CLI Reference

Introduction
Using the CLI
- Command syntax
- Subcommands
- Permissions
- Tips & tricks
config config
- config config sync-list
config endpoint-control
- config endpoint-control fctems
- config endpoint-control client
- config endpoint-control tag
config firewall
- config firewall connlimit
- config firewall connlimit6
- config firewall nat-snat
- config firewall policy
- config firewall policy6
- config firewall qos-filter
- config firewall qos-filter6
- config firewall qos-queue
- config firewall vip
config global
- config log setting global_remote
- config log setting global_faz
- config system vdom-link
config global-dns-server
- config global-dns-server address-group
- config global-dns-server dns64
- config global-dns-server dsset-info-list
- config global-dns-server general
- config global-dns-server policy
- config global-dns-server remote-dns-server
- config global-dns-server response-rate-limit
- config global-dns-server trust-anchor-key
- config global-dns-server zone
config global-load-balance
- config global load balance analytic
- config global-load-balance data-center
- config global-load-balance link
- config global-load-balance servers
- config global-load-balance setting
- config global-load-balance topology
- config global-load-balance virtual-server-pool
- config global-load-balance host
config link-load-balance
- config link-load-balance flow-policy
- config link-load-balance gateway
- config link-load-balance link-group
- config link-load-balance persistence
- config link-load-balance proximity-route
- config link-load-balance virtual-tunnel
config load-balance
- config load-balance auth-policy
- config load-balance caching
- config load-balance captcha-profile
- config load-balance certificate-caching
- config load-balance client-ssl-profile
- config load-balance clone-pool
- config load-balance compression
- config load-balance connection-pool
- config load-balance content-rewriting
- config load-balance content-routing
- config load-balance error-page
- config load-balance geoip-list
- config load-balance http2-profile
- config load-balance ippool
- config load-balance l2-exception-list
- config load-balance method
- config load-balance pagespeed
- config load-balance pagespeed-profile
- config load-balance persistence
- config load-balance pool
- config load-balance profile
- config load-balance real-server-ssl-profile
- config load-balance reputation
- config load-balance reputation-exception
- config load-balance reputation-black-list
- config load-balance schedule-pool
- config load-balance virtual-server
- config load-balance web-category
- config load-balance web-filter-profile
- config load-balance web-sub-category
- config load-balance allowlist
config log
- config log fast_report
- config log report
- config log report email
- config log report_queryset
- config log setting fast_stats
- config log setting local
- config log setting remote
- config log setting fortianalyzer
config router
- config router isp
- config router md5-ospf
- config router ospf
- config router policy
- config router setting
- config router static
config security
- config security antivirus profile
- config security antivirus quarantine
- config security antivirus settings
- config security dos dos-protection-profile
- config security dos http-access-limit
- config security dos http-connection-flood-protection
- config security dos http-request-flood-protection
- config security dos ip-fragmentation-protection
- config security dos tcp-access-flood-protection
- config security dos tcp-slowdata-attack-protection
- config security dos tcp-synflood-protection
- config security ips profile
- config security wad profile
- config security waf api-gateway-policy
- config security waf api-gateway-rule
- config security waf api-gateway-user
- config security waf bot-detection
- config security waf exception
- config security waf heuristic-sql-xss-injection-detection
- config security waf http-protocol-constraint
- config security waf http-header-security
- config security waf action
- config security waf profile
- config security waf input-validation-policy
- config security waf parameter-validation-rule
- config security waf url-protection
- config security waf web-attack-signature
- config security waf json-validation-detection
- config security waf json-schema file
- config security waf xml-schema file
- config security waf xml-validation-detection
- config security waf openapi-schema-file
- config security waf openapi-validation-detection
- config security waf scanner
- config security waf brute-force-login
- config security waf advanced-protection
- config security waf cookie-security
- config security waf data-leak-protection
- config security waf csrf-protection
- config security waf allowed-origin
- config security waf cors-headers
- config security waf cors-protection
- configure security ztna-profile
config system
- config system accprofile
