Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure custom services.

  config firewall service custom
      Description: Configure custom services.
      edit <name>
          set proxy [enable|disable]
          set category {string}
          set protocol [TCP/UDP/SCTP|ICMP|...]
          set helper [auto|disable|...]
          set iprange {user}
          set fqdn {string}
          set protocol-number {integer}
          set icmptype {integer}
          set icmpcode {integer}
          set tcp-portrange {user}
          set udp-portrange {user}
          set sctp-portrange {user}
          set tcp-halfclose-timer {integer}
          set tcp-halfopen-timer {integer}
          set tcp-timewait-timer {integer}
          set udp-idle-timer {integer}
          set session-ttl {integer}
          set check-reset-range [disable|strict|...]
          set comment {var-string}
          set color {integer}
          set visibility [enable|disable]
          set app-service-type [disable|app-id|...]
          set app-category <id1>, <id2>, ...
          set application <id1>, <id2>, ...
      next
  end

config firewall service custom

Parameter Name Description Type Size
proxy Enable/disable web proxy service.
enable: Enable setting.
disable: Disable setting.
option -
category Service category. string Maximum length: 63
protocol Protocol type based on IANA numbers.
TCP/UDP/SCTP: TCP, UDP and SCTP.
ICMP: ICMP.
ICMP6: ICMP6.
IP: IP.
HTTP: HTTP - for web proxy.
FTP: FTP - for web proxy.
CONNECT: Connect - for web proxy.
SOCKS-TCP: Socks TCP - for web proxy.
SOCKS-UDP: Socks UDP - for web proxy.
ALL: All - for web proxy.
option -
helper Helper name.
auto: Automatically select helper based on protocol and port.
disable: Disable helper.
ftp: FTP.
tftp: TFTP.
ras: RAS.
h323: H323.
tns: TNS.
mms: MMS.
sip: SIP.
pptp: PPTP.
rtsp: RTSP.
dns-udp: DNS UDP.
dns-tcp: DNS TCP.
pmap: PMAP.
rsh: RSH.
dcerpc: DCERPC.
mgcp: MGCP.
option -
iprange Start and end of the IP range associated with service. user Not Specified
fqdn Fully qualified domain name. string Maximum length: 255
protocol-number IP protocol number. integer Minimum value: 0 Maximum value: 254
icmptype ICMP type. integer Minimum value: 0 Maximum value: 4294967295
icmpcode ICMP code. integer Minimum value: 0 Maximum value: 255
tcp-portrange Multiple TCP port ranges. user Not Specified
udp-portrange Multiple UDP port ranges. user Not Specified
sctp-portrange Multiple SCTP port ranges. user Not Specified
tcp-halfclose-timer Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). integer Minimum value: 0 Maximum value: 86400
tcp-halfopen-timer Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). integer Minimum value: 0 Maximum value: 86400
tcp-timewait-timer Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). integer Minimum value: 0 Maximum value: 300
udp-idle-timer UDP half close timeout (0 - 86400 sec, 0 = default). integer Minimum value: 0 Maximum value: 86400
session-ttl Session TTL (300 - 2764800, 0 = default). integer Minimum value: 300 Maximum value: 2764800
check-reset-range Configure the type of ICMP error message verification.
disable: Disable RST range check.
strict: Check RST range strictly.
default: Using system default setting.
option -
comment Comment. var-string Maximum length: 255
color Color of icon on the GUI. integer Minimum value: 0 Maximum value: 32
visibility Enable/disable the visibility of the service on the GUI.
enable: Show in service selection.
disable: Hide from service selection.
option -
app-service-type Application service type.
disable: Disable application type.
app-id: Application ID.
app-category: Applicatin category.
option -
app-category <id> Application category ID.
Application category id.
integer Minimum value: 0 Maximum value: 4294967295
application <id> Application ID.
Application id.
integer Minimum value: 0 Maximum value: 4294967295

