Fortinet black logo

Handbook

Text strings

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:932330
Download PDF

Text strings

The configuration of a FortiGate is stored in the FortiOS configuration database. To change the configuration, you can use the GUI or CLI to add, delete, or change configuration settings. These changes are stored in the database as you make them. Individual settings in the configuration database can be text strings, numeric values, selections from a list of allowed options, or on/off (enable/disable) settings.

Entering text strings (names)

Text strings are used to name entities in the configuration. For example, the name of a firewall address, the name of an administrative user, and so on. You can enter any character in a FortiGate configuration text string, except the following characters that present cross-site scripting (XSS) vulnerabilities:

  • (double quote)
  • ' (single quote)
  • < (less than)
  • > (greater than)

Most GUI text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.

note icon

There is a different character limitation for VDOM names and hostnames. The only valid characters are numbers (0-9), letters (a-z, A-Z), and special characters - (dash) and _ (underscore).

You can also use the tree command in the CLI to view the number of characters allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the GUI, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following tree command to confirm that the firewall address name field allows 64 characters.

config firewall address

tree

-- [address] --*name (64)

|- uuid

|- subnet

|- type

|- start-ip

|- end-ip

|- fqdn (256)

|- country (3)

|- cache-ttl (0,86400)

|- wildcard

|- comment

|- visibility

|- associated-interface (36)

|- color (0,32)

|- [tags] --*name (65)

+- allow-routing

The tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully qualified domain name (fqdn) field can contain up to 256 characters.

Entering numeric values

Numeric values set various sizes, rates, addresses, and other numeric values (e.g. a static routing priority of 10, a port number of 8080, an IP address of 10.10.10.1). Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or, as in the case of MAC or IPv6 addresses, separated by colons (e.g. the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base 10 numbers, but some fields, such as MAC addresses, require hexadecimal numbers.

Most GUI numeric value fields make it easy to add the acceptable number of digits within the allowed range. CLI help text includes information about allowed numeric value ranges. Both the GUI and the CLI prevent you from entering invalid numbers.

Text strings

The configuration of a FortiGate is stored in the FortiOS configuration database. To change the configuration, you can use the GUI or CLI to add, delete, or change configuration settings. These changes are stored in the database as you make them. Individual settings in the configuration database can be text strings, numeric values, selections from a list of allowed options, or on/off (enable/disable) settings.

Entering text strings (names)

Text strings are used to name entities in the configuration. For example, the name of a firewall address, the name of an administrative user, and so on. You can enter any character in a FortiGate configuration text string, except the following characters that present cross-site scripting (XSS) vulnerabilities:

  • (double quote)
  • ' (single quote)
  • < (less than)
  • > (greater than)

Most GUI text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.

note icon

There is a different character limitation for VDOM names and hostnames. The only valid characters are numbers (0-9), letters (a-z, A-Z), and special characters - (dash) and _ (underscore).

You can also use the tree command in the CLI to view the number of characters allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the GUI, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following tree command to confirm that the firewall address name field allows 64 characters.

config firewall address

tree

-- [address] --*name (64)

|- uuid

|- subnet

|- type

|- start-ip

|- end-ip

|- fqdn (256)

|- country (3)

|- cache-ttl (0,86400)

|- wildcard

|- comment

|- visibility

|- associated-interface (36)

|- color (0,32)

|- [tags] --*name (65)

+- allow-routing

The tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully qualified domain name (fqdn) field can contain up to 256 characters.

Entering numeric values

Numeric values set various sizes, rates, addresses, and other numeric values (e.g. a static routing priority of 10, a port number of 8080, an IP address of 10.10.10.1). Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or, as in the case of MAC or IPv6 addresses, separated by colons (e.g. the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base 10 numbers, but some fields, such as MAC addresses, require hexadecimal numbers.

Most GUI numeric value fields make it easy to add the acceptable number of digits within the allowed range. CLI help text includes information about allowed numeric value ranges. Both the GUI and the CLI prevent you from entering invalid numbers.