Fortinet black logo

CLI Reference

Home FortiProxy 2.0.12 CLI Reference
2.0.12
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.17
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
2.0.13
2.0.12
2.0.0
1.2.4

config webfilter profile

config webfilter profile

Configure Web filter profiles.

config webfilter profile
    Description: Configure Web filter profiles.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set options [activexfilter|cookiefilter|...]
        set https-replacemsg [enable|disable]
        set ovrd-perm [bannedword-override|urlfilter-override|...]
        set post-action [normal|block]
        config override
            Description: Web Filter override settings.
            set ovrd-cookie [allow|deny]
            set ovrd-scope [user|user-group|...]
            set profile-type [list|radius]
            set ovrd-dur-mode [constant|ask]
            set ovrd-dur {user}
            set profile-attribute [User-Name|NAS-IP-Address|...]
            config ovrd-user-group
                Description: User groups with permission to use the override.
                edit <name>
                next
            end
            config profile
                Description: Web filter profile with permission to create overrides.
                edit <name>
                next
            end
        end
        config web
            Description: Web content filtering settings.
            set bword-threshold {integer}
            set bword-table {integer}
            set urlfilter-table {integer}
            set content-header-list {integer}
            set blacklist [enable|disable]
            set whitelist [exempt-av|exempt-webcontent|...]
            set safe-search [url|header]
            set youtube-restrict [none|strict|...]
            set log-search [enable|disable]
            config keyword-match
                Description: Search keywords to log when match is found.
                edit <pattern>
                next
            end
        end
        set youtube-channel-status [disable|blacklist|...]
        config youtube-channel-filter
            Description: YouTube channel filter.
            edit <id>
                set channel-id {string}
                set comment {var-string}
            next
        end
        config ftgd-wf
            Description: FortiGuard Web Filter settings.
            set options [error-allow|http-err-detail|...]
            set exempt-quota {user}
            set ovrd {user}
            config filters
                Description: FortiGuard filters.
                edit <id>
                    set category {integer}
                    set action [block|authenticate|...]
                    set warn-duration {user}
                    config auth-usr-grp
                        Description: Groups with permission to authenticate.
                        edit <name>
                        next
                    end
                    set log [enable|disable]
                    set override-replacemsg {string}
                    set warning-prompt [per-domain|per-category]
                    set warning-duration-type [session|timeout]
                next
            end
            config quota
                Description: FortiGuard traffic quota settings.
                edit <id>
                    set category {user}
                    set type [time|traffic]
                    set reset-frequency [daily|weekly|...]
                    set unit [B|KB|...]
                    set value {integer}
                    set duration {user}
                    set override-replacemsg {string}
                next
            end
            set max-quota-timeout {integer}
            set rate-image-urls [disable|enable]
            set rate-javascript-urls [disable|enable]
            set rate-css-urls [disable|enable]
            set rate-crl-urls [disable|enable]
        end
        config antiphish
            Description: AntiPhishing profile.
            set status [enable|disable]
            set domain-controller {string}
            set default-action [exempt|log|...]
            set check-uri [enable|disable]
            set check-basic-auth [enable|disable]
            set max-body-len {integer}
            config inspection-entries
                Description: AntiPhishing entries.
                edit <name>
                    set fortiguard-category {user}
                    set action [exempt|log|...]
                next
            end
            config custom-patterns
                Description: Custom username and password regex patterns.
                edit <pattern>
                    set category [username|password]
                next
            end
        end
        set wisp [enable|disable]
        config wisp-servers
            Description: WISP servers.
            edit <name>
            next
        end
        set wisp-algorithm [primary-secondary|round-robin|...]
        set log-all-url [enable|disable]
        set web-content-log [enable|disable]
        set web-filter-activex-log [enable|disable]
        set web-filter-command-block-log [enable|disable]
        set web-filter-cookie-log [enable|disable]
        set web-filter-applet-log [enable|disable]
        set web-filter-jscript-log [enable|disable]
        set web-filter-js-log [enable|disable]
        set web-filter-vbs-log [enable|disable]
        set web-filter-unknown-log [enable|disable]
        set web-filter-referer-log [enable|disable]
        set web-filter-cookie-removal-log [enable|disable]
        set web-url-log [enable|disable]
        set web-invalid-domain-log [enable|disable]
        set web-ftgd-err-log [enable|disable]
        set web-ftgd-quota-usage [enable|disable]
        set web-antiphishing-log [enable|disable]
    next
end

config webfilter profile

Parameter

Description

Type

Size

comment

Optional comments.

