Fortinet black logo

CLI Reference

Home FortiADC 7.4.2 CLI Reference
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.2
6.0.1
6.0.0
5.4.5
5.4.3
5.4.2
5.4.1
5.4.0
5.3.0
4.8.1
4.7.0

config security waf advanced-bot-protection

config security waf advanced-bot-protection

Use this command to configure the Advanced Bot Protection policy once you have successfully connected to the FortiGuard Advanced Bot Protection server via the Advanced Bot Protection Fabric Connector.

You can configure an Advanced Bot Protection policy for your virtual server to protect your online applications from malicious bots and automated attacks. By incorporating FortiGuard ABP into FortiADC's server policy, client traffic will be directed to the FortiGuard ABP service deployed on Google Cloud where it will be analyzed to identify any malicious bot behavior and initiate appropriate actions in response.

FortiGuard ABP features a multi-dimensional deep learning engine that learns and tracks bot attacks over time, delivering the highest possible accuracy of classification between humans, and good and bad bots.

FortiGuard ABP protects against a wide range of threats, including the following:

  • Data harvesting
  • Credential stuffing attacks
  • Account takeover attempts
  • DDoS attacks

After you have configured the Advanced Bot Protection policy, you can reference it in a WAF Profile and apply it in a virtual server policy. However, the Advanced Bot Protection policy does not activate until the FortiGuard ABP Application is fully analyzed and Pre-Provisioned to protect the Application.

Pre-Provisioning is required to identify all URLs that should be protected in your Application domain (such as login URLs), and the locations to which JavaScript need to be inserted to collect client information. Without these resources, FortiADC will not be able to insert the necessary JavaScript for bot detection.

Pre-Provisioning is triggered upon creating the Application, and requires 2 to 3 days to complete. During this process, your FortiGuard ABP Application will be in Pending status until Pre-Provisioning is complete. When the Application status is Ready, Advanced Bot Protection can be activated in your FortiADC.

When Advanced Bot Protection is initially activated, it is recommended to set the WAF action that would allow you to observe and log any events detected by the FortiGuard Advanced Bot Protection, instead of immediately setting to block.

FortiGuard Advanced Bot Protection uses a multidimensional deep learning engine to learn and track bot attacks over time by using sophisticated AI model training. As FortiGuard ABP builds its training model, it will continue to improve and refine its bot detection capabilities. However, this may mean triggering false positives in the initial stages of the AI model training.

For more information, see the Handbook topic about Advanced Bot Protection.

Before you begin:
  • You must have enabled and successfully connected the Advanced Bot Protection connector via config system global. See config system global.
    The config security waf advanced-bot-protection command is only available after the Advanced Bot Protection connector is enabled.
  • You must have read-write permission for security settings.
  • You must have access to the FortiGuard Advanced Bot Protection User Portal to obtain the Application ID from an existing Application or create a new configuration. For more information, see the Handbook topic on how to obtain the FortiGuard ABP Application ID.

Syntax

config security waf advanced-bot-protection

edit <name>

set bot-detection-status {enable|disable}

set bot-detection-action {alert|deny|block|silent-deny|captcha|<datasource>}

set bot-detection-severity {high|medium|low}

set application-id <string>

set exception <datasource>

next

end

bot-detection-status

Enable/disable the status of this Advanced Bot Protection policy.

You must enable the bot-detection-status to see configuration options for the Advanced Bot Protection policy.

bot-detection-action

Specify a WAF action object to apply when a bot is detected. You can specify a predefined or user-defined WAF action profile. (See config security waf action.)

Predefined WAF actions:

  • alert — WAF policies will allow the traffic to pass and log the event.
  • block — WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.
  • captcha — WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.
  • deny — WAF policies will the drop current attack session by HTTP 403 message, and log the event.
  • silent-deny — WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

The default action is alert.

bot-detection-severity

Select the event severity to log when a bot is detected:

  • high — Log as high severity events.
  • medium — Log as a medium severity events.
  • low — Log as low severity events.

The default is low.

application-id

Specify the Application ID assigned to your FortiGuard ABP Application.

The Application ID is used to bind this Advanced Bot Protection policy to the FortiGuard ABP Application.

