Fortinet black logo

CLI Reference

Home FortiProxy 2.0.12 CLI Reference
2.0.12
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.17
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
2.0.13
2.0.12
2.0.0
1.2.4

config dnsfilter profile

config dnsfilter profile

Configure DNS domain filter profiles.

config dnsfilter profile
    Description: Configure DNS domain filter profiles.
    edit <name>
        set comment {var-string}
        config domain-filter
            Description: Domain filter settings.
            set domain-filter-table {integer}
        end
        config ftgd-dns
            Description: FortiGuard DNS Filter settings.
            set options [error-allow|ftgd-disable]
            config filters
                Description: FortiGuard DNS domain filters.
                edit <id>
                    set category {integer}
                    set action [block|monitor]
                    set log [enable|disable]
                next
            end
        end
        set log-all-domain [enable|disable]
        set sdns-ftgd-err-log [enable|disable]
        set sdns-domain-log [enable|disable]
        set block-action [block|redirect]
        set redirect-portal {ipv4-address}
        set block-botnet [disable|enable]
        set safe-search [disable|enable]
        set youtube-restrict [strict|moderate]
    next
end

config dnsfilter profile

Parameter

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

log-all-domain

Enable/disable logging of all domains visited (detailed DNS logging).

option

-

Option

Description

enable

Enable logging of all domains visited.

disable

Disable logging of all domains visited.

sdns-ftgd-err-log

Enable/disable FortiGuard SDNS rating error logging.

option

-

Option

Description

enable

Enable FortiGuard SDNS rating error logging.

disable

Disable FortiGuard SDNS rating error logging.

sdns-domain-log

Enable/disable domain filtering and botnet domain logging.

option

-

Option

Description

enable

Enable domain filtering and botnet domain logging.

disable

Disable domain filtering and botnet domain logging.

block-action

Action to take for blocked domains.

option

-

Option

Description

block

Return NXDOMAIN for blocked domains.

redirect

Redirect blocked domains to SDNS portal.

redirect-portal

IP address of the SDNS redirect portal.

ipv4-address

Not Specified

block-botnet

Enable/disable blocking botnet C&C DNS lookups.

option

-

Option

Description

disable

Disable blocking botnet C&C DNS lookups.

enable

Enable blocking botnet C&C DNS lookups.

safe-search

Enable/disable Google, Bing, and YouTube safe search.

option

-

Option

Description

disable

Disable Google, Bing, and YouTube safe search.

enable

Enable Google, Bing, and YouTube safe search.

youtube-restrict

Set safe search for YouTube restriction level.

option

-

Option

Description

strict

Enable strict safe seach for YouTube.

moderate

Enable moderate safe search for YouTube.

config domain-filter

Parameter

Description

Type

Size

domain-filter-table

DNS domain filter table ID.

integer

Minimum value: 0 Maximum value: 4294967295

config ftgd-dns

Parameter

Description

Type

Size

options

FortiGuard DNS filter options.

option

-

Option

Description

error-allow

Allow all domains when FortiGuard DNS servers fail.

ftgd-disable

Disable FortiGuard DNS domain rating.

config filters

Parameter

Description

Type

Size

category

Category number.

integer

Minimum value: 0 Maximum value: 255

action

Action to take for DNS requests matching the category.

option

-

Option

Description

block

Block DNS requests matching the category.

monitor

Allow DNS requests matching the category and log the result.

log

Enable/disable DNS filter logging for this DNS profile.

option

-

Option

Description

enable

Enable DNS filter logging.

disable

Disable DNS filter logging.
Previous
Next

config dnsfilter profile

Configure DNS domain filter profiles.

config dnsfilter profile
    Description: Configure DNS domain filter profiles.
    edit <name>
        set comment {var-string}
        config domain-filter
            Description: Domain filter settings.
            set domain-filter-table {integer}
        end
        config ftgd-dns
            Description: FortiGuard DNS Filter settings.
            set options [error-allow|ftgd-disable]
            config filters
                Description: FortiGuard DNS domain filters.
                edit <id>
                    set category {integer}
                    set action [block|monitor]
                    set log [enable|disable]
                next
            end
        end
        set log-all-domain [enable|disable]
        set sdns-ftgd-err-log [enable|disable]
        set sdns-domain-log [enable|disable]
        set block-action [block|redirect]
        set redirect-portal {ipv4-address}
        set block-botnet [disable|enable]
        set safe-search [disable|enable]
        set youtube-restrict [strict|moderate]
    next
end

config dnsfilter profile

Parameter

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

log-all-domain

Enable/disable logging of all domains visited (detailed DNS logging).

option

-

Option

Description

enable

Enable logging of all domains visited.

disable

Disable logging of all domains visited.

sdns-ftgd-err-log

Enable/disable FortiGuard SDNS rating error logging.

option

-

Option

Description

enable

Enable FortiGuard SDNS rating error logging.

disable

Disable FortiGuard SDNS rating error logging.

sdns-domain-log

Enable/disable domain filtering and botnet domain logging.

option

-

Option

Description

enable

Enable domain filtering and botnet domain logging.

disable

Disable domain filtering and botnet domain logging.

block-action

Action to take for blocked domains.

option

-

Option

Description

block

Return NXDOMAIN for blocked domains.

redirect

Redirect blocked domains to SDNS portal.

redirect-portal

IP address of the SDNS redirect portal.

ipv4-address

Not Specified

block-botnet

Enable/disable blocking botnet C&C DNS lookups.

option

-

Option

Description

disable

Disable blocking botnet C&C DNS lookups.

enable

Enable blocking botnet C&C DNS lookups.

safe-search

Enable/disable Google, Bing, and YouTube safe search.

option

-

Option

Description

disable

Disable Google, Bing, and YouTube safe search.

enable

Enable Google, Bing, and YouTube safe search.

youtube-restrict

Set safe search for YouTube restriction level.

option

-

Option

Description

strict

Enable strict safe seach for YouTube.

moderate

Enable moderate safe search for YouTube.

config domain-filter

Parameter

Description

Type

Size

domain-filter-table

DNS domain filter table ID.

integer

Minimum value: 0 Maximum value: 4294967295

config ftgd-dns

Parameter

Description

Type

Size

options

FortiGuard DNS filter options.

option

-

Option

Description

error-allow

Allow all domains when FortiGuard DNS servers fail.

ftgd-disable

Disable FortiGuard DNS domain rating.

config filters

Parameter

Description

Type

Size

category

Category number.

integer

Minimum value: 0 Maximum value: 255

action

Action to take for DNS requests matching the category.

option

-

Option

Description

block

Block DNS requests matching the category.

monitor

Allow DNS requests matching the category and log the result.

log

Enable/disable DNS filter logging for this DNS profile.

option

-

Option

Description

enable

Enable DNS filter logging.

disable

Disable DNS filter logging.
Previous
Next