var-string

Maximum length: 255

replacemsg-group

Replacement message group.

string

Maximum length: 35

options

Options.

option

-

Option

Description

activexfilter

ActiveX filter.

cookiefilter

Cookie filter.

javafilter

Java applet filter.

block-invalid-url

Block sessions contained an invalid domain name.

jscript

Javascript block.

js

JS block.

vbs

VB script block.

unknown

Unknown script block.

intrinsic

Intrinsic script block.

wf-referer

Referring block.

wf-cookie

Cookie block.

https-replacemsg

Enable replacement messages for HTTPS.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ovrd-perm

Permitted override types.

option

-

Option

Description

bannedword-override

Banned word override.

urlfilter-override

URL filter override.

fortiguard-wf-override

FortiGuard Web Filter override.

contenttype-check-override

Content-type header override.

post-action

Action taken for HTTP POST traffic.

option

-

Option

Description

normal

Normal, POST requests are allowed.

block

POST requests are blocked.

youtube-channel-status

YouTube channel filter status.

option

-

Option

Description

disable

Disable YouTube channel filter.

blacklist

Block matches.

whitelist

Allow matches.

wisp

Enable/disable web proxy WISP.

option

-

Option

Description

enable

Enable web proxy WISP.

disable

Disable web proxy WISP.

wisp-algorithm

WISP server selection algorithm.

option

-

Option

Description

primary-secondary

Select the first healthy server in order.

round-robin

Select the next healthy server.

auto-learning

Select the lightest loading healthy server.

log-all-url

Enable/disable logging all URLs visited.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-content-log

Enable/disable logging logging blocked web content.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-activex-log

Enable/disable logging ActiveX.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-command-block-log

Enable/disable logging blocked commands.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-cookie-log

Enable/disable logging cookie filtering.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-applet-log

Enable/disable logging Java applets.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-jscript-log

Enable/disable logging JScripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-js-log

Enable/disable logging Java scripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-vbs-log

Enable/disable logging VBS scripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-unknown-log

Enable/disable logging unknown scripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-referer-log

Enable/disable logging referrers.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-cookie-removal-log

Enable/disable logging blocked cookies.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-url-log

Enable/disable logging URL filtering.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-invalid-domain-log

Enable/disable logging invalid domain names.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-ftgd-err-log

Enable/disable logging rating errors.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-ftgd-quota-usage

Enable/disable logging daily quota usage.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-antiphishing-log

Enable/disable logging of AntiPhishing checks.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config override

Parameter

Description

Type

Size

ovrd-cookie

Allow/deny browser-based (cookie) overrides.

option

-

Option

Description

allow

Allow browser-based (cookie) override.

deny

Deny browser-based (cookie) override.

ovrd-scope

Override scope.

option

-

Option

Description

user

Override for the user.

user-group

Override for the user's group.

ip

Override for the initiating IP.

browser

Create browser-based (cookie) override.

ask

Prompt for scope when initiating an override.

profile-type

Override profile type.

option

-

Option

Description

list

Profile chosen from list.

radius

Profile determined by RADIUS server.

ovrd-dur-mode

Override duration mode.

option

-

Option

Description

constant

Constant mode.

ask

Prompt for duration when initiating an override.

ovrd-dur

Override duration.

user

Not Specified

profile-attribute

Profile attribute to retrieve from the RADIUS server.

option

-

Option

Description

User-Name

Use this attribute.

NAS-IP-Address

Use this attribute.

Framed-IP-Address

Use this attribute.

Framed-IP-Netmask

Use this attribute.

Filter-Id

Use this attribute.

Login-IP-Host

Use this attribute.

Reply-Message

Use this attribute.

Callback-Number

Use this attribute.

Callback-Id

Use this attribute.

Framed-Route

Use this attribute.

Framed-IPX-Network

Use this attribute.

Class

Use this attribute.

