CLI Reference

FortiProxy CLI Interface
alertemail
- config alertemail setting
antivirus
- config antivirus profile
- config antivirus quarantine
- config antivirus settings
application
- config application custom
- config application group
- config application list
- config application name
- config application rule-settings
authentication
- config authentication rule
- config authentication scheme
- config authentication setting
certificate
- config certificate ca
- config certificate crl
- config certificate local
- config certificate remote
dlp
- config dlp filepattern
- config dlp fp-doc-source
- config dlp sensitivity
- config dlp sensor
- config dlp settings
dnsfilter
- config dnsfilter domain-filter
- config dnsfilter profile
emailfilter
- config emailfilter block-allow-list
- config emailfilter bword
- config emailfilter dnsbl
- config emailfilter fortishield
- config emailfilter iptrust
- config emailfilter mheader
- config emailfilter options
- config emailfilter profile
endpoint-control
- config endpoint-control fctems
file-filter
- config file-filter profile
firewall
- config firewall access-proxy-ssh-client-cert
- config firewall access-proxy-virtual-host
- config firewall access-proxy
- config firewall access-proxy6
- config firewall address
- config firewall address6-template
- config firewall address6
- config firewall addrgrp
- config firewall addrgrp6
- config firewall auth-portal
- config firewall central-snat-map
- config firewall city
- config firewall country
- config firewall decrypted-traffic-mirror
- config firewall identity-based-route
- config firewall internet-service-addition
- config firewall internet-service-append
- config firewall internet-service-botnet
- config firewall internet-service-custom-group
- config firewall internet-service-custom
- config firewall internet-service-definition
- config firewall internet-service-extension
- config firewall internet-service-group
- config firewall internet-service-ipbl-reason
- config firewall internet-service-ipbl-vendor
- config firewall internet-service-list
- config firewall internet-service-name
- config firewall internet-service-owner
- config firewall internet-service-reputation
- config firewall internet-service-sld
- config firewall internet-service
- config firewall ippool
- config firewall ippool6
- config firewall policy
- config firewall profile-group
- config firewall profile-protocol-options
- config firewall proxy-address
- config firewall proxy-addrgrp
- config firewall region
- config firewall schedule group
- config firewall schedule onetime
- config firewall schedule recurring
- config firewall service category
- config firewall service custom
- config firewall service group
- config firewall shaping-policy
- config firewall shaping-profile
- config firewall sniffer
- config firewall ssh host-key
- config firewall ssh local-ca
- config firewall ssh local-key
- config firewall ssh setting
- config firewall ssl-server
- config firewall ssl-ssh-profile
- config firewall ssl default-certificate
- config firewall ssl keyring-list
- config firewall ssl setting
- config firewall traffic-class
- config firewall ttl-policy
- config firewall vendor-mac-summary
- config firewall vendor-mac
- config firewall vip
- config firewall vipgrp
- config firewall wildcard-fqdn custom
- config firewall wildcard-fqdn group
ftp-proxy
- config ftp-proxy explicit
hardware
- config hardware cpu
- config hardware memory
- config hardware nic
- config hardware status
icap
- config icap local-server
- config icap profile
- config icap remote-server-group
- config icap remote-server
image-analyzer
- config image-analyzer profile
ips
- config ips custom
- config ips decoder
- config ips global
- config ips rule-settings
- config ips rule
- config ips sensor
- config ips session
- config ips settings
- config ips view-map
ipsec
- config ipsec tunnel
log
- config log custom-field
- config log disk filter
- config log disk setting
- config log eventfilter
- config log fortianalyzer-cloud filter
- config log fortianalyzer-cloud override-filter
- config log fortianalyzer-cloud override-setting
- config log fortianalyzer-cloud setting
- config log fortianalyzer2 filter
- config log fortianalyzer2 override-filter
- config log fortianalyzer2 override-setting
- config log fortianalyzer2 setting
- config log fortianalyzer3 filter
- config log fortianalyzer3 override-filter
- config log fortianalyzer3 override-setting
- config log fortianalyzer3 setting
- config log fortianalyzer filter
- config log fortianalyzer override-filter
