports 
                            |- tcp-scan 
                            |- udp-scan 
                            |- service-detection 
                            +- os-detection 
   |- icap -- [server] --*name         (36)
                       |- ip-version 
                       |- ip-address 
                       |- ip6-address 
                       |- port         (1,65535)
                       +- max-connections      (1,65535)
           +- [profile] -- replacemsg-group    (36)
                        |-*name        (36)
                        |- request 
                        |- response 
                        |- streaming-content-bypass 
                        |- request-server      (36)
                        |- response-server     (36)
                        |- request-failure 
                        |- response-failure 
                        |- request-path        (128)
                        |- response-path       (128)
                        +- methods 
   |- vpn -- certificate -- [ca] --*name       (80)
                                 |- ca 
                                 |- range 
                                 |- source 
                                 |- trusted 
                                 |- scep-url   (256 xss)
                                 |- auto-update-days   (0,4294967295)
                                 |- auto-update-days-warning   (0,4294967295)
                                 +- source-ip 
                         |- [local] --*name    (36)
                                    |- password 
                                    |- comments        (512 xss)
                                    |- private-key 
                                    |- certificate 
                                    |- csr 
                                    |- state 
                                    |- scep-url        (256 xss)
                                    |- range 
                                    |- source 
                                    |- auto-regenerate-days    (0,4294967295)
                                    |- auto-regenerate-days-warning    (0,4294967295)
                                    |- scep-password 
                                    |- ca-identifier   (256)
                                    |- name-encoding 
                                    |- source-ip 
                                    |- ike-localid     (64)
                                    +- ike-localid-type 
                         |- [crl] --*name      (36)
                                  |- crl 
                                  |- range 
                                  |- source 
                                  |- update-vdom       (12)
                                  |- ldap-server       (36)
                                  |- ldap-username     (64)
                                  |- ldap-password 
                                  |- http-url  (256 xss)
                                  |- scep-url  (256 xss)
                                  |- scep-cert         (36)
                                  |- update-interval   (0,4294967295)
                                  +- source-ip 
                         |- [remote] --*name   (36)
                                     |- remote 
                                     |- range 
                                     +- source 
                         |- [ocsp-server] --*name      (36)
                                          |- url       (128)
                                          |- cert      (36)
                                          |- secondary-url     (128)
                                          |- secondary-cert    (36)
                                          |- unavail-action 
                                          +- source-ip 
                         +- <setting> -- ocsp-status 
                                      |- ocsp-default-server   (36)
                                      |- check-ca-cert 
                                      |- strict-crl-check 
                                      +- strict-ocsp-check 
          |- ssl -- web -- [realm] --*url-path         (36)
                                   |- max-concurrent-user      (0,65535)
                                   |- login-page 
                                   +- virtual-host 
                        |- [virtual-desktop-app-list] --*name  (36)
                                                      |- action 
                                                      +- [apps] --*name        (36)
                                                                +- [md5s] --*id        (33)
                        |- [host-check-software] --*name       (64)
                                                 |- type 
                                                 |- version    (36)
                                                 |- guid 
                                                 +- [check-item-list] --*id    (0,4294967295)
                                                                      |- action 
                                                                      |- type 
                                                                      |- target        (256 xss)
                                                                      |- version       (36)
                                                                      +- [md5s] --*id  (33)
                        |- [portal] --*name    (36)
                                    |- tunnel-mode 
                                    |- ip-mode 
                                    |- auto-connect 
                                    |- keep-alive 
                                    |- save-password 
                                    |- [ip-pools] --*name      (65)
                                    |- exclusive-routing 
                                    |- service-restriction 
                                    |- split-tunneling 
                                    |- [split-tunneling-routing-address] --*name       (65)
                                    |- dns-server1 
                                    |- dns-server2 
                                    |- wins-server1 
                                    |- wins-server2 
                                    |- ipv6-tunnel-mode 
                                    |- [ipv6-pools] --*name    (65)
                                    |- ipv6-exclusive-routing 
                                    |- ipv6-service-restriction 
                                    |- ipv6-split-tunneling 
                                    |- [ipv6-split-tunneling-routing-address] --*name  (65)
                                    |- ipv6-dns-server1 
                                    |- ipv6-dns-server2 
                                    |- ipv6-wins-server1 
                                    |- ipv6-wins-server2 
                                    |- web-mode 
                                    |- display-bookmark 
                                    |- user-bookmark 
                                    |- user-group-bookmark 
                                    |- [bookmark-group] --*name        (36)
                                                        +- [bookmarks] --*name         (36)
                                                                       |- apptype 
                                                                       |- url 
                                                                       |- host 
                                                                       |- folder 
                                                                       |- additional-params 
                                                                       |- listening-port       (0,65535)
                                                                       |- remote-port  (0,65535)
                                                                       |- show-status-window 
                                                                       |- description 
                                                                       |- server-layout 
                                                                       |- port         (0,65535)
                                                                       |- logon-user 
                                                                       |- logon-password 
                                                                       |- sso 
                                                                       |- [form-data] --*name  (36)
                                                                                      +- value 
                                                                       |- sso-credential 
                                                                       |- sso-username 
                                                                       +- sso-password 
                                    |- display-connection-tools 
                                    |- display-history 
                                    |- display-status 
                                    |- heading         (32)
                                    |- redir-url 
                                    |- theme 
                                    |- custom-lang     (36)
                                    |- host-check 
                                    |- host-check-interval     (0,4294967295)
                                    |- [host-check-policy] --*name     (65)
                                    |- limit-user-logins 
                                    |- mac-addr-check 
                                    |- mac-addr-action 
                                    |- [mac-addr-check-rule] --*name   (36)
                                                             |- mac-addr-mask  (1,48)
                                                             +- [mac-addr-list] --*addr 
                                    |- os-check 
                                    |- [os-check-list] --*name         (16)
                                                       |- action 
                                                       |- tolerance    (0,255)
                                                       +- latest-patch-level 
                                    |- virtual-desktop 
                                    |- virtual-desktop-app-list        (36)
                                    |- virtual-desktop-clipboard-share 
                                    |- virtual-desktop-desktop-switch 
                                    |- virtual-desktop-logout-when-browser-close 
                                    |- virtual-desktop-network-share-access 
                                    |- virtual-desktop-printing 
                                    |- virtual-desktop-removable-media-access 
                                    |- skip-check-for-unsupported-os 
                                    +- skip-check-for-unsupported-browser 
                        |- [user-group-bookmark] --*name       (65 xss)
                                                 +- [bookmarks] --*name        (36)
                                                                |- apptype 
                                                                |- url 
                                                                |- host 
                                                                |- folder 
                                                                |- additional-params 
                                                                |- listening-port      (0,65535)
