Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

firewall ttl-policy

Use this command to create Generalized TTL Security Mechanism (GTSM) policies.

config firewall ttl-policy
    edit {id}
    # Configure TTL policies.
        set id {integer}   ID. range[0-4294967295]
        set status {enable | disable}   Enable/disable this TTL policy.
        set action {accept | deny}   Action to be performed on traffic matching this policy (default = deny).
                accept  Allow traffic matching this policy.
                deny    Deny or block traffic matching this policy.
        set srcintf {string}   Source interface name from available interfaces. size[35] - datasource(s): system.zone.name,system.interface.name
        config srcaddr
            edit {name}
            # Source address object(s) from available options. Separate multiple names with a space.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config service
            edit {name}
            # Service object(s) from available options. Separate multiple names with a space.
                set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set schedule {string}   Schedule object from available options. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        set ttl {string}   Value/range to match against the packet's Time to Live value (format: ttl[ - ttl_high], 1 - 255).
    next
end

Additional information

The following section is for those options that require additional explanation.

firewall ttl-policy

Use this command to create Generalized TTL Security Mechanism (GTSM) policies.

config firewall ttl-policy
    edit {id}
    # Configure TTL policies.
        set id {integer}   ID. range[0-4294967295]
        set status {enable | disable}   Enable/disable this TTL policy.
        set action {accept | deny}   Action to be performed on traffic matching this policy (default = deny).
                accept  Allow traffic matching this policy.
                deny    Deny or block traffic matching this policy.
        set srcintf {string}   Source interface name from available interfaces. size[35] - datasource(s): system.zone.name,system.interface.name
        config srcaddr
            edit {name}
            # Source address object(s) from available options. Separate multiple names with a space.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config service
            edit {name}
            # Service object(s) from available options. Separate multiple names with a space.
                set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set schedule {string}   Schedule object from available options. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        set ttl {string}   Value/range to match against the packet's Time to Live value (format: ttl[ - ttl_high], 1 - 255).
    next
end

Additional information

The following section is for those options that require additional explanation.