config webfilter profile
Configure Web filter profiles.
config webfilter profile
Description: Configure Web filter profiles.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set options [activexfilter|cookiefilter|...]
set https-replacemsg [enable|disable]
set ovrd-perm [bannedword-override|urlfilter-override|...]
set post-action [normal|block]
config override
Description: Web Filter override settings.
set ovrd-cookie [allow|deny]
set ovrd-scope [user|user-group|...]
set profile-type [list|radius]
set ovrd-dur-mode [constant|ask]
set ovrd-dur {user}
set profile-attribute [User-Name|NAS-IP-Address|...]
config ovrd-user-group
Description: User groups with permission to use the override.
edit <name>
next
end
config profile
Description: Web filter profile with permission to create overrides.
edit <name>
next
end
end
config web
Description: Web content filtering settings.
set bword-threshold {integer}
set bword-table {integer}
set urlfilter-table {integer}
set content-header-list {integer}
set blacklist [enable|disable]
set whitelist [exempt-av|exempt-webcontent|...]
set safe-search [url|header]
set youtube-restrict [none|strict|...]
set log-search [enable|disable]
config keyword-match
Description: Search keywords to log when match is found.
edit <pattern>
next
end
end
set youtube-channel-status [disable|blacklist|...]
config youtube-channel-filter
Description: YouTube channel filter.
edit <id>
set channel-id {string}
set comment {var-string}
next
end
config ftgd-wf
Description: FortiGuard Web Filter settings.
set options [error-allow|http-err-detail|...]
set exempt-quota {user}
set ovrd {user}
config filters
Description: FortiGuard filters.
edit <id>
set category {integer}
set action [block|authenticate|...]
set warn-duration {user}
config auth-usr-grp
Description: Groups with permission to authenticate.
edit <name>
next
end
set log [enable|disable]
set override-replacemsg {string}
set warning-prompt [per-domain|per-category]
set warning-duration-type [session|timeout]
next
end
config quota
Description: FortiGuard traffic quota settings.
edit <id>
set category {user}
set type [time|traffic]
set reset-frequency [daily|weekly|...]
set unit [B|KB|...]
set value {integer}
set duration {user}
set override-replacemsg {string}
next
end
set max-quota-timeout {integer}
set rate-image-urls [disable|enable]
set rate-javascript-urls [disable|enable]
set rate-css-urls [disable|enable]
set rate-crl-urls [disable|enable]
end
config antiphish
Description: AntiPhishing profile.
set status [enable|disable]
set domain-controller {string}
set default-action [exempt|log|...]
set check-uri [enable|disable]
set check-basic-auth [enable|disable]
set max-body-len {integer}
config inspection-entries
Description: AntiPhishing entries.
edit <name>
set fortiguard-category {user}
set action [exempt|log|...]
next
end
config custom-patterns
Description: Custom username and password regex patterns.
edit <pattern>
set category [username|password]
next
end
end
set wisp [enable|disable]
config wisp-servers
Description: WISP servers.
edit <name>
next
end
set wisp-algorithm [primary-secondary|round-robin|...]
set log-all-url [enable|disable]
set web-content-log [enable|disable]
set web-filter-activex-log [enable|disable]
set web-filter-command-block-log [enable|disable]
set web-filter-cookie-log [enable|disable]
set web-filter-applet-log [enable|disable]
set web-filter-jscript-log [enable|disable]
set web-filter-js-log [enable|disable]
set web-filter-vbs-log [enable|disable]
set web-filter-unknown-log [enable|disable]
set web-filter-referer-log [enable|disable]
set web-filter-cookie-removal-log [enable|disable]
set web-url-log [enable|disable]
set web-invalid-domain-log [enable|disable]
set web-ftgd-err-log [enable|disable]
set web-ftgd-quota-usage [enable|disable]
set web-antiphishing-log [enable|disable]
next
end
config webfilter profile
|
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
comment |
Optional comments. |
var-string |
Maximum length: 255 |
|||||||||||||||||||||||||
|
replacemsg-group |
Replacement message group. |
string |
Maximum length: 35 |
|||||||||||||||||||||||||
|
options |
Options. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
https-replacemsg |
Enable replacement messages for HTTPS. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
ovrd-perm |
Permitted override types. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
post-action |
Action taken for HTTP POST traffic. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
youtube-channel-status |
YouTube channel filter status. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
wisp |
Enable/disable web proxy WISP. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
wisp-algorithm |
WISP server selection algorithm. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
log-all-url |
Enable/disable logging all URLs visited. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-content-log |
Enable/disable logging logging blocked web content. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-activex-log |
Enable/disable logging ActiveX. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-command-block-log |
Enable/disable logging blocked commands. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-cookie-log |
Enable/disable logging cookie filtering. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-applet-log |
Enable/disable logging Java applets. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-jscript-log |
Enable/disable logging JScripts. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-js-log |
Enable/disable logging Java scripts. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-vbs-log |
Enable/disable logging VBS scripts. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-unknown-log |
Enable/disable logging unknown scripts. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-referer-log |
Enable/disable logging referrers. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-filter-cookie-removal-log |
Enable/disable logging blocked cookies. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-url-log |
Enable/disable logging URL filtering. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-invalid-domain-log |
