Fortinet white logo
Fortinet white logo

CLI Reference

config application list

config application list

Configure application control lists.

config application list
    Description: Configure application control lists.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set other-application-action [pass|block]
        set app-replacemsg [disable|enable]
        set other-application-log [disable|enable]
        set unknown-application-action [pass|block]
        set unknown-application-log [disable|enable]
        set p2p-black-list [skype|edonkey|...]
        set options [allow-dns|allow-icmp|...]
        config entries
            Description: Application list entries.
            edit <id>
                config risk
                    Description: Risk, or impact, of allowing traffic from this application to occur.
                    edit <level>
                    next
                end
                config category
                    Description: Category ID list.
                    edit <id>
                    next
                end
                config sub-category
                    Description: Application Sub-category ID list.
                    edit <id>
                    next
                end
                config application
                    Description: ID of allowed applications.
                    edit <id>
                    next
                end
                set protocols {user}
                set vendor {user}
                set technology {user}
                set behavior {user}
                set popularity [1|2|...]
                config tags
                    Description: Tag filter.
                    edit <name>
                    next
                end
                config parameters
                    Description: Application parameters.
                    edit <id>
                        set value {string}
                    next
                end
                set action [pass|block|...]
                set log [disable|enable]
                set log-packet [disable|enable]
                set rate-count {integer}
                set rate-duration {integer}
                set rate-mode [periodical|continuous]
                set rate-track [none|src-ip|...]
                set session-ttl {integer}
                set quarantine [none|attacker]
                set quarantine-expiry {user}
                set quarantine-log [disable|enable]
            next
        end
    next
end

config application list

Parameter

Description

Type

Size

name

List name.

string

Maximum length: 35

comment

comments

var-string

Maximum length: 255

replacemsg-group

Replacement message group.

string

Maximum length: 35

other-application-action

Action for other applications.

option

-

Option

Description

pass

Allow sessions matching an application in this application list.

block

Block sessions matching an application in this application list.

app-replacemsg

Enable/disable replacement messages for blocked applications.

option

-

Option

Description

disable

Disable replacement messages for blocked applications.

enable

Enable replacement messages for blocked applications.

other-application-log

Enable/disable logging for other applications.

option

-

Option

Description

disable

Disable logging for other applications.

enable

Enable logging for other applications.

unknown-application-action

Pass or block traffic from unknown applications.

option

-

Option

Description

pass

Pass or allow unknown applications.

block

Drop or block unknown applications.

unknown-application-log

Enable/disable logging for unknown applications.

option

-

Option

Description

disable

Disable logging for unknown applications.

enable

Enable logging for unknown applications.

p2p-black-list

P2P applications to be black listed.

option

-

Option

Description

skype

Skype.

edonkey

Edonkey.

bittorrent

Bit torrent.

options

Basic application protocol signatures allowed by default.

option

-

Option

Description

allow-dns

Allow DNS.

allow-icmp

Allow ICMP.

allow-http

Allow generic HTTP web browsing.

allow-ssl

Allow generic SSL communication.

allow-quic

Allow QUIC.

config entries

Parameter

Description

Type

Size

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

protocols

Application protocol filter.

user

Not Specified

vendor

Application vendor filter.

user

Not Specified

technology

Application technology filter.

user

Not Specified

behavior

Application behavior filter.

user

Not Specified

popularity

Application popularity filter.

option

-

Option

Description

1

Popularity level 1.

2

Popularity level 2.

3

Popularity level 3.

4

Popularity level 4.

