Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 8.0.1 CLI Reference
    8.0.1
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    system antivirus

    system antivirus

    Use this command to configure system-wide FortiGuard Antivirus scan settings.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system antivirus

    set default-db {basic | extended}

    set scan-bzip2 {enable | disable}

    set uncomp-size-limit <limit_int>

    set uncomp-nest-limit <limit_int>

    set use-fsa {enable | disable}

    end


    Variable Description Default

    default-db {basic | extended}

    Select which of the antivirus signature databases to use when scanning HTTP POST requests for viruses, either:

    • basic—Select to use only the signatures of viruses and greyware that have been detected by FortiGuard’s networks to be recently spreading in the wild.
    • extended—Select to use all signatures, regardless of whether the viruses or greyware are currently spreading.
    		 basic

    scan-bzip2 {enable | disable}

    Enable to scan archives that are compressed using the BZIP2 algorithm.

    Tip: Scanning BZIP2 archives can be very CPU-intensive. To improve performance, block the BZIP2 file type, then disable this option.

    		 enable

    uncomp-size-limit <limit_int>

    Type the maximum size in kilobytes (KB) of the memory buffer that FortiWeb will use to temporarily undo the compression that a client or web server has applied to traffic, in order to inspect and/or modify it. For details, see "waf file-uncompress-rule" on page 1.

    Caution: In FortiWeb versions prior to 8.0.0, files that exceeded this buffer limit were bypassed and not scanned or rewritten. Beginning in FortiWeb 8.0.0, partial inspection is applied: FortiWeb truncates the content to the configured buffer size and attempts to perform File Security, Web Shell Detection, and Data Loss Prevention scans on the available data. This provides additional protection by enabling detection based on headers, metadata, and initial content chunks.

    To enforce hard limits and block files that exceed the buffer size entirely, configure waf HTTP-protocol-parameter-restriction with max-http-content-length or max-HTTP-body-length <limit_int> (page 1) . It is recommended to start with action set to alert to monitor traffic impact, then switch to alert_deny if no disruptions occur.

    The maximum acceptable values are:

    102400 KB: FortiWeb 100D, 100E, 100F, 400C, 400D, 400E, 400F, 600D, 600E, 600F, 1000C, 3000CFsx, 4000C

    204800 KB: FortiWeb 1000D, 2000D, 3000D, 3000DFsx, 4000D, 1000E, 2000E, 3010E, 1000F, 2000F

    358400 KB: FortiWeb 3000E, 4000E, 3000F, 4000F

    		 5000

    uncomp-nest-limit <limit_int>

    		 Type the maximum number of allowed levels of compression (“nesting”) that FortiWeb will attempt to decompress. 12

    use-fsa {enable | disable}

    		 Enable to use the Signature Database from FortiSandbox to supplement the AV Signature Database. If enabled, FortiWeb will download the malware package from FortiSandbox's Signature Database every minute. disable
    Previous
    Next

    system antivirus

    system antivirus

    Use this command to configure system-wide FortiGuard Antivirus scan settings.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system antivirus

    set default-db {basic | extended}

    set scan-bzip2 {enable | disable}

    set uncomp-size-limit <limit_int>

    set uncomp-nest-limit <limit_int>

    set use-fsa {enable | disable}

    end


    Variable Description Default

    default-db {basic | extended}

    Select which of the antivirus signature databases to use when scanning HTTP POST requests for viruses, either:

    • basic—Select to use only the signatures of viruses and greyware that have been detected by FortiGuard’s networks to be recently spreading in the wild.
    • extended—Select to use all signatures, regardless of whether the viruses or greyware are currently spreading.
    		 basic

    scan-bzip2 {enable | disable}

    Enable to scan archives that are compressed using the BZIP2 algorithm.

    Tip: Scanning BZIP2 archives can be very CPU-intensive. To improve performance, block the BZIP2 file type, then disable this option.

    		 enable

    uncomp-size-limit <limit_int>

    Type the maximum size in kilobytes (KB) of the memory buffer that FortiWeb will use to temporarily undo the compression that a client or web server has applied to traffic, in order to inspect and/or modify it. For details, see "waf file-uncompress-rule" on page 1.

    Caution: In FortiWeb versions prior to 8.0.0, files that exceeded this buffer limit were bypassed and not scanned or rewritten. Beginning in FortiWeb 8.0.0, partial inspection is applied: FortiWeb truncates the content to the configured buffer size and attempts to perform File Security, Web Shell Detection, and Data Loss Prevention scans on the available data. This provides additional protection by enabling detection based on headers, metadata, and initial content chunks.

    To enforce hard limits and block files that exceed the buffer size entirely, configure waf HTTP-protocol-parameter-restriction with max-http-content-length or max-HTTP-body-length <limit_int> (page 1) . It is recommended to start with action set to alert to monitor traffic impact, then switch to alert_deny if no disruptions occur.

    The maximum acceptable values are:

    102400 KB: FortiWeb 100D, 100E, 100F, 400C, 400D, 400E, 400F, 600D, 600E, 600F, 1000C, 3000CFsx, 4000C

    204800 KB: FortiWeb 1000D, 2000D, 3000D, 3000DFsx, 4000D, 1000E, 2000E, 3010E, 1000F, 2000F

    358400 KB: FortiWeb 3000E, 4000E, 3000F, 4000F

    		 5000

    uncomp-nest-limit <limit_int>

    		 Type the maximum number of allowed levels of compression (“nesting”) that FortiWeb will attempt to decompress. 12

    use-fsa {enable | disable}

    		 Enable to use the Signature Database from FortiSandbox to supplement the AV Signature Database. If enabled, FortiWeb will download the malware package from FortiSandbox's Signature Database every minute. disable
    Previous
    Next