CLI Reference

alertemail
- alertemail setting
antivirus
- antivirus heuristic
- antivirus profile
- antivirus quarantine
- antivirus settings
application
- application custom
- application group
- application list
- application name
- application rule-settings
authentication
- authentication rule
- authentication scheme
- authentication setting
certificate
- certificate ca
- certificate crl
- certificate local
cifs
- cifs domain-controller
- cifs profile
dlp
- dlp filepattern
- dlp fp-doc-source
- dlp sensitivity
- dlp sensor
- dlp settings
dnsfilter
- dnsfilter domain-filter
- dnsfilter profile
emailfilter
- emailfilter bwl
- emailfilter bword
- emailfilter dnsbl
- emailfilter fortishield
- emailfilter iptrust
- emailfilter mheader
- emailfilter options
- emailfilter profile
endpoint-control
- endpoint-control client
- endpoint-control fctems
- endpoint-control settings
extender-controller
- extender-controller extender
firewall
- firewall DoS-policy
- firewall DoS-policy6
- firewall acl
- firewall acl6
- firewall address
- firewall address6
- firewall address6-template
- firewall addrgrp
- firewall addrgrp6
- firewall auth-portal
- firewall central-snat-map
- firewall consolidated policy
- firewall dnstranslation
- firewall identity-based-route
- firewall interface-policy
- firewall interface-policy6
- firewall internet-service
- firewall internet-service-addition
- firewall internet-service-custom
- firewall internet-service-custom-group
- firewall internet-service-definition
- firewall internet-service-extension
- firewall internet-service-group
- firewall ip-translation
- firewall ipmacbinding setting
- firewall ipmacbinding table
- firewall ippool
- firewall ippool6
- firewall ipv6-eh-filter
- firewall ldb-monitor
- firewall local-in-policy
- firewall local-in-policy6
- firewall multicast-address
- firewall multicast-address6
- firewall multicast-policy
- firewall multicast-policy6
- firewall policy
- firewall policy46
- firewall policy6
- firewall policy64
- firewall profile-group
- firewall profile-protocol-options
- firewall proxy-address
- firewall proxy-addrgrp
- firewall proxy-policy
- firewall schedule group
- firewall schedule onetime
- firewall schedule recurring
- firewall security-policy
- firewall service category
- firewall service custom
- firewall service group
- firewall shaper per-ip-shaper
- firewall shaper traffic-shaper
- firewall shaping-policy
- firewall shaping-profile
- firewall sniffer
- firewall ssh host-key
- firewall ssh local-ca
- firewall ssh local-key
- firewall ssh setting
- firewall ssl setting
- firewall ssl-server
- firewall ssl-ssh-profile
- firewall ttl-policy
- firewall vip
- firewall vip46
- firewall vip6
- firewall vip64
- firewall vipgrp
- firewall vipgrp46
- firewall vipgrp6
- firewall vipgrp64
- firewall wildcard-fqdn custom
- firewall wildcard-fqdn group
ftp-proxy
- ftp-proxy explicit
icap
- icap profile
- icap server
ips
- ips custom
- ips decoder
- ips global
- ips rule
- ips rule-settings
- ips sensor
- ips settings
log
- log custom-field
- log disk filter
- log disk setting
- log eventfilter
- log fortianalyzer filter
- log fortianalyzer override-filter
- log fortianalyzer override-setting
- log fortianalyzer setting
- log fortianalyzer-cloud filter
- log fortianalyzer-cloud override-filter
- log fortianalyzer-cloud override-setting
- log fortianalyzer-cloud setting
- log fortianalyzer2 filter
- log fortianalyzer2 override-filter
- log fortianalyzer2 override-setting
- log fortianalyzer2 setting
- log fortianalyzer3 filter
- log fortianalyzer3 override-filter
- log fortianalyzer3 override-setting
- log fortianalyzer3 setting
- log fortiguard filter
- log fortiguard override-filter
- log fortiguard override-setting
- log fortiguard setting
- log gui-display
- log memory filter
- log memory global-setting
- log memory setting
- log null-device filter
- log null-device setting
- log setting
- log syslogd filter
- log syslogd override-filter
- log syslogd override-setting
- log syslogd setting
- log syslogd2 filter
