config firewall profile-protocol-options

Configure protocol options.

Description: Configure protocol options.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set oversize-log [disable|enable]

set switching-protocols-log [disable|enable]

config http

Description: Configure HTTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set range-block [disable|enable]

set strip-x-forwarded-for [disable|enable]

set post-lang {option1}, {option2}, ...

set streaming-content-bypass [enable|disable]

set switching-protocols [bypass|block]

set unknown-http-version [reject|tunnel|...]

set tunnel-non-http [enable|disable]

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set block-page-status-code {integer}

set retry-count {integer}

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

set address-ip-rating [enable|disable]

end

config ftp

Description: Configure FTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

set explicit-ftp-tls [enable|disable]

end

config imap

Description: Configure IMAP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config mapi

Description: Configure MAPI protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config pop3

Description: Configure POP3 protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config smtp

Description: Configure SMTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set server-busy [enable|disable]

set ssl-offloaded [no|yes]

end

config nntp

Description: Configure NNTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config ssh

Description: Configure SFTP and SCP protocol options.

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

end

config dns

Description: Configure DNS protocol options.

set ports {integer}

set status [enable|disable]

end

config cifs

Description: Configure CIFS protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set server-credential-type [none|credential-replication|...]

set domain-controller {string}

config server-keytab

Description: Server keytab.

edit <principal>

set keytab {string}

end

config mail-signature

Description: Configure Mail signature.

set status [disable|enable]

set signature {string}

end

set rpc-over-http [enable|disable]

end

config firewall profile-protocol-options

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Not Specified

replacemsg-group

Name of the replacement message group to be used.

string

Not Specified

oversize-log

Enable/disable logging for antivirus oversize file blocking.

option

disable

Option	Description
disable	Disable logging for antivirus oversize file blocking.
enable	Enable logging for antivirus oversize file blocking.

switching-protocols-log

Enable/disable logging for HTTP/HTTPS switching protocols.

option

disable

Option	Description
disable	Disable logging for HTTP/HTTPS switching protocols.
enable	Enable logging for HTTP/HTTPS switching protocols.

rpc-over-http

Enable/disable inspection of RPC over HTTP.

option

disable

Option	Description
enable	Enable inspection of RPC over HTTP.
disable	Disable inspection of RPC over HTTP.

config http

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.
oversize	Block oversized file.
chunkedbypass	Bypass chunked transfer encoded sites.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

range-block

Enable/disable blocking of partial downloads.

option

disable

Option	Description
disable	Disable range header blocking (allow partial file downloads)
enable	Enable range header blocking (treat all partial file downloads as full file download)

strip-x-forwarded-for

Enable/disable stripping of HTTP X-Forwarded-For header.

option

disable

Option	Description
disable	Disable changing of HTTP X-Forwarded-For header.
enable	Enable replacement of X-Forwarded-For value with 1.1.1.1.

post-lang

ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets).

option

Option	Description
jisx0201	Japanese Industrial Standard 0201.
jisx0208	Japanese Industrial Standard 0208.
jisx0212	Japanese Industrial Standard 0212.
gb2312	Guojia Biaozhun 2312 (simplified Chinese).
ksc5601-ex	Wansung Korean standard 5601.
euc-jp	Extended Unicode Japanese.
sjis	Shift Japanese Industrial Standard.
iso2022-jp	ISO 2022 Japanese.
iso2022-jp-1	ISO 2022-1 Japanese.
iso2022-jp-2	ISO 2022-2 Japanese.
euc-cn	Extended Unicode Chinese.
ces-gbk	Extended GB2312 (simplified Chinese).
hz	Hanzi simplified Chinese.
ces-big5	Big-5 traditional Chinese.
euc-kr	Extended Unicode Korean.
iso2022-jp-3	ISO 2022-3 Japanese.
iso8859-1	ISO 8859 Part 1 (Western European).
tis620	Thai Industrial Standard 620.
cp874	Code Page 874 (Thai).
cp1252	Code Page 1252 (Western European Latin).
cp1251	Code Page 1251 (Cyrillic).

streaming-content-bypass

Enable/disable bypassing of streaming content from buffering.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

switching-protocols

Bypass from scanning, or block a connection that attempts to switch protocol.

option

bypass

Option	Description
bypass	Bypass connections when switching protocols.
block	Block connections when switching protocols.

