config firewall profile-protocol-options

Configure protocol options.

config firewall profile-protocol-options
    Description: Configure protocol options.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set oversize-log [disable|enable]
        set switching-protocols-log [disable|enable]
        config http
            Description: Configure HTTP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [clientcomfort|servercomfort|...]
            set comfort-interval {integer}
            set comfort-amount {integer}
            set range-block [disable|enable]
            set post-lang [jisx0201|jisx0208|...]
            set fortinet-bar [enable|disable]
            set fortinet-bar-port {integer}
            set streaming-content-bypass [enable|disable]
            set dns-protection [enable|disable]
            set switching-protocols [bypass|block]
            set unknown-http-version [reject|tunnel|...]
            set tunnel-non-http [enable|disable]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set stream-based-uncompressed-limit {integer}
            set scan-bzip2 [enable|disable]
            set block-page-status-code {integer}
            set retry-count {integer}
            set tcp-window-type [system|static|...]
            set tcp-window-minimum {integer}
            set tcp-window-maximum {integer}
            set tcp-window-size {integer}
            set address-ip-rating [enable|disable]
        end
        config ftp
            Description: Configure FTP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [clientcomfort|oversize|...]
            set comfort-interval {integer}
            set comfort-amount {integer}
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config rtmp
            Description: RTMP.
            set ports {integer}
            set status [enable|disable]
            set rtmpt [enable|disable]
            set http-tunnel [enable|disable]
        end
        config imap
            Description: Configure IMAP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config mapi
            Description: Configure MAPI protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config pop3
            Description: Configure POP3 protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config smtp
            Description: Configure SMTP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize|...]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
            set server-busy [enable|disable]
        end
        config ssh
            Description: Configure SFTP and SCP protocol options.
            set options [oversize|clientcomfort|...]
            set comfort-interval {integer}
            set comfort-amount {integer}
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config dns
            Description: Configure DNS protocol options.
            set ports {integer}
            set status [enable|disable]
        end
        config cifs
            Description: CIFS.
            set ports {integer}
            set status [enable|disable]
            set tcp-window-type [system|static|...]
            set tcp-window-minimum {integer}
            set tcp-window-maximum {integer}
            set tcp-window-size {integer}
        end
        set rpc-over-http [enable|disable]
    next
end

config firewall profile-protocol-options

Parameter

Description

Type

Size

comment

Optional comments.

var-string

Maximum length: 255

replacemsg-group

Name of the replacement message group to be used

string

Maximum length: 35

oversize-log

Enable/disable logging for antivirus oversize file blocking.

option

Option	Description
disable	Disable logging for antivirus oversize file blocking.
enable	Enable logging for antivirus oversize file blocking.

switching-protocols-log

Enable/disable logging for HTTP/HTTPS switching protocols.

option

Option	Description
disable	Disable logging for HTTP/HTTPS switching protocols.
enable	Enable logging for HTTP/HTTPS switching protocols.

rpc-over-http

Enable/disable inspection of RPC over HTTP.

option

Option	Description
enable	Enable inspection of RPC over HTTP.
disable	Disable inspection of RPC over HTTP.

config http

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.
oversize	Block oversized file/email.
chunkedbypass	Bypass chunked transfer encoded sites.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

range-block

Enable/disable blocking of partial downloads.

option

Option	Description
disable	Disable blocking of partial downloads.
enable	Enable blocking of partial downloads.

post-lang

ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets).

option

Option	Description
jisx0201	Japanese Industrial Standard 0201.
jisx0208	Japanese Industrial Standard 0208.
jisx0212	Japanese Industrial Standard 0212.
gb2312	Guojia Biaozhun 2312 (simplified Chinese).
ksc5601-ex	Wansung Korean standard 5601.
euc-jp	Extended Unicode Japanese.
sjis	Shift Japanese Industrial Standard.
iso2022-jp	ISO 2022 Japanese.
iso2022-jp-1	ISO 2022-1 Japanese.
iso2022-jp-2	ISO 2022-2 Japanese.
euc-cn	Extended Unicode Chinese.
ces-gbk	Extended GB2312 (simplified Chinese).
hz	Hanzi simplified Chinese.
ces-big5	Big-5 traditional Chinese.
euc-kr	Extended Unicode Korean.
iso2022-jp-3	ISO 2022-3 Japanese.
iso8859-1	ISO 8859 Part 1 (Western European).
tis620	Thai Industrial Standard 620.
cp874	Code Page 874 (Thai).
cp1252	Code Page 1252 (Western European Latin).
cp1251	Code Page 1251 (Cyrillic).

fortinet-bar

Enable/disable Fortinet bar on HTML content.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

fortinet-bar-port

Port for use by Fortinet Bar .

integer

Minimum value: 1 Maximum value: 65535

streaming-content-bypass

Enable/disable bypassing of streaming content from buffering.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

dns-protection

Enable/disable DNS protection for HTTP/HTTPS traffic.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

switching-protocols

Bypass from scanning, or block a connection that attempts to switch protocol.

option

Option	Description
bypass	Bypass connections when switching protocols.
block	Block connections when switching protocols.