                                                                |- remote-port         (0,65535)
                                                                |- show-status-window 
                                                                |- description 
                                                                |- server-layout 
                                                                |- port        (0,65535)
                                                                |- logon-user 
                                                                |- logon-password 
                                                                |- sso 
                                                                |- [form-data] --*name         (36)
                                                                               +- value 
                                                                |- sso-credential 
                                                                |- sso-username 
                                                                +- sso-password 
                        +- [user-bookmark] --*name     (102 xss)
                                           |- custom-lang      (36)
                                           +- [bookmarks] --*name      (36)
                                                          |- apptype 
                                                          |- url 
                                                          |- host 
                                                          |- folder 
                                                          |- additional-params 
                                                          |- listening-port    (0,65535)
                                                          |- remote-port       (0,65535)
                                                          |- show-status-window 
                                                          |- description 
                                                          |- server-layout 
                                                          |- port      (0,65535)
                                                          |- logon-user 
                                                          |- logon-password 
                                                          |- sso 
                                                          |- [form-data] --*name       (36)
                                                                         +- value 
                                                          |- sso-credential 
                                                          |- sso-username 
                                                          +- sso-password 
                 |- <settings> -- reqclientcert 
                               |- sslv2 
                               |- sslv3 
                               |- tlsv1-0 
                               |- tlsv1-1 
                               |- tlsv1-2 
                               |- ssl-big-buffer 
                               |- ssl-insert-empty-fragment 
                               |- https-redirect 
                               |- ssl-client-renegotiation 
                               |- force-two-factor-auth 
                               |- unsafe-legacy-renegotiation 
                               |- servercert   (36)
                               |- algorithm 
                               |- idle-timeout         (0,4294967295)
                               |- auth-timeout         (0,4294967295)
                               |- [tunnel-ip-pools] --*name    (65)
                               |- [tunnel-ipv6-pools] --*name  (65)
                               |- dns-suffix 
                               |- dns-server1 
                               |- dns-server2 
                               |- wins-server1 
                               |- wins-server2 
                               |- ipv6-dns-server1 
                               |- ipv6-dns-server2 
                               |- ipv6-wins-server1 
                               |- ipv6-wins-server2 
                               |- route-source-interface 
                               |- url-obscuration 
                               |- http-compression 
                               |- http-only-cookie 
                               |- deflate-compression-level    (0,9)
                               |- deflate-min-data-size        (200,65535)
                               |- port         (1,65535)
                               |- port-precedence 
                               |- auto-tunnel-static-route 
                               |- header-x-forwarded-for 
                               |- [source-interface] --*name   (36)
                               |- [source-address] --*name     (65)
                               |- source-address-negate 
                               |- [source-address6] --*name    (65)
                               |- source-address6-negate 
                               |- default-portal       (36)
                               |- [authentication-rule] --*id  (0,4294967295)
                                                        |- [source-interface] --*name  (36)
                                                        |- [source-address] --*name    (65)
                                                        |- source-address-negate 
                                                        |- [source-address6] --*name   (65)
                                                        |- source-address6-negate 
                                                        |- [users] --*name     (65)
                                                        |- [groups] --*name    (65)
                                                        |- portal      (36)
                                                        |- realm       (36)
                                                        |- client-cert 
                                                        |- cipher 
                                                        +- auth 
                               |- dtls-tunnel 
                               +- check-referer 
                 +- <monitor> 
          |- ipsec -- [phase1] --*name         (36)
                               |- type 
                               |- interface    (36)
                               |- ike-version 
                               |- remote-gw 
                               |- local-gw 
                               |- remotegw-ddns        (64)
                               |- keylife      (120,172800)
                               |- [certificate] --*name        (65)
                               |- authmethod 
                               |- mode 
                               |- peertype 
                               |- peerid       (256)
                               |- usrgrp       (36)
                               |- peer         (36)
                               |- peergrp      (36)
                               |- autoconfig 
                               |- mode-cfg 
                               |- assign-ip 
                               |- mode-cfg-ip-version 
                               |- assign-ip-from 
                               |- ipv4-start-ip 
                               |- ipv4-end-ip 
                               |- ipv4-netmask 
                               |- dns-mode 
                               |- ipv4-dns-server1 
                               |- ipv4-dns-server2 
                               |- ipv4-dns-server3 
                               |- ipv4-wins-server1 
                               |- ipv4-wins-server2 
                               |- [ipv4-exclude-range] --*id   (0,4294967295)
                                                       |- start-ip 
                                                       +- end-ip 
                               |- ipv4-split-include   (64)
                               |- split-include-service        (64)
                               |- ipv6-start-ip 
                               |- ipv6-end-ip 
                               |- ipv6-prefix  (1,128)
                               |- ipv6-dns-server1 
                               |- ipv6-dns-server2 
                               |- ipv6-dns-server3 
                               |- [ipv6-exclude-range] --*id   (0,4294967295)
                                                       |- start-ip 
                                                       +- end-ip 
                               |- ipv6-split-include   (64)
                               |- unity-support 
                               |- domain       (64)
                               |- banner 
                               |- include-local-lan 
                               |- save-password 
                               |- client-auto-negotiate 
                               |- client-keep-alive 
                               |- [backup-gateway] --*address  (65)
                               |- proposal 
                               |- add-route 
                               |- exchange-interface-ip 
                               |- add-gw-route 
                               |- psksecret 
                               |- keepalive    (10,900)
                               |- distance     (1,255)
                               |- priority     (0,4294967295)
                               |- localid      (64)
                               |- localid-type 
                               |- auto-negotiate 
                               |- negotiate-timeout    (1,300)
                               |- fragmentation 
                               |- dpd 
                               |- dpd-retrycount       (0,10)
                               |- dpd-retryinterval 
                               |- forticlient-enforcement 
                               |- comments 
                               |- npu-offload 
                               |- send-cert-chain 
                               |- dhgrp 
                               |- suite-b 
                               |- eap 
                               |- eap-identity 
                               |- acct-verify 
                               |- wizard-type 
                               |- xauthtype 
                               |- reauth 
                               |- authusr      (65)
                               |- authpasswd 
                               |- authusrgrp   (36)
                               |- mesh-selector-type 
                               |- idle-timeout 
                               |- idle-timeoutinterval         (10,43200)
                               |- ha-sync-esp-seqno 
                               +- nattraversal 
                   |- [phase2] --*name         (36)
                               |- phase1name   (36)
                               |- dhcp-ipsec 
                               |- use-natip 
                               |- selector-match 
                               |- proposal 
                               |- pfs 
                               |- dhgrp 
                               |- replay 
                               |- keepalive 
                               |- auto-negotiate 
                               |- add-route 
                               |- keylifeseconds       (120,172800)
                               |- keylifekbs   (5120,4294967295)
                               |- keylife-type 
                               |- single-source 
                               |- route-overlap 
                               |- encapsulation 