Called-Station-Id

Use this attribute.

Calling-Station-Id

Use this attribute.

NAS-Identifier

Use this attribute.

Proxy-State

Use this attribute.

Login-LAT-Service

Use this attribute.

Login-LAT-Node

Use this attribute.

Login-LAT-Group

Use this attribute.

Framed-AppleTalk-Zone

Use this attribute.

Acct-Session-Id

Use this attribute.

Acct-Multi-Session-Id

Use this attribute.

config web

Parameter

Description

Type

Size

bword-threshold

Banned word score threshold.

integer

Minimum value: 0 Maximum value: 2147483647

bword-table

Banned word table ID.

integer

Minimum value: 0 Maximum value: 4294967295

urlfilter-table

URL filter table ID.

integer

Minimum value: 0 Maximum value: 4294967295

content-header-list

Content header list.

integer

Minimum value: 0 Maximum value: 4294967295

blacklist

Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

whitelist

FortiGuard whitelist settings.

option

-

Option

Description

exempt-av

Exempt antivirus.

exempt-webcontent

Exempt web content.

exempt-activex-java-cookie

Exempt ActiveX-JAVA-Cookie.

exempt-dlp

Exempt DLP.

exempt-rangeblock

Exempt RangeBlock.

extended-log-others

Support extended log.

safe-search

Safe search type.

option

-

Option

Description

url

Insert safe search string into URL.

header

Insert safe search header.

youtube-restrict

YouTube EDU filter level.

option

-

Option

Description

none

Full access for YouTube.

strict

Strict access for YouTube.

moderate

Moderate access for YouTube.

log-search

Enable/disable logging all search phrases.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config youtube-channel-filter

Parameter

Description

Type

Size

channel-id

YouTube channel ID to be filtered.

string

Maximum length: 255

comment

Comment.

var-string

Maximum length: 255

config ftgd-wf

Parameter

Description

Type

Size

options

Options for FortiGuard Web Filter.

option

-

Option

Description

error-allow

Allow web pages with a rating error to pass through.

http-err-detail

Display a replacement message for blocked 4xx and 5xx HTTP errors.

rate-server-ip

Rate the server IP in addition to the domain name.

connect-request-bypass

Bypass connection which has CONNECT request.

ftgd-disable

Disable FortiGuard scanning.

exempt-quota

Do not stop quota for these categories.

user

Not Specified

ovrd

Allow web filter profile overrides.

user

Not Specified

max-quota-timeout

Maximum FortiGuard quota used by single page view in seconds (excludes streams).

integer

Minimum value: 1 Maximum value: 86400

rate-image-urls

Enable/disable rating images by URL.

option

-

Option

Description

disable

Disable rating images by URL (blocked images are replaced with blanks).

enable

Enable rating images by URL (blocked images are replaced with blanks).

rate-javascript-urls

Enable/disable rating JavaScript by URL.

option

-

Option

Description

disable

Disable rating JavaScript by URL.

enable

Enable rating JavaScript by URL.

rate-css-urls

Enable/disable rating CSS by URL.

option

-

Option

Description

disable

Disable rating CSS by URL.

enable

Enable rating CSS by URL.

rate-crl-urls

Enable/disable rating CRL by URL.

option

-

Option

Description

disable

Disable rating CRL by URL.

enable

Enable rating CRL by URL.

config filters

Parameter

Description

Type

Size

category

Categories and groups the filter examines.

integer

Minimum value: 0 Maximum value: 255

action

Action to take for matches.

option

-

Option

Description

block

Block access.

authenticate

Authenticate user before allowing access.

monitor

Allow access while logging the action.

warning

Allow access after warning the user.

warn-duration

Duration of warnings.

user

Not Specified

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

override-replacemsg

Override replacement message.

string

Maximum length: 28

warning-prompt

Warning prompts in each category or each domain.

option

-

Option

Description

per-domain

Per-domain warnings.

per-category

Per-category warnings.

warning-duration-type

Re-display warning after closing browser or after a timeout.

option

-

Option

Description

session

After session ends.

timeout

After timeout occurs.

config quota

Parameter

Description

Type

Size

category

FortiGuard categories to apply quota to (category action must be set to monitor).

user

Not Specified

type

Quota type.

option

-

Option

Description

time

Use a time-based quota.

traffic

Use a traffic-based quota.

reset-frequency

Quota reset frequency .

option

-

Option

Description

daily

Quota reset daily.

weekly

Quota reset weekly.

monthly

Quota reset monthly.

unit

Traffic quota unit of measurement.

option

-

Option

Description

B

Quota in bytes.