5

Popularity level 5.

action

Pass or block traffic, or reset connection for traffic from this application.

option

-

Option

Description

pass

Pass or allow matching traffic.

block

Block or drop matching traffic.

reset

Reset sessions for matching traffic.

log

Enable/disable logging for this application list.

option

-

Option

Description

disable

Disable logging.

enable

Enable logging.

log-packet

Enable/disable packet logging.

option

-

Option

Description

disable

Disable packet logging.

enable

Enable packet logging.

rate-count

Count of the rate.

integer

Minimum value: 0 Maximum value: 65535

rate-duration

Duration (sec) of the rate.

integer

Minimum value: 1 Maximum value: 65535

rate-mode

Rate limit mode.

option

-

Option

Description

periodical

Allow configured number of packets every rate-duration.

continuous

Block packets once the rate is reached.

rate-track

Track the packet protocol field.

option

-

Option

Description

none

none

src-ip

Source IP.

dest-ip

Destination IP.

dhcp-client-mac

DHCP client.

dns-domain

DNS domain.

session-ttl

Session TTL.

integer

Minimum value: 0 Maximum value: 4294967295

quarantine

Quarantine method.

option

-

Option

Description

none

Quarantine is disabled.

attacker

Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine, from 1 minute to 364 days, 23 hours, and 59 minutes from now.. Requires quarantine set to attacker.

user

Not Specified

quarantine-log

Enable/disable quarantine logging.

option

-

Option

Description

disable

Disable quarantine logging.

enable

Enable quarantine logging.

config risk

Parameter

Description

Type

Size

level

Risk, or impact, of allowing traffic from this application to occur.

integer

Minimum value: 0 Maximum value: 4294967295

config category

Parameter

Description

Type

Size

id

Application category ID.

integer

Minimum value: 0 Maximum value: 4294967295

config sub-category

Parameter

Description

Type

Size

id

Application sub-category ID.

integer

Minimum value: 0 Maximum value: 4294967295

config application

Parameter

Description

Type

Size

id

Application IDs.

integer

Minimum value: 0 Maximum value: 4294967295

config tags

Parameter

Description

Type

Size

name

Tag name.

string

Maximum length: 64

config parameters

Parameter

Description

Type

Size

id

Parameter ID.

integer

Minimum value: 0 Maximum value: 4294967295

value

Parameter value.

string

Maximum length: 63

config application list

config application list

Configure application control lists.

config application list
    Description: Configure application control lists.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set other-application-action [pass|block]
        set app-replacemsg [disable|enable]
        set other-application-log [disable|enable]
        set unknown-application-action [pass|block]
        set unknown-application-log [disable|enable]
        set p2p-black-list [skype|edonkey|...]
        set options [allow-dns|allow-icmp|...]
        config entries
            Description: Application list entries.
            edit <id>
                config risk
                    Description: Risk, or impact, of allowing traffic from this application to occur.
                    edit <level>
                    next
                end
                config category
                    Description: Category ID list.
                    edit <id>
                    next
                end
                config sub-category
                    Description: Application Sub-category ID list.
                    edit <id>
                    next
                end
                config application
                    Description: ID of allowed applications.
                    edit <id>
                    next
                end
                set protocols {user}
                set vendor {user}
                set technology {user}
                set behavior {user}
                set popularity [1|2|...]
                config tags
                    Description: Tag filter.
                    edit <name>
                    next
                end
                config parameters
                    Description: Application parameters.
                    edit <id>
                        set value {string}
                    next
                end
                set action [pass|block|...]
                set log [disable|enable]
                set log-packet [disable|enable]
                set rate-count {integer}
                set rate-duration {integer}
                set rate-mode [periodical|continuous]
                set rate-track [none|src-ip|...]
                set session-ttl {integer}
                set quarantine [none|attacker]
                set quarantine-expiry {user}
                set quarantine-log [disable|enable]
            next
        end
    next
end

config application list

Parameter

Description

Type

Size

name

List name.

string

Maximum length: 35

comment

comments

var-string

Maximum length: 255

replacemsg-group

Replacement message group.

string

Maximum length: 35

other-application-action

Action for other applications.

option

-

Option

Description

pass

Allow sessions matching an application in this application list.

block

Block sessions matching an application in this application list.

