Fortinet black logo

CLI Reference

config security wad profile

config security wad profile

Use this command to configure a security wad profile.

Syntax

config security wad profile

edit <name>

set description “anti-defacement profile” // default is blank

set monitor [ enable | disable ] // default is disable

*set host <ip-addr or hostname>

*set connect-type [ ftp | ssh ]

*set port <port-num>

*set folder <folder-path>

set user <user-name>

set password <passwd> // should not show

set interval-root <num> // unit is seconds

set interval-other <num> // unit is seconds

set monitor-depth <num>

set skip-max-size <num> // unit is KB

set skip-file-type <extension-name>

set auto [ restore | acknowledge | disable ] // default disable

end

end

config system alert-policy

edit <policy-name>

config alert-member

edit <member-name>

set SEC_Web_Page_Defacement_Detected // add new built-in alert-member

end

end

config system alert

edit <alert-name>

set alert-source-type event

set event SEC_Bot_Detected // add new event type

set comments "Web page defacement is detected on virtual server"

end

description Description of WAD profile, default is blank.
monitor Enable or disable defacement monitoring, default is disable.
host The website's IPv4 address or hostname for connecting and monitoring.
connect-type Connect type to host
port Host port number
folder Root directory path to perform monitoring
user Username to connect to the host.
password Password to connect to the host; shouldn't show.

interval-root

Monitor interval for files in root directory, unit is seconds.

interval-other

Monitor interval for files in subdirectories under root directory; unit is seconds.

monitor-depth

Maximum directory hierarchy depth that can be monitored.

skip-max-size

Skip monitoring files that have a size larger than the maximum number; unit is KB.

skip-file-type

Skip monitoring files that have the specified extension name.

auto

Restore—Automatically restore to the original content once defacement is found.

Acknowledge—Automatically confirm the defacement and consider it as new original content

Disable—Do not perform any automatic action. Default.

Example

ADC-6 # config security wad profile

ADC-6 (profile) # edit 1

ADC-6 (1) #

ADC-6 (1) # set description "profile"

ADC-6 (1) # set monitor enable

ADC-6 (1) # set host 1.1.1.1

ADC-6 (1) # set connect-type ftp

ADC-6 (1) # set port 1

ADC-6 (1) # set folder "folder"

ADC-6 (1) # set user test1

ADC-6 (1) # set password password

ADC-6 (1) # set interval-root 30

ADC-6 (1) # set interval-other 30

ADC-6 (1) # set monitor-depth 1

ADC-6 (1) # set skip-max-size 2

ADC-6 (1) # set skip-file-type "extension"

ADC-6 (1) # set auto restore

ADC-6 (1) # end

ADC-6 (1) # get

description : profile

monitor : enable

host : 1.1.1.1

connect-type : ftp

port : 1

folder : folder

username : test1

password : *

interval-root : 30

interval-other : 30

monitor-depth : 1

skip-max-size : 2

skip-file-type : extension

auto : restore

config security wad profile

Use this command to configure a security wad profile.

Syntax

config security wad profile

edit <name>

set description “anti-defacement profile” // default is blank

set monitor [ enable | disable ] // default is disable

*set host <ip-addr or hostname>

*set connect-type [ ftp | ssh ]

*set port <port-num>

*set folder <folder-path>

set user <user-name>

set password <passwd> // should not show

set interval-root <num> // unit is seconds

set interval-other <num> // unit is seconds

set monitor-depth <num>

set skip-max-size <num> // unit is KB

set skip-file-type <extension-name>

set auto [ restore | acknowledge | disable ] // default disable

end

end

config system alert-policy

edit <policy-name>

config alert-member

edit <member-name>

set SEC_Web_Page_Defacement_Detected // add new built-in alert-member

end

end

config system alert

edit <alert-name>

set alert-source-type event

set event SEC_Bot_Detected // add new event type

set comments "Web page defacement is detected on virtual server"

end

description Description of WAD profile, default is blank.
monitor Enable or disable defacement monitoring, default is disable.
host The website's IPv4 address or hostname for connecting and monitoring.
connect-type Connect type to host
port Host port number
folder Root directory path to perform monitoring
user Username to connect to the host.
password Password to connect to the host; shouldn't show.

interval-root

Monitor interval for files in root directory, unit is seconds.

interval-other

Monitor interval for files in subdirectories under root directory; unit is seconds.

monitor-depth

Maximum directory hierarchy depth that can be monitored.

skip-max-size

Skip monitoring files that have a size larger than the maximum number; unit is KB.

skip-file-type

Skip monitoring files that have the specified extension name.

auto

Restore—Automatically restore to the original content once defacement is found.

Acknowledge—Automatically confirm the defacement and consider it as new original content

Disable—Do not perform any automatic action. Default.

Example

ADC-6 # config security wad profile

ADC-6 (profile) # edit 1

ADC-6 (1) #

ADC-6 (1) # set description "profile"

ADC-6 (1) # set monitor enable

ADC-6 (1) # set host 1.1.1.1

ADC-6 (1) # set connect-type ftp

ADC-6 (1) # set port 1

ADC-6 (1) # set folder "folder"

ADC-6 (1) # set user test1

ADC-6 (1) # set password password

ADC-6 (1) # set interval-root 30

ADC-6 (1) # set interval-other 30

ADC-6 (1) # set monitor-depth 1

ADC-6 (1) # set skip-max-size 2

ADC-6 (1) # set skip-file-type "extension"

ADC-6 (1) # set auto restore

ADC-6 (1) # end

ADC-6 (1) # get

description : profile

monitor : enable

host : 1.1.1.1

connect-type : ftp

port : 1

folder : folder

username : test1

password : *

interval-root : 30

interval-other : 30

monitor-depth : 1

skip-max-size : 2

skip-file-type : extension

auto : restore