KB

Quota in kilobytes.

MB

Quota in megabytes.

GB

Quota in gigabytes.

value

Traffic quota value.

integer

Minimum value: 1 Maximum value: 4294967295

duration

Duration of quota.

user

Not Specified

override-replacemsg

Override replacement message.

string

Maximum length: 28

config antiphish

Parameter

Description

Type

Size

status

Toggle AntiPhishing functionality.

option

-

Option

Description

enable

Enable AntiPhishing functionality.

disable

Disable AntiPhishing functionality.

domain-controller

Domain for which to verify received credentials against.

string

Maximum length: 63

default-action

Action to be taken when there is no matching rule.

option

-

Option

Description

exempt

Exempt requests from matching.

log

Log all matched requests.

block

Block all matched requests.

check-uri

Enable/disable checking of GET URI parameters for known credentials.

option

-

Option

Description

enable

Enable checking of GET URI for username and password fields.

disable

Disable checking of GET URI for username and password fields.

check-basic-auth

Enable/disable checking of HTTP Basic Auth field for known credentials.

option

-

Option

Description

enable

Enable checking of HTTP Basic Auth field for known credentials.

disable

Disable checking of HTTP Basic Auth field for known credentials.

max-body-len

Maximum size of a POST body to check for credentials.

integer

Minimum value: 0 Maximum value: 4294967295

config inspection-entries

Parameter

Description

Type

Size

fortiguard-category

FortiGuard category to match.

user

Not Specified

action

Action to be taken upon an AntiPhishing match.

option

-

Option

Description

exempt

Exempt requests from matching.

log

Log all matched requests.

block

Block all matched requests.

config custom-patterns

Parameter

Description

Type

Size

category

Category that the pattern matches.

option

-

Option

Description

username

Pattern matches username fields.

password

Pattern matches password fields.
Previous
Next

config webfilter profile

Configure Web filter profiles.

