Fortinet black logo

CLI Reference

config load-balance l2-exception-list

config load-balance l2-exception-list

Use this command to configure an exception list for SSL forward proxy decryption. You can leverage FortiGuard web filter categories, and you can configure a list of additional destinations.

Before you begin:

  • You must have created a web-filter-profile configuration if you want to specify it in the exception list.
  • You must have hostname or IP address details on additional destinations you want to exclude from SSL decryption.
  • You must have read-write permission for load balancing settings.

After you have configured an exception list, you can specify it in the virtual server configuration.

Syntax

config load-balance l2-exception-list

edit <name>

set description <string>

set web-filter-profile <datasource>

config member

edit <No.>

set type {host|ip}

set host-pattern <string>

set ip-netmask <ip&netmask>

next

end

next

end

description

A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use. Put phrases in quotes. For example: “Customer ABC”.

web-filter-profile

Specify a web filter profile.

config member

type

How you want to define the exception:

  • host
  • ip

host-pattern

Specify a wildcard pattern, such as *.example.com.

ip-network

Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash, such as 192.0.2.0/24. Dotted quad formatted subnet masks are not accepted.

IPv6 addresses are not supported.

Example

FortiADC-docs # config load-balance l2-exception-list

FortiADC-docs (l2-exception-l~s) # edit financial

Add new entry 'financial' for node 3880

FortiADC-docs (financial) # set description "financial websites"

FortiADC-docs (financial) # config member

FortiADC-docs (member) # edit 1

Add new entry '1' for node 3883

FortiADC-docs (1) # set type host

FortiADC-docs (1) # set host-pattern *.bankofamerica.com

FortiADC-docs (1) # next

FortiADC-docs (member) # edit 2

Add new entry '2' for node 3883

FortiADC-docs (2) # set type host

FortiADC-docs (2) # set host-pattern *.schwab.com

FortiADC-docs (2) # end

FortiADC-docs (financial) # end

config load-balance l2-exception-list

config load-balance l2-exception-list

Use this command to configure an exception list for SSL forward proxy decryption. You can leverage FortiGuard web filter categories, and you can configure a list of additional destinations.

Before you begin:

  • You must have created a web-filter-profile configuration if you want to specify it in the exception list.
  • You must have hostname or IP address details on additional destinations you want to exclude from SSL decryption.
  • You must have read-write permission for load balancing settings.

After you have configured an exception list, you can specify it in the virtual server configuration.

Syntax

config load-balance l2-exception-list

edit <name>

set description <string>

set web-filter-profile <datasource>

config member

edit <No.>

set type {host|ip}

set host-pattern <string>

set ip-netmask <ip&netmask>

next

end

next

end

description

A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use. Put phrases in quotes. For example: “Customer ABC”.

web-filter-profile

Specify a web filter profile.

config member

type

How you want to define the exception:

  • host
  • ip

host-pattern

Specify a wildcard pattern, such as *.example.com.

ip-network

Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash, such as 192.0.2.0/24. Dotted quad formatted subnet masks are not accepted.

IPv6 addresses are not supported.

Example

FortiADC-docs # config load-balance l2-exception-list

FortiADC-docs (l2-exception-l~s) # edit financial

Add new entry 'financial' for node 3880

FortiADC-docs (financial) # set description "financial websites"

FortiADC-docs (financial) # config member

FortiADC-docs (member) # edit 1

Add new entry '1' for node 3883

FortiADC-docs (1) # set type host

FortiADC-docs (1) # set host-pattern *.bankofamerica.com

FortiADC-docs (1) # next

FortiADC-docs (member) # edit 2

Add new entry '2' for node 3883

FortiADC-docs (2) # set type host

FortiADC-docs (2) # set host-pattern *.schwab.com

FortiADC-docs (2) # end

FortiADC-docs (financial) # end