- config log fortianalyzer override-setting
- config log fortianalyzer setting
- config log fortiguard filter
- config log fortiguard override-filter
- config log fortiguard override-setting
- config log fortiguard setting
- config log gui-display
- config log memory filter
- config log memory global-setting
- config log memory setting
- config log null-device filter
- config log null-device setting
- config log setting
- config log syslogd2 filter
- config log syslogd2 override-filter
- config log syslogd2 override-setting
- config log syslogd2 setting
- config log syslogd3 filter
- config log syslogd3 override-filter
- config log syslogd3 override-setting
- config log syslogd3 setting
- config log syslogd4 filter
- config log syslogd4 override-filter
- config log syslogd4 override-setting
- config log syslogd4 setting
- config log syslogd filter
- config log syslogd override-filter
- config log syslogd override-setting
- config log syslogd setting
- config log tacacs+accounting2 filter
- config log tacacs+accounting2 setting
- config log tacacs+accounting3 filter
- config log tacacs+accounting3 setting
- config log tacacs+accounting filter
- config log tacacs+accounting setting
- config log threat-weight
- config log webtrends filter
- config log webtrends setting
mgmt-data
- config mgmt-data status
report
- config report layout
- config report setting
- config report sql status
router
- config router policy
- config router static
- config router static6
ssh-filter
- config ssh-filter profile
system
- config system accprofile
- config system acme
- config system admin
- config system affinity-interrupt
- config system affinity-packet-redistribution
- config system alarm
- config system alias
- config system api-user
- config system arp-table
- config system arp
- config system auto-install
- config system auto-script
- config system auto-update status
- config system auto-update versions
- config system automation-action
- config system automation-destination
- config system automation-stitch
- config system automation-trigger
- config system autoupdate schedule
- config system autoupdate tunneling
- config system central-management
- config system central-mgmt
- config system checksum status
- config system cmdb
- config system console
- config system csf
- config system custom-language
- config system ddns
- config system dedicated-mgmt
- config system dhcp6 server
- config system dhcp server
- config system dns-database
- config system dns-server
- config system dns
- config system dscp-based-priority
- config system email-server
- config system external-resource
- config system federated-upgrade
- config system fips-cc
- config system fortiai
- config system fortianalyzer-connectivity
- config system fortiguard-log-service
- config system fortiguard-service
- config system fortiguard
- config system fortisandbox
- config system fsso-polling
- config system ftm-push
- config system geoip-country
- config system geoip-override
- config system global
- config system gre-tunnel
- config system ha-monitor
- config system ha-nonsync-csum
- config system ha
- config system info admin ssh
- config system info admin status
- config system interface
- config system ip-conflict status
- config system ipam
- config system ips-urlfilter-dns
- config system ips-urlfilter-dns6
- config system ips
- config system ipv6-neighbor-cache
- config system link-monitor
- config system mac-address-table
- config system management-tunnel
- config system mgmt-csum
- config system nethsm
- config system network-visibility
- config system ntp
- config system object-tagging
- config system password-policy-guest-admin
- config system password-policy
- config system performance status
- config system performance top
- config system probe-response
- config system proxy-arp
- config system ptp
- config system replacemsg-group
- config system replacemsg-image
- config system replacemsg admin
- config system replacemsg alertmail
- config system replacemsg auth
- config system replacemsg automation
- config system replacemsg fortiguard-wf
- config system replacemsg ftp
- config system replacemsg http
- config system replacemsg icap
- config system replacemsg mail
- config system replacemsg nac-quar
- config system replacemsg spam
- config system replacemsg sslvpn
- config system replacemsg traffic-quota
- config system replacemsg utm
- config system replacemsg webproxy
- config system resource-limits
- config system saml
- config system sdn-connector
- config system session-ttl
- config system session
- config system session6