config webfilter profile
    Description: Configure Web filter profiles.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set options [activexfilter|cookiefilter|...]
        set https-replacemsg [enable|disable]
        set ovrd-perm [bannedword-override|urlfilter-override|...]
        set post-action [normal|block]
        config override
            Description: Web Filter override settings.
            set ovrd-cookie [allow|deny]
            set ovrd-scope [user|user-group|...]
            set profile-type [list|radius]
            set ovrd-dur-mode [constant|ask]
            set ovrd-dur {user}
            set profile-attribute [User-Name|NAS-IP-Address|...]
            config ovrd-user-group
                Description: User groups with permission to use the override.
                edit <name>
                next
            end
            config profile
                Description: Web filter profile with permission to create overrides.
                edit <name>
                next
            end
        end
        config web
            Description: Web content filtering settings.
            set bword-threshold {integer}
            set bword-table {integer}
            set urlfilter-table {integer}
            set content-header-list {integer}
            set blacklist [enable|disable]
            set whitelist [exempt-av|exempt-webcontent|...]
            set safe-search [url|header]
            set youtube-restrict [none|strict|...]
            set log-search [enable|disable]
            config keyword-match
                Description: Search keywords to log when match is found.
                edit <pattern>
                next
            end
        end
        set youtube-channel-status [disable|blacklist|...]
        config youtube-channel-filter
            Description: YouTube channel filter.
            edit <id>
                set channel-id {string}
                set comment {var-string}
            next
        end
        config ftgd-wf
            Description: FortiGuard Web Filter settings.
            set options [error-allow|http-err-detail|...]
            set exempt-quota {user}
            set ovrd {user}
            config filters
                Description: FortiGuard filters.
                edit <id>
                    set category {integer}
                    set action [block|authenticate|...]
                    set warn-duration {user}
                    config auth-usr-grp
                        Description: Groups with permission to authenticate.
                        edit <name>
                        next
                    end
                    set log [enable|disable]
                    set override-replacemsg {string}
                    set warning-prompt [per-domain|per-category]
                    set warning-duration-type [session|timeout]
                next
            end
            config quota
                Description: FortiGuard traffic quota settings.
                edit <id>
                    set category {user}
                    set type [time|traffic]
                    set reset-frequency [daily|weekly|...]
                    set unit [B|KB|...]
                    set value {integer}
                    set duration {user}
                    set override-replacemsg {string}
                next
            end
            set max-quota-timeout {integer}
            set rate-image-urls [disable|enable]
            set rate-javascript-urls [disable|enable]
            set rate-css-urls [disable|enable]
            set rate-crl-urls [disable|enable]
        end
        config antiphish
            Description: AntiPhishing profile.
            set status [enable|disable]
            set domain-controller {string}
            set default-action [exempt|log|...]
            set check-uri [enable|disable]
            set check-basic-auth [enable|disable]
            set max-body-len {integer}
            config inspection-entries
                Description: AntiPhishing entries.
                edit <name>
                    set fortiguard-category {user}
                    set action [exempt|log|...]
                next
            end
            config custom-patterns
                Description: Custom username and password regex patterns.
                edit <pattern>
                    set category [username|password]
                next
            end
        end
        set wisp [enable|disable]
        config wisp-servers
            Description: WISP servers.
            edit <name>
            next
        end
        set wisp-algorithm [primary-secondary|round-robin|...]
        set log-all-url [enable|disable]
        set web-content-log [enable|disable]
        set web-filter-activex-log [enable|disable]
        set web-filter-command-block-log [enable|disable]
        set web-filter-cookie-log [enable|disable]
        set web-filter-applet-log [enable|disable]
        set web-filter-jscript-log [enable|disable]
        set web-filter-js-log [enable|disable]
        set web-filter-vbs-log [enable|disable]
        set web-filter-unknown-log [enable|disable]
        set web-filter-referer-log [enable|disable]
        set web-filter-cookie-removal-log [enable|disable]
        set web-url-log [enable|disable]
        set web-invalid-domain-log [enable|disable]
        set web-ftgd-err-log [enable|disable]
        set web-ftgd-quota-usage [enable|disable]
        set web-antiphishing-log [enable|disable]
    next
end

config webfilter profile

Parameter

Description

Type

Size

comment

Optional comments.

var-string

Maximum length: 255

replacemsg-group

Replacement message group.

string

Maximum length: 35

options

Options.

option

-

Option

Description

activexfilter

ActiveX filter.

cookiefilter

Cookie filter.

javafilter

Java applet filter.

block-invalid-url

Block sessions contained an invalid domain name.

jscript

Javascript block.

js

JS block.

vbs

VB script block.

unknown

Unknown script block.

intrinsic

Intrinsic script block.

wf-referer

Referring block.

wf-cookie

Cookie block.

https-replacemsg

Enable replacement messages for HTTPS.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ovrd-perm

Permitted override types.

option

-

Option

Description

bannedword-override

Banned word override.

urlfilter-override

URL filter override.

fortiguard-wf-override

FortiGuard Web Filter override.

contenttype-check-override

Content-type header override.

post-action

Action taken for HTTP POST traffic.

option

-

Option

Description

normal

Normal, POST requests are allowed.

block

POST requests are blocked.

youtube-channel-status

YouTube channel filter status.

option

-

Option

Description

disable

Disable YouTube channel filter.

blacklist

Block matches.

whitelist

Allow matches.

wisp

Enable/disable web proxy WISP.

option

-

Option

Description

enable

Enable web proxy WISP.

disable

Disable web proxy WISP.

wisp-algorithm

WISP server selection algorithm.

option

-

Option

Description

primary-secondary

Select the first healthy server in order.

round-robin

Select the next healthy server.

auto-learning

Select the lightest loading healthy server.

log-all-url

Enable/disable logging all URLs visited.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-content-log

Enable/disable logging logging blocked web content.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-activex-log

Enable/disable logging ActiveX.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-command-block-log

Enable/disable logging blocked commands.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-cookie-log

Enable/disable logging cookie filtering.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-applet-log

Enable/disable logging Java applets.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-jscript-log

