Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • XML Reference Guide

    Home FortiClient 6.4.10 XML Reference Guide
    6.4.10
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Application firewall

    Application firewall

    The <firewall> </firewall> XML tags contain application firewall configuration data. The set of elements consists of two sections:

    Section

    Description

    General options

    Options that apply to all application firewall activities.

    Profiles

    Defines applications and the actions to apply to them.

    <forticlient_configuration>

    <firewall>

    <enabled>1</enabled>

    <app_enabled>1</app_enabled>

    <enable_exploit_signatures>0</enable_exploit_signatures>

    <candc_enabled>1</candc_enabled>

    <current_profile>0</current_profile>

    <default_action>Pass</default_action>

    <show_bubble_notifications>0</show_bubble_notifications>

    <max_violations>250</max_violations>

    <max_violations_age>7</max_violations_age>

    <bypass_3rd_party_packets>0</bypass_3rd_party_packets>

    <profiles>

    <profile>

    <id>1000</id>

    <rules>

    <rule>

    <enabled>1</enabled>

    <action>Block</action>

    <compliance>1</compliance>

    <application>

    <id>34038,34039</id>

    </application>

    </rule>

    <rule>

    <action>Block</action>

    <compliance>1</compliance>

    <enabled>1</enabled>

    <category>

    <id>8</id>

    </category>

    </rule>

    <rule>

    <action>Pass</action>

    <compliance>1</compliance>

    <enabled>1</enabled>

    <category>

    <id>7,19,29</id>

    </category>

    </rule>

    <rule>

    <action>Block</action>

    <compliance>0</compliance>

    <enabled>1</enabled>

    <category>

    <id>1,2,3</id>

    </category>

    </rule>

    <rule>

    <action>Pass</action>

    <compliance>0</compliance>

    <enabled>1</enabled>

    <category>

    <id>All</id>

    </category>

    </rule>

    <rule>

    <action>Pass</action>

    <compliance>0</compliance>

    <enabled>1</enabled>

    <application>

    <id>0</id>

    </application>

    </rule>

    </rules>

    </profile>

    </profiles>

    </firewall>

    </forticlient_configuration>

    The following table provides the XML tags for application firewall, as well as the descriptions and default values where applicable:

    XML tag

    Description

    Default value

    <enabled>

    Enable application firewall.

    Boolean value: [0 | 1]

    1

    <app_enabled>

    Enable application firewall.

    Boolean value: [0 | 1]

    <enable_exploit_signatures>

    Enable detection of evasive exploits.

    Boolean value: [0 | 1]

    		 0

    <candc_enabled>

    Enable detection of a connection to a botnet command and control server.

    Boolean value: [0 | 1]

    <current_profile>

    		 Currently selected profile ID.

    <default_action>

    Action to enforce on traffic that does not match any of the profiles defined. Enter one of the following:

    • block
    • reset
    • pass

    pass

    <show_bubble_notifications>

    Display a bubble message each time FortiClient blocks an application for matching a profile.

    Boolean value: [0 | 1]

    <max_violations>

    Maximum number of violations stored at any one time.

    A number from 250 to 5000

    5000

    <max_violation_age>

    Maximum age in days of a violation record before it is culled.

    A number from 1 to 90.

    90

    <bypass_3rd_party_packets>

    Enable bypassing packets that third party applications generate.

    Boolean value: [0 | 1]

    0

    The <profiles> tag may contain one or more <profile> tags, each of which has a <rules> element. The <rules> element may, itself, have zero or more <rule> tags.

    The following filter elements may be used to define applications in a <rule> tag:

    <category>

    <vendor>

    <behavior>

    <technology>

    <protocol>

    <application>

    <popularity>

    If the <application> element is present, all other sibling elements (listed above) are ignored. If it is not, a given application must match all of the provided filters to trigger the rule.

    Each of these seven elements is a container for the tag: <ids>, which is a list of the identifiers (numbers) selected for that particular filter. The full <firewall> profile listed at the beginning of this section shows several examples of the use of filters within the <rule> element. Using an <ids> value all selects all matching applications.

    The following table provides profile element XML tags, the description, and the default value (where applicable).

    XML tag

    Description

    Default value

    <profile> element

    <id>

    Unique ID. A unique ID number.

    <profile><rules><rule> elements

    <action>

    Action to enforce on traffic that matches this rule. Select one of the following:

    • block
    • reset
    • pass

    <compliance>

    Specifies whether the rule is a compliance or regular rule. When set to 1, this is a compliance rule. When set to 0 or the tag does not exist, this is a FortiClient profile rule. For more information, see the FortiClient Administration Guide.

    Boolean value: [0 | 1]

    <enabled>

    Enable this rule.

    Boolean value: [0 | 1]

    1

    <category>

    Application categories to apply <action> on.

    csv list

    <vendor>

    Application vendors to apply <action> on.

    csv list

    <behavior>

    Application behavior to apply <action> on.

    csv list

    <technology>

    Technologies used by the applications to apply <action> on.

    csv list

    <protocol>

    Protocols used by the applications to apply <action> on.

    csv list

    <application>

    Identifiers (IDs) of the applications to apply <action> on.

    csv list

    <popularity>

    Popularity of the applications to apply <action> on.

    csv list

    Rule example

    In the following example, FortiClient uses the first rule and the second rule as a FortiClient profile rule:

    <rules>

    <rule>

    <enabled>1</enabled>

    <action>block | warn | monitor</action>

    <compliance>1</compliance>

    <filter>

    <application>

    <ids>36373</ids>

    </application>

    </filter>

    </rule>

    <rule>

    <enabled>1</enabled>

    <action>block | warn | monitor</action>

    <filter>

    <category>

    <ids>1</ids>

    </category>

    </filter>

    </rule>

    </rules>

    Previous
    Next

    Application firewall

    Application firewall

    The <firewall> </firewall> XML tags contain application firewall configuration data. The set of elements consists of two sections:

    Section

    Description

    General options

    Options that apply to all application firewall activities.

