config system fortiguard
Description: Configure FortiGuard services.
set fortiguard-anycast [enable|disable]
set fortiguard-anycast-source [fortinet|aws|...]
set protocol [udp|http|...]
set port [8888|53|...]
set load-balance-servers {integer}
set update-server-location [usa|any]
set sandbox-region {string}
set antispam-force-off [enable|disable]
set antispam-cache [enable|disable]
set antispam-cache-ttl {integer}
set antispam-cache-mpercent {integer}
set antispam-license {integer}
set antispam-expiration {integer}
set antispam-timeout {integer}
set outbreak-prevention-force-off [enable|disable]
set outbreak-prevention-cache [enable|disable]
set outbreak-prevention-cache-ttl {integer}
set outbreak-prevention-cache-mpercent {integer}
set outbreak-prevention-license {integer}
set outbreak-prevention-expiration {integer}
set outbreak-prevention-timeout {integer}
set webfilter-force-off [enable|disable]
set webfilter-cache [enable|disable]
set webfilter-cache-ttl {integer}
set webfilter-license {integer}
set webfilter-expiration {integer}
set webfilter-timeout {integer}
set sdns-server-ip {user}
set sdns-server-port {integer}
set anycast-sdns-server-ip {ipv4-address}
set anycast-sdns-server-port {integer}
set sdns-options {option1}, {option2}, ...
set source-ip {ipv4-address}
set source-ip6 {ipv6-address}
set proxy-server-ip {ipv4-address}
set proxy-server-port {integer}
set proxy-username {string}
set proxy-password {password}
set ddns-server-ip {ipv4-address}
set ddns-server-port {integer}
set interface-select-method [auto|sdwan|...]
set interface {string}
end
Parameter Name | Description | Type | Size |
---|---|---|---|
fortiguard-anycast | Enable/disable use of FortiGuard's anycast network. enable: Enable use of FortiGuard's anycast network. disable: Disable use of FortiGuard's anycast network. |
option | - |
fortiguard-anycast-source | Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet. fortinet: Use Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. aws: Use Fortinet's AWS servers to provide FortiGuard services in FortiGuard's anycast network. debug: Use Fortinet's internal test servers to provide FortiGuard services in FortiGuard's anycast network. |
option | - |
protocol | Protocol used to communicate with the FortiGuard servers. udp: UDP for server communication (for use by FortiGuard or FortiManager). http: HTTP for server communication (for use only by FortiManager). https: HTTPS for server communication (for use by FortiGuard or FortiManager). |
option | - |
port | Port used to communicate with the FortiGuard servers. 8888: port 8888 for server communication. 53: port 53 for server communication. 80: port 80 for server communication. 443: port 443 for server communication. |
option | - |
load-balance-servers | Number of servers to alternate between as first FortiGuard option. | integer | Minimum value: 1 Maximum value: 266 |
update-server-location | Signature update server location. usa: FGD servers in United States. any: FGD servers in any location. |
option | - |
sandbox-region | Cloud sandbox region. | string | Maximum length: 63 |
antispam-force-off | Enable/disable turning off the FortiGuard antispam service. enable: Turn off the FortiGuard antispam service. disable: Allow the FortiGuard antispam service. |
option | - |
antispam-cache | Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. enable: Enable FortiGuard antispam request caching. disable: Disable FortiGuard antispam request caching. |
option | - |
antispam-cache-ttl | Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. | integer | Minimum value: 300 Maximum value: 86400 |
antispam-cache-mpercent | Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%). | integer | Minimum value: 1 Maximum value: 15 |
antispam-license | Interval of time between license checks for the FortiGuard antispam contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
antispam-expiration | Expiration date of the FortiGuard antispam contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
antispam-timeout | Antispam query time out (1 - 30 sec, default = 7). | integer | Minimum value: 1 Maximum value: 30 |
outbreak-prevention-force-off | Turn off FortiGuard Virus Outbreak Prevention service. enable: Turn off FortiGuard antivirus service. disable: Allow the FortiGuard antivirus service. |
option | - |
outbreak-prevention-cache | Enable/disable FortiGuard Virus Outbreak Prevention cache. enable: Enable FortiGuard antivirus caching. disable: Disable FortiGuard antivirus caching. |
option | - |
outbreak-prevention-cache-ttl | Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec, default = 300). | integer | Minimum value: 300 Maximum value: 86400 |