Enable/disable logging JScripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-js-log

Enable/disable logging Java scripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-vbs-log

Enable/disable logging VBS scripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-unknown-log

Enable/disable logging unknown scripts.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-referer-log

Enable/disable logging referrers.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-cookie-removal-log

Enable/disable logging blocked cookies.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-url-log

Enable/disable logging URL filtering.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-invalid-domain-log

Enable/disable logging invalid domain names.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-ftgd-err-log

Enable/disable logging rating errors.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-ftgd-quota-usage

Enable/disable logging daily quota usage.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

web-antiphishing-log

Enable/disable logging of AntiPhishing checks.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config override

Parameter

Description

Type

Size

ovrd-cookie

Allow/deny browser-based (cookie) overrides.

option

-

Option

Description

allow

Allow browser-based (cookie) override.

deny

Deny browser-based (cookie) override.

ovrd-scope

Override scope.

option

-

Option

Description

user

Override for the user.

user-group

Override for the user's group.

ip

Override for the initiating IP.

browser

Create browser-based (cookie) override.

ask

Prompt for scope when initiating an override.

profile-type

Override profile type.

option

-

Option

Description

list

Profile chosen from list.

radius

Profile determined by RADIUS server.

ovrd-dur-mode

Override duration mode.

option

-

Option

Description

constant

Constant mode.

ask

Prompt for duration when initiating an override.

ovrd-dur

Override duration.

user

Not Specified

profile-attribute

Profile attribute to retrieve from the RADIUS server.

option

-

Option

Description

User-Name

Use this attribute.

NAS-IP-Address

Use this attribute.

Framed-IP-Address

Use this attribute.

Framed-IP-Netmask

Use this attribute.

Filter-Id

Use this attribute.

Login-IP-Host

Use this attribute.

Reply-Message

Use this attribute.

Callback-Number

Use this attribute.

Callback-Id

Use this attribute.

Framed-Route

Use this attribute.

Framed-IPX-Network

Use this attribute.

Class

Use this attribute.

Called-Station-Id

Use this attribute.

Calling-Station-Id

Use this attribute.

NAS-Identifier

Use this attribute.

Proxy-State

Use this attribute.

Login-LAT-Service

Use this attribute.

Login-LAT-Node

Use this attribute.

Login-LAT-Group

Use this attribute.

Framed-AppleTalk-Zone

Use this attribute.

Acct-Session-Id

Use this attribute.

Acct-Multi-Session-Id

Use this attribute.

config web

Parameter

Description

Type

Size

bword-threshold

Banned word score threshold.

integer

Minimum value: 0 Maximum value: 2147483647

bword-table

Banned word table ID.

integer

Minimum value: 0 Maximum value: 4294967295

urlfilter-table

URL filter table ID.

integer

Minimum value: 0 Maximum value: 4294967295

content-header-list

Content header list.

integer

Minimum value: 0 Maximum value: 4294967295

blacklist

Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

whitelist

FortiGuard whitelist settings.

option

-

Option

Description

exempt-av

Exempt antivirus.

exempt-webcontent

Exempt web content.

exempt-activex-java-cookie

Exempt ActiveX-JAVA-Cookie.

exempt-dlp

Exempt DLP.

exempt-rangeblock

Exempt RangeBlock.

extended-log-others

Support extended log.

safe-search

Safe search type.

option

-

Option

Description

url

Insert safe search string into URL.

header

Insert safe search header.

youtube-restrict

YouTube EDU filter level.

option

-

Option

Description

none

Full access for YouTube.

strict

Strict access for YouTube.

moderate

Moderate access for YouTube.

log-search

Enable/disable logging all search phrases.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config youtube-channel-filter

Parameter

Description

Type

Size

channel-id

YouTube channel ID to be filtered.

string

Maximum length: 255

comment

Comment.

var-string

Maximum length: 255

config ftgd-wf

Parameter

Description

Type

Size

options

Options for FortiGuard Web Filter.

option

-

Option

Description

error-allow

Allow web pages with a rating error to pass through.

http-err-detail

Display a replacement message for blocked 4xx and 5xx HTTP errors.

rate-server-ip

Rate the server IP in addition to the domain name.

connect-request-bypass

Bypass connection which has CONNECT request.