- config system settings
- config system sms-server
- config system snmp community
- config system snmp sysinfo
- config system snmp user
- config system source-ip status
- config system span-port
- config system speed-test-schedule
- config system speed-test-server
- config system sso-admin
- config system sso-forticloud-admin
- config system startup-error-log
- config system status
- config system storage
- config system vdom-dns
- config system vdom-exception
- config system vdom-property
- config system vdom-radius-server
- config system vdom
- config system vne-tunnel
- config system wccp
- config system zone
test
- config test acd
- config test acsd
- config test autod
- config test awsd
- config test azd
- config test bfd
- config test csfd
- config test ddnscd
- config test dhcp6c
- config test dhcp6r
- config test dhcprelay
- config test dlpfingerprint
- config test dlpfpcache
- config test dnsproxy
- config test dsd
- config test fas
- config test fcnacd
- config test fds_notify
- config test fnbamd
- config test forticldd
- config test forticron
- config test fsd
- config test fsvrd
- config test gcpd
- config test harelay
- config test hasync
- config test hatalk
- config test ibmd
- config test imap
- config test init
- config test iotd
- config test ipamd
- config test ipamsd
- config test ipldbd
- config test ipsengine
- config test ipsmonitor
- config test ipsufd
- config test kubed
- config test l2tpcd
- config test lnkmtd
- config test miglogd
- config test mrd
- config test netxd
- config test nntp
- config test ocid
- config test openstackd
- config test ovrd
- config test pop3
- config test pptpcd
- config test quarantined
- config test radius-das
- config test radiusd
- config test radvd
- config test reportd
- config test rt_router
- config test sdncd
- config test sdnd
- config test sepmd
- config test sessionsync
- config test sfupgraded
- config test smtp
- config test snmpd
- config test syslogd
- config test updated
- config test uploadd
- config test urlfilter
- config test vned
- config test wad
- config test wccpd
- config test wf_monitor
- config test wiredapd
user
- config user adgrp
- config user certificate
- config user domain-controller
- config user exchange
- config user fortitoken
- config user fsso-polling
- config user fsso
- config user group
- config user krb-keytab
- config user ldap
- config user local
- config user password-policy
- config user peer
- config user peergrp
- config user pop3
- config user radius
- config user saml
- config user security-exempt-list
- config user setting
- config user tacacs+
videofilter
- config videofilter profile
- config videofilter youtube-channel-filter
- config videofilter youtube-key
vpn
- config vpn certificate ca
- config vpn certificate crl
- config vpn certificate local
- config vpn certificate ocsp-server
- config vpn certificate remote
- config vpn certificate setting
- config vpn ipsec phase1-interface
- config vpn ipsec phase2-interface
- config vpn ssl monitor
- config vpn ssl settings
- config vpn ssl web host-check-software
- config vpn ssl web portal
- config vpn ssl web realm
- config vpn ssl web user-bookmark
- config vpn ssl web user-group-bookmark
waf
- config waf main-class
- config waf profile
- config waf signature
- config waf sub-class
wanopt
- config wanopt auth-group
- config wanopt cache-service
- config wanopt content-delivery-network-rule
- config wanopt peer
- config wanopt profile
- config wanopt remote-storage
- config wanopt settings
web-proxy
- config web-proxy debug-url
- config web-proxy dynamic-bypass
- config web-proxy explicit-proxy
- config web-proxy forward-server-group
- config web-proxy forward-server
- config web-proxy global
- config web-proxy isolator-server
- config web-proxy pac-policy
- config web-proxy profile
- config web-proxy url-list
- config web-proxy url-match
- config web-proxy wisp
webcache
- config webcache prefetch
- config webcache reverse-cache-server
- config webcache settings
- config webcache user-agent
webfilter
- config webfilter categories
- config webfilter content-header
- config webfilter content
- config webfilter fortiguard
- config webfilter ftgd-local-cat
- config webfilter ftgd-local-rating
- config webfilter ftgd-statistics
- config webfilter ips-urlfilter-cache-setting
- config webfilter ips-urlfilter-setting
- config webfilter ips-urlfilter-setting6
- config webfilter override-usr
- config webfilter override
- config webfilter profile
- config webfilter search-engine
- config webfilter status
- config webfilter urlfilter
Change Log

