Download - Fortigate Cli Ref 54
-
7/26/2019 Fortigate Cli Ref 54
1/995
FortiOS - CLI Reference
VERSION 5.4.0
#
-
7/26/2019 Fortigate Cli Ref 54
2/995
FORTINET DOCUMENT LIBRARY
http://docs.fortinet.com
FORTINET VIDEO GUIDE
http://video.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT
https://support.fortinet.com
http://cookbook.fortinet.com/how-to-work-with-fortinet-support/
FORTIGATE COOKBOOK
http://cookbook.fortinet.com
FORTINET TRAINING SERVICES
http://www.fortinet.com/training
FORTIGUARD CENTER
http://www.fortiguard.com
END USER LICENSE AGREEMENT
http://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK
Email: [email protected]
December-16-15
FortiOS - CLI Reference
01-540-99686-20151216
http://docs.fortinet.com/http://video.fortinet.com/https://blog.fortinet.com/https://support.fortinet.com/http://cookbook.fortinet.com/how-to-work-with-fortinet-support/http://cookbook.fortinet.com/http://www.fortinet.com/training/http://www.fortiguard.com/http://www.fortinet.com/doc/legal/EULA.pdfmailto:[email protected]:[email protected]://www.fortinet.com/doc/legal/EULA.pdfhttp://www.fortiguard.com/http://www.fortinet.com/training/http://cookbook.fortinet.com/http://cookbook.fortinet.com/how-to-work-with-fortinet-support/https://support.fortinet.com/https://blog.fortinet.com/http://video.fortinet.com/http://docs.fortinet.com/ -
7/26/2019 Fortigate Cli Ref 54
3/995
Change Log
Change Log
Date Change Description
December 16, 2015 New FortiOS 5.4.0 release.
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
3
-
7/26/2019 Fortigate Cli Ref 54
4/995
How this guide is organized Introduction
Introduction
This document describes FortiOS 5.4 CLI commands used to configure and manage a FortiGate unit from the
command line interface (CLI).
How this guide is organized
This document contains the following sections:
Managing Firmware with t he FortiGate BIOS describes how to change firmware at the console during FortiGate
unit boot-up.
configdescribes the commands for each configuration branch of the FortiOS CLI. The command branches and
commands are in alphabetical order. The information in this section has been extracted and formatted from
FortiOS source code. The extracted information includes the command syntax, command descriptions (extractedfrom CLI help) and default values. This is the first version of this content produced in this way. You can send
comments about this content to [email protected].
executedescribes execute commands.
getdescribes get commands.
treedescribes the tree command.
Availability of commands and options
Some FortiOS CLI commands and options are not available on all FortiGate units. The CLI displays an errormessage if you attempt to enter a command or option that is not available. You can use the question mark ? to
verify the commands and options that are available.
Commands and options may not be available for the following reasons:
FortiGate model
All commands are not available on all FortiGate models. For example, low-end FortiGat e models do not support
the aggregate interface type option of the config system interfacecommand.
Hardware configuration
For example, some AMC module commands are only available when an AMC module is installed.
FortiOS Carrier, FortiGate Voice, FortiWiFi, etc
Commands for extended functionality are not available on all FortiGate models. The CLI Reference includes
commands only available for FortiWiFi units, FortiOS Carrier, and FortiGate Voice units.
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
4
mailto://[email protected]://[email protected] -
7/26/2019 Fortigate Cli Ref 54
5/995
Managing Firmware with the FortiGate BIOS Accessing the BIOS
Managing Firmware with the FortiGate BIOS
FortiGate units are shipped with firmware installed. Usually firmware upgrades are performed through the web-
based manager or by using the CLIexecute restorecommand. From the console, you can also interrupt theFortiGate units boot-up process to load firmware using the BIOS firmware that is a permanent part of the unit.
Using the BIOS, you can:
l view system informat ion
l format the boot device
l load firmware and reboot (see )
l reboot the FortiGate unit from the backup firmware, which then becomes the default firmware (see )
Accessing the BIOS
The BIOS menu is available only through direct connection to the FortiGate units Console port. During boot-up,
Press any key appears briefly. If you press any keyboard key at t his time, boot-up is suspended and the BIOS
menu appears. I f you are too late, the boot-up process continues as usual.
Navigating the menu
The main BIOS menu looks like this:
[C]: Configure TFTP parameters
[R]: Review TFTP paramters
[T]: Initiate TFTP firmware transfer
[F]: Format boot device
[Q]: Quit menu and continue to boot
[I]: System Information
[B]: Boot with backup firmare and set as default
[Q]: Quit menu and continue to boot
[H]: Display this list of options
Enter C,R,T,F,I,B,Q,or H:
Typing the bracketed letter selects the option. Input is case-sensitive. Most options present a submenu. An
option value in square brackets at the end of the Enter line is the default value which you can enter simply by
pressing Return. For example,
Enter image download port number [WAN1]:
In most menus, typing H re-lists the menu options and typing Q returns to the previous menu.
Loading firmware
The BIOS can download firmware from a TFTP server that is reachable from a FortiGate unit network interface.
You need to know the IP address of the server and the name of the firmware file to download.
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
5
-
7/26/2019 Fortigate Cli Ref 54
6/995
Loading firmware Managing Firmware with the FortiGate BIOS
The downloaded firmware can be saved as either the default or backup firmware. I t is also possible to boot the
downloaded firmware without saving it.
Configuring TFTP parameters
Starting from the main BIOS menu
[C]: Configure TFTP parameters.
Selecting the VLAN (if VLANs are used)
[V]: Set local VLAN ID.
Choose port and whether to use DHCP
[P]: Set firmware download port.
The options listed depend on the FortiGate model. Choose the network interface through which the TFTP
server can be reached. For example:
[0]: Any of port 1 - 7
[1]: WAN1[2]: WAN2
Enter image download port number [WAN1]:
[D]: Set DHCP mode.
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
If there is a DHCP server on the network, select[1]. This simplifies configuration. Otherwise, select[2].
Non-DHCP steps
[I]: Set local IP address.
Enter local IP address [192.168.1.188]:
This is a temporary IP address for the FortiGate unit network interface. Use a unique address on the samesubnet t o which the network interface connects.
[S]: Set local subnet mask.
Enter local subnet mask [255.255.252.0]:
[G]: Set local gateway.
The local gateway IP address is needed if the TFTP server is on a different subnet than the one to which the
FortiGate unit is connected.
TFTP and filename
[T]: Set remote TFTP server IP address.
Enter remote TFTP server IP address [192.168.1.145]:[F]: Set firmware file name.
Enter firmware file name [image.out]:
Enter[Q] to return to the main menu.
Initiating TFTP firmware transfer
Starting from the main BIOS menu
[T]: Initiate TFTP firmware transfer.
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
6
-
7/26/2019 Fortigate Cli Ref 54
7/995
Managing Firmware with the FortiGate BIOS Booting the backup firmware
Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 00:09:0f:b5:55:28
Connect to tftp server 192.168.1.145 ...
##########################################################
Image Received.Checking image... OK
Save as Default firmware/Backup firmware/Run image without
saving:[D/B/R]?
After you choose any option, the FortiGate unit reboots. If you choose [D] or [B], there is first a pause while the
firmware is copied:
Programming the boot device now.
................................................................
................................................................
Booting the backup firmware
You can reboot the FortiGate unit from t he backup firmware, which then becomes the default f irmware.
Starting from the main BIOS menu
[B]: Boot with backup firmware and set as default.
If the boot device contains backup firmware, the FortiGate unit reboots. Otherwise the unit responds:
Failed to mount filesystem. . .
Mount back up partition failed.
Back up image open failed.
Press Y or y to boot default image.
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
7
-
7/26/2019 Fortigate Cli Ref 54
8/995
Booting the backup firmware config
config
Use the config commands to change your FortiGate's configuration.