- log syslogd2 override-filter
- log syslogd2 override-setting
- log syslogd2 setting
- log syslogd3 filter
- log syslogd3 override-filter
- log syslogd3 override-setting
- log syslogd3 setting
- log syslogd4 filter
- log syslogd4 override-filter
- log syslogd4 override-setting
- log syslogd4 setting
- log threat-weight
- log webtrends filter
- log webtrends setting
report
- report chart
- report dataset
- report layout
- report setting
- report style
- report theme
router
- router access-list
- router access-list6
- router aspath-list
- router auth-path
- router bfd
- router bfd6
- router bgp
- router community-list
- router isis
- router key-chain
- router multicast
- router multicast-flow
- router multicast6
- router ospf
- router ospf6
- router policy
- router policy6
- router prefix-list
- router prefix-list6
- router rip
- router ripng
- router route-map
- router setting
- router static
- router static6
ssh-filter
- ssh-filter profile
switch-controller
- switch-controller 802-1X-settings
- switch-controller auto-config custom
- switch-controller auto-config default
- switch-controller auto-config policy
- switch-controller custom-command
- switch-controller flow-tracking
- switch-controller global
- switch-controller igmp-snooping
- switch-controller lldp-profile
- switch-controller lldp-settings
- switch-controller location
- switch-controller mac-sync-settings
- switch-controller managed-switch
- switch-controller network-monitor-settings
- switch-controller qos dot1p-map
- switch-controller qos ip-dscp-map
- switch-controller qos qos-policy
- switch-controller qos queue-policy
- switch-controller quarantine
- switch-controller remote-log
- switch-controller security-policy 802-1X
- switch-controller security-policy captive-portal
- switch-controller security-policy local-access
- switch-controller sflow
- switch-controller snmp-community
- switch-controller snmp-sysinfo
- switch-controller snmp-trap-threshold
- switch-controller snmp-user
- switch-controller storm-control
- switch-controller storm-control-policy
- switch-controller stp-instance
- switch-controller stp-settings
- switch-controller switch-group
- switch-controller switch-interface-tag
- switch-controller switch-log
- switch-controller switch-profile
- switch-controller system
- switch-controller traffic-policy
- switch-controller traffic-sniffer
- switch-controller virtual-port-pool
- switch-controller vlan
system
- system 3g-modem custom
- system accprofile
- system admin
- system alarm
- system alias
- system api-user
- system arp-table
- system auto-install
- system auto-script
- system automation-action
- system automation-destination
- system automation-stitch
- system automation-trigger
- system autoupdate push-update
- system autoupdate schedule
- system autoupdate tunneling
- system central-management
- system cluster-sync
- system console
- system csf
- system custom-language
- system ddns
- system dedicated-mgmt
- system dhcp server
- system dhcp6 server
- system dns
- system dns-database
- system dns-server
- system dscp-based-priority
- system email-server
- system external-resource
- system fips-cc
- system fm
- system fortiguard
- system fortimanager
- system fortisandbox
- system fsso-polling
- system ftm-push
- system geoip-override
- system global
- system gre-tunnel
- system ha
- system ha-monitor
- system interface
- system ipip-tunnel
- system ips-urlfilter-dns
- system ips-urlfilter-dns6
- system ipsec-aggregate
- system ipv6-neighbor-cache
- system ipv6-tunnel
- system link-monitor
- system lldp network-policy
- system lte-modem
- system mac-address-table
- system management-tunnel
- system mobile-tunnel
- system modem
- system nat64
- system nd-proxy
- system netflow
- system network-visibility
- system ntp
- system object-tagging
- system password-policy
- system password-policy-guest-admin
- system physical-switch
- system pppoe-interface
- system probe-response
- system proxy-arp
- system ptp
- system replacemsg admin
- system replacemsg alertmail
- system replacemsg auth
