Handbook

Introduction
What's New
Key Concepts and Features
- Server load balancing
- Link load balancing
- Global load balancing
- Security
- High availability
- Virtual Domain (VDOM) and Administrative Domain (ADOM)
Getting Started
- Step 1: Install the appliance
- Step 2: Configure the management interface
- Step 3: Configure basic network settings
- Step 4: Test connectivity to destination servers
- Step 5: Complete product registration, licensing, and upgrades
- Step 6: Configure a basic server load balancing policy
- Step 7: Test the deployment
- Step 8: Back up the configuration
Dashboard
- Widgets
- Dashboard management tools
Security Fabric
- Automation
- Fabric connectors
- External connectors
FortiView
- Logical Topology
- Server Load Balance
- Security
- System
  - Event Logs
  - Automation
- Global Load Balance
  - Host
  - Data Analytics
- Link Load Balance
  - Gateway
- ZTNA FortiClient endpoint
System
- Settings
- Virtual Domain
- High Availability
- Traffic Group
- Administrator
- Global Resources
- WCCP
- SNMP
- Replacement Messages
- FortiGuard
  - Connecting to FortiGuard services
  - Configuring FortiGuard service settings
- Debug
- Certificate
Network
- Interface
- Routing
- NAT
  - Configuring source NAT
  - Configuring 1-to-1 NAT
- QoS
- Packet capture
Shared Resources
- Health Check
- Schedule Group
- Address
- Service
  - Creating service groups
  - Creating service objects
Server Load Balance
- Virtual Server
- Application Resources
- Application Optimization
- Real Server Pool
- Scripting
  - Using HTTP scripting
- SSL-FP Resources
Link Load Balance
- Link Policy
- Link Group
- Virtual Tunnel
Global Load Balance
- GLB Wizard
- FQDN
- Zone Tools
- Global Object
Web Application Firewall
- OWASP TOP10
- WAF Profile
- Known Web Attacks
  - Configuring a Web Attack Signature policy
  - Using the Signature Creation Wizard
- Common Attacks Detection
- Sensitive Data Protection
  - Configuring a Cookie Security policy
  - Configuring an HTTP Header Security policy
- Data Loss Prevention
- Input Validation
- Access Protection
- CORS Protection
- API Protection
- Bot Mitigation
- Web Vulnerability Scanner
Advanced Bot Protection (ABP)
- Enabling the Advanced Bot Protection connector
- Obtaining the Application ID from the FortiGuard ABP User Portal
- Configuring an Advanced Bot Protection policy
- Advanced Bot Protection troubleshooting and debugging
Network Security
- Firewall
- Intrusion Prevention
- AntiVirus
- IP Reputation
- Geo IP Protection
Zero Trust Network Access (ZTNA)
- How device identity and trust context is established with FortiClient EMS
- Configuring FortiClient EMS Connector for ZTNA
- Verifying client certificate, FortiClient endpoint and ZTNA tag synchronized from FortiClient EMS
- Configuring a ZTNA Profile
- ZTNA troubleshooting and debugging
DoS Protection
- DoS Protection Profile
- Application
- Networking
User Authentication
- Authentication Policy
- User Group
  - Configuring user groups
  - Configuring customized authentication forms
- Local User
- Remote User
- Using Kerberos Authentication Relay
  - Using HTTP Basic SSO
- SAML
  - Configure an SAML service provider
  - Import IDP Metadata
- AD FS Proxy
  - Adding an AD FS Publish
  - Adding an AD FS Proxy
- OAuth 2.0 authentication
Log & Report
- Using the traffic log
- Using the security log
- Using the script log
- Log Setting
- Report Setting
AI Threat Analytics
- AI Threat Analytics troubleshooting and debugging
SSL Advanced Services
- SSL offloading
- SSL decryption by forward proxy
- SSL profile configurations
- Certificate guidelines
- SSL/TLS versions and cipher suites
- Exceptions list
- SSL traffic mirroring
- HSM Integration
Best Practices and Fine-tuning
- Regular backups
  - Rebooting, resetting, and shutting down the system
  - SCP support for configuration backup
- Security
- Performance tips
- High availability
Troubleshooting
- Logs
- Tools
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
- Additional resources
Appendix A: Fortinet MIBs
Appendix B: Port Numbers
Appendix C: Scripts
- Scripting application
- Events and actions
- Predefined commands
- Predefined scripts
- Control structures
- Operators
- String library
- Function
- Special characters
- Examples
Appendix D: Maximum Configuration Values
Change Log