The command branches and commands are in alphabetical order. The information in this section has been
extracted and formatt ed from FortiOS source code. The extracted information includes the command syntax,
command descriptions (extracted from CLI help) and default values. This is the first version of this content
produced in this way. You can send comments about this content to [email protected]
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
8
mailto://[email protected]://[email protected] -
7/26/2019 Fortigate Cli Ref 54
9/995
alertemail/setting
CLI Syntax
config alertemail setting
edit
set username
set mailto1
set mailto2
set mailto3
set filter-mode {category | threshold}
set email-interval
set IPS-logs {enable | disable}
set firewall-authentication-failure-logs {enable | disable}
set HA-logs {enable | disable}
set IPsec-errors-logs {enable | disable}
set FDS-update-logs {enable | disable}
set PPP-errors-logs {enable | disable}
set sslvpn-authentication-errors-logs {enable | disable}
set antivirus-logs {enable | disable}
set webfilter-logs {enable | disable}
set configuration-changes-logs {enable | disable}
set violation-traffic-logs {enable | disable}
set admin-login-logs {enable | disable}
set FDS-license-expiring-warning {enable | disable}
set log-disk-usage-warning {enable | disable}
set fortiguard-log-quota-warning {enable | disable}
set amc-interface-bypass-mode {enable | disable}
set FIPS-CC-errors {enable | disable}
set FDS-license-expiring-days
set local-disk-usage
set emergency-interval
set alert-interval
set critical-interval
set error-interval
set warning-interval
set notification-interval
set information-interval
set debug-interval
set severity {emergency | alert | critical | error | warning | notification | info
rmation | debug}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
9
-
7/26/2019 Fortigate Cli Ref 54
10/995
Description
Configuration Description Default Value
username Email from address. (Empty)
mailto1 Destination email address 1. (Empty)
mailto2 Destination email address 2. (Empty)
mailto3 Destination email address 3. (Empty)
filter-mode Filter mode. category
email-interval Interval between each email. 5
IPS-logs Enable/disable IPS Logs. disable
firewall-authentication-failure-logs
Enable/disable logging of firewall authenticationfailures.
disable
HA-logs Enable/disable HA Logs. disable
IPsec-errors-logs Enable/disable IPsec errors logs. disable
FDS-update-logs Enable/disable FortiGuard update logs. disable
PPP-errors-logs Enable/disable PPP errors logs. disable
sslvpn-authentication-
errors-logs
Enable/disable logging of SSL-VPN
authentication error.
disable
antivirus-logs Enable/disable antivirus logs. disable
webfilter-logs Enable/disable web filter logging. disable
configuration-changes-
logs
Enable/disable logging of configuration changes. disable
violation-traffic-logs Enable/disable logging of violation traffic. disable
admin-login-logs Enable/disable logging of administrator
login/logouts.
disable
FDS-license-expiring-
warning
Enable/disable FortiGuard license expiration
warning.
disable
log-disk-usage-warning Enable/disable logging of disk usage warning. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
10
-
7/26/2019 Fortigate Cli Ref 54
11/995
fortiguard-log-quota-
warning
Enable/disable warning of FortiCloud log quota. disable
amc-interface-bypass-
mode
Enable/disable Fortinet Advanced Mezzanine
Card (AMC) interface bypass mode.
disable
FIPS-CC-errors Enable/disable FIPS and Common Criteria errors. disable
FDS-license-expiring-
days
Number of days to end alert email prior to
FortiGuard license expiration (1 - 100 days).
15
local-disk-usage Percentage at which to send alert email prior to
disk usage exceeding this threshold (1 - 99
percent).
75
emergency-interval Emergency alert interval in minutes. 1
alert-interval Alert alert interval in minutes. 2
critical-interval Critical alert interval in minutes. 3
error-interval Error alert interval in minutes. 5
warning-interval Warning alert interval in minutes. 10
notification-interval Notification alert interval in minutes. 20
information-interval Information alert interval in minutes. 30
debug-interval Debug alert interval in minutes. 60
severity Lowest severity level to log. alert
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
11
-
7/26/2019 Fortigate Cli Ref 54
12/995
antivirus/heuristic
CLI Syntax
config antivirus heuristic
edit
set mode {pass | block | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
12
-
7/26/2019 Fortigate Cli Ref 54
13/995
Description
Configuration Description Default Value
mode Mode to use for heuristics. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
13
-
7/26/2019 Fortigate Cli Ref 54
14/995
antivirus/profile
CLI Syntax
config antivirus profile
edit
set name
set comment set replacemsg-group
set inspection-mode {proxy | flow-based}
set ftgd-analytics {disable | suspicious | everything}
set analytics-max-upload
set analytics-wl-filetype
set analytics-bl-filetype
set analytics-db {disable | enable}
set mobile-malware-db {disable | enable}
config http
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
end
config ftp
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
end
config imap
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
set executables {default | virus}
end
config pop3
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
14
-
7/26/2019 Fortigate Cli Ref 54
15/995
set emulator {enable | disable}
set executables {default | virus}
end
config smtp
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
set executables {default | virus}
end
config mapi
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
set executables {default | virus}
end
config nntp
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
end
config smb
edit
set options {scan | avmonitor | avquery | quarantine}
set archive-block {encrypted | corrupted | multipart | nested | mailbomb | unh
andled}
set archive-log {encrypted | corrupted | multipart | nested | mailbomb | unhan
dled}
set emulator {enable | disable}
end
config nac-quar
edit
set infected {none | quar-src-ip | quar-interface}
set expiry
set log {enable | disable}
end
set av-virus-log {enable | disable}
set av-block-log {enable | disable}
set scan-mode {quick | full}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
15
-
7/26/2019 Fortigate Cli Ref 54
16/995
Description
Configuration Description Default Value
name Profile name. (Empty)
comment Comment. (Empty)
replacemsg-group Replacement message group. (Empty)
inspection-mode Inspection mode. flow-based
ftgd-analytics Submit suspicious or supposedly clean files to
FortiSandbox.
disable
analytics-max-upload Maximum upload size to FortiSandbox (in MB). 10
analytics-wl-filetype Do not submit files matching this file-pattern table
to the FortiSandbox.
0
analytics-bl-filetype Only submit files matching this file-pattern table
to the FortiSandbox.
0
analytics-db Use signature database from FortiSandbox to
supplement the AV signature databases.
disable
mobile-malware-db Use mobile malware signature database. enable
http HTTP. Details below
Configuration Default Value
options (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
ftp FTP. Details below
Configuration Default Valueoptions (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
imap IMAP. Details below
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
16
-
7/26/2019 Fortigate Cli Ref 54
17/995
Configuration Default Value
options (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
executables default
pop3 POP3. Details below
Configuration Default Value
options (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
executables default
smtp SMTP. Details below
Configuration Default Value
options (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
executables default
mapi MAPI. Details below
Configuration Default Value
options (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
executables default
nntp NNTP. Details below
Configuration Default Valueoptions (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
smb SMB. Details below
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
17
-
7/26/2019 Fortigate Cli Ref 54
18/995
Configuration Default Value
options (Empty)
archive-block (Empty)
archive-log (Empty)
emulator enable
nac-quar Quarantine settings. Details below
Configuration Default Value
infected none
expiry 5m
log disable
av-virus-log Enable/disable logging for antivirus scanning. enable
av-block-log Enable/disable logging for antivirus file blocking. enable
scan-mode Choose between full scan mode and quick scanmode.
full
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
18
-
7/26/2019 Fortigate Cli Ref 54
19/995
antivirus/quarantine
CLI Syntax
config antivirus quarantine
edit
set agelimit
set maxfilesize set quarantine-quota
set drop-infected {imap | smtp | pop3 | http | ftp | im | nntp | imaps | smtps | p
op3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
set store-infected {imap | smtp | pop3 | http | ftp | im | nntp | imaps | smtps |
pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
set drop-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s |
ftps | mapi | mm1 | mm3 | mm4 | mm7}
set store-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s
| ftps | mapi | mm1 | mm3 | mm4 | mm7}
set drop-heuristic {imap | smtp | pop3 | http | ftp | im | nntp | imaps | smtps |
pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
set store-heuristic {imap | smtp | pop3 | http | ftp | im | nntp | imaps | smtps |
pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
set lowspace {drop-new | ovrw-old}
set destination {NULL | disk | FortiAnalyzer}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
19
-
7/26/2019 Fortigate Cli Ref 54
20/995
Description
Configuration Description Default Value
agelimit Age limit for quarantined files. 0
maxfilesize Maximum file size to quarantine. 0
quarantine-quota Quarantine quota. 0
drop-infected Ignore infected files from a protocol. (Empty)
store-infected Quarantine infected files from a protocol. imap smtp pop3 http ftp
nntp imaps smtps
pop3s https ftps mapi
drop-blocked Drop blocked files from a protocol. (Empty)
store-blocked Quarantine blocked files from a protocol. imap smtp pop3 http ftpnntp imaps smtps
pop3s ftps mapi
drop-heuristic Ignore heuristically caught files from a protocol. (Empty)
store-heuristic Quarantine heuristically caught files from a
protocol.