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

reject

Option	Description
reject	Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel	Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort	Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

enable

Option	Description
enable	Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable	Drop or tear down non-HTTP sessions accepted by the profile.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

block-page-status-code

Code number returned for blocked HTTP pages .

integer

Minimum value: 100 Maximum value: 599

403

retry-count

Number of attempts to retry HTTP connection .

integer

Minimum value: 0 Maximum value: 100

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

address-ip-rating

Enable/disable IP based URL rating.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config ftp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
oversize	Block oversized file.
splice	Enable splice mode.
bypass-rest-command	Bypass REST command.
bypass-mode-command	Bypass MODE command.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

explicit-ftp-tls

Enable/disable FTP redirection for explicit FTPS.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config imap

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config mapi

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config pop3

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config smtp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.
splice	Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

server-busy

Enable/disable SMTP server busy when server not available.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config nntp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file.
splice	Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config ssh

Parameter

Description

Type

Size

Default

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file.
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config dns

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

config cifs

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

server-credential-type

CIFS server credential type.

option

none

Option	Description
none	Credential derivation not set.
credential-replication	Credential derived using Replication account on Domain Controller.
credential-keytab	Credential derived using server keytab.

domain-controller

Domain for which to decrypt CIFS traffic.

string

Not Specified

** Values may differ between models.

config server-keytab

Parameter	Description	Type	Size	Default
keytab	Base64 encoded keytab file containing credential of the server.	string	Not Specified

config mail-signature

Parameter

Description

Type

Size

Default

status

Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate.

option

disable

Option	Description
disable	Disable mail signature.
enable	Enable mail signature.

signature

Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks).

string

Not Specified

config firewall profile-protocol-options

Configure protocol options.

config firewall profile-protocol-options

Description: Configure protocol options.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set oversize-log [disable|enable]

set switching-protocols-log [disable|enable]

config http

Description: Configure HTTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set range-block [disable|enable]

set strip-x-forwarded-for [disable|enable]

set post-lang {option1}, {option2}, ...

set streaming-content-bypass [enable|disable]

set switching-protocols [bypass|block]

set unknown-http-version [reject|tunnel|...]

set tunnel-non-http [enable|disable]

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set block-page-status-code {integer}

set retry-count {integer}

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

set address-ip-rating [enable|disable]

end

config ftp

Description: Configure FTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

set explicit-ftp-tls [enable|disable]

end

config imap

Description: Configure IMAP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config mapi

Description: Configure MAPI protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config pop3

Description: Configure POP3 protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config smtp

Description: Configure SMTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set server-busy [enable|disable]

set ssl-offloaded [no|yes]

end

config nntp

Description: Configure NNTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config ssh

Description: Configure SFTP and SCP protocol options.

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

end

config dns

Description: Configure DNS protocol options.

set ports {integer}

set status [enable|disable]

end

config cifs

Description: Configure CIFS protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set server-credential-type [none|credential-replication|...]

set domain-controller {string}

config server-keytab

Description: Server keytab.

edit <principal>

set keytab {string}

end

config mail-signature

Description: Configure Mail signature.

set status [disable|enable]

set signature {string}

end

set rpc-over-http [enable|disable]

end

config firewall profile-protocol-options

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Not Specified

replacemsg-group

Name of the replacement message group to be used.

string

Not Specified

oversize-log

Enable/disable logging for antivirus oversize file blocking.

option

disable

Option	Description
disable	Disable logging for antivirus oversize file blocking.
enable	Enable logging for antivirus oversize file blocking.

switching-protocols-log

Enable/disable logging for HTTP/HTTPS switching protocols.

option

disable

Option	Description
disable	Disable logging for HTTP/HTTPS switching protocols.
enable	Enable logging for HTTP/HTTPS switching protocols.

rpc-over-http

Enable/disable inspection of RPC over HTTP.

option

disable

Option	Description
enable	Enable inspection of RPC over HTTP.
disable	Disable inspection of RPC over HTTP.

