Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.2
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiADC 7.6.2 CLI Reference
    7.6.2
    8.0.2
    8.0.1
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config security waf bot-detection

    config security waf bot-detection

    Use this command to configure Bot Detection policies. Bot Detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. Using WAF Signatures, the Bot Detection policies generate predefined allowlists for Known Good Bots and blocklists for Malicious Bots. You can use the user-specified allowlist table to fine-tune detection.

    It is recommended to configure Bot Detection policies through the GUI as it offers more granular control for including and excluding specific Malicious Bots from monitoring and mitigation actions. For details, see the FortiADC Administration Guide on Configuring a Bot Detection policy.

    After you have created a bot detection policy, you can specify it in a WAF profile configuration.

    Before you begin:
    • You must configure the connection to FortiGuard so the system can receive periodic WAF Signature Database updates, including Known Good Bot and Malicious Bot signatures and lists.
    • You must have read-write permission for security settings.

    Syntax

    config security waf bot-detection

    edit <name>

    set status {enable|disable}

    set bad-robot {enable|disable}

    set search-engine-crawler {enable|disable}

    set search-engine list [Ask|Baidu|Bing|DuckDuckGo|Google|Sogou|Yahoo|Yandex ]

    set action <datasource>

    set http-request-rate <integer>

    set severity {high|low|medium}

    config rule

    edit <ID>

    set status {enable|disable}

    config category

    edit <ID>

    set status {enable|disable}

    config allowlist

    edit <No.>

    set cookie-name-pattern <string>

    set ip <subnet>

    set url-pattern <string>

    set url-parameter-name-pattern <string>

    set user-agent-pattern <string>

    next

    end

    next

    end

    status

    		 Enable/disable bot detection.

    bad-robot

    Enable or disable detection for Malicious Bots.

    When enabled, a Malicious Bots blocklist is generated from WAF Signature updates from FortiGuard.

    You then have the option to enable/disable the Malicious Bots categories and specific bots to include/exclude for detection.

    Note: It is recommended to configure Malicious Bot detection settings from the GUI, as the CLI can only identify each category and bot list item as internal IDs.

    search-engine-crawler

    		 Enable/disable the predefined search engine spider allowlist.

    search-engine-list

    Set list of search engines. Default value is all search engines.

    To see a full list of configurable search engines, please enter set search-engine-list ?

    The list should appear as you type ?.

    action

    		 Specify a WAF action object.

    http-request-rate

    		 The default is 0 (off). The valid range is 0-100,000,000 requests per second.

    severity
    • high
    • medium
    • low

    config rule

    edit <ID>

    This refers to the internal ID for the specific Malicious Bots list item.

    status

    Enable or disable the specific Malicious Bot.

    All Malicious Bots list items are enabled by default once bad-robot is enabled.

    config category

    edit <ID>

    This refers to the internal ID for the Malicious Bots category.

    status

    Enable or disable the Malicious Bots category.

    All Malicious Bots categories are enabled by default once bad-robot is enabled.
    config allowlist

    cookie-name-pattern

    Matching string. Regular expressions are supported.

    ip

    Matching subnet (CIDR format).

    url-pattern

    Matching string. Regular expressions are supported.

    url-parameter-name-pattern

    Matching string. Regular expressions are supported.

    user-agent-pattern

    Matching string. Regular expressions are supported.

    Example

    ADC-3 (root) # config security waf bot-detection

    ADC-3 (bot-detection) # edit waf-bot-detection-policy

    ADC-3 (waf-bot-detect~y) # get

    status : disable

    ADC-3 (waf-bot-detect~y) # set status enable

    ADC-3 (waf-bot-detect~y) # get

    status : enable

    search-engine-crawler : enable

    search-engine-list : Bing Google Yahoo

    bad-robot : enable

    http-request-rate : 0

    action :

    severity : low

    ADC-3 (waf-bot-detect~y) # config allowlist

    ADC-3 (allowlist) # edit 1

    ADC-3 (1) # get

    ip : 0.0.0.0/0

    url-pattern :

    url-parameter-name-pattern :

    user-agent-pattern :

    cookie-name-pattern :

    ADC-3 (1) # set ip 10.1.1.0/24

    ADC-3 (1) # end

    ADC-3 (waf-bot-detect~y) # end

    Previous
    Next

    config security waf bot-detection

    config security waf bot-detection

    Use this command to configure Bot Detection policies. Bot Detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. Using WAF Signatures, the Bot Detection policies generate predefined allowlists for Known Good Bots and blocklists for Malicious Bots. You can use the user-specified allowlist table to fine-tune detection.