imap smtp pop3 http ftp
nntp imaps smtps
pop3s https ftps mapi
lowspace Action when the disk is almost full. ovrw-old
destination Quarantine destination: disk/FortiAnalyzer. disk
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
20
-
7/26/2019 Fortigate Cli Ref 54
21/995
antivirus/settings
CLI Syntax
config antivirus settings
edit
set default-db {normal | extended | extreme}
set grayware {enable | disable} end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
21
-
7/26/2019 Fortigate Cli Ref 54
22/995
Description
Configuration Description Default Value
default-db Select AV database to be used for AV scanning. extended
grayware Enable/disable detection of grayware. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
22
-
7/26/2019 Fortigate Cli Ref 54
23/995
application/custom
CLI Syntax
config application custom
edit
set tag
set name set id
set comment
set signature
set category
set protocol
set technology
set behavior
set vendor
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
23
-
7/26/2019 Fortigate Cli Ref 54
24/995
Description
Configuration Description Default Value
tag Signature tag. (Empty)
name Application name. (Empty)
id Application ID. 0
comment Comment. (Empty)
signature Signature text. (Empty)
category Application category ID. 0
protocol Application protocol. (Empty)
technology Application technology. (Empty)
behavior Application behavior. (Empty)
vendor Application vendor. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
24
-
7/26/2019 Fortigate Cli Ref 54
25/995
application/list
CLI Syntax
config application list
edit
set name
set comment set replacemsg-group
set other-application-action {pass | block}
set app-replacemsg {disable | enable}
set other-application-log {disable | enable}
set unknown-application-action {pass | block}
set unknown-application-log {disable | enable}
set p2p-black-list {skype | edonkey | bittorrent}
set deep-app-inspection {disable | enable}
set options {allow-dns | allow-icmp | allow-http | allow-ssl}
config entries
edit
set id
config risk
edit
set level
end
config category
edit
set id
end
config sub-category
edit
set id
end
config application
edit
set id
end
set protocols
set vendor
set technology
set behavior
set popularity {1 | 2 | 3 | 4 | 5}
config tags
edit
set name
end
config parameters
edit
set id
set value
end
set action {pass | block | reset}
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
25
-
7/26/2019 Fortigate Cli Ref 54
26/995
set log {disable | enable}
set log-packet {disable | enable}
set rate-count
set rate-duration
set rate-mode {periodical | continuous}
set rate-track {none | src-ip | dest-ip | dhcp-client-mac | dns-domain}
set session-ttl
set shaper
set shaper-reverse
set per-ip-shaper
set quarantine {none | attacker | both | interface}
set quarantine-expiry
set quarantine-log {disable | enable}
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
26
-
7/26/2019 Fortigate Cli Ref 54
27/995
Description
Configuration Description Default Value
name List name. (Empty)
comment comments (Empty)
replacemsg-group Replacement message group. (Empty)
other-application-action Action for other applications. pass
app-replacemsg Enable/disable replacement messages for
blocked applications.
enable
other-application-log Enable/disable logging of other applications. disable
unknown-application-
action
Action for unknown applications. pass
unknown-application-
log
Enable/disable logging of unknown applications. disable
p2p-black-list Action for p2p black list. (Empty)
deep-app-inspection Enable/disable deep application inspection. disable
options Options. allow-dns
entries Application list entries. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
27
-
7/26/2019 Fortigate Cli Ref 54
28/995
application/name
CLI Syntax
config application name
edit
set name
set id set category
set sub-category
set popularity
set risk
set protocol
set technology
set behavior
set vendor
set parameter
config metadata
edit
set id
set metaid
set valueid
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
28
-
7/26/2019 Fortigate Cli Ref 54
29/995
Description
Configuration Description Default Value
name Application name. (Empty)
id Application ID. 0
category Application category ID. 0
sub-category Application sub-category ID. 0
popularity Application popularity. 0
risk Application risk. 0
protocol Application protocol. (Empty)
technology Application technology. (Empty)
behavior Application behavior. (Empty)
vendor Application vendor. (Empty)
parameter Application parameter name. (Empty)
metadata Meta data. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
29
-
7/26/2019 Fortigate Cli Ref 54
30/995
application/rule-settings
CLI Syntax
config application rule-settings
edit
set id
config tags edit
set name
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
30
-
7/26/2019 Fortigate Cli Ref 54
31/995
Description
Configuration Description Default Value
id Rule ID. 0
tags Applied object tags. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
31
-
7/26/2019 Fortigate Cli Ref 54
32/995
certificate/ca
CLI Syntax
config certificate ca
edit
set name
set ca set range {global | vdom}
set source {factory | user | bundle | fortiguard}
set trusted {enable | disable}
set scep-url
set auto-update-days
set auto-update-days-warning
set source-ip
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
32
-
7/26/2019 Fortigate Cli Ref 54
33/995
Description
Configuration Description Default Value
name Name. (Empty)
ca CA certificate. (Empty)
range CA certificate range. global
source CA certificate source. user
trusted Enable/disable trusted CA. enable
scep-url URL of SCEP server. (Empty)
auto-update-days Days to auto-update before expired, 0=disabled. 0
auto-update-days-warning
Days to send update before auto-update(0=disabled).
0
source-ip Source IP for communications to SCEP server. 0.0.0.0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
33
-
7/26/2019 Fortigate Cli Ref 54
34/995
certificate/crl
CLI Syntax
config certificate crl
edit
set name
set crl set range {global | vdom}
set source {factory | user | bundle | fortiguard}
set update-vdom
set ldap-server
set ldap-username
set ldap-password
set http-url
set scep-url
set scep-cert
set update-interval
set source-ip
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
34
-
7/26/2019 Fortigate Cli Ref 54
35/995
Description
Configuration Description Default Value
name Name. (Empty)
crl Certificate Revocation List. (Empty)
range CRL range. global
source CRL source. user
update-vdom Virtual domain for CRL update. root
ldap-server LDAP server. (Empty)
ldap-username Login name for LDAP server. (Empty)
ldap-password Login password for LDAP server. (Empty)
http-url URL of HTTP server for CRL update. (Empty)
scep-url URL of CA server for CRL update via SCEP. (Empty)
scep-cert Local certificate used for CRL update via SCEP. Fortinet_CA_SSL
update-interval Second between updates, 0=disabled. 0
source-ip Source IP for communications to CA
(HTTP/SCEP) server.
0.0.0.0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
35
-
7/26/2019 Fortigate Cli Ref 54
36/995
certificate/local
CLI Syntax
config certificate local
edit
set name
set password set comments
set private-key
set certificate
set csr
set state
set scep-url
set range {global | vdom}
set source {factory | user | bundle | fortiguard}
set auto-regenerate-days
set auto-regenerate-days-warning
set scep-password
set ca-identifier
set name-encoding {printable | utf8}
set source-ip
set ike-localid
set ike-localid-type {asn1dn | fqdn}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
36
-
7/26/2019 Fortigate Cli Ref 54
37/995
Description
Configuration Description Default Value
name Name. (Empty)
password Password. (Empty)
comments Comment. (Empty)
private-key Private key. (Empty)
certificate Certificate. (Empty)
csr Certificate Signing Request. (Empty)
state Certificate Signing Request State. (Empty)
scep-url URL of SCEP server. (Empty)
range Certificate range. global
source Certificate source. user
auto-regenerate-days Days to auto-regenerate before expired,
0=disabled.
0
auto-regenerate-days-
warning
Days to send warning before auto-regeneration,
0=disabled.
0
scep-password SCEP server challenge password for auto-
regeneration.
(Empty)
ca-identifier CA identifier of the CA server for signing via
SCEP.
