Fortinet black logo

CLI Reference

user quarantine

user quarantine

Use this command to enable the quarantine feature for managed FortiSwitches and/or FortiAPs. You can also use this command to create permanent quarantines of MAC addresses.

Please note that, previously, a diminished version of this feature was found under config switch-controller quarantine, where only MAC adresses were able to be specified.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.1.

Command Description

config targets

edit <name>

delete <quarantine-entry-name>

config macs

edit <name>

delete <mac-address>

Previously, each FortiGate quarantined MAC addresses independently. Now MAC entries can be grouped together (based on their description), making it easier to remove multiple associated quarantine MACs at once.

Use the delete option under config macs to release a single MAC address from quarantine, or use the delete option under config targets to delete all MAC addresses listed in an entry.

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config user quarantine

New config command.

This is an enhanced version of an old command, config switch-controller quarantine.

config user quarantine
    set quarantine {enable | disable}   Enable/disable quarantine.
    config targets
        edit {entry}
        # Quarantine entry to hold multiple MACs.
            set entry {string}   Quarantine entry name. size[63]
            set description {string}   Description for the quarantine entry. size[63]
            config macs
                edit {mac}
                # Quarantine MACs.
                    set mac {mac address}   Quarantine MAC.
                    set entry-id {integer}   FSW entry id for the quarantine MAC. range[0-4294967295]
                    set description {string}   Description for the quarantine MAC. size[63]
                    set parent {string}   Parent entry name. size[63]
                next
        next
end

user quarantine

Use this command to enable the quarantine feature for managed FortiSwitches and/or FortiAPs. You can also use this command to create permanent quarantines of MAC addresses.

Please note that, previously, a diminished version of this feature was found under config switch-controller quarantine, where only MAC adresses were able to be specified.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.1.

Command Description

config targets

edit <name>

delete <quarantine-entry-name>

config macs

edit <name>

delete <mac-address>

Previously, each FortiGate quarantined MAC addresses independently. Now MAC entries can be grouped together (based on their description), making it easier to remove multiple associated quarantine MACs at once.

Use the delete option under config macs to release a single MAC address from quarantine, or use the delete option under config targets to delete all MAC addresses listed in an entry.

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config user quarantine

New config command.

This is an enhanced version of an old command, config switch-controller quarantine.

config user quarantine
    set quarantine {enable | disable}   Enable/disable quarantine.
    config targets
        edit {entry}
        # Quarantine entry to hold multiple MACs.
            set entry {string}   Quarantine entry name. size[63]
            set description {string}   Description for the quarantine entry. size[63]
            config macs
                edit {mac}
                # Quarantine MACs.
                    set mac {mac address}   Quarantine MAC.
                    set entry-id {integer}   FSW entry id for the quarantine MAC. range[0-4294967295]
                    set description {string}   Description for the quarantine MAC. size[63]
                    set parent {string}   Parent entry name. size[63]
                next
        next
end