Configure custom services.

  config firewall service custom
      Description: Configure custom services.
      edit <name>
          set proxy [enable|disable]
          set category {string}
          set protocol [TCP/UDP/SCTP|ICMP|...]
          set helper [auto|disable|...]
          set iprange {user}
          set fqdn {string}
          set protocol-number {integer}
          set icmptype {integer}
          set icmpcode {integer}
          set tcp-portrange {user}
          set udp-portrange {user}
          set sctp-portrange {user}
          set tcp-halfclose-timer {integer}
          set tcp-halfopen-timer {integer}
          set tcp-timewait-timer {integer}
          set udp-idle-timer {integer}
          set session-ttl {integer}
          set check-reset-range [disable|strict|...]
          set comment {var-string}
          set color {integer}
          set visibility [enable|disable]
          set app-service-type [disable|app-id|...]
          set app-category <id1>, <id2>, ...
          set application <id1>, <id2>, ...
      next
  end

config firewall service custom

Parameter Name Description Type Size
proxy Enable/disable web proxy service.
enable: Enable setting.
disable: Disable setting.
option -
category Service category. string Maximum length: 63
protocol Protocol type based on IANA numbers.
TCP/UDP/SCTP: TCP, UDP and SCTP.
ICMP: ICMP.
ICMP6: ICMP6.
IP: IP.
HTTP: HTTP - for web proxy.
FTP: FTP - for web proxy.
CONNECT: Connect - for web proxy.
SOCKS-TCP: Socks TCP - for web proxy.
SOCKS-UDP: Socks UDP - for web proxy.
ALL: All - for web proxy.
option -
helper Helper name.
auto: Automatically select helper based on protocol and port.
disable: Disable helper.
ftp: FTP.
tftp: TFTP.
ras: RAS.
h323: H323.
tns: TNS.
mms: MMS.
sip: SIP.
pptp: PPTP.
rtsp: RTSP.
dns-udp: DNS UDP.
dns-tcp: DNS TCP.
pmap: PMAP.
rsh: RSH.
dcerpc: DCERPC.
mgcp: MGCP.
option -
iprange Start and end of the IP range associated with service. user Not Specified
fqdn Fully qualified domain name. string Maximum length: 255
protocol-number IP protocol number. integer Minimum value: 0 Maximum value: 254
icmptype ICMP type. integer Minimum value: 0 Maximum value: 4294967295
icmpcode ICMP code. integer Minimum value: 0 Maximum value: 255
tcp-portrange Multiple TCP port ranges. user Not Specified
udp-portrange Multiple UDP port ranges. user Not Specified
sctp-portrange Multiple SCTP port ranges. user Not Specified
tcp-halfclose-timer Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default). integer Minimum value: 0 Maximum value: 86400
tcp-halfopen-timer Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default). integer Minimum value: 0 Maximum value: 86400
tcp-timewait-timer Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). integer Minimum value: 0 Maximum value: 300
udp-idle-timer UDP half close timeout (0 - 86400 sec, 0 = default). integer Minimum value: 0 Maximum value: 86400
session-ttl Session TTL (300 - 2764800, 0 = default). integer Minimum value: 300 Maximum value: 2764800
check-reset-range Configure the type of ICMP error message verification.
disable: Disable RST range check.
strict: Check RST range strictly.
default: Using system default setting.
option -
comment Comment. var-string Maximum length: 255
color Color of icon on the GUI. integer Minimum value: 0 Maximum value: 32
visibility Enable/disable the visibility of the service on the GUI.
enable: Show in service selection.
disable: Hide from service selection.
option -
app-service-type Application service type.
disable: Disable application type.
app-id: Application ID.
app-category: Applicatin category.
option -
app-category <id> Application category ID.
Application category id.
integer Minimum value: 0 Maximum value: 4294967295
application <id> Application ID.
Application id.
integer Minimum value: 0 Maximum value: 4294967295