(Empty)
name-encoding Name encoding for auto-regeneration. printable
source-ip Source IP for communications to SCEP server. 0.0.0.0
ike-localid IKE local ID. (Empty)
ike-localid-type IKE local ID type. asn1dn
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
37
-
7/26/2019 Fortigate Cli Ref 54
38/995
dlp/filepattern
CLI Syntax
config dlp filepattern
edit
set id
set name set comment
config entries
edit
set filter-type {pattern | type}
set pattern
set file-type {7z | arj | cab | lzh | rar | tar | zip | bzip | gzip | bzip2 |
xz | bat | msc | uue | mime | base64 | binhex | bin | elf | exe | hta | html | jad | c
lass | cod | javascript | msoffice | msofficex | fsg | upx | petite | aspack | prc | s
is | hlp | activemime | jpeg | gif | tiff | png | bmp | ignored | unknown | mpeg | mov
| mp3 | wma | wav | pdf | avi | rm | torrent | hibun}
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
38
-
7/26/2019 Fortigate Cli Ref 54
39/995
Description
Configuration Description Default Value
id ID. 0
name Name of table. (Empty)
comment Comment. (Empty)
entries Configure file patterns used by DLP blocking. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
39
-
7/26/2019 Fortigate Cli Ref 54
40/995
dlp/fp-doc-source
CLI Syntax
config dlp fp-doc-source
edit
set name
set server-type {samba} set server
set period {none | daily | weekly | monthly}
set vdom {mgmt | current}
set scan-subdirectories {enable | disable}
set scan-on-creation {enable | disable}
set remove-deleted {enable | disable}
set keep-modified {enable | disable}
set username
set password
set file-path
set file-pattern
set sensitivity
set tod-hour
set tod-min
set weekday {sunday | monday | tuesday | wednesday | thursday | friday | saturday}
set date
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
40
-
7/26/2019 Fortigate Cli Ref 54
41/995
Description
Configuration Description Default Value
name DLP Server. (Empty)
server-type DLP Server. samba
server Server location (can be IP or IPv6 address). (Empty)
period Select periodic server checking. none
vdom Select source on management or current VDOM. mgmt
scan-subdirectories Enable/disable scanning of subdirectories. enable
scan-on-creation Enable/disable force scan of server to happen
when document source is created or edited.
enable
remove-deleted Enable/disable removing chunks of files deleted
from the server.
enable
keep-modified Enable/disable retaining old chunks of modified
files.
enable
username Login username. (Empty)
password Login password. (Empty)
file-path File path on server. (Empty)
file-pattern File patterns to fingerprint (wildcard). *
sensitivity DLP fingerprint sensitivity defined for these files. (Empty)
tod-hour Time of day to run scans (hour part, 24 hour
clock).
1
tod-min Time of day to run scans (min). 0
weekday Day of week to run scans. sunday
date Date within a month to run scans. 1
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
41
-
7/26/2019 Fortigate Cli Ref 54
42/995
dlp/fp-sensitivity
CLI Syntax
config dlp fp-sensitivity
edit
set name
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
42
-
7/26/2019 Fortigate Cli Ref 54
43/995
Description
Configuration Description Default Value
name DLP Sensitivity Levels. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
43
-
7/26/2019 Fortigate Cli Ref 54
44/995
dlp/sensor
CLI Syntax
config dlp sensor
edit
set name
set comment set replacemsg-group
config filter
edit
set id
set name
set severity {info | low | medium | high | critical}
set type {file | message}
set proto {smtp | pop3 | imap | http-get | http-post | ftp | nntp | aim | icq
| msn | yahoo | mapi | mm1 | mm3 | mm4 | mm7}
set filter-by {credit-card | ssn | regexp | file-type | file-size | fingerprin
t | watermark | encrypted}
set file-size
set company-identifier
config fp-sensitivity
edit
set name
end
set match-percentage
set file-type
set regexp
set archive {disable | enable}
set action {allow | log-only | block | ban | quarantine-ip | quarantine-port}
set expiry
end
set dlp-log {enable | disable}
set nac-quar-log {enable | disable}
set flow-based {enable | disable}
set options {}
set full-archive-proto {smtp | pop3 | imap | http-get | http-post | ftp | nntp | a
im | icq | msn | yahoo | mapi | mm1 | mm3 | mm4 | mm7}
set summary-proto {smtp | pop3 | imap | http-get | http-post | ftp | nntp | aim |
icq | msn | yahoo | mapi | mm1 | mm3 | mm4 | mm7}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
44
-
7/26/2019 Fortigate Cli Ref 54
45/995
Description
Configuration Description Default Value
name Name. (Empty)
comment Comment. (Empty)
replacemsg-group Replacement message group. (Empty)
filter Configure DLP filters. (Empty)
dlp-log Enable/disable logging for data leak prevention. enable
nac-quar-log Enable/disable logging for NAC quarantine
creation.
disable
flow-based Enable/disable flow-based data leak prevention. disable
options options
full-archive-proto Protocols to always content archive. (Empty)
summary-proto Protocols to always log summary. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
45
-
7/26/2019 Fortigate Cli Ref 54
46/995
dlp/settings
CLI Syntax
config dlp settings
edit
set storage-device
set size set db-mode {stop-adding | remove-modified-then-oldest | remove-oldest}
set cache-mem-percent
set chunk-size
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
46
-
7/26/2019 Fortigate Cli Ref 54
47/995
Description
Configuration Description Default Value
storage-device Storage name. (Empty)
size Maximum total size of files within the storage
(MB).
16
db-mode Method of maintaining database size. stop-adding
cache-mem-percent Maximum percentage of available memory
allocated to caching (1 - 15%).
2
chunk-size Maximum fingerprint chunk size. **Changing will
flush the entire database**.
2800
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
47
-
7/26/2019 Fortigate Cli Ref 54
48/995
dnsfilter/profile
CLI Syntax
config dnsfilter profile
edit
set name
set comment config urlfilter
edit
set urlfilter-table
end
config ftgd-dns
edit
set options {error-allow | ftgd-disable}
config filters
edit
set id
set category
set action {block | monitor}
set log {enable | disable}
end
end
set log-all-url {enable | disable}
set block-action {block | redirect}
set redirect-portal
set block-botnet {disable | enable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
48
-
7/26/2019 Fortigate Cli Ref 54
49/995
Description
Configuration Description Default Value
name Profile name. (Empty)
comment Comment. (Empty)
urlfilter URL filter settings. Details below
Configuration Default Value
urlfilter-table 0
ftgd-dns FortiGuard DNS Filter settings. Details below
Configuration Default Value
options (Empty)
filters (Empty)
log-all-url Enable/disable log all URLs visited. disable
block-action Action to take for blocked domains. redirect
redirect-portal IP address of the SDNS portal. 0.0.0.0
block-botnet Enable/disable block of botnet C&C. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
49
-
7/26/2019 Fortigate Cli Ref 54
50/995
dnsfilter/urlfilter
CLI Syntax
config dnsfilter urlfilter
edit
set id
set name set comment
config entries
edit
set id
set url
set type {simple | regex | wildcard}
set action {block | allow | monitor}
set status {enable | disable}
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
50
-
7/26/2019 Fortigate Cli Ref 54
51/995
Description
Configuration Description Default Value
id ID. 0
name Name of table. (Empty)
comment Comment. (Empty)
entries DNS URL filter. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
51
-
7/26/2019 Fortigate Cli Ref 54
52/995
endpoint-control/client
CLI Syntax
config endpoint-control client
edit
set id
set ftcl-uid set src-ip
set src-mac
set info
set ad-groups
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
52
-
7/26/2019 Fortigate Cli Ref 54
53/995
Description
Configuration Description Default Value
id Endpoint client ID. 0
ftcl-uid Endpoint FortiClient UID. (Empty)
src-ip Endpoint client IP address. 0.0.0.0
src-mac Endpoint client MAC address. 00:00:00:00:00:00
info Endpoint client information. (Empty)