    It is recommended to configure Bot Detection policies through the GUI as it offers more granular control for including and excluding specific Malicious Bots from monitoring and mitigation actions. For details, see the FortiADC Administration Guide on Configuring a Bot Detection policy.

    After you have created a bot detection policy, you can specify it in a WAF profile configuration.

    Before you begin:
    • You must configure the connection to FortiGuard so the system can receive periodic WAF Signature Database updates, including Known Good Bot and Malicious Bot signatures and lists.
    • You must have read-write permission for security settings.

    Syntax

    config security waf bot-detection

    edit <name>

    set status {enable|disable}

    set bad-robot {enable|disable}

    set search-engine-crawler {enable|disable}

    set search-engine list [Ask|Baidu|Bing|DuckDuckGo|Google|Sogou|Yahoo|Yandex ]

    set action <datasource>

    set http-request-rate <integer>

    set severity {high|low|medium}

    config rule

    edit <ID>

    set status {enable|disable}

    config category

    edit <ID>

    set status {enable|disable}

    config allowlist

    edit <No.>

    set cookie-name-pattern <string>

    set ip <subnet>

    set url-pattern <string>

    set url-parameter-name-pattern <string>

    set user-agent-pattern <string>

    next

    end

    next

    end

    status

    		 Enable/disable bot detection.

    bad-robot

    Enable or disable detection for Malicious Bots.

    When enabled, a Malicious Bots blocklist is generated from WAF Signature updates from FortiGuard.

    You then have the option to enable/disable the Malicious Bots categories and specific bots to include/exclude for detection.

    Note: It is recommended to configure Malicious Bot detection settings from the GUI, as the CLI can only identify each category and bot list item as internal IDs.

    search-engine-crawler

    		 Enable/disable the predefined search engine spider allowlist.

    search-engine-list

    Set list of search engines. Default value is all search engines.

    To see a full list of configurable search engines, please enter set search-engine-list ?

    The list should appear as you type ?.

    action

    		 Specify a WAF action object.

    http-request-rate

    		 The default is 0 (off). The valid range is 0-100,000,000 requests per second.

    severity
    • high
    • medium
    • low

    config rule

    edit <ID>

    This refers to the internal ID for the specific Malicious Bots list item.

    status

    Enable or disable the specific Malicious Bot.

    All Malicious Bots list items are enabled by default once bad-robot is enabled.

    config category

    edit <ID>

    This refers to the internal ID for the Malicious Bots category.

    status

    Enable or disable the Malicious Bots category.

    All Malicious Bots categories are enabled by default once bad-robot is enabled.
    config allowlist

    cookie-name-pattern

    Matching string. Regular expressions are supported.

    ip

    Matching subnet (CIDR format).

    url-pattern

    Matching string. Regular expressions are supported.

    url-parameter-name-pattern

    Matching string. Regular expressions are supported.

    user-agent-pattern

    Matching string. Regular expressions are supported.

    Example

    ADC-3 (root) # config security waf bot-detection

    ADC-3 (bot-detection) # edit waf-bot-detection-policy

    ADC-3 (waf-bot-detect~y) # get

    status : disable

    ADC-3 (waf-bot-detect~y) # set status enable

    ADC-3 (waf-bot-detect~y) # get

    status : enable

    search-engine-crawler : enable

    search-engine-list : Bing Google Yahoo

    bad-robot : enable

    http-request-rate : 0

    action :

    severity : low

    ADC-3 (waf-bot-detect~y) # config allowlist

    ADC-3 (allowlist) # edit 1

    ADC-3 (1) # get

    ip : 0.0.0.0/0

    url-pattern :

    url-parameter-name-pattern :

    user-agent-pattern :

    cookie-name-pattern :

    ADC-3 (1) # set ip 10.1.1.0/24

    ADC-3 (1) # end

    ADC-3 (waf-bot-detect~y) # end

    Previous
    Next