Enable/disable logging invalid domain names. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-ftgd-err-log |
Enable/disable logging rating errors. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-ftgd-quota-usage |
Enable/disable logging daily quota usage. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-antiphishing-log |
Enable/disable logging of AntiPhishing checks. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
config override
|
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ovrd-cookie |
Allow/deny browser-based (cookie) overrides. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-scope |
Override scope. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
profile-type |
Override profile type. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-dur-mode |
Override duration mode. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-dur |
Override duration. |
user |
Not Specified |
|||||||||||||||||||||||||||||||||||||||||||||||
|
profile-attribute |
Profile attribute to retrieve from the RADIUS server. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
config web
|
Parameter |
Description |
Type |
Size |
|||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
bword-threshold |
Banned word score threshold. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
|||||||||||||||
|
bword-table |
Banned word table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||||
|
urlfilter-table |
URL filter table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||||
|
content-header-list |
Content header list. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||||
|
blacklist |
Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. |
option |
- |
|||||||||||||||
|
|
|
|||||||||||||||||
|
whitelist |
FortiGuard whitelist settings. |
option |
- |
|||||||||||||||
|
|
|
|||||||||||||||||
|
safe-search |
Safe search type. |
option |
- |
|||||||||||||||
|
|
|
|||||||||||||||||
|
youtube-restrict |
YouTube EDU filter level. |
option |
- |
|||||||||||||||
|
|
|
|||||||||||||||||
|
log-search |
Enable/disable logging all search phrases. |
option |
- |
|||||||||||||||
|
|
|
|||||||||||||||||
config youtube-channel-filter
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
channel-id |
YouTube channel ID to be filtered. |
string |
Maximum length: 255 |
|
comment |
Comment. |
var-string |
Maximum length: 255 |
config ftgd-wf
|
Parameter |
Description |
Type |
Size |
|||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
options |
Options for FortiGuard Web Filter. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
exempt-quota |
Do not stop quota for these categories. |
user |
Not Specified |
|||||||||||||
|
ovrd |
Allow web filter profile overrides. |
user |
Not Specified |
|||||||||||||
|
max-quota-timeout |
Maximum FortiGuard quota used by single page view in seconds (excludes streams). |
integer |
Minimum value: 1 Maximum value: 86400 |
|||||||||||||
|
rate-image-urls |
Enable/disable rating images by URL. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
rate-javascript-urls |
Enable/disable rating JavaScript by URL. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
rate-css-urls |
Enable/disable rating CSS by URL. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
rate-crl-urls |
Enable/disable rating CRL by URL. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
config filters
|
Parameter |
Description |
Type |
Size |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
category |
Categories and groups the filter examines. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||||||
|
action |
Action to take for matches. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
warn-duration |
Duration of warnings. |
user |
Not Specified |
|||||||||||
|
log |
Enable/disable logging. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
override-replacemsg |
Override replacement message. |
string |
Maximum length: 28 |
|||||||||||
|
warning-prompt |
Warning prompts in each category or each domain. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
warning-duration-type |
Re-display warning after closing browser or after a timeout. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
config quota
|
Parameter |
Description |
Type |
Size |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
category |
FortiGuard categories to apply quota to (category action must be set to monitor). |
user |
Not Specified |
|||||||||||
|
type |
Quota type. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
reset-frequency |
Quota reset frequency . |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
unit |
Traffic quota unit of measurement. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
value |
Traffic quota value. |
integer |
Minimum value: 1 Maximum value: 4294967295 |
|||||||||||
|
duration |
Duration of quota. |
user |
Not Specified |
|||||||||||
|
override-replacemsg |
Override replacement message. |
string |
Maximum length: 28 |
|||||||||||
config antiphish
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
status |
Toggle AntiPhishing functionality. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
domain-controller |
Domain for which to verify received credentials against. |
string |
Maximum length: 63 |
|||||||||
|
default-action |
Action to be taken when there is no matching rule. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
check-uri |
Enable/disable checking of GET URI parameters for known credentials. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
check-basic-auth |
Enable/disable checking of HTTP Basic Auth field for known credentials. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
max-body-len |
Maximum size of a POST body to check for credentials. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||
config inspection-entries
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
fortiguard-category |
FortiGuard category to match. |
user |
Not Specified |
|||||||||
|
action |
Action to be taken upon an AntiPhishing match. |
option |
- |
|||||||||
|
|
|
|||||||||||
config custom-patterns
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
category |
Category that the pattern matches. |
option |
- |
|||||||
|
|
|
|||||||||