outbreak-prevention-cache-mpercent | Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%, default = 2). | integer | Minimum value: 1 Maximum value: 15 |
outbreak-prevention-license | Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
outbreak-prevention-expiration | Expiration date of FortiGuard Virus Outbreak Prevention contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
outbreak-prevention-timeout | FortiGuard Virus Outbreak Prevention time out (1 - 30 sec, default = 7). | integer | Minimum value: 1 Maximum value: 30 |
webfilter-force-off | Enable/disable turning off the FortiGuard web filtering service. enable: Turn off the FortiGuard web filtering service. disable: Allow the FortiGuard web filtering service to operate. |
option | - |
webfilter-cache | Enable/disable FortiGuard web filter caching. enable: Enable FortiGuard web filter caching. disable: Disable FortiGuard web filter caching. |
option | - |
webfilter-cache-ttl | Time-to-live for web filter cache entries in seconds (300 - 86400). | integer | Minimum value: 300 Maximum value: 86400 |
webfilter-license | Interval of time between license checks for the FortiGuard web filter contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
webfilter-expiration | Expiration date of the FortiGuard web filter contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
webfilter-timeout | Web filter query time out (1 - 30 sec, default = 7). | integer | Minimum value: 1 Maximum value: 30 |
sdns-server-ip | IP address of the FortiGuard DNS rating server. | user | Not Specified |
sdns-server-port | Port to connect to on the FortiGuard DNS rating server. | integer | Minimum value: 1 Maximum value: 65535 |
anycast-sdns-server-ip | IP address of the FortiGuard anycast DNS rating server. | ipv4-address | Not Specified |
anycast-sdns-server-port | Port to connect to on the FortiGuard anycast DNS rating server. | integer | Minimum value: 1 Maximum value: 65535 |
sdns-options | Customization options for the FortiGuard DNS service. include-question-section: Include DNS question section in the FortiGuard DNS setup message. |
option | - |
source-ip | Source IPv4 address used to communicate with FortiGuard. | ipv4-address | Not Specified |
source-ip6 | Source IPv6 address used to communicate with FortiGuard. | ipv6-address | Not Specified |
proxy-server-ip | IP address of the proxy server. | ipv4-address | Not Specified |
proxy-server-port | Port used to communicate with the proxy server. | integer | Minimum value: 0 Maximum value: 65535 |
proxy-username | Proxy user name. | string | Maximum length: 64 |
proxy-password | Proxy user password. | password | Not Specified |
ddns-server-ip | IP address of the FortiDDNS server. | ipv4-address | Not Specified |
ddns-server-port | Port used to communicate with FortiDDNS servers. | integer | Minimum value: 1 Maximum value: 65535 |
interface-select-method | Specify how to select outgoing interface to reach server. auto: Set outgoing interface automatically. sdwan: Set outgoing interface by SD-WAN or policy routing rules. specify: Set outgoing interface manually. |
option | - |
interface | Specify outgoing interface to reach server. | string | Maximum length: 15 |
config system fortiguard
Description: Configure FortiGuard services.
set fortiguard-anycast [enable|disable]
set fortiguard-anycast-source [fortinet|aws|...]
set protocol [udp|http|...]
set port [8888|53|...]
set load-balance-servers {integer}
set update-server-location [usa|any]
set sandbox-region {string}
set antispam-force-off [enable|disable]
set antispam-cache [enable|disable]
set antispam-cache-ttl {integer}
set antispam-cache-mpercent {integer}
set antispam-license {integer}
set antispam-expiration {integer}
set antispam-timeout {integer}
set outbreak-prevention-force-off [enable|disable]
set outbreak-prevention-cache [enable|disable]
set outbreak-prevention-cache-ttl {integer}
set outbreak-prevention-cache-mpercent {integer}
set outbreak-prevention-license {integer}
set outbreak-prevention-expiration {integer}
set outbreak-prevention-timeout {integer}
set webfilter-force-off [enable|disable]
set webfilter-cache [enable|disable]
set webfilter-cache-ttl {integer}
set webfilter-license {integer}
set webfilter-expiration {integer}
set webfilter-timeout {integer}
set sdns-server-ip {user}
set sdns-server-port {integer}
set anycast-sdns-server-ip {ipv4-address}
set anycast-sdns-server-port {integer}
set sdns-options {option1}, {option2}, ...
set source-ip {ipv4-address}
set source-ip6 {ipv6-address}
set proxy-server-ip {ipv4-address}
set proxy-server-port {integer}
set proxy-username {string}
set proxy-password {password}
set ddns-server-ip {ipv4-address}
set ddns-server-port {integer}
set interface-select-method [auto|sdwan|...]