ad-groups Endpoint client AD logon groups. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
53
-
7/26/2019 Fortigate Cli Ref 54
54/995
endpoint-control/forticlient-registration-sync
CLI Syntax
config endpoint-control forticlient-registration-sync
edit
set peer-name
set peer-ip end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
54
-
7/26/2019 Fortigate Cli Ref 54
55/995
Description
Configuration Description Default Value
peer-name Peer name. (Empty)
peer-ip Peer connecting IP. 0.0.0.0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
55
-
7/26/2019 Fortigate Cli Ref 54
56/995
endpoint-control/profile
CLI Syntax
config endpoint-control profile
edit
set profile-name
config forticlient-winmac-settings edit
set view-profile-details {enable | disable}
set forticlient-av {enable | disable}
set av-realtime-protection {enable | disable}
set scan-download-file {enable | disable}
set sandbox-scan {enable | disable}
set sandbox-address
set wait-sandbox-result {enable | disable}
set use-sandbox-signature {enable | disable}
set block-malicious-website {enable | disable}
set block-attack-channel {enable | disable}
set av-scheduled-scan {enable | disable}
set av-scan-type {quick | full | custom}
set av-scan-folder
set av-scan-schedule {daily | weekly | monthly}
set av-scan-day-of-week {sunday | monday | tuesday | wednesday | thursday | fr
iday | saturday}
set av-scan-day-of-month
set av-scan-time
config av-scan-exclusions
edit
set id
set type {file | folder}
set name
end
set forticlient-application-firewall {enable | disable}
set forticlient-application-firewall-list
set monitor-unknown-application {enable | disable}
set install-ca-certificate {enable | disable}
set forticlient-wf {enable | disable}
set forticlient-wf-profile
set disable-wf-when-protected {enable | disable}
set forticlient-vuln-scan {enable | disable}
set forticlient-vuln-scan-schedule {daily | weekly | monthly}
set forticlient-vuln-scan-on-registration {enable | disable}
set forticlient-vpn-provisioning {enable | disable}
set forticlient-advanced-vpn {enable | disable}
set forticlient-advanced-vpn-buffer
config forticlient-vpn-settings
edit
set name
set type {ipsec | ssl}
set remote-gw
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
56
-
7/26/2019 Fortigate Cli Ref 54
57/995
set sslvpn-access-port
set sslvpn-require-certificate {enable | disable}
set auth-method {psk | certificate}
set preshared-key
end
set disable-unregister-option {enable | disable}
set forticlient-log-upload {enable | disable}
set forticlient-log-upload-server
set forticlient-log-ssl-upload {enable | disable}
set forticlient-log-upload-schedule {hourly | daily}
set forticlient-update-from-fmg {enable | disable}
config forticlient-update-server
edit
set name
end
set forticlient-update-failover-to-fdn {enable | disable}
set forticlient-settings-lock {enable | disable}
set forticlient-settings-lock-passwd
set auto-vpn-when-off-net {enable | disable}
set auto-vpn-name
set client-log-when-on-net {enable | disable}
set forticlient-ad {enable | disable}
set fsso-ma {enable | disable}
set fsso-ma-server
set fsso-ma-psk
set allow-personal-vpn {enable | disable}
set disable-user-disconnect {enable | disable}
set vpn-before-logon {enable | disable}
set vpn-captive-portal {enable | disable}
set forticlient-ui-options {av | wf | af | vpn | vs}
set forticlient-advanced-cfg {enable | disable}
set forticlient-advanced-cfg-buffer
config extra-buffer-entries
edit
set id
set buffer
end
end
config forticlient-android-settings
edit
set forticlient-wf {enable | disable}
set forticlient-wf-profile
set disable-wf-when-protected {enable | disable}
set forticlient-vpn-provisioning {enable | disable}
set forticlient-advanced-vpn {enable | disable}
set forticlient-advanced-vpn-buffer
config forticlient-vpn-settings
edit
set name
set type {ipsec | ssl}
set remote-gw
set sslvpn-access-port
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
57
-
7/26/2019 Fortigate Cli Ref 54
58/995
set sslvpn-require-certificate {enable | disable}
set auth-method {psk | certificate}
set preshared-key
end
end
config forticlient-ios-settings
edit
set forticlient-wf {enable | disable}
set forticlient-wf-profile
set disable-wf-when-protected {enable | disable}
set client-vpn-provisioning {enable | disable}
config client-vpn-settings
edit
set name
set type {ipsec | ssl}
set vpn-configuration-name
set vpn-configuration-content
set remote-gw
set sslvpn-access-port
set sslvpn-require-certificate {enable | disable}
set auth-method {psk | certificate}
set preshared-key
end
set distribute-configuration-profile {enable | disable}
set configuration-name
set configuration-content
end
set description
config src-addr
edit
set name
end
config device-groups
edit
set name
end
config users
edit
set name
end
config user-groups
edit
set name
end
config on-net-addr
edit
set name
end
set replacemsg-override-group
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
58
-
7/26/2019 Fortigate Cli Ref 54
59/995
Description
Configuration Description Default Value
profile-name Profile name. (Empty)
forticlient-winmac-
settings
FortiClient settings for Windows/Mac platform. Details below
Configuration Default Value
view-profile-details enable
forticlient-av enable
av-realtime-protection enable
scan-download-file enable
sandbox-scan disable
sandbox-address (Empty)
wait-sandbox-result disable
use-sandbox-signature disableblock-malicious-website disable
block-attack-channel disable
av-scheduled-scan disable
av-scan-type quick
av-scan-folder (Empty)
av-scan-schedule daily
av-scan-day-of-week sunday
av-scan-day-of-month 0
av-scan-time 00:00
av-scan-exclusions (Empty)
forticlient-application-firewall disable
forticlient-application-firewall-list (Empty)
monitor-unknown-application disable
install-ca-certificate disable
forticlient-wf enable
forticlient-wf-profile default
disable-wf-when-protected enable
forticlient-vuln-scan disable
forticlient-vuln-scan-schedule monthlyforticlient-vuln-scan-on-registration enable
forticlient-vpn-provisioning disable
forticlient-advanced-vpn disable
forticlient-advanced-vpn-buffer (Empty)
forticlient-vpn-settings (Empty)
disable-unregister-option disable
forticlient-log-upload disable
forticlient-log-upload-server (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
59
-
7/26/2019 Fortigate Cli Ref 54
60/995
forticlient-log-ssl-upload enable
forticlient-log-upload-schedule daily
forticlient-update-from-fmg disable
forticlient-update-server (Empty)
forticlient-update-failover-to-fdn enable
forticlient-settings-lock disable
forticlient-settings-lock-passwd (Empty)
auto-vpn-when-off-net disableauto-vpn-name (Empty)
client-log-when-on-net disable
forticlient-ad disable
fsso-ma disable
fsso-ma-server (Empty)
fsso-ma-psk (Empty)
allow-personal-vpn enable
disable-user-disconnect disable
vpn-before-logon disable
vpn-captive-portal disable
forticlient-ui-options av wf vpn
forticlient-advanced-cfg disable
forticlient-advanced-cfg-buffer (Empty)
extra-buffer-entries (Empty)
forticlient-android-
settings
FortiClient settings for Android platform. Details below
Configuration Default Value
forticlient-wf disable
forticlient-wf-profile (Empty)
disable-wf-when-protected enable
forticlient-vpn-provisioning disable
forticlient-advanced-vpn disable
forticlient-advanced-vpn-buffer (Empty)
forticlient-vpn-settings (Empty)
forticlient-ios-settings FortiClient settings for iOS platform. Details below
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
60
-
7/26/2019 Fortigate Cli Ref 54
61/995
Configuration Default Value
forticlient-wf disable
forticlient-wf-profile (Empty)
disable-wf-when-protected enable
client-vpn-provisioning disable
client-vpn-settings (Empty)
distribute-configuration-profile disable
configuration-name (Empty)
configuration-content (Empty)
description Description. (Empty)
src-addr Source addresses. (Empty)
device-groups Device groups. (Empty)
users Users. (Empty)
user-groups User groups. (Empty)
on-net-addr Addresses for on-net detection. (Empty)
replacemsg-override-
group
Specify endpoint control replacement message
override group.
(Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
61
-
7/26/2019 Fortigate Cli Ref 54
62/995
endpoint-control/registered-forticlient
CLI Syntax
config endpoint-control registered-forticlient
edit
set uid
set vdom set ip
set mac
set status
set flag
set reg-fortigate
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
62
-
7/26/2019 Fortigate Cli Ref 54
63/995
Description
Configuration Description Default Value
uid FortiClient UID. (Empty)
vdom Registering vdom. (Empty)
ip Endpoint IP address. 0.0.0.0
mac Endpoint MAC address. 00:00:00:00:00:00
status FortiClient registration status. 1
flag FortiClient registration flag. 0
reg-fortigate Registering FortiGate SN. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
63
-
7/26/2019 Fortigate Cli Ref 54
64/995
endpoint-control/settings
CLI Syntax
config endpoint-control settings
edit
set forticlient-reg-key-enforce {enable | disable}
set forticlient-reg-key set forticlient-reg-timeout
set download-custom-link
set download-location {fortiguard | custom}
set forticlient-keepalive-interval
set forticlient-sys-update-interval
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
64
-
7/26/2019 Fortigate Cli Ref 54
65/995
Description
Configuration Description Default Value
forticlient-reg-key-
enforce
Enable/disable enforcement of FortiClient
registration key.
disable
forticlient-reg-key FortiClient registration key. (Empty)
forticlient-reg-timeout FortiClient registration license timeout (days, min
= 1, max = 180, 0 = unlimited).
7
download-custom-link Customized URL for downloading FortiClient. (Empty)
download-location FortiClient download location. fortiguard
forticlient-keepalive-
interval
Interval between two KeepAlive messages from
FortiClient (in seconds).
60
forticlient-sys-update-
interval
Interval between two system update messages
from FortiClient (in minutes).
720
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
65
-
7/26/2019 Fortigate Cli Ref 54
66/995
extender-controller/extender
CLI Syntax
config extender-controller extender
edit
set id
set admin {disable | discovered | enable} set ifname
set vdom
set role {none | primary | secondary}
set mode {standalone | redundant}
set dial-mode {dial-on-demand | always-connect}
set redial {none | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10}
set redundant-intf
set dial-status
set conn-status
set ext-name
set description
set quota-limit-mb
set billing-start-day
set at-dial-script
set modem-passwd
set initiated-update {enable | disable}
set modem-type {cdma | gsm/lte | wimax}
set ppp-username
set ppp-password
set ppp-auth-protocol {auto | pap | chap}
set ppp-echo-request {enable | disable}
set wimax-carrier
set wimax-realm
set wimax-auth-protocol {tls | ttls}
set sim-pin
set access-point-name
set multi-mode {auto | auto-3g | force-lte | force-3g | force-2g}
set roaming {enable | disable}
set cdma-nai
set aaa-shared-secret
set ha-shared-secret
set primary-ha
set secondary-ha
set cdma-aaa-spi
set cdma-ha-spi
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
66
-
7/26/2019 Fortigate Cli Ref 54
67/995
Description
Configuration Description Default Value
id FortiExtender serial number. (Empty)
admin FortiExtender Administration (enable or disable). disable
ifname FortiExtender interface name. (Empty)
vdom VDOM 0
role FortiExtender work role(Primary, Secondary,
None).
none
mode FortiExtender mode. standalone
dial-mode Dial mode (dial-on-demand or always-connect). always-connect
redial Number of redials allowed based on failed
attempts.
none
redundant-intf Redundant interface. (Empty)
dial-status Dial status. 0
conn-status Connection status. 0
ext-name FortiExtender name. (Empty)
description Description. (Empty)
quota-limit-mb Monthly quota limit (MB). 0
billing-start-day Billing start day. 1
at-dial-script Initialization AT commands specific to the
MODEM.
(Empty)
modem-passwd MODEM password. (Empty)
initiated-update Allow/disallow network initiated updates to the
MODEM.
disable
modem-type MODEM type (CDMA, GSM/LTE or WIMAX). gsm/lte
ppp-username PPP username. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
67
-
7/26/2019 Fortigate Cli Ref 54
68/995
ppp-password PPP password. (Empty)
ppp-auth-protocol PPP authentication protocol (PAP,CHAP or auto). auto
ppp-echo-request Enable/disable PPP echo request. disable
wimax-carrier WiMax carrier. (Empty)
wimax-realm WiMax realm. (Empty)
wimax-auth-protocol WiMax authentication protocol(TLS or TTLS). tls
sim-pin SIM PIN. (Empty)
access-point-name Access point name(APN). (Empty)
multi-mode MODEM mode of operation(3G,LTE,etc). auto
roaming Enable/disable MODEM roaming. disable
cdma-nai NAI for CDMA MODEMS. (Empty)
aaa-shared-secret AAA shared secret. (Empty)
ha-shared-secret HA shared secret. (Empty)
primary-ha Primary HA. (Empty)
secondary-ha Secondary HA. (Empty)
cdma-aaa-spi CDMA AAA SPI. (Empty)
cdma-ha-spi CDMA HA SPI. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
68
-
7/26/2019 Fortigate Cli Ref 54
69/995
firewall.ipmacbinding/setting
CLI Syntax
config firewall.ipmacbinding setting
edit
set bindthroughfw {enable | disable}
set bindtofw {enable | disable} set undefinedhost {allow | block}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
69
-
7/26/2019 Fortigate Cli Ref 54
70/995
Description
Configuration Description Default Value
bindthroughfw Enable/disable going through firewall. disable
bindtofw Enable/disable going to firewall. disable
undefinedhost Allow/block traffic for undefined hosts. block
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
70
-
7/26/2019 Fortigate Cli Ref 54
71/995
firewall.ipmacbinding/table
CLI Syntax
config firewall.ipmacbinding table
edit
set seq-num
set ip set mac
set name
set status {enable | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
71
-
7/26/2019 Fortigate Cli Ref 54
72/995
Description
Configuration Description Default Value
seq-num Entry number. 0
ip IP address. 0.0.0.0
mac MAC address. 00:00:00:00:00:00
name Name (optional, default = no name). noname
status Enable/disable IP-mac binding. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
72
-
7/26/2019 Fortigate Cli Ref 54
73/995
firewall.schedule/group
CLI Syntax
config firewall.schedule group
edit
set name
config member edit
set name
end
set color
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
73
-
7/26/2019 Fortigate Cli Ref 54
74/995
Description
Configuration Description Default Value
name Schedule group name. (Empty)
member Schedule group member. (Empty)
color GUI icon color. 0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
74
-
7/26/2019 Fortigate Cli Ref 54
75/995
firewall.schedule/onetime
CLI Syntax
config firewall.schedule onetime
edit
set name
set start set end
set color
set expiration-days
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
75
-
7/26/2019 Fortigate Cli Ref 54
76/995
Description
Configuration Description Default Value
name Onetime schedule name. (Empty)
start Start time and date. 00:00 2001/01/01
end End time and date. 00:00 2001/01/01
color GUI icon color. 0
expiration-days Generate event log before schedule expires (1-
100 days, 0 = disable).
3
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
76
-
7/26/2019 Fortigate Cli Ref 54
77/995
firewall.schedule/recurring
CLI Syntax
config firewall.schedule recurring
edit
set name
set start set end
set day {sunday | monday | tuesday | wednesday | thursday | friday | saturday | no
ne}
set color
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
77
-
7/26/2019 Fortigate Cli Ref 54
78/995
Description
Configuration Description Default Value
name Recurring schedule name. (Empty)
start Start time. 00:00
end End time. 00:00
day weekday sunday
color GUI icon color. 0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
78
-
7/26/2019 Fortigate Cli Ref 54
79/995
firewall.service/category
CLI Syntax
config firewall.service category
edit
set name
set comment end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
79
-
7/26/2019 Fortigate Cli Ref 54
80/995
Description
Configuration Description Default Value
name Service category name. (Empty)
comment Comment. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
80
-
7/26/2019 Fortigate Cli Ref 54
81/995
firewall.service/custom
CLI Syntax
config firewall.service custom
edit
set name
set explicit-proxy {enable | disable} set category
set protocol {TCP/UDP/SCTP | ICMP | ICMP6 | IP | HTTP | FTP | CONNECT | SOCKS | SO
CKS-TCP | SOCKS-UDP | ALL}
set iprange
set fqdn
set protocol-number
set icmptype
set icmpcode
set tcp-portrange
set udp-portrange
set sctp-portrange
set tcp-halfclose-timer
set tcp-halfopen-timer
set tcp-timewait-timer
set udp-idle-timer
set session-ttl
set check-reset-range {disable | strict | default}
set comment
set color
set visibility {enable | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
81
-
7/26/2019 Fortigate Cli Ref 54
82/995
Description
Configuration Description Default Value
name Custom service name. (Empty)
explicit-proxy Enable/disable explicit web proxy service. disable
category Service category. (Empty)
protocol Protocol type. TCP/UDP/SCTP
iprange Start IP-End IP. 0.0.0.0
fqdn Fully qualified domain name. (Empty)
protocol-number IP protocol number. 0
icmptype ICMP type. (Empty)
icmpcode ICMP code. (Empty)
tcp-portrange Multiple TCP port ranges. (Empty)
udp-portrange Multiple UDP port ranges. (Empty)
sctp-portrange Multiple SCTP port ranges. (Empty)
tcp-halfclose-timer TCP half close timeout (1 - 86400 sec, 0 =
default).
