Fortinet black logo

CLI Reference

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

firewall ttl-policy

firewall ttl-policy

Use this command to create Generalized TTL Security Mechanism (GTSM) policies.

config firewall ttl-policy
    edit {id}
    # Configure TTL policies.
        set id {integer}   ID. range[0-4294967295]
        set status {enable | disable}   Enable/disable this TTL policy.
        set action {accept | deny}   Action to be performed on traffic matching this policy (default = deny).
                accept  Allow traffic matching this policy.
                deny    Deny or block traffic matching this policy.
        set srcintf {string}   Source interface name from available interfaces. size[35] - datasource(s): system.zone.name,system.interface.name
        config srcaddr
            edit {name}
            # Source address object(s) from available options. Separate multiple names with a space.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config service
            edit {name}
            # Service object(s) from available options. Separate multiple names with a space.
                set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set schedule {string}   Schedule object from available options. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        set ttl {string}   Value/range to match against the packet's Time to Live value (format: ttl[ - ttl_high], 1 - 255).
    next
end

Additional information

The following section is for those options that require additional explanation.

Previous
Next

firewall ttl-policy

Use this command to create Generalized TTL Security Mechanism (GTSM) policies.

config firewall ttl-policy
    edit {id}
    # Configure TTL policies.
        set id {integer}   ID. range[0-4294967295]
        set status {enable | disable}   Enable/disable this TTL policy.
        set action {accept | deny}   Action to be performed on traffic matching this policy (default = deny).
                accept  Allow traffic matching this policy.
                deny    Deny or block traffic matching this policy.
        set srcintf {string}   Source interface name from available interfaces. size[35] - datasource(s): system.zone.name,system.interface.name
        config srcaddr
            edit {name}
            # Source address object(s) from available options. Separate multiple names with a space.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config service
            edit {name}
            # Service object(s) from available options. Separate multiple names with a space.
                set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set schedule {string}   Schedule object from available options. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        set ttl {string}   Value/range to match against the packet's Time to Live value (format: ttl[ - ttl_high], 1 - 255).
    next
end

Additional information

The following section is for those options that require additional explanation.

Previous
Next