app-replacemsg

Enable/disable replacement messages for blocked applications.

option

-

Option

Description

disable

Disable replacement messages for blocked applications.

enable

Enable replacement messages for blocked applications.

other-application-log

Enable/disable logging for other applications.

option

-

Option

Description

disable

Disable logging for other applications.

enable

Enable logging for other applications.

unknown-application-action

Pass or block traffic from unknown applications.

option

-

Option

Description

pass

Pass or allow unknown applications.

block

Drop or block unknown applications.

unknown-application-log

Enable/disable logging for unknown applications.

option

-

Option

Description

disable

Disable logging for unknown applications.

enable

Enable logging for unknown applications.

p2p-black-list

P2P applications to be black listed.

option

-

Option

Description

skype

Skype.

edonkey

Edonkey.

bittorrent

Bit torrent.

options

Basic application protocol signatures allowed by default.

option

-

Option

Description

allow-dns

Allow DNS.

allow-icmp

Allow ICMP.

allow-http

Allow generic HTTP web browsing.

allow-ssl

Allow generic SSL communication.

allow-quic

Allow QUIC.

config entries

Parameter

Description

Type

Size

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

protocols

Application protocol filter.

user

Not Specified

vendor

Application vendor filter.

user

Not Specified

technology

Application technology filter.

user

Not Specified

behavior

Application behavior filter.

user

Not Specified

popularity

Application popularity filter.

option

-

Option

Description

1

Popularity level 1.

2

Popularity level 2.

3

Popularity level 3.

4

Popularity level 4.

5

Popularity level 5.

action

Pass or block traffic, or reset connection for traffic from this application.

option

-

Option

Description

pass

Pass or allow matching traffic.

block

Block or drop matching traffic.

reset

Reset sessions for matching traffic.

log

Enable/disable logging for this application list.

option

-

Option

Description

disable

Disable logging.

enable

Enable logging.

log-packet

Enable/disable packet logging.

option

-

Option

Description

disable

Disable packet logging.

enable

Enable packet logging.

rate-count

Count of the rate.

integer

Minimum value: 0 Maximum value: 65535

rate-duration

Duration (sec) of the rate.

integer

Minimum value: 1 Maximum value: 65535

rate-mode

Rate limit mode.

option

-

Option

Description

periodical

Allow configured number of packets every rate-duration.

continuous

Block packets once the rate is reached.

rate-track

Track the packet protocol field.

option

-

Option

Description

none

none

src-ip

Source IP.

dest-ip

Destination IP.

dhcp-client-mac

DHCP client.

dns-domain

DNS domain.

session-ttl

Session TTL.

integer

Minimum value: 0 Maximum value: 4294967295

quarantine

Quarantine method.

option

-

Option

Description

none

Quarantine is disabled.

attacker

Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine, from 1 minute to 364 days, 23 hours, and 59 minutes from now.. Requires quarantine set to attacker.

user

Not Specified

quarantine-log

Enable/disable quarantine logging.

option

-

Option

Description

disable

Disable quarantine logging.

enable

Enable quarantine logging.

config risk

Parameter

Description

Type

Size

level

Risk, or impact, of allowing traffic from this application to occur.

integer

Minimum value: 0 Maximum value: 4294967295

config category

Parameter

Description

Type

Size

id

Application category ID.

integer

Minimum value: 0 Maximum value: 4294967295

config sub-category

Parameter

Description

Type

Size

id

Application sub-category ID.

integer

Minimum value: 0 Maximum value: 4294967295

config application

Parameter

Description

Type

Size

id

Application IDs.

integer

Minimum value: 0 Maximum value: 4294967295

config tags

Parameter

Description

Type

Size

name

Tag name.

string

Maximum length: 64

config parameters

Parameter

Description

Type

Size

id

Parameter ID.

integer

Minimum value: 0 Maximum value: 4294967295

value

Parameter value.

string

Maximum length: 63