    Profiles

    Defines applications and the actions to apply to them.

    <forticlient_configuration>

    <firewall>

    <enabled>1</enabled>

    <app_enabled>1</app_enabled>

    <enable_exploit_signatures>0</enable_exploit_signatures>

    <candc_enabled>1</candc_enabled>

    <current_profile>0</current_profile>

    <default_action>Pass</default_action>

    <show_bubble_notifications>0</show_bubble_notifications>

    <max_violations>250</max_violations>

    <max_violations_age>7</max_violations_age>

    <bypass_3rd_party_packets>0</bypass_3rd_party_packets>

    <profiles>

    <profile>

    <id>1000</id>

    <rules>

    <rule>

    <enabled>1</enabled>

    <action>Block</action>

    <compliance>1</compliance>

    <application>

    <id>34038,34039</id>

    </application>

    </rule>

    <rule>

    <action>Block</action>

    <compliance>1</compliance>

    <enabled>1</enabled>

    <category>

    <id>8</id>

    </category>

    </rule>

    <rule>

    <action>Pass</action>

    <compliance>1</compliance>

    <enabled>1</enabled>

    <category>

    <id>7,19,29</id>

    </category>

    </rule>

    <rule>

    <action>Block</action>

    <compliance>0</compliance>

    <enabled>1</enabled>

    <category>

    <id>1,2,3</id>

    </category>

    </rule>

    <rule>

    <action>Pass</action>

    <compliance>0</compliance>

    <enabled>1</enabled>

    <category>

    <id>All</id>

    </category>

    </rule>

    <rule>

    <action>Pass</action>

    <compliance>0</compliance>

    <enabled>1</enabled>

    <application>

    <id>0</id>

    </application>

    </rule>

    </rules>

    </profile>

    </profiles>

    </firewall>

    </forticlient_configuration>

    The following table provides the XML tags for application firewall, as well as the descriptions and default values where applicable:

    XML tag

    Description

    Default value

    <enabled>

    Enable application firewall.

    Boolean value: [0 | 1]

    1

    <app_enabled>

    Enable application firewall.

    Boolean value: [0 | 1]

    <enable_exploit_signatures>

    Enable detection of evasive exploits.

    Boolean value: [0 | 1]

    		 0

    <candc_enabled>

    Enable detection of a connection to a botnet command and control server.

    Boolean value: [0 | 1]

    <current_profile>

    		 Currently selected profile ID.

    <default_action>

    Action to enforce on traffic that does not match any of the profiles defined. Enter one of the following:

    • block
    • reset
    • pass

    pass

    <show_bubble_notifications>

    Display a bubble message each time FortiClient blocks an application for matching a profile.

    Boolean value: [0 | 1]

    <max_violations>

    Maximum number of violations stored at any one time.

    A number from 250 to 5000

    5000

    <max_violation_age>

    Maximum age in days of a violation record before it is culled.

    A number from 1 to 90.

    90

    <bypass_3rd_party_packets>

    Enable bypassing packets that third party applications generate.

    Boolean value: [0 | 1]

    0

    The <profiles> tag may contain one or more <profile> tags, each of which has a <rules> element. The <rules> element may, itself, have zero or more <rule> tags.

    The following filter elements may be used to define applications in a <rule> tag:

    <category>

    <vendor>

    <behavior>

    <technology>

    <protocol>

    <application>

    <popularity>

    If the <application> element is present, all other sibling elements (listed above) are ignored. If it is not, a given application must match all of the provided filters to trigger the rule.

    Each of these seven elements is a container for the tag: <ids>, which is a list of the identifiers (numbers) selected for that particular filter. The full <firewall> profile listed at the beginning of this section shows several examples of the use of filters within the <rule> element. Using an <ids> value all selects all matching applications.

    The following table provides profile element XML tags, the description, and the default value (where applicable).

    XML tag

    Description

    Default value

    <profile> element

    <id>

    Unique ID. A unique ID number.

    <profile><rules><rule> elements

    <action>

    Action to enforce on traffic that matches this rule. Select one of the following:

    • block
    • reset
    • pass

    <compliance>

    Specifies whether the rule is a compliance or regular rule. When set to 1, this is a compliance rule. When set to 0 or the tag does not exist, this is a FortiClient profile rule. For more information, see the FortiClient Administration Guide.

    Boolean value: [0 | 1]

    <enabled>

    Enable this rule.

    Boolean value: [0 | 1]

    1

    <category>

    Application categories to apply <action> on.

    csv list

    <vendor>

    Application vendors to apply <action> on.

    csv list

    <behavior>

    Application behavior to apply <action> on.

    csv list

    <technology>

    Technologies used by the applications to apply <action> on.

    csv list

    <protocol>

    Protocols used by the applications to apply <action> on.

    csv list

    <application>

    Identifiers (IDs) of the applications to apply <action> on.

    csv list

    <popularity>

    Popularity of the applications to apply <action> on.

    csv list

    Rule example

    In the following example, FortiClient uses the first rule and the second rule as a FortiClient profile rule:

    <rules>

    <rule>

    <enabled>1</enabled>

    <action>block | warn | monitor</action>

    <compliance>1</compliance>

    <filter>

    <application>

    <ids>36373</ids>

    </application>

    </filter>

    </rule>

    <rule>

    <enabled>1</enabled>

    <action>block | warn | monitor</action>

    <filter>

    <category>

    <ids>1</ids>

    </category>

    </filter>

    </rule>

    </rules>

    Previous
    Next