                               |- l2tp 
                               |- comments 
                               |- protocol     (0,255)
                               |- src-name     (64)
                               |- src-name6    (64)
                               |- src-addr-type 
                               |- src-start-ip 
                               |- src-start-ip6 
                               |- src-end-ip 
                               |- src-end-ip6 
                               |- src-subnet 
                               |- src-subnet6 
                               |- src-port     (0,65535)
                               |- dst-name     (64)
                               |- dst-name6    (64)
                               |- dst-addr-type 
                               |- dst-start-ip 
                               |- dst-start-ip6 
                               |- dst-end-ip 
                               |- dst-end-ip6 
                               |- dst-subnet 
                               |- dst-subnet6 
                               +- dst-port     (0,65535)
                   |- [manualkey] --*name      (36)
                                  |- interface         (16)
                                  |- remote-gw 
                                  |- local-gw 
                                  |- authentication 
                                  |- encryption 
                                  |- authkey 
                                  |- enckey 
                                  |- localspi 
                                  |- remotespi 
                                  +- npu-offload 
                   |- [concentrator] --*name   (36)
                                     |- src-check 
                                     +- [member] --*name       (65)
                   |- [phase1-interface] --*name       (16)
                                         |- type 
                                         |- interface  (36)
                                         |- ip-version 
                                         |- ike-version 
                                         |- local-gw 
                                         |- local-gw6 
                                         |- remote-gw 
                                         |- remote-gw6 
                                         |- remotegw-ddns      (64)
                                         |- keylife    (120,172800)
                                         |- [certificate] --*name      (65)
                                         |- authmethod 
                                         |- mode 
                                         |- peertype 
                                         |- peerid     (256)
                                         |- default-gw 
                                         |- default-gw-priority        (0,4294967295)
                                         |- usrgrp     (36)
                                         |- peer       (36)
                                         |- peergrp    (36)
                                         |- monitor    (36)
                                         |- monitor-hold-down-type 
                                         |- monitor-hold-down-delay    (0,31536000)
                                         |- monitor-hold-down-weekday 
                                         |- monitor-hold-down-time 
                                         |- mode-cfg 
                                         |- assign-ip 
                                         |- mode-cfg-ip-version 
                                         |- assign-ip-from 
                                         |- ipv4-start-ip 
                                         |- ipv4-end-ip 
                                         |- ipv4-netmask 
                                         |- dns-mode 
                                         |- ipv4-dns-server1 
                                         |- ipv4-dns-server2 
                                         |- ipv4-dns-server3 
                                         |- ipv4-wins-server1 
                                         |- ipv4-wins-server2 
                                         |- [ipv4-exclude-range] --*id         (0,4294967295)
                                                                 |- start-ip 
                                                                 +- end-ip 
                                         |- ipv4-split-include         (64)
                                         |- split-include-service      (64)
                                         |- ipv6-start-ip 
                                         |- ipv6-end-ip 
                                         |- ipv6-prefix        (1,128)
                                         |- ipv6-dns-server1 
                                         |- ipv6-dns-server2 
                                         |- ipv6-dns-server3 
                                         |- [ipv6-exclude-range] --*id         (0,4294967295)
                                                                 |- start-ip 
                                                                 +- end-ip 
                                         |- ipv6-split-include         (64)
                                         |- unity-support 
                                         |- domain     (64)
                                         |- banner 
                                         |- include-local-lan 
                                         |- save-password 
                                         |- client-auto-negotiate 
                                         |- client-keep-alive 
                                         |- [backup-gateway] --*address        (65)
                                         |- proposal 
                                         |- add-route 
                                         |- exchange-interface-ip 
                                         |- add-gw-route 
                                         |- psksecret 
                                         |- keepalive  (10,900)
                                         |- distance   (1,255)
                                         |- priority   (0,4294967295)
                                         |- localid    (64)
                                         |- localid-type 
                                         |- auto-negotiate 
                                         |- negotiate-timeout  (1,300)
                                         |- fragmentation 
                                         |- dpd 
                                         |- dpd-retrycount     (0,10)
                                         |- dpd-retryinterval 
                                         |- forticlient-enforcement 
                                         |- comments 
                                         |- npu-offload 
                                         |- send-cert-chain 
                                         |- dhgrp 
                                         |- suite-b 
                                         |- eap 
                                         |- eap-identity 
                                         |- acct-verify 
                                         |- wizard-type 
                                         |- xauthtype 
                                         |- reauth 
                                         |- authusr    (65)
                                         |- authpasswd 
                                         |- authusrgrp         (36)
                                         |- mesh-selector-type 
                                         |- idle-timeout 
                                         |- idle-timeoutinterval       (10,43200)
                                         |- ha-sync-esp-seqno 
                                         |- auto-discovery-sender 
                                         |- auto-discovery-receiver 
                                         |- auto-discovery-forwarder 
                                         |- auto-discovery-psk 
                                         |- encapsulation 
                                         |- encapsulation-address 
                                         |- encap-local-gw4 
                                         |- encap-local-gw6 
                                         |- encap-remote-gw4 
                                         |- encap-remote-gw6 
                                         +- nattraversal 
                   |- [phase2-interface] --*name       (36)
                                         |- phase1name         (16)
                                         |- dhcp-ipsec 
                                         |- proposal 
                                         |- pfs 
                                         |- dhgrp 
                                         |- replay 
                                         |- keepalive 
                                         |- auto-negotiate 
                                         |- add-route 
                                         |- auto-discovery-sender 
                                         |- auto-discovery-forwarder 
                                         |- keylifeseconds     (120,172800)
                                         |- keylifekbs         (5120,4294967295)
                                         |- keylife-type 
                                         |- single-source 
                                         |- route-overlap 
                                         |- encapsulation 
                                         |- l2tp 
                                         |- comments 
                                         |- protocol   (0,255)
                                         |- src-name   (64)
                                         |- src-name6  (64)
                                         |- src-addr-type 
                                         |- src-start-ip 
                                         |- src-start-ip6 
                                         |- src-end-ip 
                                         |- src-end-ip6 
                                         |- src-subnet 
                                         |- src-subnet6 
                                         |- src-port   (0,65535)
                                         |- dst-name   (64)
                                         |- dst-name6  (64)
                                         |- dst-addr-type 
                                         |- dst-start-ip 
                                         |- dst-start-ip6 
                                         |- dst-end-ip 
                                         |- dst-end-ip6 
                                         |- dst-subnet 
                                         |- dst-subnet6 
                                         +- dst-port   (0,65535)
                   |- [manualkey-interface] --*name    (16)
                                            |- interface       (16)
                                            |- ip-version 
                                            |- addr-type 
                                            |- remote-gw 
                                            |- remote-gw6 
                                            |- local-gw 
                                            |- local-gw6 
                                            |- auth-alg 
                                            |- enc-alg 
                                            |- auth-key 
                                            |- enc-key 
                                            |- local-spi 
