Fortinet black logo

CLI Reference

user security-exempt-list

user security-exempt-list

Use this command to define security exempt rules/lists.

Note: To view eligible options for the config options in the entries listed below, enter set <entry> ?.

config user security-exempt-list
    edit {name}
    # Configure security exemption list.
        set name {string}   Name of the exempt list. size[35]
        set description {string}   Description. size[127]
        config rule
            edit {id}
            # Configure rules for exempting users from captive portal authentication.
                set id {integer}   ID. range[0-4294967295]
                config srcaddr
                    edit {name}
                    # Source addresses or address groups.
                        set name {string}   Address or group name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
                    next
                config devices
                    edit {name}
                    # Devices or device groups.
                        set name {string}   Device or group name. size[35] - datasource(s): user.device.alias,user.device-group.name,user.device-category.name
                    next
                config dstaddr
                    edit {name}
                    # Destination addresses or address groups.
                        set name {string}   Address or group name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
                    next
                config service
                    edit {name}
                    # Destination services.
                        set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
                    next
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

config rule

A configuration method to create exempt rules. Edit to create new and specify the rule parameters with the entries below.

devices <device>

Devices or device groups to be exempted from Captive Portal, each separated by a space. These groups can be created/edited using the user device-group command.

description [description]

Optional description for the group.

dstaddr <dst-address>

Destination addresses or address groups to be exempted from Captive Portal, each separated by a space.

service <dst-service>

Destination services to be exempted from Captive Portal, each separated by a space.

srcaddr <src-address>

Source addresses or address groups to be exempted from Captive Portal, each separated by a space.

user security-exempt-list

Use this command to define security exempt rules/lists.

Note: To view eligible options for the config options in the entries listed below, enter set <entry> ?.

config user security-exempt-list
    edit {name}
    # Configure security exemption list.
        set name {string}   Name of the exempt list. size[35]
        set description {string}   Description. size[127]
        config rule
            edit {id}
            # Configure rules for exempting users from captive portal authentication.
                set id {integer}   ID. range[0-4294967295]
                config srcaddr
                    edit {name}
                    # Source addresses or address groups.
                        set name {string}   Address or group name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
                    next
                config devices
                    edit {name}
                    # Devices or device groups.
                        set name {string}   Device or group name. size[35] - datasource(s): user.device.alias,user.device-group.name,user.device-category.name
                    next
                config dstaddr
                    edit {name}
                    # Destination addresses or address groups.
                        set name {string}   Address or group name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
                    next
                config service
                    edit {name}
                    # Destination services.
                        set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
                    next
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

config rule

A configuration method to create exempt rules. Edit to create new and specify the rule parameters with the entries below.

devices <device>

Devices or device groups to be exempted from Captive Portal, each separated by a space. These groups can be created/edited using the user device-group command.

description [description]

Optional description for the group.

dstaddr <dst-address>

Destination addresses or address groups to be exempted from Captive Portal, each separated by a space.

service <dst-service>

Destination services to be exempted from Captive Portal, each separated by a space.

srcaddr <src-address>

Source addresses or address groups to be exempted from Captive Portal, each separated by a space.