- config system address
- config system address6
- config system addrgrp
- config system addrgrp6
- config system admin
- config system auto backup
- config system azure
- config system azure-lb-backend-ip
- config system certificate ca
- config system certificate ca_group
- config system certificate certificate_verify
- config system certificate crl
- config system certificate intermediate_ca
- config system certificate intermediate_ca_group
- config system certificate local
- config system certificate local_cert_group
- config system certificate remote
- config system certificate ocsp
- config system certificate ocsp_stapling
- config system certificate remote
- config system dns
- config system external-resource
- config system fortiguard
- config system global
- config system ha
- config system health-check
- config system health-check-script
- config system interface
- config system isp-addr
- config system mailserver
- config system one-click-glb-server
- config system overlay-tunnel
- config system password-policy
- config system schedule-group
- config system scripting
- config system sdn-connector
- config system service
- config system servicegrp
- config system setting
- config system snmp community
- config system snmp sysinfo
- config system snmp user
- config system tcpdump
- config system time manual
- config system time ntp
- config system web-filter
- config system fortisandbox
- config system alert
- config system alert-action
- config system alert-policy
- config system alert-email
- config system alert-snmp-trap
- config system central-management
config user
- config user ldap
- config user local
- config user radius
- config user user-group
- config user authentication-relay
- config user oauth
- config user saml-idp
- config user saml-sp
diagnose
- diagnose antivirus quarantine
- diagnose debug cmdb
- diagnose debug enable/disable
- diagnose debug flow
- diagnose debug info
- diagnose debug module
- diagnose debug module kernel
- diagnose debug module fcnacd
- diagnose debug module fnginx
- diagnose debug module httproxy ssl
- diagnose debug module httproxy ztna
- diagnose debug timestamp
- diagnose endpoint-control client list
- diagnose endpoint-control tag list
- diagnose hardware deviceinfo
- diagnose hardware ioport
- diagnose hardware pciconfig
- diagnose hardware sysinfo
- diagnose llb policy list
- diagnose netlink backlog
- diagnose netlink device
- diagnose netlink interface
- diagnose netlink ip/ipv6
- diagnose netlink neighbor/neighbor6
- diagnose netlink route/route6
- diagnose netlink tcp
- diagnose netlink udp
- diagnose server load balance dns-clients
- diagnose server-load-balance persistence
- diagnose server-load-balance session
- diagnose server-load-balance slb_load
- diagnose sniffer packet
- diagnose system top
- diagnose system vm
- diagnose tech-report
execute
- execute backup
- execute caching
- execute certificate ca
- execute certificate crl
- execute certificate local
- execute certificate local import automated
- execute certificate remote
- execute certificate config
- execute checklogdisk
- execute clean
- execute config-sync
- execute date
- execute discovery-glb-virtual-server
- execute dumpsystem
- execute dumpsystem-file
- execute factoryreset
- execute factoryreset2
- execute fixlogdisk
- execute formatlogdisk
- execute geolookup
- execute glb-dprox-lookup
- execute glb-persistence-lookup
- execute ha force transfer-file
- execute ha force sync-config
- execute ha manage
- execute health-check-verify
- execute isplookup
- execute log delete-file
- execute log delete-type
- execute log list-type
- execute log rebuild-db
- execute nslookup
- execute packet-capture/packet-capture6
- execute packet-capture-file
- execute ping-option/ping6-option
- execute ping/ping6
- execute reboot
- execute reload
- execute restore
- execute scan-report export
- execute scan-report import
- execute shutdown
- execute ssh
- execute statistics-db
- execute ssli mode
- execute telnet
- execute traceroute
- execute vmware license
- execute web-category-test
- execute SSL client-side session statistics
- execute SSL handshake record statistics
- execute waf block-ip
- execute web vulnerability scan
- execute web-vulnerability-scan mitigate
- execute forticloud create-account
- execute forticloud login
- execute forticloud try
- execute fctems
get
- get router info ospf
- get router info routing-table
- get security waf-signature-status
- get security scan-report
- get security scan-task
- get system ha-status
- get system performance
- get system status
- get system traffic-group
- get system traffic-group status
- get router info bgp all
- get router info bgp ip
- get router info bgp neighbors
- get router info bgp regexp
- get router info bgp summary
- get router info6 bgp all
- get router info6 bgp ip
- get router info6 bgp neighbors
- get router info6 bgp regexp
- get router info6 bgp summary
show
Appendix A: Virtual domains
Change Log

