Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.2.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.2.1
    7.2.2
    7.2.1

    config firewall service custom

    config firewall service custom

    Configure custom services.

    Syntax

    config firewall service custom
    edit <name>
        set category {string}
        set check-reset-range [disable|strict|...]
        set comment {var-string}
        set fqdn {string}
        set icmpcode {integer}
        set icmptype {integer}
        set iprange {user}
        set protocol [TCP/UDP/SCTP|ICMP|...]
        set protocol-number {integer}
        set sctp-portrange {user}
        set session-ttl {user}
        set tcp-halfclose-timer {integer}
        set tcp-halfopen-timer {integer}
        set tcp-portrange {user}
        set tcp-rst-timer {integer}
        set tcp-timewait-timer {integer}
        set udp-idle-timer {integer}
        set udp-portrange {user}
    next
end

    Parameters

    Parameter

    Description

    Type

    Size

    Default

    category

    Service category.

    string

    Maximum length: 63

    check-reset-range

    Configure the type of ICMP error message verification.

    option

    -

    default

    Option

    Description

    disable

    Disable RST range check.

    strict

    Check RST range strictly.

    default

    Using system default setting.

    comment

    Comment.

    var-string

    Maximum length: 255

    fqdn

    Fully qualified domain name.

    string

    Maximum length: 255

    icmpcode

    ICMP code.

    integer

    Minimum value: 0 Maximum value: 255

    icmptype

    ICMP type, value from 0 to 255

    integer

    Minimum value: 0 Maximum value: 255

    iprange

    Start and end of the IP range associated with service.

    user

    Not Specified

    name

    Custom service name.

    string

    Maximum length: 79

    protocol

    Protocol type based on IANA numbers.

    option

    -

    TCP/UDP/SCTP

    Option

    Description

    TCP/UDP/SCTP

    TCP, UDP and SCTP.

    ICMP

    ICMP.

    ICMP6

    ICMP6.

    IP

    IP.

    protocol-number

    IP protocol number.

    integer

    Minimum value: 0 Maximum value: 254

    0

    sctp-portrange

    Multiple SCTP port ranges.

    user

    Not Specified

    session-ttl

    Session TTL.

    user

    Not Specified

    tcp-halfclose-timer

    Wait time to close a TCP session waiting for an unanswered FIN packet.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    tcp-halfopen-timer

    Wait time to close a TCP session waiting for an unanswered open session packet.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    tcp-portrange

    Multiple TCP port ranges.

    user

    Not Specified

    tcp-rst-timer

    Set the length of the TCP CLOSE state in seconds.

    integer

    Minimum value: 5 Maximum value: 300

    0

    tcp-timewait-timer

    Set the length of the TCP TIME-WAIT state in seconds.

    integer

    Minimum value: 0 Maximum value: 300

    0

    udp-idle-timer

    UDP half close timeout.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    udp-portrange

    Multiple UDP port ranges.

    user

    Not Specified

    Previous
    Next

    config firewall service custom

    config firewall service custom

    Configure custom services.

    Syntax

    config firewall service custom
    edit <name>
        set category {string}
        set check-reset-range [disable|strict|...]
        set comment {var-string}
        set fqdn {string}
        set icmpcode {integer}
        set icmptype {integer}
        set iprange {user}
        set protocol [TCP/UDP/SCTP|ICMP|...]
        set protocol-number {integer}
        set sctp-portrange {user}
        set session-ttl {user}
        set tcp-halfclose-timer {integer}
        set tcp-halfopen-timer {integer}
        set tcp-portrange {user}
        set tcp-rst-timer {integer}
        set tcp-timewait-timer {integer}
        set udp-idle-timer {integer}
        set udp-portrange {user}
    next
end

    Parameters

    Parameter

    Description

    Type

    Size

    Default

    category

    Service category.

    string

    Maximum length: 63

    check-reset-range

    Configure the type of ICMP error message verification.

    option

    -

    default

    Option

    Description

    disable

    Disable RST range check.

    strict

    Check RST range strictly.

    default

    Using system default setting.

    comment

    Comment.

    var-string

    Maximum length: 255

    fqdn

    Fully qualified domain name.

    string

    Maximum length: 255

    icmpcode

    ICMP code.

    integer

    Minimum value: 0 Maximum value: 255

    icmptype

    ICMP type, value from 0 to 255

    integer

    Minimum value: 0 Maximum value: 255

    iprange

    Start and end of the IP range associated with service.

    user

    Not Specified

    name

    Custom service name.

    string

    Maximum length: 79

    protocol

    Protocol type based on IANA numbers.

    option

    -

    TCP/UDP/SCTP

    Option

    Description

    TCP/UDP/SCTP

    TCP, UDP and SCTP.

    ICMP

    ICMP.

    ICMP6

    ICMP6.

    IP

    IP.

    protocol-number

    IP protocol number.

    integer

    Minimum value: 0 Maximum value: 254

    0

    sctp-portrange

    Multiple SCTP port ranges.

    user

    Not Specified

    session-ttl

    Session TTL.

    user

    Not Specified

    tcp-halfclose-timer

    Wait time to close a TCP session waiting for an unanswered FIN packet.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    tcp-halfopen-timer

    Wait time to close a TCP session waiting for an unanswered open session packet.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    tcp-portrange

    Multiple TCP port ranges.

    user

    Not Specified

    tcp-rst-timer

    Set the length of the TCP CLOSE state in seconds.

    integer

    Minimum value: 5 Maximum value: 300

    0

    tcp-timewait-timer

    Set the length of the TCP TIME-WAIT state in seconds.

    integer

    Minimum value: 0 Maximum value: 300

    0

    udp-idle-timer

    UDP half close timeout.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    udp-portrange

    Multiple UDP port ranges.

    user

    Not Specified

    Previous
    Next