config http

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.
oversize	Block oversized file.
chunkedbypass	Bypass chunked transfer encoded sites.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

range-block

Enable/disable blocking of partial downloads.

option

disable

Option	Description
disable	Disable range header blocking (allow partial file downloads)
enable	Enable range header blocking (treat all partial file downloads as full file download)

strip-x-forwarded-for

Enable/disable stripping of HTTP X-Forwarded-For header.

option

disable

Option	Description
disable	Disable changing of HTTP X-Forwarded-For header.
enable	Enable replacement of X-Forwarded-For value with 1.1.1.1.

post-lang

ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets).

option

Option	Description
jisx0201	Japanese Industrial Standard 0201.
jisx0208	Japanese Industrial Standard 0208.
jisx0212	Japanese Industrial Standard 0212.
gb2312	Guojia Biaozhun 2312 (simplified Chinese).
ksc5601-ex	Wansung Korean standard 5601.
euc-jp	Extended Unicode Japanese.
sjis	Shift Japanese Industrial Standard.
iso2022-jp	ISO 2022 Japanese.
iso2022-jp-1	ISO 2022-1 Japanese.
iso2022-jp-2	ISO 2022-2 Japanese.
euc-cn	Extended Unicode Chinese.
ces-gbk	Extended GB2312 (simplified Chinese).
hz	Hanzi simplified Chinese.
ces-big5	Big-5 traditional Chinese.
euc-kr	Extended Unicode Korean.
iso2022-jp-3	ISO 2022-3 Japanese.
iso8859-1	ISO 8859 Part 1 (Western European).
tis620	Thai Industrial Standard 620.
cp874	Code Page 874 (Thai).
cp1252	Code Page 1252 (Western European Latin).
cp1251	Code Page 1251 (Cyrillic).

streaming-content-bypass

Enable/disable bypassing of streaming content from buffering.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

switching-protocols

Bypass from scanning, or block a connection that attempts to switch protocol.

option

bypass

Option	Description
bypass	Bypass connections when switching protocols.
block	Block connections when switching protocols.

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

reject

Option	Description
reject	Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel	Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort	Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

enable

Option	Description
enable	Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable	Drop or tear down non-HTTP sessions accepted by the profile.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

block-page-status-code

Code number returned for blocked HTTP pages .

integer

Minimum value: 100 Maximum value: 599

403

retry-count

Number of attempts to retry HTTP connection .

integer

Minimum value: 0 Maximum value: 100

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

address-ip-rating

Enable/disable IP based URL rating.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config ftp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
oversize	Block oversized file.
splice	Enable splice mode.
bypass-rest-command	Bypass REST command.
bypass-mode-command	Bypass MODE command.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

explicit-ftp-tls

Enable/disable FTP redirection for explicit FTPS.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config imap

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config mapi

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config pop3

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config smtp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized email.
splice	Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

server-busy

Enable/disable SMTP server busy when server not available.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config nntp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file.
splice	Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

** Values may differ between models.

config ssh

Parameter

Description

Type

Size

Default

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file.
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

Option	Description
no	SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.
yes	SSL decryption and encryption performed by an external device.

** Values may differ between models.

config dns

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

config cifs

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

auto-tuning

Option	Description
auto-tuning	Allow system to auto-tune TCP window size (default).
system	Use system default TCP window size for this protocol.
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

server-credential-type

CIFS server credential type.

option

none

Option	Description
none	Credential derivation not set.
credential-replication	Credential derived using Replication account on Domain Controller.
credential-keytab	Credential derived using server keytab.

domain-controller

Domain for which to decrypt CIFS traffic.

string

Not Specified

** Values may differ between models.

config server-keytab

Parameter	Description	Type	Size	Default
keytab	Base64 encoded keytab file containing credential of the server.	string	Not Specified

config mail-signature

Parameter

Description

Type

Size

Default

status

Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate.

option

disable

Option	Description
disable	Disable mail signature.
enable	Enable mail signature.

signature

Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks).

string

Not Specified

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config firewall profile-protocol-options

config firewall profile-protocol-options

config firewall profile-protocol-options

config http

config ftp

config imap

config mapi

config pop3

config smtp

config nntp

config ssh

config dns

config cifs