Home FortiProxy 7.0.8 CLI Reference

7.0.8

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso
    Description: Configure Fortinet Single Sign On (FSSO) agents.
    edit <name>
        set type [default|fortinac]
        set server {string}
        set port {integer}
        set password {password}
        set server2 {string}
        set port2 {integer}
        set password2 {password}
        set server3 {string}
        set port3 {integer}
        set password3 {password}
        set server4 {string}
        set port4 {integer}
        set password4 {password}
        set server5 {string}
        set port5 {integer}
        set password5 {password}
        set logon-timeout {integer}
        set ldap-server {string}
        set group-poll-interval {integer}
        set ldap-poll [enable|disable]
        set ldap-poll-interval {integer}
        set ldap-poll-filter {string}
        set user-info-server {string}
        set ssl [enable|disable]
        set ssl-server-host-ip-check [enable|disable]
        set ssl-trusted-cert {string}
        set source-ip {ipv4-address}
        set source-ip6 {ipv6-address}
        set interface-select-method [auto|sdwan|...]
        set interface {string}
    next
end

config user fsso

Parameter

Description

Type

Size

Default

type

Server type.

option

default

Option	Description
default	All other unspecified types of servers.
fortinac	FortiNAC server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password

Password of the first FSSO collector agent.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password2

Password of the second FSSO collector agent.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password3

Password of the third FSSO collector agent.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password4

Password of the fourth FSSO collector agent.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password5

Password of the fifth FSSO collector agent.

password

Not Specified

logon-timeout

Interval in minutes to keep logons after FSSO server down.

integer

Minimum value: 1 Maximum value: 2880

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

disable

Option	Description
enable	Enable automatic fetching of groups from LDAP server.
disable	Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

180

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

(objectCategory=group)

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

disable

Option	Description
enable	Enable use of SSL.
disable	Disable use of SSL.

ssl-server-host-ip-check

Enable/disable server host/IP verification.

option

disable

Option	Description
enable	Enable server host/IP verification.
disable	Disable server host/IP verification.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

0.0.0.0

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

auto

Option	Description
auto	Set outgoing interface automatically.
sdwan	Set outgoing interface by SD-WAN or policy routing rules.
specify	Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso
    Description: Configure Fortinet Single Sign On (FSSO) agents.
    edit <name>
        set type [default|fortinac]
        set server {string}
        set port {integer}
        set password {password}
        set server2 {string}
        set port2 {integer}
        set password2 {password}
        set server3 {string}
        set port3 {integer}
        set password3 {password}
        set server4 {string}
        set port4 {integer}
        set password4 {password}
        set server5 {string}
        set port5 {integer}
        set password5 {password}
        set logon-timeout {integer}
        set ldap-server {string}
        set group-poll-interval {integer}
        set ldap-poll [enable|disable]
        set ldap-poll-interval {integer}
        set ldap-poll-filter {string}
        set user-info-server {string}
        set ssl [enable|disable]
        set ssl-server-host-ip-check [enable|disable]
        set ssl-trusted-cert {string}
        set source-ip {ipv4-address}
        set source-ip6 {ipv6-address}
        set interface-select-method [auto|sdwan|...]
        set interface {string}
    next
end

config user fsso

Parameter

Description

Type

Size

Default

type

Server type.

option

default

Option	Description
default	All other unspecified types of servers.
fortinac	FortiNAC server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password

Password of the first FSSO collector agent.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password2

Password of the second FSSO collector agent.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password3

Password of the third FSSO collector agent.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password4

Password of the fourth FSSO collector agent.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password5

Password of the fifth FSSO collector agent.

password

Not Specified

logon-timeout

Interval in minutes to keep logons after FSSO server down.

integer

Minimum value: 1 Maximum value: 2880

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

disable

Option	Description
enable	Enable automatic fetching of groups from LDAP server.
disable	Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

180

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

(objectCategory=group)

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

disable

Option	Description
enable	Enable use of SSL.
disable	Disable use of SSL.

ssl-server-host-ip-check

Enable/disable server host/IP verification.

option

disable

Option	Description
enable	Enable server host/IP verification.
disable	Disable server host/IP verification.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

0.0.0.0

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

auto

Option	Description
auto	Set outgoing interface automatically.
sdwan	Set outgoing interface by SD-WAN or policy routing rules.
specify	Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15