                                            |- remote-spi 
                                            +- npu-offload 
                   |- [forticlient] --*realm   (36)
                                    |- usergroupname   (36)
                                    |- phase2name      (36)
                                    +- status 
                   |- stats -- <crypto> 
                            +- <tunnel> 
                   +- tunnel -- <details> 
                             |- <summary> 
                             +- <name> 
          |- <pptp> -- status 
                    |- ip-mode 
                    |- eip 
                    |- sip 
                    |- local-ip 
                    +- usrgrp  (36)
          |- <l2tp> -- eip 
                    |- sip 
                    |- status 
                    +- usrgrp  (36)
          |- ike -- <gateway> -- <name>        (0)
          +- status -- <l2tp> 
                    |- <pptp> 
                    +- ssl -- <list> 
                           +- <hw-acceleration-status> 
   |- certificate -- [ca] --*name      (80)
                          |- ca 
                          |- range 
                          |- source 
                          |- trusted 
                          |- scep-url  (256 xss)
                          |- auto-update-days  (0,4294967295)
                          |- auto-update-days-warning  (0,4294967295)
                          +- source-ip 
                  |- [local] --*name   (36)
                             |- password 
                             |- comments       (512 xss)
                             |- private-key 
                             |- certificate 
                             |- csr 
                             |- state 
                             |- scep-url       (256 xss)
                             |- range 
                             |- source 
                             |- auto-regenerate-days   (0,4294967295)
                             |- auto-regenerate-days-warning   (0,4294967295)
                             |- scep-password 
                             |- ca-identifier  (256)
                             |- name-encoding 
                             |- source-ip 
                             |- ike-localid    (64)
                             +- ike-localid-type 
                  +- [crl] --*name     (36)
                           |- crl 
                           |- range 
                           |- source 
                           |- update-vdom      (12)
                           |- ldap-server      (36)
                           |- ldap-username    (64)
                           |- ldap-password 
                           |- http-url         (256 xss)
                           |- scep-url         (256 xss)
                           |- scep-cert        (36)
                           |- update-interval  (0,4294967295)
                           +- source-ip 
   |- user -- [radius] --*name         (36)
                       |- server       (64)
                       |- secret 
                       |- secondary-server     (64)
                       |- secondary-secret 
                       |- tertiary-server      (64)
                       |- tertiary-secret 
                       |- timeout      (0,300)
                       |- all-usergroup 
                       |- use-management-vdom 
                       |- nas-ip 
                       |- acct-interim-interval        (600,86400)
                       |- radius-coa 
                       |- radius-port  (0,4294967295)
                       |- h3c-compatibility 
                       |- auth-type 
                       |- source-ip 
                       |- username-case-sensitive 
                       |- password-renewal 
                       |- rsso 
                       |- rsso-radius-server-port      (0,4294967295)
                       |- rsso-radius-response 
                       |- rsso-validate-request-secret 
                       |- rsso-secret 
                       |- rsso-endpoint-attribute 
                       |- rsso-endpoint-block-attribute 
                       |- sso-attribute 
                       |- sso-attribute-key    (36)
                       |- sso-attribute-value-override 
                       |- rsso-context-timeout         (0,4294967295)
                       |- rsso-log-period      (0,4294967295)
                       |- rsso-log-flags 
                       |- rsso-flush-ip-session 
                       +- [accounting-server] --*id    (0,4294967295)
                                              |- status 
                                              |- server        (64)
                                              |- secret 
                                              |- port  (0,4294967295)
                                              +- source-ip 
           |- [tacacs+] --*name        (36)
                        |- server      (64)
                        |- secondary-server    (64)
                        |- tertiary-server     (64)
                        |- port        (1,65535)
                        |- key 
                        |- secondary-key 
                        |- tertiary-key 
                        |- authen-type 
                        |- authorization 
                        +- source-ip 
           |- [ldap] --*name   (36)
                     |- server         (64)
                     |- secondary-server       (64)
                     |- tertiary-server        (64)
                     |- source-ip 
                     |- cnid   (21)
                     |- dn     (512)
                     |- type 
                     |- username       (512)
                     |- password 
                     |- group-member-check 
                     |- group-object-filter    (512 xss)
                     |- secure 
                     |- ca-cert        (64)
                     |- port   (1,65535)
                     |- password-expiry-warning 
                     |- password-renewal 
                     |- member-attr    (64)
                     +- search-type 
           |- [pop3] --*name   (36)
                     |- server         (64)
                     |- port   (0,65535)
                     +- secure 
           |- [fsso] --*name   (36)
                     |- server         (64)
                     |- port   (0,4294967295)
                     |- password 
                     |- server2        (64)
                     |- port2  (0,4294967295)
                     |- password2 
                     |- server3        (64)
                     |- port3  (0,4294967295)
                     |- password3 
                     |- server4        (64)
                     |- port4  (0,4294967295)
                     |- password4 
                     |- server5        (64)
                     |- port5  (0,4294967295)
                     |- password5 
                     |- ldap-server    (36)
                     +- source-ip 
           |- [adgrp] --*name  (512 xss)
                      |- server-name   (36)
                      +- polling-id    (0,4294967295)
           |- [fsso-polling] --*id     (0,4294967295)
                             |- status 
                             |- server         (64)
                             |- default-domain         (36)
                             |- port   (0,65535)
                             |- user   (36)
                             |- password 
                             |- ldap-server    (36)
                             |- logon-history  (0,48)
                             |- polling-frequency      (1,30)
                             +- [adgrp] --*name        (512 xss)
           |- [fortitoken] --*serial-number    (17)
                           |- status 
                           |- seed     (201 xss)
                           |- comments 
                           |- license  (32)
                           |- activation-code  (33)
                           +- activation-expire        (0,4294967295)
           |- [password-policy] --*name        (36)
                                |- expire-days         (0,999)
                                +- warn-days   (0,30)
           |- [local] --*name  (65)
                      |- status 
                      |- type 
                      |- passwd 
                      |- ldap-server   (36)
                      |- radius-server         (36)
                      |- tacacs+-server        (36)
                      |- two-factor 
                      |- fortitoken    (17)
                      |- email-to      (64)
                      |- sms-server 
                      |- sms-custom-server     (36)
                      |- sms-phone     (16)
                      |- passwd-policy         (36)
                      |- passwd-time 
                      |- authtimeout   (0,1440)
                      |- workstation   (36)
                      |- auth-concurrent-override 
                      +- auth-concurrent-value         (0,100)
           |- <setting> -- auth-type 
                        |- auth-cert   (36)
                        |- auth-ca-cert        (36)
                        |- auth-secure-http 
                        |- auth-http-basic 
                        |- auth-multi-group 
                        |- auth-timeout        (1,1440)
                        |- auth-timeout-type 
                        |- auth-portal-timeout         (1,30)
                        |- radius-ses-timeout-act 
                        |- auth-blackout-time  (0,3600)
                        |- auth-invalid-max    (1,100)
                        |- auth-lockout-threshold      (1,10)
                        |- auth-lockout-duration       (0,4294967295)
                        +- [auth-ports] --*id  (0,4294967295)
                                        |- type 
                                        +- port        (1,65535)
           |- [peer] --*name   (36)
                     |- mandatory-ca-verify 
                     |- ca     (128)
                     |- subject        (128 xss)
                     |- cn     (256)
                     |- cn-type 
                     |- ldap-server    (36)
                     |- ldap-username  (36)
                     |- ldap-password 
                     |- ldap-mode 
                     |- ocsp-override-server   (36)
                     |- two-factor 
                     +- passwd 
           |- [peergrp] --*name        (36)
                        +- [member] --*name    (36)
           |- [group] --*name  (36)
                      |- group-type 
                      |- authtimeout   (0,1440)
                      |- auth-concurrent-override 
                      |- auth-concurrent-value         (0,100)
                      |- http-digest-realm     (36)
                      |- sso-attribute-value   (512)
                      |- [member] --*name      (512 xss)
                      |- [match] --*id         (0,4294967295)
                                 |- server-name        (36)
                                 +- group-name         (512 xss)
                      |- user-id 
                      |- password 
                      |- user-name 
                      |- sponsor 
                      |- company 
                      |- email 
                      |- mobile-phone 
                      |- sms-server 
                      |- sms-custom-server     (36)
                      |- expire-type 
                      |- expire        (1,31536000)
                      |- max-accounts  (0,500)
                      |- multiple-guest-add 
                      +- [guest] --*user-id    (65)