Home FortiADC 7.4.2 Handbook

7.4.2

Predefined scripts

Predefined scripts provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

Predefined scripts
Predefined script	Usage
COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO	Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included in 192.168.1.0/24. Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group.
CONTENT_ROUTING_by_URI	Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
CUSTOMIZE_AUTH_KEY	Demonstrate how to customize the crypto key for authentication cookie.
HTTP_DATA_FETCH_SET_DEMO	Collects data in HTTP request body or HTTP response body. In `HTTP_REQUEST` or `HTTP_RESPONSE`, you could collect specified size data with `“size”` in `collect().In HTTP_DATA_REQUEST` or `HTTP_DATA_RESPONSE`. You could print the data use `“content”`, calculate data length with `“size”`, and rewrite the data with `“set”`. Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data.
REDIRECTION_by_USER_AGENT	Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values.
TWO_STEP_VERIFICATION_2_SAME	Demonstrate how to perform 2-Step Verification for the second authentication group using the same token group.
OPTIONAL_CLIENT_AUTHENTICATION	Performs optional client authentication. Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile: client-certificate-verify—Set to the verify you'd like to use to verify the client certificate. client-certificate-verify-option—Set to optional ssl-session-cache-flag—Disable. use-tls-tickets—Disable.
PERSIST_COMMANDS	Lists the persist event and commands
TWO_STEP_VERIFICATION_2_NEW	Demonstrate how to perform 2-Step Verification using FortiToken for the second authentication group.
AUTH_COOKIE_BAKE	Allows you to retrieve the baked cookie and edit the cookie content.
HTTP_2_HTTPS_REDIRECTION_FULL_URL	Redirects requests to the specified HTTPS URL. Note: This script can be used directly, without making any change.
REDIRECTION_by_STATUS_CODE	Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.
TWO_STEP_VERIFICATION_2_NEW	Demonstrate how to perform 2-Step Verification using FortiToken for the second authentication group.
TWO_STEP_VERIFICATION_2_SAME	Demonstrate how to perform 2-Step Verification for the second authentication group using the same token group.
TWO_STEP_VERIFICATION_CHANGE_KEY	Demonstrate how to change the AES key and its size for stored token group.
URL_UTILITY_COMMANDS	Demonstrate how to use those url tools to encode/decode/parser/compare.
USE_REQUEST_HEADERS_in_OTHER_EVENTS	Stores a request header value in an event and uses it in other events. For example, you can store a URL in a request event, and use it in a response event. Note: Do NOT use this script "as is". Instead, copy it and customize the content you want to store, use `collect() in HTTP_REQUEST` to trigger `HTTP_DATA_REQUEST`,or use `collect() in HTTP_ RESPONSE` to trigger `HTTP_DATA_ RESPONSE.`
UTILITY_FUNCTIONS_DEMO	Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function
Commands
AUTH_EVENTS_n_COMMANDS	Lists the auth event and commands
COOKIE_COMMANDS	Lists the two cookie commands and shows how to use them.
IP_COMMANDS	Lists the IP commands and shows how to use them.
MANAGEMENT_COMMANDS	Lists the management commands and shows how to use them.
PERSIST_COMMANDS	Lists the persist event and commands
RAM_CACHING_COMMANDS	Lists the RAM caching event and commands
SSL_EVENTS_n_COMMANDS	Lists the SSL events and commands.
TCP_EVENTS_n_COMMANDS	Lists the TCP events and commands.
Predefined script	Usage
AES_DIGEST_SIGN_2F_COMMANDS	Demonstrate how to use AES to encryption/decryption data and some tools to generate the digest.
AUTH_COOKIE_BAKE	Allows you to retrieve the baked cookie and edit the cookie content.
AUTH_EVENTS_n_COMMANDS	Used to get the information from authentication process.
CLASS_SEARCH_n_MATCH	Demonstrates how to use the `class_match` and `class_search` utility function.
COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO	Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included in 192.168.1.0/24. Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group.
CONTENT_ROUTING_by_URI	Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
CONTENT_ROUTING_by_X_FORWARDED_FOR	Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.
COOKIE_COMMANDS	Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.
COOKIE_COMMANDS_USAGE	Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.
COOKIE_CRYPTO_COMMANDS	Used to perform cookie encryption/decryption on behalf of the real server.
CUSTOMIZE_AUTH_KEY	Demonstrate how to customize the crypto key for authentication cookie.
GENERAL_REDIRECT_DEMO	Redirects requests to a URL with user-defined code and cookie. Note: Do NOT use this script "as is". Instead, copy and customize the code, URL, and cookie.