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

Option	Description
reject	Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel	Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort	Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

Option	Description
enable	Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable	Drop or tear down non-HTTP sessions accepted by the profile.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

block-page-status-code

Code number returned for blocked HTTP pages .

integer

Minimum value: 100 Maximum value: 599

retry-count

Number of attempts to retry HTTP connection .

integer

Minimum value: 0 Maximum value: 100

tcp-window-type

Specify type of TCP window to use for this protocol.

option

Option	Description
system	Use system default TCP window size for this protocol (Default).
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory, within limits.

tcp-window-minimum

Minimum dynamic TCP window size .

integer

Minimum value: 65536 Maximum value: 1048576

tcp-window-maximum

Maximum dynamic TCP window size .

integer

Minimum value: 1048576 Maximum value: 33554432

tcp-window-size

Set TCP static window size .

integer

Minimum value: 65536 Maximum value: 33554432

address-ip-rating

Enable/disable IP based URL rating.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config ftp

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
oversize	Block oversized file/email.
splice	Enable splice mode.
bypass-rest-command	Bypass REST command.
bypass-mode-command	Bypass MODE command.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config rtmp

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

rtmpt

Enable/disable RTMPT.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

http-tunnel

Enable/disable RTMP http tunnel.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config imap

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config mapi

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config pop3

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config smtp

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.
splice	Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

server-busy

Enable/disable SMTP server busy when server not available.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config ssh

Parameter

Description

Type

Size

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file/email.
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config dns

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config cifs

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

Specify type of TCP window to use for this protocol.

option

Option	Description
system	Use system default TCP window size for this protocol (Default).
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory, within limits.

tcp-window-minimum

Minimum dynamic TCP window size .

integer

Minimum value: 65536 Maximum value: 1048576

tcp-window-maximum

Maximum dynamic TCP window size .

integer

Minimum value: 1048576 Maximum value: 33554432

tcp-window-size

Set TCP static window size .

integer

Minimum value: 65536 Maximum value: 33554432

config firewall profile-protocol-options

Configure protocol options.

config firewall profile-protocol-options
    Description: Configure protocol options.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set oversize-log [disable|enable]
        set switching-protocols-log [disable|enable]
        config http
            Description: Configure HTTP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [clientcomfort|servercomfort|...]
            set comfort-interval {integer}
            set comfort-amount {integer}
            set range-block [disable|enable]
            set post-lang [jisx0201|jisx0208|...]
            set fortinet-bar [enable|disable]
            set fortinet-bar-port {integer}
            set streaming-content-bypass [enable|disable]
            set dns-protection [enable|disable]
            set switching-protocols [bypass|block]
            set unknown-http-version [reject|tunnel|...]
            set tunnel-non-http [enable|disable]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set stream-based-uncompressed-limit {integer}
            set scan-bzip2 [enable|disable]
            set block-page-status-code {integer}
            set retry-count {integer}
            set tcp-window-type [system|static|...]
            set tcp-window-minimum {integer}
            set tcp-window-maximum {integer}
            set tcp-window-size {integer}
            set address-ip-rating [enable|disable]
        end
        config ftp
            Description: Configure FTP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [clientcomfort|oversize|...]
            set comfort-interval {integer}
            set comfort-amount {integer}
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config rtmp
            Description: RTMP.
            set ports {integer}
            set status [enable|disable]
            set rtmpt [enable|disable]
            set http-tunnel [enable|disable]
        end
        config imap
            Description: Configure IMAP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config mapi
            Description: Configure MAPI protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config pop3
            Description: Configure POP3 protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config smtp
            Description: Configure SMTP protocol options.
            set ports {integer}
            set status [enable|disable]
            set options [fragmail|oversize|...]
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
            set server-busy [enable|disable]
        end
        config ssh
            Description: Configure SFTP and SCP protocol options.
            set options [oversize|clientcomfort|...]
            set comfort-interval {integer}
            set comfort-amount {integer}
            set oversize-limit {integer}
            set uncompressed-oversize-limit {integer}
            set uncompressed-nest-limit {integer}
            set scan-bzip2 [enable|disable]
        end
        config dns
            Description: Configure DNS protocol options.
            set ports {integer}
            set status [enable|disable]
        end
        config cifs
            Description: CIFS.
            set ports {integer}
            set status [enable|disable]
            set tcp-window-type [system|static|...]
            set tcp-window-minimum {integer}
            set tcp-window-maximum {integer}
            set tcp-window-size {integer}
        end
        set rpc-over-http [enable|disable]
    next
end

config firewall profile-protocol-options

Parameter

Description

Type

Size

comment

Optional comments.

var-string

Maximum length: 255

replacemsg-group

Name of the replacement message group to be used

string

Maximum length: 35

oversize-log

Enable/disable logging for antivirus oversize file blocking.

option

Option	Description
disable	Disable logging for antivirus oversize file blocking.
enable	Enable logging for antivirus oversize file blocking.

switching-protocols-log

Enable/disable logging for HTTP/HTTPS switching protocols.