                                 |- name       (65)
                                 |- group      (65)
                                 |- password 
                                 |- mobile-phone       (36)
                                 |- sponsor    (36)
                                 |- company    (36)
                                 |- email      (65)
                                 |- expiration 
                                 +- comment 
           |- [device-category] --*name        (36)
                                |- desc 
                                +- comment 
           |- [device] --*alias        (36)
                       |- mac 
                       |- user         (65)
                       |- master-device        (36)
                       |- comment 
                       |- avatar 
                       +- type 
           |- [device-group] --*name   (36)
                             |- [member] --*name       (36)
                             +- comment 
           |- [device-access-list] --*name     (36)
                                   |- default-action 
                                   +- [device-list] --*id      (0,4294967295)
                                                    |- device  (36)
                                                    +- action 
           +- [security-exempt-list] --*name   (36)
                                     |- description    (128)
                                     +- [rule] --*id   (0,4294967295)
                                               |- [srcaddr] --*name    (65)
                                               |- [devices] --*name    (36)
                                               |- [dstaddr] --*name    (65)
                                               +- [service] --*name    (65)
   |- voip -- [profile] --*name        (36)
                        |- comment 
                        |- <sip> -- status 
                                 |- rtp 
                                 |- open-register-pinhole 
                                 |- open-contact-pinhole 
                                 |- strict-register 
                                 |- register-rate      (0,4294967295)
                                 |- invite-rate        (0,4294967295)
                                 |- max-dialogs        (0,4294967295)
                                 |- max-line-length    (78,4096)
                                 |- block-long-lines 
                                 |- block-unknown 
                                 |- call-keepalive     (0,10080)
                                 |- block-ack 
                                 |- block-bye 
                                 |- block-cancel 
                                 |- block-info 
                                 |- block-invite 
                                 |- block-message 
                                 |- block-notify 
                                 |- block-options 
                                 |- block-prack 
                                 |- block-publish 
                                 |- block-refer 
                                 |- block-register 
                                 |- block-subscribe 
                                 |- block-update 
                                 |- register-contact-trace 
                                 |- open-via-pinhole 
                                 |- open-record-route-pinhole 
                                 |- rfc2543-branch 
                                 |- log-violations 
                                 |- log-call-summary 
                                 |- nat-trace 
                                 |- subscribe-rate     (0,4294967295)
                                 |- message-rate       (0,4294967295)
                                 |- notify-rate        (0,4294967295)
                                 |- refer-rate         (0,4294967295)
                                 |- update-rate        (0,4294967295)
                                 |- options-rate       (0,4294967295)
                                 |- ack-rate   (0,4294967295)
                                 |- prack-rate         (0,4294967295)
                                 |- info-rate  (0,4294967295)
                                 |- publish-rate       (0,4294967295)
                                 |- bye-rate   (0,4294967295)
                                 |- cancel-rate        (0,4294967295)
                                 |- preserve-override 
                                 |- no-sdp-fixup 
                                 |- contact-fixup 
                                 |- max-idle-dialogs   (0,4294967295)
                                 |- block-geo-red-options 
                                 |- hosted-nat-traversal 
                                 |- hnt-restrict-source-ip 
                                 |- max-body-length    (0,4294967295)
                                 |- unknown-header 
                                 |- malformed-request-line 
                                 |- malformed-header-via 
                                 |- malformed-header-from 
                                 |- malformed-header-to 
                                 |- malformed-header-call-id 
                                 |- malformed-header-cseq 
                                 |- malformed-header-rack 
                                 |- malformed-header-rseq 
                                 |- malformed-header-contact 
                                 |- malformed-header-record-route 
                                 |- malformed-header-route 
                                 |- malformed-header-expires 
                                 |- malformed-header-content-type 
                                 |- malformed-header-content-length 
                                 |- malformed-header-max-forwards 
                                 |- malformed-header-allow 
                                 |- malformed-header-p-asserted-identity 
                                 |- malformed-header-sdp-v 
                                 |- malformed-header-sdp-o 
                                 |- malformed-header-sdp-s 
                                 |- malformed-header-sdp-i 
                                 |- malformed-header-sdp-c 
                                 |- malformed-header-sdp-b 
                                 |- malformed-header-sdp-z 
                                 |- malformed-header-sdp-k 
                                 |- malformed-header-sdp-a 
                                 |- malformed-header-sdp-t 
                                 |- malformed-header-sdp-r 
                                 |- malformed-header-sdp-m 
                                 |- provisional-invite-expiry-time     (10,3600)
                                 +- ips-rtp 
                        +- <sccp> -- status 
                                  |- block-mcast 
                                  |- verify-header 
                                  |- log-call-summary 
                                  |- log-violations 
                                  +- max-calls         (0,65535)
   |- dnsfilter -- [urlfilter] --*id   (0,4294967295)
                               |- name         (36)
                               |- comment 
                               +- [entries] --*id      (0,4294967295)
                                            |- url     (512 xss)
                                            |- type 
                                            |- action 
                                            +- status 
                +- [profile] --*name   (36)
                             |- comment 
                             |- <urlfilter> -- urlfilter-table         (0,4294967295)
                             |- <ftgd-dns> -- options 
                                           +- [filters] --*id  (0,4294967295)
                                                        |- category    (0,4294967295)
                                                        |- action 
                                                        +- log 
                             |- log-all-url 
                             |- block-action 
                             |- redirect-portal 
                             +- block-botnet 
   |- antivirus -- <settings> -- default-db 
                              +- grayware 
                |- <heuristic> -- mode 
                |- <quarantine> -- agelimit    (0,479)
                                |- maxfilesize         (0,500)
                                |- quarantine-quota    (0,4294967295)
                                |- drop-infected 
                                |- store-infected 
                                |- drop-blocked 
                                |- store-blocked 
                                |- drop-heuristic 
                                |- store-heuristic 
                                |- lowspace 
                                +- destination 
                +- [profile] --*name   (36)
                             |- comment 
                             |- replacemsg-group       (36)
                             |- inspection-mode 
                             |- ftgd-analytics 
                             |- analytics-max-upload   (1,183)
                             |- analytics-wl-filetype  (0,4294967295)
                             |- analytics-bl-filetype  (0,4294967295)
                             |- analytics-db 
                             |- mobile-malware-db 
                             |- <http> -- options 
                                       |- archive-block 
                                       |- archive-log 
                                       +- emulator 
                             |- <ftp> -- options 
                                      |- archive-block 
                                      |- archive-log 
                                      +- emulator 
                             |- <imap> -- options 
                                       |- archive-block 
                                       |- archive-log 
                                       |- emulator 
                                       +- executables 
                             |- <pop3> -- options 
                                       |- archive-block 
                                       |- archive-log 
                                       |- emulator 
                                       +- executables 
                             |- <smtp> -- options 
                                       |- archive-block 
                                       |- archive-log 
                                       |- emulator 
                                       +- executables 
                             |- <mapi> -- options 
                                       |- archive-block 
                                       |- archive-log 
                                       |- emulator 
                                       +- executables 
                             |- <nntp> -- options 
                                       |- archive-block 
                                       |- archive-log 
                                       +- emulator 
                             |- <smb> -- options 
                                      |- archive-block 
                                      |- archive-log 
                                      +- emulator 
                             |- <nac-quar> -- infected 
                                           |- expiry 
                                           +- log 
                             |- av-virus-log 