Predefined scripts

Predefined scripts provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

Predefined scripts
Predefined script	Usage
COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO	Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included in 192.168.1.0/24. Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group.
CONTENT_ROUTING_by_URI	Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
CUSTOMIZE_AUTH_KEY	Demonstrate how to customize the crypto key for authentication cookie.
HTTP_DATA_FETCH_SET_DEMO	Collects data in HTTP request body or HTTP response body. In `HTTP_REQUEST` or `HTTP_RESPONSE`, you could collect specified size data with `“size”` in `collect().In HTTP_DATA_REQUEST` or `HTTP_DATA_RESPONSE`. You could print the data use `“content”`, calculate data length with `“size”`, and rewrite the data with `“set”`. Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data.
REDIRECTION_by_USER_AGENT	Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values.
TWO_STEP_VERIFICATION_2_SAME	Demonstrate how to perform 2-Step Verification for the second authentication group using the same token group.
OPTIONAL_CLIENT_AUTHENTICATION	Performs optional client authentication. Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile: client-certificate-verify—Set to the verify you'd like to use to verify the client certificate. client-certificate-verify-option—Set to optional ssl-session-cache-flag—Disable. use-tls-tickets—Disable.
PERSIST_COMMANDS	Lists the persist event and commands
TWO_STEP_VERIFICATION_2_NEW	Demonstrate how to perform 2-Step Verification using FortiToken for the second authentication group.
AUTH_COOKIE_BAKE	Allows you to retrieve the baked cookie and edit the cookie content.
HTTP_2_HTTPS_REDIRECTION_FULL_URL	Redirects requests to the specified HTTPS URL. Note: This script can be used directly, without making any change.
REDIRECTION_by_STATUS_CODE	Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.
TWO_STEP_VERIFICATION_2_NEW	Demonstrate how to perform 2-Step Verification using FortiToken for the second authentication group.
TWO_STEP_VERIFICATION_2_SAME	Demonstrate how to perform 2-Step Verification for the second authentication group using the same token group.
TWO_STEP_VERIFICATION_CHANGE_KEY	Demonstrate how to change the AES key and its size for stored token group.
URL_UTILITY_COMMANDS	Demonstrate how to use those url tools to encode/decode/parser/compare.
USE_REQUEST_HEADERS_in_OTHER_EVENTS	Stores a request header value in an event and uses it in other events. For example, you can store a URL in a request event, and use it in a response event. Note: Do NOT use this script "as is". Instead, copy it and customize the content you want to store, use `collect() in HTTP_REQUEST` to trigger `HTTP_DATA_REQUEST`,or use `collect() in HTTP_ RESPONSE` to trigger `HTTP_DATA_ RESPONSE.`
UTILITY_FUNCTIONS_DEMO	Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function
Commands
AUTH_EVENTS_n_COMMANDS	Lists the auth event and commands
COOKIE_COMMANDS	Lists the two cookie commands and shows how to use them.
IP_COMMANDS	Lists the IP commands and shows how to use them.
MANAGEMENT_COMMANDS	Lists the management commands and shows how to use them.
PERSIST_COMMANDS	Lists the persist event and commands
RAM_CACHING_COMMANDS	Lists the RAM caching event and commands
SSL_EVENTS_n_COMMANDS	Lists the SSL events and commands.
TCP_EVENTS_n_COMMANDS	Lists the TCP events and commands.
Predefined script	Usage
AES_DIGEST_SIGN_2F_COMMANDS	Demonstrate how to use AES to encryption/decryption data and some tools to generate the digest.
AUTH_COOKIE_BAKE	Allows you to retrieve the baked cookie and edit the cookie content.
AUTH_EVENTS_n_COMMANDS	Used to get the information from authentication process.
CLASS_SEARCH_n_MATCH	Demonstrates how to use the `class_match` and `class_search` utility function.
COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO	Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included in 192.168.1.0/24. Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group.
CONTENT_ROUTING_by_URI	Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
CONTENT_ROUTING_by_X_FORWARDED_FOR	Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.
COOKIE_COMMANDS	Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.
COOKIE_COMMANDS_USAGE	Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.
COOKIE_CRYPTO_COMMANDS	Used to perform cookie encryption/decryption on behalf of the real server.
CUSTOMIZE_AUTH_KEY	Demonstrate how to customize the crypto key for authentication cookie.
GENERAL_REDIRECT_DEMO	Redirects requests to a URL with user-defined code and cookie. Note: Do NOT use this script "as is". Instead, copy and customize the code, URL, and cookie.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Handbook

Predefined scripts

Predefined scripts

Predefined scripts

Predefined scripts