set interface {string}
end
Parameter Name | Description | Type | Size |
---|---|---|---|
fortiguard-anycast | Enable/disable use of FortiGuard's anycast network. enable: Enable use of FortiGuard's anycast network. disable: Disable use of FortiGuard's anycast network. |
option | - |
fortiguard-anycast-source | Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet. fortinet: Use Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. aws: Use Fortinet's AWS servers to provide FortiGuard services in FortiGuard's anycast network. debug: Use Fortinet's internal test servers to provide FortiGuard services in FortiGuard's anycast network. |
option | - |
protocol | Protocol used to communicate with the FortiGuard servers. udp: UDP for server communication (for use by FortiGuard or FortiManager). http: HTTP for server communication (for use only by FortiManager). https: HTTPS for server communication (for use by FortiGuard or FortiManager). |
option | - |
port | Port used to communicate with the FortiGuard servers. 8888: port 8888 for server communication. 53: port 53 for server communication. 80: port 80 for server communication. 443: port 443 for server communication. |
option | - |
load-balance-servers | Number of servers to alternate between as first FortiGuard option. | integer | Minimum value: 1 Maximum value: 266 |
update-server-location | Signature update server location. usa: FGD servers in United States. any: FGD servers in any location. |
option | - |
sandbox-region | Cloud sandbox region. | string | Maximum length: 63 |
antispam-force-off | Enable/disable turning off the FortiGuard antispam service. enable: Turn off the FortiGuard antispam service. disable: Allow the FortiGuard antispam service. |
option | - |
antispam-cache | Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. enable: Enable FortiGuard antispam request caching. disable: Disable FortiGuard antispam request caching. |
option | - |
antispam-cache-ttl | Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. | integer | Minimum value: 300 Maximum value: 86400 |
antispam-cache-mpercent | Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%). | integer | Minimum value: 1 Maximum value: 15 |
antispam-license | Interval of time between license checks for the FortiGuard antispam contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
antispam-expiration | Expiration date of the FortiGuard antispam contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
antispam-timeout | Antispam query time out (1 - 30 sec, default = 7). | integer | Minimum value: 1 Maximum value: 30 |
outbreak-prevention-force-off | Turn off FortiGuard Virus Outbreak Prevention service. enable: Turn off FortiGuard antivirus service. disable: Allow the FortiGuard antivirus service. |
option | - |
outbreak-prevention-cache | Enable/disable FortiGuard Virus Outbreak Prevention cache. enable: Enable FortiGuard antivirus caching. disable: Disable FortiGuard antivirus caching. |
option | - |
outbreak-prevention-cache-ttl | Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec, default = 300). | integer | Minimum value: 300 Maximum value: 86400 |
outbreak-prevention-cache-mpercent | Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%, default = 2). | integer | Minimum value: 1 Maximum value: 15 |
outbreak-prevention-license | Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
outbreak-prevention-expiration | Expiration date of FortiGuard Virus Outbreak Prevention contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
outbreak-prevention-timeout | FortiGuard Virus Outbreak Prevention time out (1 - 30 sec, default = 7). | integer | Minimum value: 1 Maximum value: 30 |
webfilter-force-off | Enable/disable turning off the FortiGuard web filtering service. enable: Turn off the FortiGuard web filtering service. disable: Allow the FortiGuard web filtering service to operate. |
option | - |
webfilter-cache | Enable/disable FortiGuard web filter caching. enable: Enable FortiGuard web filter caching. disable: Disable FortiGuard web filter caching. |
option | - |
webfilter-cache-ttl | Time-to-live for web filter cache entries in seconds (300 - 86400). | integer | Minimum value: 300 Maximum value: 86400 |
webfilter-license | Interval of time between license checks for the FortiGuard web filter contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
webfilter-expiration | Expiration date of the FortiGuard web filter contract. | integer | Minimum value: 0 Maximum value: 4294967295 |
webfilter-timeout | Web filter query time out (1 - 30 sec, default = 7). | integer | Minimum value: 1 Maximum value: 30 |
sdns-server-ip | IP address of the FortiGuard DNS rating server. | user | Not Specified |
sdns-server-port | Port to connect to on the FortiGuard DNS rating server. | integer | Minimum value: 1 Maximum value: 65535 |
anycast-sdns-server-ip | IP address of the FortiGuard anycast DNS rating server. | ipv4-address | Not Specified |
anycast-sdns-server-port | Port to connect to on the FortiGuard anycast DNS rating server. | integer | Minimum value: 1 Maximum value: 65535 |
sdns-options | Customization options for the FortiGuard DNS service. include-question-section: Include DNS question section in the FortiGuard DNS setup message. |
option | - |
source-ip | Source IPv4 address used to communicate with FortiGuard. | ipv4-address | Not Specified |
source-ip6 | Source IPv6 address used to communicate with FortiGuard. | ipv6-address | Not Specified |
proxy-server-ip | IP address of the proxy server. | ipv4-address | Not Specified |
proxy-server-port | Port used to communicate with the proxy server. | integer | Minimum value: 0 Maximum value: 65535 |
proxy-username | Proxy user name. | string | Maximum length: 64 |
proxy-password | Proxy user password. | password | Not Specified |
ddns-server-ip | IP address of the FortiDDNS server. | ipv4-address | Not Specified |
ddns-server-port | Port used to communicate with FortiDDNS servers. | integer | Minimum value: 1 Maximum value: 65535 |
interface-select-method | Specify how to select outgoing interface to reach server. auto: Set outgoing interface automatically. sdwan: Set outgoing interface by SD-WAN or policy routing rules. specify: Set outgoing interface manually. |
option | - |
interface | Specify outgoing interface to reach server. | string | Maximum length: 15 |