ftgd-disable

Disable FortiGuard scanning.

exempt-quota

Do not stop quota for these categories.

user

Not Specified

ovrd

Allow web filter profile overrides.

user

Not Specified

max-quota-timeout

Maximum FortiGuard quota used by single page view in seconds (excludes streams).

integer

Minimum value: 1 Maximum value: 86400

rate-image-urls

Enable/disable rating images by URL.

option

-

Option

Description

disable

Disable rating images by URL (blocked images are replaced with blanks).

enable

Enable rating images by URL (blocked images are replaced with blanks).

rate-javascript-urls

Enable/disable rating JavaScript by URL.

option

-

Option

Description

disable

Disable rating JavaScript by URL.

enable

Enable rating JavaScript by URL.

rate-css-urls

Enable/disable rating CSS by URL.

option

-

Option

Description

disable

Disable rating CSS by URL.

enable

Enable rating CSS by URL.

rate-crl-urls

Enable/disable rating CRL by URL.

option

-

Option

Description

disable

Disable rating CRL by URL.

enable

Enable rating CRL by URL.

config filters

Parameter

Description

Type

Size

category

Categories and groups the filter examines.

integer

Minimum value: 0 Maximum value: 255

action

Action to take for matches.

option

-

Option

Description

block

Block access.

authenticate

Authenticate user before allowing access.

monitor

Allow access while logging the action.

warning

Allow access after warning the user.

warn-duration

Duration of warnings.

user

Not Specified

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

override-replacemsg

Override replacement message.

string

Maximum length: 28

warning-prompt

Warning prompts in each category or each domain.

option

-

Option

Description

per-domain

Per-domain warnings.

per-category

Per-category warnings.

warning-duration-type

Re-display warning after closing browser or after a timeout.

option

-

Option

Description

session

After session ends.

timeout

After timeout occurs.

config quota

Parameter

Description

Type

Size

category

FortiGuard categories to apply quota to (category action must be set to monitor).

user

Not Specified

type

Quota type.

option

-

Option

Description

time

Use a time-based quota.

traffic

Use a traffic-based quota.

reset-frequency

Quota reset frequency .

option

-

Option

Description

daily

Quota reset daily.

weekly

Quota reset weekly.

monthly

Quota reset monthly.

unit

Traffic quota unit of measurement.

option

-

Option

Description

B

Quota in bytes.

KB

Quota in kilobytes.

MB

Quota in megabytes.

GB

Quota in gigabytes.

value

Traffic quota value.

integer

Minimum value: 1 Maximum value: 4294967295

duration

Duration of quota.

user

Not Specified

override-replacemsg

Override replacement message.

string

Maximum length: 28

config antiphish

Parameter

Description

Type

Size

status

Toggle AntiPhishing functionality.

option

-

Option

Description

enable

Enable AntiPhishing functionality.

disable

Disable AntiPhishing functionality.

domain-controller

Domain for which to verify received credentials against.

string

Maximum length: 63

default-action

Action to be taken when there is no matching rule.

option

-

Option

Description

exempt

Exempt requests from matching.

log

Log all matched requests.

block

Block all matched requests.

check-uri

Enable/disable checking of GET URI parameters for known credentials.

option

-

Option

Description

enable

Enable checking of GET URI for username and password fields.

disable

Disable checking of GET URI for username and password fields.

check-basic-auth

Enable/disable checking of HTTP Basic Auth field for known credentials.

option

-

Option

Description

enable

Enable checking of HTTP Basic Auth field for known credentials.

disable

Disable checking of HTTP Basic Auth field for known credentials.

max-body-len

Maximum size of a POST body to check for credentials.

integer

Minimum value: 0 Maximum value: 4294967295

config inspection-entries

Parameter

Description

Type

Size

fortiguard-category

FortiGuard category to match.

user

Not Specified

action

Action to be taken upon an AntiPhishing match.

option

-

Option

Description

exempt

Exempt requests from matching.

log

Log all matched requests.

block

Block all matched requests.

config custom-patterns

Parameter

Description

Type

Size

category

Category that the pattern matches.

option

-

Option

Description

username

Pattern matches username fields.

password

Pattern matches password fields.
Previous
Next