- system replacemsg device-detection-portal
- system replacemsg fortiguard-wf
- system replacemsg ftp
- system replacemsg http
- system replacemsg icap
- system replacemsg mail
- system replacemsg nac-quar
- system replacemsg nntp
- system replacemsg spam
- system replacemsg sslvpn
- system replacemsg traffic-quota
- system replacemsg utm
- system replacemsg webproxy
- system replacemsg-group
- system replacemsg-image
- system resource-limits
- system saml
- system sdn-connector
- system session-helper
- system session-ttl
- system settings
- system sflow
- system sit-tunnel
- system sms-server
- system snmp community
- system snmp sysinfo
- system snmp user
- system speed-test-server
- system sso-admin
- system storage
- system stp
- system switch-interface
- system tos-based-priority
- system vdom
- system vdom-dns
- system vdom-exception
- system vdom-link
- system vdom-netflow
- system vdom-property
- system vdom-radius-server
- system vdom-sflow
- system virtual-switch
- system virtual-wan-link
- system virtual-wire-pair
- system vxlan
- system wccp
- system zone
user
- user adgrp
- user device
- user device-group
- user domain-controller
- user exchange
- user fortitoken
- user fsso
- user fsso-polling
- user group
- user krb-keytab
- user ldap
- user local
- user password-policy
- user peer
- user peergrp
- user pop3
- user quarantine
- user radius
- user security-exempt-list
- user setting
- user tacacs+
voip
- voip profile
vpn
- vpn certificate ca
- vpn certificate crl
- vpn certificate local
- vpn certificate ocsp-server
- vpn certificate remote
- vpn certificate setting
- vpn ipsec concentrator
- vpn ipsec forticlient
- vpn ipsec manualkey
- vpn ipsec manualkey-interface
- vpn ipsec phase1
- vpn ipsec phase1-interface
- vpn ipsec phase2
- vpn ipsec phase2-interface
- vpn l2tp
- vpn ocvpn
- vpn pptp
- vpn ssl settings
- vpn ssl web host-check-software
- vpn ssl web portal
- vpn ssl web realm
- vpn ssl web user-bookmark
- vpn ssl web user-group-bookmark
waf
- waf main-class
- waf profile
- waf signature
- waf sub-class
wanopt
- wanopt auth-group
- wanopt cache-service
- wanopt content-delivery-network-rule
- wanopt peer
- wanopt profile
- wanopt remote-storage
- wanopt settings
- wanopt webcache
web-proxy
- web-proxy debug-url
- web-proxy explicit
- web-proxy forward-server
- web-proxy forward-server-group
- web-proxy global
- web-proxy profile
- web-proxy url-match
- web-proxy wisp
webfilter
- webfilter content
- webfilter content-header
- webfilter fortiguard
- webfilter ftgd-local-cat
- webfilter ftgd-local-rating
- webfilter ips-urlfilter-cache-setting
- webfilter ips-urlfilter-setting
- webfilter ips-urlfilter-setting6
- webfilter override
- webfilter profile
- webfilter search-engine
- webfilter urlfilter
wireless-controller
- wireless-controller address
- wireless-controller addrgrp
- wireless-controller ap-status
- wireless-controller ble-profile
- wireless-controller bonjour-profile
- wireless-controller global
- wireless-controller hotspot20 anqp-3gpp-cellular
- wireless-controller hotspot20 anqp-ip-address-type
- wireless-controller hotspot20 anqp-nai-realm
- wireless-controller hotspot20 anqp-network-auth-type
- wireless-controller hotspot20 anqp-roaming-consortium
- wireless-controller hotspot20 anqp-venue-name
- wireless-controller hotspot20 h2qp-conn-capability
- wireless-controller hotspot20 h2qp-operator-name
- wireless-controller hotspot20 h2qp-osu-provider
- wireless-controller hotspot20 h2qp-wan-metric
- wireless-controller hotspot20 hs-profile
- wireless-controller hotspot20 icon
- wireless-controller hotspot20 qos-map
- wireless-controller inter-controller
- wireless-controller log
- wireless-controller qos-profile
- wireless-controller region
- wireless-controller setting
- wireless-controller snmp
- wireless-controller timers
- wireless-controller utm-profile
- wireless-controller vap
- wireless-controller vap-group
- wireless-controller wids-profile
- wireless-controller wtp
- wireless-controller wtp-group
- wireless-controller wtp-profile