Home FortiADC 7.1.1 CLI Reference

7.1.1

config security waf scanner

Web Application Vulnerability Scanner is a set of automated tools which perform black box test on web applications, to look for security vulnerabilities such as Cross-site scripting, SQL injection, command injection,source code disclosure and insecure server configuration.

To configure the web-vulnerability-scanner, you have to first configure, in the following order, (1) target-login-option, (2) profile, and (3) task. Then, with these completed, you can config security waf scanner.

Syntax

// first step login

config security web-vulnerability-scanner target-login-option

edit <name>

set type <none/basic/advanced>

// if basic then:

set username <string>

set password <string>

end

//optional

config security web-vulnerability-scanner exceptionlist

edit <name>

config domain_list

edit <id>

set pattern <string>

end

// second step profile

config security web-vulnerability-scanner profile

edit <name>

set pool-name <datasource>

set http-login-option <datasource>

set mimes-scan <enable/disable>

set files-scan <enable/disable>

set messages-scan <enable/disable>

set apps-scan <enable/disable>

set context-scan <enable/disable>

set crawl-limit <integer>

set exceptionlist <datasource>

set add_http_cookie <enable/disable>

set cookie-name <string> //optional

set cookie-value <string> //optional

end

// third step task

config security web-vulnerability-scanner task

edit <name>

set scheduler <datasource>

set profile <datasource>

// uses previously constructed profile

end

// last step: waf scanner

execute web-vulnerability-scan <start/stop> <datasource>

get security scan-report

// datasource uses previously created task

WVS Login configuration
Settings	Guidelines
Name	Specify a name for the configuration.
type	Select from two types: None. Default. Basic. Basic will tell you to specify a username and password. For the HTTP login type, you can choose simple HTTP credentials or HTTP-form for authentication. Default is none. Advanced. HTTP POST HTML Form-based authentication in login. The user needs to provide the username, password, username field name and password field name to FortiADC.
`username`	Login username.
`password`	Login password.
`username-field`	Field name for the username (only for Advanced).
`password-field`	Field name of the password (only for Advanced).
`extend_parameter`	Other parameters in html form to login (only for Advanced).
`auth-url`	Full url for authentication (only for Advanced).
`auth-target-url`	Full url to POST for authentication (only for Advanced).
`verify-url`	Full url to verify the authentication (only for Advanced).

WVS Profile configuration
Settings	Guidelines
Name	Specify a name for the configuration.
pool-name	Select a real sever from the real server pool.
http-login-option	Select an HTTP Login Option.
mime-scan	The mime signatures warn about server responses that have an interesting mime. For example anything that is presented as php-source will likely be interesting.
files-scan	The files signatures will use the content to determine if a response is an interesting file. For example, a SVN file.
messages-scan	The messages signatures look for interesting server messages. Most are based on errors, such as caused by incorrect SQL queries or PHP execution failures.
apps-scan	The apps signatures will help to find pages and applications who's functionality is a security risk by default. For example, phpinfo() pages that leak information or CMS admin interfaces.
context-scan	The context signatures are linked to injection tests. They look for strings that are relevant to the current injection test and help to highlight potential vulnerabilities.
crawl-limit	Specify a crawl limit.
`exceptionlist`	The exception list of scanner.
`add_http_cookie`	Add cookie to HTTP header.

WVS Task configuration
Settings	Guidelines
name	Specify a name for the configuration.
scheduler	Select a scheduler from the schedule group.
profile	Select a profile.

WAF scanner configuration
Settings	Guidelines
start	Start the web vulnerability task
stop	Stop the web vulnerability task
scan-report	Shows the report of the scans.

Example

// first step login

FortiADC-VM (root) # config security web-vulnerability-scanner target-login-option

FortiADC-VM (root) # edit 1

FortiADC-VM (1) # set type basic

FortiADC-VM (1) # set username me

FortiADC-VM (1) # set password dog

FortiADC-VM (1) # get

type : basic

username : me

password : *

end

// second step profile

FortiADC-VM (root) # config security web-vulnerability-scanner profile

FortiADC-VM (profile) # edit test

// Add new entry 'test'

FortiADC-VM (test) # set apps-scan enable

FortiADC-VM (test) # set pool-name Real_Server_Pool

FortiADC-VM (test) # set http-login-option 1

// uses previously created login-option

FortiADC-VM (test) # set crawl-limit 1500

FortiADC-VM (test) # get

pool-name : Real_Server_Pool

http-login-option : 1

mime-scan : disable

files-scan : enable

messages-scan : enable

apps-scan : enable

context-scan : enable

crawl-limit : 1500

end

// third step task

FortiADC-VM (root) # config security web-vulnerability-scanner task

FortiADC-VM (task) # edit task1

// Add new entry 'task1'

FortiADC-VM (task1) # get

scheduler :

profile :

FortiADC-VM (task1) # set scheduler 1

// comes from datasource

FortiADC-VM (task1) # profile test

// uses previously created profile

FortiADC-VM (task1) # get

scheduler : 1

profile : test

end

// last step: waf scanner

FortiADC-VM (root) # execute web-vulnerability-scan start

Usage: start/stop <taskname>

Command fail. Return code is -61 (Input is not as expected)

// need to name the task created earlier, 'task1'

FortiADC-VM (root) # execute web-vulnerability-scan start task1

FortiADC-VM (root) # get security scan-report

ID:0 Taskname:task1 Created Time:15:41:16,10-30-18

// example for advanced login

config security web-vulnerability-scanner target-login-option

edit "advanced"

set type advanced

set username username

set password password

set auth-url http://www.example.com

unset auth-target-url

unset verify-url

set username-field userfi

set password-field passfi

unset extend_parameter

end