0
tcp-halfopen-timer TCP half close timeout (1 - 86400 sec, 0 =
default).
0
tcp-timewait-timer TCP half close timeout (1 - 300 sec, 0 = default). 0
udp-idle-timer TCP half close timeout (0 - 86400 sec, 0 =
default).
0
session-ttl Session TTL (300 - 604800, 0 = default). 0
check-reset-range Enable/disable RST check. default
comment Comment. (Empty)
color GUI icon color. 0
visibility Enable/disable service visibility. enable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
82
-
7/26/2019 Fortigate Cli Ref 54
83/995
firewall.service/group
CLI Syntax
config firewall.service group
edit
set name
config member edit
set name
end
set explicit-proxy {enable | disable}
set comment
set color
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
83
-
7/26/2019 Fortigate Cli Ref 54
84/995
Description
Configuration Description Default Value
name Address group name. (Empty)
member Address group member. (Empty)
explicit-proxy Enable/disable explicit web proxy service group. disable
comment Comment. (Empty)
color GUI icon color. 0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
84
-
7/26/2019 Fortigate Cli Ref 54
85/995
firewall.shaper/per-ip-shaper
CLI Syntax
config firewall.shaper per-ip-shaper
edit
set name
set max-bandwidth set bandwidth-unit {kbps | mbps | gbps}
set max-concurrent-session
set diffserv-forward {enable | disable}
set diffserv-reverse {enable | disable}
set diffservcode-forward
set diffservcode-rev
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
85
-
7/26/2019 Fortigate Cli Ref 54
86/995
Description
Configuration Description Default Value
name Traffic shaper name. (Empty)
max-bandwidth Maximum bandwidth value (0 - 16776000). 0
bandwidth-unit Bandwidth unit (default = kbps). kbps
max-concurrent-
session
Maximum concurrent session (0 - 2097000). 0
diffserv-forward Forward (original) traffic DiffServ. disable
diffserv-reverse Reverse (reply) traffic DiffServ. disable
diffservcode-forward Forward (original) traffic DiffServ code point
value.
000000
diffservcode-rev Reverse (reply) traffic DiffServ code point value. 000000
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
86
-
7/26/2019 Fortigate Cli Ref 54
87/995
firewall.shaper/traffic-shaper
CLI Syntax
config firewall.shaper traffic-shaper
edit
set name
set guaranteed-bandwidth set maximum-bandwidth
set bandwidth-unit {kbps | mbps | gbps}
set priority {low | medium | high}
set per-policy {disable | enable}
set diffserv {enable | disable}
set diffservcode
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
87
-
7/26/2019 Fortigate Cli Ref 54
88/995
Description
Configuration Description Default Value
name Traffic shaper name. (Empty)
guaranteed-bandwidth Guaranteed bandwidth value (0 - 16776000). 0
maximum-bandwidth Maximum bandwidth value (0 - 16776000). 0
bandwidth-unit Bandwidth unit (default = kbps). kbps
priority Traffic priority. high
per-policy Enable/disable use a separate shaper for each
policy.
disable
diffserv Enable/disable traffic DiffServ. disable
diffservcode Traffic DiffServ code point value. 000000
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
88
-
7/26/2019 Fortigate Cli Ref 54
89/995
firewall.ssl/setting
CLI Syntax
config firewall.ssl setting
edit
set proxy-connect-timeout
set ssl-dh-bits {768 | 1024 | 1536 | 2048} set ssl-send-empty-frags {enable | disable}
set no-matching-cipher-action {bypass | drop}
set cert-cache-capacity
set cert-cache-timeout
set session-cache-capacity
set session-cache-timeout
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
89
-
7/26/2019 Fortigate Cli Ref 54
90/995
Description
Configuration Description Default Value
proxy-connect-timeout Time limit to make an internal connection to the
appropriate proxy process (1 - 60 sec).
30
ssl-dh-bits Size of Diffie-Hellman prime used in DHE-RSA
negotiation.
2048
ssl-send-empty-frags Send empty fragments to avoid attack on CBC IV
(SSL 3.0 & TLS 1.0 only).
enable
no-matching-cipher-
action
Bypass or drop the connection when no matching
cipher was found.
bypass
cert-cache-capacity Maximum capacity of the host certificate cache (0
- 500).
200
cert-cache-timeout Minutes to keep certificate cache (1 - 120 min). 10
session-cache-capacity Obsolete. 500
session-cache-timeout Number of minutes to keep SSL session state. 20
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
90
-
7/26/2019 Fortigate Cli Ref 54
91/995
firewall/address
CLI Syntax
config firewall address
edit
set name
set uuid set subnet
set type {ipmask | iprange | fqdn | geography | wildcard | wildcard-fqdn}
set start-ip
set end-ip
set fqdn
set country
set wildcard-fqdn
set cache-ttl
set wildcard
set comment
set visibility {enable | disable}
set associated-interface
set color
config tags
edit
set name
end
set allow-routing {enable | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
91
-
7/26/2019 Fortigate Cli Ref 54
92/995
Description
Configuration Description Default Value
name Address name. (Empty)
uuid Universally Unique IDentifier. 00000000-0000-0000-
0000-000000000000
subnet IP address and netmask. 0.0.0.0 0.0.0.0
type Type. ipmask
start-ip Start IP. 0.0.0.0
end-ip End IP. 0.0.0.0
fqdn Fully qualified domain name. (Empty)
country Country name. (Empty)
wildcard-fqdn Wildcard FQDN. (Empty)
cache-ttl Minimal TTL of individual IP addresses in FQDN
cache.
0
wildcard IP address and wildcard netmask. 0.0.0.0 0.0.0.0
comment Comment. (Empty)
visibility Enable/disable address visibility. enable
associated-interface Associated interface name. (Empty)
color GUI icon color. 0
tags Applied object tags. (Empty)
allow-routing Enable/disable use of this address in the static
route configuration.
disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
92
-
7/26/2019 Fortigate Cli Ref 54
93/995
firewall/address6
CLI Syntax
config firewall address6
edit
set name
set uuid set type {ipprefix | iprange}
set ip6
set start-ip
set end-ip
set visibility {enable | disable}
set color
config tags
edit
set name
end
set comment
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
93
-
7/26/2019 Fortigate Cli Ref 54
94/995
Description
Configuration Description Default Value
name Address name. (Empty)
uuid Universally Unique IDentifier. 00000000-0000-0000-
0000-000000000000
type Type. ipprefix
ip6 IPv6 address prefix. ::/0
start-ip Start IP. ::
end-ip End IP. ::
visibility Enable/disable address visibility. enable
color GUI icon color. 0
tags Applied object tags. (Empty)
comment Comment. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
94
-
7/26/2019 Fortigate Cli Ref 54
95/995
firewall/addrgrp
CLI Syntax
config firewall addrgrp
edit
set name
set uuid config member
edit
set name
end
set comment
set visibility {enable | disable}
set color
config tags
edit
set name
end
set allow-routing {enable | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
95
-
7/26/2019 Fortigate Cli Ref 54
96/995
Description
Configuration Description Default Value
name Address group name. (Empty)
uuid Universally Unique IDentifier. 00000000-0000-0000-
0000-000000000000
member Address group member. (Empty)
comment Comment. (Empty)
visibility Enable/disable address group visibility. enable
color GUI icon color. 0
tags Applied object tags. (Empty)
allow-routing Enable/disable use of this group in the static route
configuration.
disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
96
-
7/26/2019 Fortigate Cli Ref 54
97/995
firewall/addrgrp6
CLI Syntax
config firewall addrgrp6
edit
set name
set uuid set visibility {enable | disable}
set color
set comment
config member
edit
set name
end
config tags
edit
set name
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
97
-
7/26/2019 Fortigate Cli Ref 54
98/995
Description
Configuration Description Default Value
name IPv6 address group name. (Empty)
uuid Universally Unique IDentifier. 00000000-0000-0000-
0000-000000000000
visibility Enable/disable address group6 visibility. enable
color GUI icon color. 0
comment Comment. (Empty)
member IPv6 address group member. (Empty)
tags Applied object tags. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
98
-
7/26/2019 Fortigate Cli Ref 54
99/995
firewall/auth-portal
CLI Syntax
config firewall auth-portal
edit
config groups
edit set name
end
set portal-addr
set portal-addr6
set identity-based-route
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
99
-
7/26/2019 Fortigate Cli Ref 54
100/995
Description
Configuration Description Default Value
groups Group name. (Empty)
portal-addr Address (or domain name) of authentication
portal.
