Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.0.0 CLI Reference

ssh-filter profile

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID c287b6bf-a995-11e9-81a4-00505692583a:123811
Download PDF

ssh-filter profile

Use this command to configure shell commands and either block or log various actions, including X server forwarding, SSH shell, SSH execution, port forwarding, tunnel forwarding, SFTP, and any unknown channels

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config ssh-filter profile

New config command.

Configure shell commands and either block or log various actions.

 
config ssh-filter profile
    edit {name}
    # SSH filter profile.
        set name {string}   SSH filter profile name. size[35]
        set block {option}   SSH blocking options.
                x11           X server forwarding.
                shell         SSH shell.
                exec          SSH execution.
                port-forward  Port forwarding.
                tun-forward   Tunnel forwarding.
                sftp          SFTP.
                unknown       Unknown channel.
        set log {option}   SSH logging options.
                x11           X server forwarding.
                shell         SSH shell.
                exec          SSH execution.
                port-forward  Port forwarding.
                tun-forward   Tunnel forwarding.
                sftp          SFTP.
                unknown       Unknown channel.
        set default-command-log {enable | disable}   Enable/disable logging unmatched shell commands.
        config shell-commands
            edit {id}
            # SSH command filter.
                set id {integer}   Id. range[0-4294967295]
                set type {simple | regex}   Matching type.
                        simple  Match single command.
                        regex   Match command line using regular expression.
                set pattern {string}   SSH shell command pattern. size[128]
                set action {block | allow}   Action to take for URL filter matches.
                        block  Block the SSH shell command.
                        allow  Allow the SSH shell command.
                set log {enable | disable}   Enable/disable logging.
                set alert {enable | disable}   Enable/disable alert.
                set severity {low | medium | high | critical}   Log severity.
                        low       Severity low.
                        medium    Severity medium.
                        high      Severity high.
                        critical  Severity critical.
            next
    next
end
Previous
Next

ssh-filter profile

Use this command to configure shell commands and either block or log various actions, including X server forwarding, SSH shell, SSH execution, port forwarding, tunnel forwarding, SFTP, and any unknown channels

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config ssh-filter profile

New config command.

Configure shell commands and either block or log various actions.

 
config ssh-filter profile
    edit {name}
    # SSH filter profile.
        set name {string}   SSH filter profile name. size[35]
        set block {option}   SSH blocking options.
                x11           X server forwarding.
                shell         SSH shell.
                exec          SSH execution.
                port-forward  Port forwarding.
                tun-forward   Tunnel forwarding.
                sftp          SFTP.
                unknown       Unknown channel.
        set log {option}   SSH logging options.
                x11           X server forwarding.
                shell         SSH shell.
                exec          SSH execution.
                port-forward  Port forwarding.
                tun-forward   Tunnel forwarding.
                sftp          SFTP.
                unknown       Unknown channel.
        set default-command-log {enable | disable}   Enable/disable logging unmatched shell commands.
        config shell-commands
            edit {id}
            # SSH command filter.
                set id {integer}   Id. range[0-4294967295]
                set type {simple | regex}   Matching type.
                        simple  Match single command.
                        regex   Match command line using regular expression.
                set pattern {string}   SSH shell command pattern. size[128]
                set action {block | allow}   Action to take for URL filter matches.
                        block  Block the SSH shell command.
                        allow  Allow the SSH shell command.
                set log {enable | disable}   Enable/disable logging.
                set alert {enable | disable}   Enable/disable alert.
                set severity {low | medium | high | critical}   Log severity.
                        low       Severity low.
                        medium    Severity medium.
                        high      Severity high.
                        critical  Severity critical.
            next
    next
end
Previous
Next