Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure IPS rules.

  config ips rule
      Description: Configure IPS rules.
      edit <name>
          set status [disable|enable]
          set log [disable|enable]
          set log-packet [disable|enable]
          set action [pass|block]
          set group {string}
          set severity {option}
          set location {option1}, {option2}, ...
          set os {user}
          set application {user}
          set service {user}
          set rule-id {integer}
          set rev {integer}
          set date {integer}
          config metadata
              Description: Meta data.
              edit <id>
                  set metaid {integer}
                  set valueid {integer}
              next
          end
      next
  end

config ips rule

Parameter Name Description Type Size
status Enable/disable status.
disable: Disable status.
enable: Enable status.
option -
log Enable/disable logging.
disable: Disable logging.
enable: Enable logging.
option -
log-packet Enable/disable packet logging.
disable: Disable packet logging.
enable: Enable packet logging.
option -
action Action.
pass: Pass or allow matching traffic.
block: Block or drop matching traffic.
option -
group Group. string Maximum length: 63
severity Severity.
option -
location Vulnerable location.
option -
os Vulnerable operation systems. user Not Specified
application Vulnerable applications. user Not Specified
service Vulnerable service. user Not Specified
rule-id Rule ID. integer Minimum value: 0 Maximum value: 4294967295
rev Revision. integer Minimum value: 0 Maximum value: 4294967295
date Date. integer Minimum value: 0 Maximum value: 4294967295

config metadata

Parameter Name Description Type Size
metaid Meta ID. integer Minimum value: 0 Maximum value: 4294967295
valueid Value ID. integer Minimum value: 0 Maximum value: 4294967295

Configure IPS rules.

  config ips rule
      Description: Configure IPS rules.
      edit <name>
          set status [disable|enable]
          set log [disable|enable]
          set log-packet [disable|enable]
          set action [pass|block]
          set group {string}
          set severity {option}
          set location {option1}, {option2}, ...
          set os {user}
          set application {user}
          set service {user}
          set rule-id {integer}
          set rev {integer}
          set date {integer}
          config metadata
              Description: Meta data.
              edit <id>
                  set metaid {integer}
                  set valueid {integer}
              next
          end
      next
  end

config ips rule

Parameter Name Description Type Size
status Enable/disable status.
disable: Disable status.
enable: Enable status.
option -
log Enable/disable logging.
disable: Disable logging.
enable: Enable logging.
option -
log-packet Enable/disable packet logging.
disable: Disable packet logging.
enable: Enable packet logging.
option -
action Action.
pass: Pass or allow matching traffic.
block: Block or drop matching traffic.
option -
group Group. string Maximum length: 63
severity Severity.
option -
location Vulnerable location.
option -
os Vulnerable operation systems. user Not Specified
application Vulnerable applications. user Not Specified
service Vulnerable service. user Not Specified
rule-id Rule ID. integer Minimum value: 0 Maximum value: 4294967295
rev Revision. integer Minimum value: 0 Maximum value: 4294967295
date Date. integer Minimum value: 0 Maximum value: 4294967295

config metadata

Parameter Name Description Type Size
metaid Meta ID. integer Minimum value: 0 Maximum value: 4294967295
valueid Value ID. integer Minimum value: 0 Maximum value: 4294967295