Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Application firewall

Application Firewall configuration data is contained in <firewall> </firewall> XML tags.

The set of elements may be grouped into two:

  • General options
  • Options that apply to the entire firewall activities.

  • Profiles
  • Defines the applications and the actions to apply to them.

<forticlient_configuration>

<firewall>

<enabled>1</enabled>

<app_enabled>1</app_enabled>

<enable_exploit_signatures>0</enable_exploit_signatures>

<candc_enabled>1</candc_enabled>

<current_profile>0</current_profile>

<default_action>Pass</default_action>

<show_bubble_notifications>0</show_bubble_notifications>

<max_violations>250</max_violations>

<max_violations_age>7</max_violations_age>

<profiles>

<profile>

<id>1000</id>

<rules>

<rule>

<enabled>1</enabled>

<action>Block</action>

<compliance>1</compliance>

<application>

<id>34038,34039</id>

</application>

</rule>

<rule>

<action>Block</action>

<compliance>1</compliance>

<enabled>1</enabled>

<category>

<id>8</id>

</category>

</rule>

<rule>

<action>Pass</action>

<compliance>1</compliance>

<enabled>1</enabled>

<category>

<id>7,19,29</id>

</category>

</rule>

<rule>

<action>Block</action>

<compliance>0</compliance>

<enabled>1</enabled>

<category>

<id>1,2,3</id>

</category>

</rule>

<rule>

<action>Pass</action>

<compliance>0</compliance>

<enabled>1</enabled>

<category>

<id>All</id>

</category>

</rule>

<rule>

<action>Pass</action>

<compliance>0</compliance>

<enabled>1</enabled>

<application>

<id>0</id>

</application>

</rule>

</rules>

</profile>

</profiles>

</firewall>

</forticlient_configuration>

The following table provides the XML tags for Application Firewall, as well as the descriptions and default values where applicable.

XML Tag

Description

Default Value

<enabled>

Enable or disable Application Firewall. This setting allows FortiClient 5.4 to be compatible with FortiGate 5.2.

Boolean value: [0 | 1]

1

<app_enabled>

Enable or disable Application Firewall.

Boolean value: [0 | 1]

<enable_exploit_signatures>

Enable or disable detection of evasive exploits. When set to 1, evasive exploits are detected. When set to 0, evasive exploits are not detected.

Boolean value: [0 | 1]

0

<candc_enabled>

Enable or disable detection of a connection to a botnet command and control server. Set to 0 to disable detection of a connection. Set to 1 to enable detection of a connection.

Boolean value: [0 | 1]

<current_profile>

Currently selected profile ID.

<default_action>

Action to enforce on traffic that does not match any of the profiles defined. Select one of the following:

  • block
  • reset
  • pass

pass

<show_bubble_notifications>

Display a bubble message each time an application is blocked for matching a profile.

Boolean value: [0 | 1]

<max_violations>

Maximum number of violations stored at any one.

A number from 250 to 5000

5000

<max_violation_age>

Maximum age in days of a violation record before it is culled.

A number from 1 to 90.

90

The <profiles> tag may contain one or more <profile> tags, each of which has a <rules> element. The <rules> element may, itself, have zero or more <rule> tags.

The following filter elements may be used to define applications in a <rule> tag:

<category>

<vendor>

<behavior>

<technology>

<protocol>

<application>

<popularity>

If the <application> element is present, all other sibling elements (listed above) are ignored. If it is not, a given application must match all of the provided filters to trigger the rule.

Each of these seven elements is a container for the tag: <ids>, which is a list of the identifiers (numbers) selected for that particular filter. The full <firewall> profile listed at the beginning of this section shows several examples of the use of filters within the <rule> element. Using an <ids> value all selects all matching applications.

The following table provides profile element XML tags, the description, and the default value (where applicable).

XML Tag

Description

Default Value

<profile> element

<id>

Unique ID. A unique ID number.

<profile><rules><rule> elements

<action>

Action to enforce on traffic that matches this rule. Select one of the following:

  • block
  • reset
  • pass

<compliance>

Specifies whether the rule is a compliance rule or a regular rule. When set to 1, this is a compliance rule. When set to 0 or the tag doesn't exist, this is a regular rule for FortiClient profile. For more information, see the FortiClient Administration Guide.

Boolean value: [0 | 1]

<enabled>

Enable or disable this rule.

Boolean value: [0 | 1]

1

<category>

Categories of the applications to apply <action> on.

csv list

<vendor>

Vendors of the applications to apply <action> on.

csv list

<behavior>

Behavior of the applications to apply <action> on.

csv list

<technology>

Technologies used by the applications to apply <action> on.

csv list

<protocol>

Protocols used by the applications to apply <action> on.

csv list

<application>

Identifiers (IDs) of the applications to apply <action> on.

csv list

<popularity>

Popularity of the applications to apply <action> on.

csv list

Application firewall

Application Firewall configuration data is contained in <firewall> </firewall> XML tags.