Home FortiGate / FortiOS 6.2.1 CLI Reference

6.2.1

log threat-weight

Configure threat weight settings.

  config log threat-weight
      Description: Configure threat weight settings.
      set status [enable|disable]
      config level
          Description: Score mapping for threat weight levels.
          set low {integer}
          set medium {integer}
          set high {integer}
          set critical {integer}
      end
      set blocked-connection [disable|low|...]
      set failed-connection [disable|low|...]
      set url-block-detected [disable|low|...]
      set botnet-connection-detected [disable|low|...]
      config malware
          Description: Anti-virus malware threat weight settings.
          set virus-infected [disable|low|...]
          set file-blocked [disable|low|...]
          set command-blocked [disable|low|...]
          set oversized [disable|low|...]
          set virus-scan-error [disable|low|...]
          set switch-proto [disable|low|...]
          set mimefragmented [disable|low|...]
          set virus-file-type-executable [disable|low|...]
          set virus-outbreak-prevention [disable|low|...]
          set content-disarm [disable|low|...]
          set malware-list [disable|low|...]
          set fsa-malicious [disable|low|...]
          set fsa-high-risk [disable|low|...]
          set fsa-medium-risk [disable|low|...]
      end
      config ips
          Description: IPS threat weight settings.
          set info-severity [disable|low|...]
          set low-severity [disable|low|...]
          set medium-severity [disable|low|...]
          set high-severity [disable|low|...]
          set critical-severity [disable|low|...]
      end
      config web
          Description: Web filtering threat weight settings.
          edit <id>
              set category {integer}
              set level [disable|low|...]
          next
      end
      config geolocation
          Description: Geolocation-based threat weight settings.
          edit <id>
              set country {string}
              set level [disable|low|...]
          next
      end
      config application
          Description: Application-control threat weight settings.
          edit <id>
              set category {integer}
              set level [disable|low|...]
          next
      end
  end

config log threat-weight

Parameter Name	Description	Type	Size
status	Enable/disable the threat weight feature. enable: Enable the threat weight feature. disable: Disable the threat weight feature.	option	-
blocked-connection	Threat weight score for blocked connections. disable: Disable threat weight scoring for blocked connections. low: Use the low level score for blocked connections. medium: Use the medium level score for blocked connections. high: Use the high level score for blocked connections. critical: Use the critical level score for blocked connections.	option	-
failed-connection	Threat weight score for failed connections. disable: Disable threat weight scoring for failed connections. low: Use the low level score for failed connections. medium: Use the medium level score for failed connections. high: Use the high level score for failed connections. critical: Use the critical level score for failed connections.	option	-
url-block-detected	Threat weight score for URL blocking. disable: Disable threat weight scoring for URL blocking. low: Use the low level score for URL blocking. medium: Use the medium level score for URL blocking. high: Use the high level score for URL blocking. critical: Use the critical level score for URL blocking.	option	-
botnet-connection-detected	Threat weight score for detected botnet connections. disable: Disable threat weight scoring for detected botnet connections. low: Use the low level score for detected botnet connections. medium: Use the medium level score for detected botnet connections. high: Use the high level score for detected botnet connections. critical: Use the critical level score for detected botnet connections.	option	-

Parameter Name	Description	Type	Size
low	Low level score value (1 - 100).	integer	Minimum value: 1 Maximum value: 100
medium	Medium level score value (1 - 100).	integer	Minimum value: 1 Maximum value: 100
high	High level score value (1 - 100).	integer	Minimum value: 1 Maximum value: 100
critical	Critical level score value (1 - 100).	integer	Minimum value: 1 Maximum value: 100