(Empty)
portal-addr6 IPv6 address (or domain name) of authentication
portal.
(Empty)
identity-based-route Name of identity-based routing rule. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
100
-
7/26/2019 Fortigate Cli Ref 54
101/995
firewall/central-snat-map
CLI Syntax
config firewall central-snat-map
edit
set policyid
set status {enable | disable} config orig-addr
edit
set name
end
config dst-addr
edit
set name
end
config nat-ippool
edit
set name
end
set protocol
set orig-port
set nat-port
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
101
-
7/26/2019 Fortigate Cli Ref 54
102/995
Description
Configuration Description Default Value
policyid Policy ID. 0
status Enable/disable policy status. enable
orig-addr Original address. (Empty)
dst-addr Destination address. (Empty)
nat-ippool IP pool names for translated address. (Empty)
protocol Protocol (0 - 255). 0
orig-port Original port. 0
nat-port Translated port or port range. 0
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
102
-
7/26/2019 Fortigate Cli Ref 54
103/995
firewall/dnstranslation
CLI Syntax
config firewall dnstranslation
edit
set id
set src set dst
set netmask
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
103
-
7/26/2019 Fortigate Cli Ref 54
104/995
Description
Configuration Description Default Value
id ID. 0
src Source IP. 0.0.0.0
dst Destination IP. 0.0.0.0
netmask Network mask. 255.255.255.255
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
104
-
7/26/2019 Fortigate Cli Ref 54
105/995
firewall/DoS-policy
CLI Syntax
config firewall DoS-policy
edit
set policyid
set status {enable | disable} set interface
config srcaddr
edit
set name
end
config dstaddr
edit
set name
end
config service
edit
set name
end
config anomaly
edit
set name
set status {disable | enable}
set log {enable | disable}
set action {pass | block | proxy}
set quarantine {none | attacker | both | interface}
set quarantine-expiry
set quarantine-log {disable | enable}
set threshold
set threshold(default)
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
105
-
7/26/2019 Fortigate Cli Ref 54
106/995
Description
Configuration Description Default Value
policyid Policy ID. 0
status Enable/disable policy status. enable
interface Interface name. (Empty)
srcaddr Source address name. (Empty)
dstaddr Destination address name. (Empty)
service Service name. (Empty)
anomaly Anomaly. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
106
-
7/26/2019 Fortigate Cli Ref 54
107/995
firewall/DoS-policy6
CLI Syntax
config firewall DoS-policy6
edit
set policyid
set status {enable | disable} set interface
config srcaddr
edit
set name
end
config dstaddr
edit
set name
end
config service
edit
set name
end
config anomaly
edit
set name
set status {disable | enable}
set log {enable | disable}
set action {pass | block | proxy}
set quarantine {none | attacker | both | interface}
set quarantine-expiry
set quarantine-log {disable | enable}
set threshold
set threshold(default)
end
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
107
-
7/26/2019 Fortigate Cli Ref 54
108/995
Description
Configuration Description Default Value
policyid Policy ID. 0
status Enable/disable policy status. enable
interface Interface name. (Empty)
srcaddr Source address name. (Empty)
dstaddr Destination address name. (Empty)
service Service name. (Empty)
anomaly Anomaly. (Empty)
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
108
-
7/26/2019 Fortigate Cli Ref 54
109/995
firewall/explicit-proxy-address
CLI Syntax
config firewall explicit-proxy-address
edit
set name
set uuid set type {host-regex | url | category | method | ua | header | src-advanced | dst-
advanced}
set host
set host-regex
set path
config category
edit
set id
end
set method {get | post | put | head | connect | trace | options | delete}
set ua {chrome | ms | firefox | safari | other}
set header-name
set header
set case-sensitivity {disable | enable}
config header-group
edit
set id
set header-name
set header
set case-sensitivity {disable | enable}
end
set color
config tags
edit
set name
end
set comment
set visibility {enable | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
109
-
7/26/2019 Fortigate Cli Ref 54
110/995
Description
Configuration Description Default Value
name Address name. (Empty)
uuid Universally Unique IDentifier. 00000000-0000-0000-
0000-000000000000
type Address type. url
host Host address (Empty)
host-regex Host regular expression. (Empty)
path URL path regular expression. (Empty)
category FortiGuard category ID. (Empty)
method HTTP methods. (Empty)
ua User agent. (Empty)
header-name HTTP header. (Empty)
header HTTP header regular expression. (Empty)
case-sensitivity Case sensitivity in pattern. disable
header-group HTTP header group. (Empty)
color GUI icon color. 0
tags Applied object tags. (Empty)
comment Comment. (Empty)
visibility Enable/disable address visibility. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
110
-
7/26/2019 Fortigate Cli Ref 54
111/995
firewall/explicit-proxy-addrgrp
CLI Syntax
config firewall explicit-proxy-addrgrp
edit
set name
set type {src | dst} set uuid
config member
edit
set name
end
set color
config tags
edit
set name
end
set comment
set visibility {enable | disable}
end
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
111
-
7/26/2019 Fortigate Cli Ref 54
112/995
Description
Configuration Description Default Value
name Address group name. (Empty)
type Address group type. src
uuid Universally Unique IDentifier. 00000000-0000-0000-
0000-000000000000
member Address group members. (Empty)
color GUI icon color. 0
tags Applied object tags. (Empty)
comment Comment. (Empty)
visibility Enable/disable address visibility. disable
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
112
-
7/26/2019 Fortigate Cli Ref 54
113/995
firewall/explicit-proxy-policy
CLI Syntax
config firewall explicit-proxy-policy
edit
set uuid
set policyid set proxy {web | ftp | wanopt}
config dstintf
edit
set name
end
config srcaddr
edit
set name
end
config dstaddr
edit
set name
end
config service
edit
set name
end
set srcaddr-negate {enable | disable}
set dstaddr-negate {enable | disable}
set service-negate {enable | disable}
set action {accept | deny}
set status {enable | disable}
set schedule
set logtraffic {all | utm | disable}
config srcaddr6
edit
set name
end
config dstaddr6
edit
set name
end
set identity-based {enable | disable}
set ip-based {enable | disable}
set active-auth-method {ntlm | basic | digest | form | none}
set sso-auth-method {fsso | rsso | none}
set require-tfa {enable | disable}
set web-auth-cookie {enable | disable}
set transaction-based {enable | disable}
config identity-based-policy
edit
set id
set schedule
CLI Reference for FortiOS 5.4Fortinet Technologies Inc.
113
-
7/26/2019 Fortigate Cli Ref 54
114/995
set logtraffic {all | utm | disable}
set logtraffic-start {enable | disable}
set scan-botnet-connections {disable | block | monitor}
set utm-status {enable | disable}
set profile-type {single | group}
set profile-group
set av-profile
set webfilter-profile
set spamfilter-profile
set dlp-sensor
set ips-sensor
set application-list
set casi-profile
set icap-profile
set waf-profile
set profile-protocol-options
set ssl-ssh-profile
config groups
edit
set name
end
config users
edit
set name
end
set disclaimer {disable | domain | policy | user}
set replacemsg-override-group
end
set webproxy-forward-server
set webproxy-profile
set transparent {enable | disable}
set webcache {enable | dis