The set of elements may be grouped into two:

  • General options
  • Options that apply to the entire firewall activities.

  • Profiles
  • Defines the applications and the actions to apply to them.

<forticlient_configuration>

<firewall>

<enabled>1</enabled>

<app_enabled>1</app_enabled>

<enable_exploit_signatures>0</enable_exploit_signatures>

<candc_enabled>1</candc_enabled>

<current_profile>0</current_profile>

<default_action>Pass</default_action>

<show_bubble_notifications>0</show_bubble_notifications>

<max_violations>250</max_violations>

<max_violations_age>7</max_violations_age>

<profiles>

<profile>

<id>1000</id>

<rules>

<rule>

<enabled>1</enabled>

<action>Block</action>

<compliance>1</compliance>

<application>

<id>34038,34039</id>

</application>

</rule>

<rule>

<action>Block</action>

<compliance>1</compliance>

<enabled>1</enabled>

<category>

<id>8</id>

</category>

</rule>

<rule>

<action>Pass</action>

<compliance>1</compliance>

<enabled>1</enabled>

<category>

<id>7,19,29</id>

</category>

</rule>

<rule>

<action>Block</action>

<compliance>0</compliance>

<enabled>1</enabled>

<category>

<id>1,2,3</id>

</category>

</rule>

<rule>

<action>Pass</action>

<compliance>0</compliance>

<enabled>1</enabled>

<category>

<id>All</id>

</category>

</rule>

<rule>

<action>Pass</action>

<compliance>0</compliance>

<enabled>1</enabled>

<application>

<id>0</id>

</application>

</rule>

</rules>

</profile>

</profiles>

</firewall>

</forticlient_configuration>

The following table provides the XML tags for Application Firewall, as well as the descriptions and default values where applicable.

XML Tag

Description

Default Value

<enabled>

Enable or disable Application Firewall. This setting allows FortiClient 5.4 to be compatible with FortiGate 5.2.

Boolean value: [0 | 1]

1

<app_enabled>

Enable or disable Application Firewall.

Boolean value: [0 | 1]

<enable_exploit_signatures>

Enable or disable detection of evasive exploits. When set to 1, evasive exploits are detected. When set to 0, evasive exploits are not detected.

Boolean value: [0 | 1]

0

<candc_enabled>

Enable or disable detection of a connection to a botnet command and control server. Set to 0 to disable detection of a connection. Set to 1 to enable detection of a connection.

Boolean value: [0 | 1]

<current_profile>

Currently selected profile ID.

<default_action>

Action to enforce on traffic that does not match any of the profiles defined. Select one of the following:

  • block
  • reset
  • pass

pass

<show_bubble_notifications>

Display a bubble message each time an application is blocked for matching a profile.

Boolean value: [0 | 1]

<max_violations>

Maximum number of violations stored at any one.

A number from 250 to 5000

5000

<max_violation_age>

Maximum age in days of a violation record before it is culled.

A number from 1 to 90.

90

The <profiles> tag may contain one or more <profile> tags, each of which has a <rules> element. The <rules> element may, itself, have zero or more <rule> tags.

The following filter elements may be used to define applications in a <rule> tag:

<category>

<vendor>

<behavior>

<technology>

<protocol>

<application>

<popularity>

If the <application> element is present, all other sibling elements (listed above) are ignored. If it is not, a given application must match all of the provided filters to trigger the rule.

Each of these seven elements is a container for the tag: <ids>, which is a list of the identifiers (numbers) selected for that particular filter. The full <firewall> profile listed at the beginning of this section shows several examples of the use of filters within the <rule> element. Using an <ids> value all selects all matching applications.

The following table provides profile element XML tags, the description, and the default value (where applicable).

XML Tag

Description

Default Value

<profile> element

<id>

Unique ID. A unique ID number.

<profile><rules><rule> elements

<action>

Action to enforce on traffic that matches this rule. Select one of the following:

  • block
  • reset
  • pass

<compliance>

Specifies whether the rule is a compliance rule or a regular rule. When set to 1, this is a compliance rule. When set to 0 or the tag doesn't exist, this is a regular rule for FortiClient profile. For more information, see the FortiClient Administration Guide.

Boolean value: [0 | 1]

<enabled>

Enable or disable this rule.

Boolean value: [0 | 1]

1

<category>

Categories of the applications to apply <action> on.

csv list

<vendor>

Vendors of the applications to apply <action> on.

csv list

<behavior>

Behavior of the applications to apply <action> on.

csv list

<technology>

Technologies used by the applications to apply <action> on.

csv list

<protocol>

Protocols used by the applications to apply <action> on.

csv list

<application>

Identifiers (IDs) of the applications to apply <action> on.

csv list

<popularity>

Popularity of the applications to apply <action> on.

csv list