                             |- av-block-log 
                             +- scan-mode 
   |- waf -- [main-class] -- name      (128)
                          +-*id        (0,4294967295)
          |- [sub-class] -- name       (128)
                         +-*id         (0,4294967295)
          |- [signature] -- desc       (512)
                         +-*id         (0,4294967295)
          +- [profile] --*name         (36)
                       |- external 
                       |- <signature> -- [main-class] --*id    (0,4294967295)
                                                      |- status 
                                                      |- action 
                                                      |- log 
                                                      +- severity 
                                      |- [disabled-sub-class] --*id    (0,4294967295)
                                      |- [disabled-signature] --*id    (0,4294967295)
                                      |- credit-card-detection-threshold       (0,128)
                                      +- [custom-signature] --*name    (36)
                                                            |- status 
                                                            |- action 
                                                            |- log 
                                                            |- severity 
                                                            |- direction 
                                                            |- case-sensitivity 
                                                            |- pattern         (512 xss)
                                                            +- target 
                       |- <constraint> -- <header-length> -- status 
                                                          |- length    (0,2147483647)
                                                          |- action 
                                                          |- log 
                                                          +- severity 
                                       |- <content-length> -- status 
                                                           |- length   (0,2147483647)
                                                           |- action 
                                                           |- log 
                                                           +- severity 
                                       |- <param-length> -- status 
                                                         |- length     (0,2147483647)
                                                         |- action 
                                                         |- log 
                                                         +- severity 
                                       |- <line-length> -- status 
                                                        |- length      (0,2147483647)
                                                        |- action 
                                                        |- log 
                                                        +- severity 
                                       |- <url-param-length> -- status 
                                                             |- length         (0,2147483647)
                                                             |- action 
                                                             |- log 
                                                             +- severity 
                                       |- <version> -- status 
                                                    |- action 
                                                    |- log 
                                                    +- severity 
                                       |- <method> -- status 
                                                   |- action 
                                                   |- log 
                                                   +- severity 
                                       |- <hostname> -- status 
                                                     |- action 
                                                     |- log 
                                                     +- severity 
                                       |- <malformed> -- status 
                                                      |- action 
                                                      |- log 
                                                      +- severity 
                                       |- <max-cookie> -- status 
                                                       |- max-cookie   (0,2147483647)
                                                       |- action 
                                                       |- log 
                                                       +- severity 
                                       |- <max-header-line> -- status 
                                                            |- max-header-line         (0,2147483647)
                                                            |- action 
                                                            |- log 
                                                            +- severity 
                                       |- <max-url-param> -- status 
                                                          |- max-url-param     (0,2147483647)
                                                          |- action 
                                                          |- log 
                                                          +- severity 
                                       |- <max-range-segment> -- status 
                                                              |- max-range-segment     (0,2147483647)
                                                              |- action 
                                                              |- log 
                                                              +- severity 
                                       +- [exception] --*id    (0,4294967295)
                                                      |- pattern       (512 xss)
                                                      |- regex 
                                                      |- address       (64)
                                                      |- header-length 
                                                      |- content-length 
                                                      |- param-length 
                                                      |- line-length 
                                                      |- url-param-length 
                                                      |- version 
                                                      |- method 
                                                      |- hostname 
                                                      |- malformed 
                                                      |- max-cookie 
                                                      |- max-header-line 
                                                      |- max-url-param 
                                                      +- max-range-segment 
                       |- <method> -- status 
                                   |- log 
                                   |- severity 
                                   |- default-allowed-methods 
                                   +- [method-policy] --*id    (0,4294967295)
                                                      |- pattern       (512 xss)
                                                      |- regex 
                                                      |- address       (64)
                                                      +- allowed-methods 
                       |- <address-list> -- status 
                                         |- blocked-log 
                                         |- severity 
                                         |- [trusted-address] --*name  (65)
                                         +- [blocked-address] --*name  (65)
                       |- [url-access] --*id   (0,4294967295)
                                       |- address      (64)
                                       |- action 
                                       |- log 
                                       |- severity 
                                       +- [access-pattern] --*id       (0,4294967295)
                                                           |- srcaddr  (64)
                                                           |- pattern  (512)
                                                           |- regex 
                                                           +- negate 
                       +- comment 
   |- diagnose__tree__ -- waf -- info 
                              +- dump 
                       |- netlink -- backlog -- get 
                                             +- set -- backlog         (0)
                                  |- device -- list 
                                  |- interface -- list 
                                               +- clear 
                                  |- qlen -- get -- intf-name  (0)
                                          +- set -- intf-name -- <len_integer>         (0)
                                  |- switch -- list 
                                  |- brctl -- domain -- <name> -- <id>         (0)
                                           |- list 
                                           +- name -- <type> -- <name>         (0)
                                  +- dstmac -- flush 
                                            +- list -- [name]  (0)
                       |- ips -- anomaly -- config 
                                         |- status 
                                         |- list 
                                         |- clear 
                                         +- filter -- clear 
                                                   |- id -- <xx>       (0)
                                                   |- ip -- xxx.xxx.xxx.xxx -- xxx.xxx.xxx.xxx         (0)
                                                   |- pps -- <xx> -- <xx>      (0)
                                                   +- freq -- <xx> -- <xx>     (0)
                              |- raw -- status 
                                     +- clear 
                              |- anomaly6 -- config 
                                          |- status 
                                          |- list 
                                          |- clear 
                                          +- filter -- clear 
                                                    |- id -- <xx>      (0)
                                                    |- ip -- xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx       (0)
                                                    |- pps -- <xx> -- <xx>     (0)
                                                    +- freq -- <xx> -- <xx>    (0)
                              |- global -- rule -- reload 
                              |- memory -- status 
                                        |- compact 
                                        |- profiling -- <enable/disable/dump>  (0)
                                        |- track -- enable/disable/clear       (0)
                                        |- track-size -- <min size> -- <max size>      (0)
                                        +- track-print -- <record count>       (0)
                              |- session -- status 
                                         |- list 
                                         |- clear 
                                         |- performance 