For steps on how to obtain the Application ID from the FortiGuard ABP User Portal, see the Handbook topic on how to obtain the FortiGuard ABP Application ID.

exception

Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

Example

config security waf advanced-bot-protection

edit "ABP_store"

set bot-detection-status enable

set bot-detection-action deny

set bot-detection-severity low

set application-id FORTISTOREFORTISTORE

set exception exception_policy

next

end

Previous
Next

config security waf advanced-bot-protection

Use this command to configure the Advanced Bot Protection policy once you have successfully connected to the FortiGuard Advanced Bot Protection server via the Advanced Bot Protection Fabric Connector.

You can configure an Advanced Bot Protection policy for your virtual server to protect your online applications from malicious bots and automated attacks. By incorporating FortiGuard ABP into FortiADC's server policy, client traffic will be directed to the FortiGuard ABP service deployed on Google Cloud where it will be analyzed to identify any malicious bot behavior and initiate appropriate actions in response.

FortiGuard ABP features a multi-dimensional deep learning engine that learns and tracks bot attacks over time, delivering the highest possible accuracy of classification between humans, and good and bad bots.

FortiGuard ABP protects against a wide range of threats, including the following:

  • Data harvesting
  • Credential stuffing attacks
  • Account takeover attempts
  • DDoS attacks

After you have configured the Advanced Bot Protection policy, you can reference it in a WAF Profile and apply it in a virtual server policy. However, the Advanced Bot Protection policy does not activate until the FortiGuard ABP Application is fully analyzed and Pre-Provisioned to protect the Application.

Pre-Provisioning is required to identify all URLs that should be protected in your Application domain (such as login URLs), and the locations to which JavaScript need to be inserted to collect client information. Without these resources, FortiADC will not be able to insert the necessary JavaScript for bot detection.

Pre-Provisioning is triggered upon creating the Application, and requires 2 to 3 days to complete. During this process, your FortiGuard ABP Application will be in Pending status until Pre-Provisioning is complete. When the Application status is Ready, Advanced Bot Protection can be activated in your FortiADC.

When Advanced Bot Protection is initially activated, it is recommended to set the WAF action that would allow you to observe and log any events detected by the FortiGuard Advanced Bot Protection, instead of immediately setting to block.

FortiGuard Advanced Bot Protection uses a multidimensional deep learning engine to learn and track bot attacks over time by using sophisticated AI model training. As FortiGuard ABP builds its training model, it will continue to improve and refine its bot detection capabilities. However, this may mean triggering false positives in the initial stages of the AI model training.

For more information, see the Handbook topic about Advanced Bot Protection.

Before you begin:
  • You must have enabled and successfully connected the Advanced Bot Protection connector via config system global. See config system global.
    The config security waf advanced-bot-protection command is only available after the Advanced Bot Protection connector is enabled.
  • You must have read-write permission for security settings.
  • You must have access to the FortiGuard Advanced Bot Protection User Portal to obtain the Application ID from an existing Application or create a new configuration. For more information, see the Handbook topic on how to obtain the FortiGuard ABP Application ID.

Syntax

config security waf advanced-bot-protection

edit <name>

set bot-detection-status {enable|disable}

set bot-detection-action {alert|deny|block|silent-deny|captcha|<datasource>}

set bot-detection-severity {high|medium|low}

set application-id <string>

set exception <datasource>

next

end

bot-detection-status

Enable/disable the status of this Advanced Bot Protection policy.

You must enable the bot-detection-status to see configuration options for the Advanced Bot Protection policy.

bot-detection-action

Specify a WAF action object to apply when a bot is detected. You can specify a predefined or user-defined WAF action profile. (See config security waf action.)

Predefined WAF actions:

  • alert — WAF policies will allow the traffic to pass and log the event.
  • block — WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.
  • captcha — WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.
  • deny — WAF policies will the drop current attack session by HTTP 403 message, and log the event.
  • silent-deny — WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

The default action is alert.

bot-detection-severity

Select the event severity to log when a bot is detected:

  • high — Log as high severity events.
  • medium — Log as a medium severity events.
  • low — Log as low severity events.

The default is low.

application-id

Specify the Application ID assigned to your FortiGuard ABP Application.

The Application ID is used to bind this Advanced Bot Protection policy to the FortiGuard ABP Application.

For steps on how to obtain the Application ID from the FortiGuard ABP User Portal, see the Handbook topic on how to obtain the FortiGuard ABP Application ID.

exception

Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

Example

config security waf advanced-bot-protection

edit "ABP_store"

set bot-detection-status enable

set bot-detection-action deny

set bot-detection-severity low

set application-id FORTISTOREFORTISTORE

set exception exception_policy

next

end

Previous
Next