option

Option	Description
disable	Disable logging for HTTP/HTTPS switching protocols.
enable	Enable logging for HTTP/HTTPS switching protocols.

rpc-over-http

Enable/disable inspection of RPC over HTTP.

option

Option	Description
enable	Enable inspection of RPC over HTTP.
disable	Disable inspection of RPC over HTTP.

config http

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.
oversize	Block oversized file/email.
chunkedbypass	Bypass chunked transfer encoded sites.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

range-block

Enable/disable blocking of partial downloads.

option

Option	Description
disable	Disable blocking of partial downloads.
enable	Enable blocking of partial downloads.

post-lang

ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets).

option

Option	Description
jisx0201	Japanese Industrial Standard 0201.
jisx0208	Japanese Industrial Standard 0208.
jisx0212	Japanese Industrial Standard 0212.
gb2312	Guojia Biaozhun 2312 (simplified Chinese).
ksc5601-ex	Wansung Korean standard 5601.
euc-jp	Extended Unicode Japanese.
sjis	Shift Japanese Industrial Standard.
iso2022-jp	ISO 2022 Japanese.
iso2022-jp-1	ISO 2022-1 Japanese.
iso2022-jp-2	ISO 2022-2 Japanese.
euc-cn	Extended Unicode Chinese.
ces-gbk	Extended GB2312 (simplified Chinese).
hz	Hanzi simplified Chinese.
ces-big5	Big-5 traditional Chinese.
euc-kr	Extended Unicode Korean.
iso2022-jp-3	ISO 2022-3 Japanese.
iso8859-1	ISO 8859 Part 1 (Western European).
tis620	Thai Industrial Standard 620.
cp874	Code Page 874 (Thai).
cp1252	Code Page 1252 (Western European Latin).
cp1251	Code Page 1251 (Cyrillic).

fortinet-bar

Enable/disable Fortinet bar on HTML content.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

fortinet-bar-port

Port for use by Fortinet Bar .

integer

Minimum value: 1 Maximum value: 65535

streaming-content-bypass

Enable/disable bypassing of streaming content from buffering.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

dns-protection

Enable/disable DNS protection for HTTP/HTTPS traffic.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

switching-protocols

Bypass from scanning, or block a connection that attempts to switch protocol.

option

Option	Description
bypass	Bypass connections when switching protocols.
block	Block connections when switching protocols.

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

Option	Description
reject	Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel	Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort	Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

Option	Description
enable	Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable	Drop or tear down non-HTTP sessions accepted by the profile.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned .

integer

Minimum value: 0 Maximum value: 4294967295

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

block-page-status-code

Code number returned for blocked HTTP pages .

integer

Minimum value: 100 Maximum value: 599

retry-count

Number of attempts to retry HTTP connection .

integer

Minimum value: 0 Maximum value: 100

tcp-window-type

Specify type of TCP window to use for this protocol.

option

Option	Description
system	Use system default TCP window size for this protocol (Default).
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory, within limits.

tcp-window-minimum

Minimum dynamic TCP window size .

integer

Minimum value: 65536 Maximum value: 1048576

tcp-window-maximum

Maximum dynamic TCP window size .

integer

Minimum value: 1048576 Maximum value: 33554432

tcp-window-size

Set TCP static window size .

integer

Minimum value: 65536 Maximum value: 33554432

address-ip-rating

Enable/disable IP based URL rating.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config ftp

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
clientcomfort	Prevent client timeout.
oversize	Block oversized file/email.
splice	Enable splice mode.
bypass-rest-command	Bypass REST command.
bypass-mode-command	Bypass MODE command.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config rtmp

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

rtmpt

Enable/disable RTMPT.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

http-tunnel

Enable/disable RTMP http tunnel.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config imap

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config mapi

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config pop3

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config smtp

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

options

One or more options that can be applied to the session.

option

Option	Description
fragmail	Pass fragmented email.
oversize	Block oversized file/email.
splice	Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

server-busy

Enable/disable SMTP server busy when server not available.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config ssh

Parameter

Description

Type

Size

options

One or more options that can be applied to the session.

option

Option	Description
oversize	Block oversized file/email.
clientcomfort	Prevent client timeout.
servercomfort	Prevent server timeout.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 200

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 0 Maximum value: 200

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config dns

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config cifs

Parameter

Description

Type

Size

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

tcp-window-type

Specify type of TCP window to use for this protocol.

option

Option	Description
system	Use system default TCP window size for this protocol (Default).
static	Manually specify TCP window size.
dynamic	Vary TCP window size based on available memory, within limits.

tcp-window-minimum

Minimum dynamic TCP window size .

integer

Minimum value: 65536 Maximum value: 1048576

tcp-window-maximum

Maximum dynamic TCP window size .

integer

Minimum value: 1048576 Maximum value: 33554432

tcp-window-size

Set TCP static window size .

integer

Minimum value: 65536 Maximum value: 33554432

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config firewall profile-protocol-options

config firewall profile-protocol-options

config firewall profile-protocol-options

config http

config ftp

config rtmp

config imap

config mapi

config pop3

config smtp

config ssh