                                         +- content 
                              |- packet -- status 
                                        +- clear 
                              |- dissector -- status 
                                           +- dump 
                              |- signature -- status -- <severity mask>        (0)
                                           |- hit -- <top N>   (0)
                                           +- cycle -- <top N>         (0)
                              |- filter -- status 
                                        |- clear 
                                        |- ip -- <ip> -- <mask>        (0)
                                        |- ipv6 -- <ip> -- <prefix size>       (0)
                                        |- port -- <port>      (0)
                                        |- protocol -- <protocol number>       (0)
                                        |- session -- <session id>     (0)
                                        |- asm -- <assembled packets>  (0)
                                        |- length -- <session length>  (0)
                                        +- l7 -- <0:all 1:l7 2:non-l7>         (0)
                              |- config -- enable -- log-verbose 
                                        +- disable -- log-verbose 
                              |- debug -- enable -- init 
                                                 |- packet 
                                                 |- packet_detail 
                                                 |- error 
                                                 |- warn 
                                                 |- parse 
                                                 |- detect 
                                                 |- session 
                                                 |- log 
                                                 |- timeout 
                                                 |- dissector 
                                                 |- tcp 
                                                 |- http 
                                                 |- mail 
                                                 |- rpc 
                                                 |- dns 
                                                 |- im 
                                                 |- p2p 
                                                 |- ssh 
                                                 |- ssl 
                                                 |- voip 
                                                 |- smb 
                                                 |- content 
                                                 |- urlfilter 
                                                 |- av 
                                                 |- mime 
                                                 |- content_detail 
                                                 |- ipsa 
                                                 |- proxy 
                                                 |- packet_dump 
                                                 |- state 
                                                 |- dac 
                                                 +- all 
                                       +- disable -- init 
                                                  |- packet 
                                                  |- packet_detail 
                                                  |- error 
                                                  |- warn 
                                                  |- parse 
                                                  |- detect 
                                                  |- session 
                                                  |- log 
                                                  |- timeout 
                                                  |- dissector 
                                                  |- tcp 
                                                  |- http 
                                                  |- mail 
                                                  |- dns 
                                                  |- rpc 
                                                  |- im 
                                                  |- p2p 
                                                  |- ssh 
                                                  |- ssl 
                                                  |- voip 
                                                  |- smb 
                                                  |- content 
                                                  |- urlfilter 
                                                  |- av 
                                                  |- mime 
                                                  |- content_detail 
                                                  |- ipsa 
                                                  |- proxy 
                                                  |- packet_dump 
                                                  |- state 
                                                  |- dac 
                                                  +- all 
                              |- share -- pool 
                                       |- list -- <pool>       (0)
                                       +- clear -- <pool>      (0)
                              |- urlfilter -- status 
                                           +- clear 
                              |- ssl -- status 
                                     |- bypass -- enable | disable     (0)
                                     |- noscan -- enable | disable     (0)
                                     |- debug -- none|err|warn|info|dbg|noise  (0)
                                     +- clear 
                              |- av -- cache -- list 
                                             |- status 
                                             |- clear 
                                             |- delete -- <ID>         (0)
                                             +- set-age -- <ID> -- <age>       (0)
                              +- dac -- info 
                                     +- clear -- <age>         (0)
                       |- test -- application -- http -- <Integer>     (0)
                                              |- smtp -- <Integer>     (0)
                                              |- ftpd -- <Integer>     (0)
                                              |- pop3 -- <Integer>     (0)
                                              |- imap -- <Integer>     (0)
                                              |- nntp -- <Integer>     (0)
                                              |- proxystats -- <Integer>       (0)
                                              |- proxy -- <Integer>    (0)
                                              |- scanunit -- <Integer>         (0)
                                              |- harelay -- <Integer>  (0)
                                              |- hasync -- <Integer>   (0)
                                              |- hatalk -- <Integer>   (0)
                                              |- sessionsync -- <Integer>      (0)
                                              |- forticldd -- <Integer>        (0)
                                              |- miglogd -- <Integer> -- <Integer>     (0)
                                              |- urlfilter -- <Integer>        (0)
                                              |- ovrd -- <Integer>     (0)
                                              |- ipsmonitor -- <Integer>       (0)
                                              |- ipsengine -- <Integer>        (0)
                                              |- ipldbd -- <Integer>   (0)
                                              |- ddnscd -- <Integer>   (0)
                                              |- snmpd -- <Integer>    (0)
                                              |- dnsproxy -- <Integer>         (0)
                                              |- sflowd -- <Integer>   (0)
                                              |- init -- <Integer>     (0)
                                              |- l2tpcd -- <Integer>   (0)
                                              |- dhcprelay -- <Integer>        (0)
                                              |- pptpcd -- <Integer>   (0)
                                              |- wccpd -- <Integer>    (0)
                                              |- wad -- <Integer>      (0)
                                              |- radiusd -- <Integer>  (0)
                                              |- dlpfingerprint -- <Integer>   (0)
                                              |- dlpfpcache -- <Integer>       (0)
                                              |- wpad -- <Integer>     (0)
                                              |- fsd -- <Integer>      (0)
                                              |- ipsufd -- <Integer>   (0)
                                              |- lted 
                                              |- swctrl_authd -- <Integer>     (0)
                                              |- forticron -- <Integer>        (0)
                                              |- uploadd -- <Integer>  (0)
                                              |- quarantined -- <Integer>      (0)
                                              |- dhcp6c -- <Integer>   (0)
                                              |- info-sslvpnd -- <Integer>     (0)
                                              |- dsd -- <Integer>      (0)
                                              |- lnkmtd -- <Integer>   (0)
                                              |- dhcp6r -- <Integer>   (0)
                                              |- fnbamd -- <Integer>   (0)
                                              |- mrd -- <Integer>      (0)
                                              |- zebos_launcher -- <Integer>   (0)
                                              |- radius-das -- <Integer>       (0)
                                              +- nstd -- <Integer>     (0)
                               |- authserver -- radius 
                                             |- tacacs+ 
                                             |- radius-direct 
                                             |- ldap-direct 
                                             |- tacacs+-direct 
                                             |- ldap 
                                             |- ldap-digest 
                                             |- ldap-search 
                                             |- ldap-group 
                                             |- cert 
                                             |- pop3 
                                             |- local 
                                             +- user 
                               |- guest -- list 
                                        |- del 
                                        +- add 
                               +- update -- info 
                                         +- term 
                       |- vpn -- ike -- gateway -- list -- name -- <name>      (0)
                                                |- clear -- name -- <name>     (0)
                                                +- flush -- name -- <name>     (0)
                                     |- status -- detailed 
                                               +- summary 
                                     |- log -- terminal -- clear 
                                                        |- reset 
                                                        +- stats 
                                            +- filter -- list 
                                                      |- clear 
                                                      |- name -- <name>        (0)
                                                      |- src-addr4 -- <ipv4-address> -- <ipv4-address>         (0)
                                                      |- dst-addr4 -- <ipv4-address> -- <ipv4-address>         (0)
                                                      |- src-addr6 -- <ipv6-address> -- <ipv4-address>         (0)
                                                      |- dst-addr6 -- <ipv6-address> -- <ipv6-address>         (0)
                                                      |- src-port -- <port> -- <port>  (0)
                                                      |- dst-port -- <port>    (0)
                                                      |- vd -- <index>         (0)
                                                      |- interface -- <index>  (0)
                                                      +- negate -- vd 
                                                                |- src-addr4 
                                                                |- dst-addr4 
                                                                |- src-addr6 
                                                                |- dst-addr6 
                                                                |- src-port 
                                                                |- dst-port 
                                                                |- name 
                                                                +- interface 
                                     |- log-filter -- list 
                                                   |- clear 
                                                   |- name -- <name>   (0)
                                                   |- src-addr4 -- <ipv4-address> -- <ipv4-address>    (0)
                                                   |- dst-addr4 -- <ipv4-address> -- <ipv4-address>    (0)
                                                   |- src-addr6 -- <ipv6-address> -- <ipv4-address>    (0)
                                                   |- dst-addr6 -- <ipv6-address> -- <ipv6-address>    (0)
                                                   |- src-port -- <port> -- <port>     (0)
                                                   |- dst-port -- <port>       (0)
                                                   |- vd -- <index>    (0)
                                                   |- interface -- <index>     (0)
                                                   +- negate -- vd 
                                                             |- src-addr4 
                                                             |- dst-addr4 
                                                             |- src-addr6 
                                                             |- dst-addr6 
                                                             |- src-port 
                                                             |- dst-port 
                                                             |- name 
                                                             +- interface 
                                     |- routes -- list 
                                     |- config -- list -- summary 
                                                       +- details 
                                     |- restart 
                                     |- errors 
                                     |- stats 
                                     |- counts 
                                     |- crypto -- stats 
                                     +- filter -- list 
                                               |- clear 
                                               |- name -- <name>       (0)
                                               |- src-addr4 -- <ipv4-address> -- <ipv4-address>        (0)
                                               |- dst-addr4 -- <ipv4-address> -- <ipv4-address>        (0)
                                               |- src-addr6 -- <ipv6-address> -- <ipv4-address>        (0)
                                               |- dst-addr6 -- <ipv6-address> -- <ipv6-address>        (0)
                                               |- src-port -- <port> -- <port>         (0)
                                               |- dst-port -- <port>   (0)
                                               |- vd -- <index>        (0)
                                               |- interface -- <index>         (0)
                                               +- negate -- vd 
                                                         |- src-addr4 
                                                         |- dst-addr4 
                                                         |- src-addr6 
                                                         |- dst-addr6 
                                                         |- src-port 
                                                         |- dst-port 
                                                         |- name 
                                                         +- interface 
                              |- ipsec -- status 
                                       +- debug -- debug       (0)
                              |- tunnel -- down -- phase2 -- phase1 -- serial  (0)
                                        |- up -- phase2 -- phase1 -- serial    (0)
                                        |- list -- name 
                                                +- number -- <begin-index> -- <end-index>      (0)
                                        |- dialup-list 
                                        |- reset 
                                        |- flush 
                                        |- delinbsa -- <name> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi>      (0)
                                        |- deloutbsa -- <name> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi>     (0)
                                        |- dumpsa 
                                        +- stat -- flush 
                              |- concentrator -- list 
                              |- l2tp -- status 
                              |- pptp -- status 
                              +- ssl -- list 
                                     |- mux 
                                     |- statistics -- <all|vdom-name|vfid>     (0)
                                     |- hw-acceleration-status 
                                     |- tunnel-test -- tunnel-test     (0)
                                     +- debug-filter -- clear 
                                                     |- list 
                                                     |- src-addr4 -- <ipv4-address> -- <ipv4-address>  (0)
                                                     |- src-addr6 -- <ipv6-address> -- <ipv6-address>  (0)
                                                     |- vd -- <vdom name>      (0)
                                                     +- negate -- vd 
                                                               |- src-addr4 
                                                               +- src-addr6 
                       |- sys -- vdom-property 
                              |- last-modified-files -- [path] -- [number]     (0)
                              |- top -- <value> -- <value>     (0)
                              |- nmi-watchdog -- enable 
                                              +- disable 
                              |- modem -- detect 
                                       |- history 
                                       |- com 
                                       |- cmd -- <at>  (0)
                                       |- external-modem 
                                       |- query -- <[0|1]>     (0)
                                       +- reset 
                              |- lte-modem -- info 
                              |- heap 
                              |- kill -- <signal> -- <pid>     (0)
                              |- csum -- <file>        (0)
                              |- dayst-info -- timezone-index -- [year]        (0)
                              |- ntp -- status 
                              |- process -- dump -- <pid>      (0)
                                         |- trace 
                                         +- daemon-auto-restart -- <action> -- <daemon>        (0)
                              |- top-summary -- <options>      (0)
                              |- vd -- list 
                                    |- stats 
                                    |- add -- vdname   (0)
                                    |- delete -- vdname        (0)
                                    +- set -- vdname   (0)
                              |- device -- add -- vdname -- devname    (0)
                                        |- delete -- vdname -- devname         (0)
                                        +- list -- vdname      (0)
                              |- ha -- stats 
                                    |- status 
                                    |- mac 
                                    |- checksum -- show -- <Enter> or <global/vdom-name> -- <Enter> or <object-fullpath> -- <Enter> or <entry-name>        (0)
                                                |- recalculate -- <Enter> or <global/vdom-name>        (0)
                                                |- cached -- <global/vdom-name>        (0)
                                                |- cluster 
                                                |- log -- enable 
                                                       +- disable 
                                                +- test 
                                    |- checksync 
                                    |- dump-by -- xdb 
                                               |- group 
                                               |- vcluster 
                                               |- rcache 
                                               |- memory 
                                               |- debug-zone 
                                               |- vdom 
                                               |- kernel 
                                               |- device 
                                               |- stat 
                                               |- sesync 
                                               +- frup 
                                    |- vcinfo 
                                    |- syncinfo 
                                    |- fib 
                                    |- hadiff -- status 
                                              |- log -- enable 
                                                     |- disable 
                                                     +- clear 
                                              |- max-sync-turns -- <integer>   (0)
                                              +- max-unsync-wait -- <integer>  (0)
                                    |- reset-uptime 
                                    |- session-sync-dev -- clear 
                                                        +- set 
                                    |- recalculate-extfile-signature 
                                    |- sync-stats 
                                    |- extfile-sig 
                                    |- set-as-master -- enable 
                                                     |- disable -- <date> --