Parameter Name	Description	Type	Size
virus-infected	Threat weight score for virus (infected) detected. disable: Disable threat weight scoring for virus (infected) detected. low: Use the low level score for virus (infected) detected. medium: Use the medium level score for virus (infected) detected. high: Use the high level score for virus (infected) detected. critical: Use the critical level score for virus (infected) detected.	option	-
file-blocked	Threat weight score for blocked file detected. disable: Disable threat weight scoring for blocked file detected. low: Use the low level score for blocked file detected. medium: Use the medium level score for blocked file detected. high: Use the high level score for blocked file detected. critical: Use the critical level score for blocked file detected.	option	-
command-blocked	Threat weight score for blocked command detected. disable: Disable threat weight scoring for blocked command detected. low: Use the low level score for blocked command detected. medium: Use the medium level score for blocked command detected. high: Use the high level score for blocked command detected. critical: Use the critical level score for blocked command detected.	option	-
oversized	Threat weight score for oversized file detected. disable: Disable threat weight scoring for oversized file detected. low: Use the low level score for oversized file detected. medium: Use the medium level score for oversized file detected. high: Use the high level score for oversized file detected. critical: Use the critical level score for oversized file detected.	option	-
virus-scan-error	Threat weight score for virus (scan error) detected. disable: Disable threat weight scoring for virus (scan error) detected. low: Use the low level score for virus (scan error) detected. medium: Use the medium level score for virus (scan error) detected. high: Use the high level score for virus (scan error) detected. critical: Use the critical level score for virus (scan error) detected.	option	-
switch-proto	Threat weight score for switch proto detected. disable: Disable threat weight scoring for switch proto detected. low: Use the low level score for switch proto detected. medium: Use the medium level score for switch proto detected. high: Use the high level score for switch proto detected. critical: Use the critical level score for switch proto detected.	option	-
mimefragmented	Threat weight score for mimefragmented detected. disable: Disable threat weight scoring for mimefragmented detected. low: Use the low level score for mimefragmented detected. medium: Use the medium level score for mimefragmented detected. high: Use the high level score for mimefragmented detected. critical: Use the critical level score for mimefragmented detected.	option	-
virus-file-type-executable	Threat weight score for virus (filetype executable) detected. disable: Disable threat weight scoring for virus (filetype executable) detected. low: Use the low level score for virus (filetype executable) detected. medium: Use the medium level score for virus (filetype executable) detected. high: Use the high level score for virus (filetype executable) detected. critical: Use the critical level score for virus (filetype executable) detected.	option	-
virus-outbreak-prevention	Threat weight score for virus (outbreak prevention) event. disable: Disable threat weight scoring for virus (outbreak prevention) event. low: Use the low level score for virus (outbreak prevention) event. medium: Use the medium level score for virus (outbreak prevention) event. high: Use the high level score for virus (outbreak prevention) event. critical: Use the critical level score for virus (outbreak prevention) event.	option	-
content-disarm	Threat weight score for virus (content disarm) detected. disable: Disable threat weight scoring for virus (content disarm) detected. low: Use the low level score for virus (content disarm) detected. medium: Use the medium level score for virus (content disarm) detected. high: Use the high level score for virus (content disarm) detected. critical: Use the critical level score for virus (content disarm) detected.	option	-
malware-list	Threat weight score for virus (malware list) detected. disable: Disable threat weight scoring for virus (malware list) detected. low: Use the low level score for virus (malware list) detected. medium: Use the medium level score for virus (malware list) detected. high: Use the high level score for virus (malware list) detected. critical: Use the critical level score for virus (malware list) detected.	option	-
fsa-malicious	Threat weight score for FortiSandbox malicious malware detected. disable: Disable threat weight scoring for FortiSandbox malicious malware detected. low: Use the low level score for FortiSandbox malicious malware detected. medium: Use the medium level score for FortiSandbox malicious malware detected. high: Use the high level score for FortiSandbox malicious malware detected. critical: Use the critical level score for FortiSandbox malicious malware detected.	option	-
fsa-high-risk	Threat weight score for FortiSandbox high risk malware detected. disable: Disable threat weight scoring for FortiSandbox high risk malware detected. low: Use the low level score for FortiSandbox high risk malware detected. medium: Use the medium level score for FortiSandbox high risk malware detected. high: Use the high level score for FortiSandbox high risk malware detected. critical: Use the critical level score for FortiSandbox high risk malware detected.	option	-
fsa-medium-risk	Threat weight score for FortiSandbox medium risk malware detected. disable: Disable threat weight scoring for FortiSandbox medium risk malware detected. low: Use the low level score for FortiSandbox medium risk malware detected. medium: Use the medium level score for FortiSandbox medium risk malware detected. high: Use the high level score for FortiSandbox medium risk malware detected. critical: Use the critical level score for FortiSandbox medium risk malware detected.	option	-

Parameter Name	Description	Type	Size
info-severity	Threat weight score for IPS info severity events. disable: Disable threat weight scoring for IPS info severity events. low: Use the low level score for IPS info severity events. medium: Use the medium level score for IPS info severity events. high: Use the high level score for IPS info severity events. critical: Use the critical level score for IPS info severity events.	option	-
low-severity	Threat weight score for IPS low severity events. disable: Disable threat weight scoring for IPS low severity events. low: Use the low level score for IPS low severity events. medium: Use the medium level score for IPS low severity events. high: Use the high level score for IPS low severity events. critical: Use the critical level score for IPS low severity events.	option	-
medium-severity	Threat weight score for IPS medium severity events. disable: Disable threat weight scoring for IPS medium severity events. low: Use the low level score for IPS medium severity events. medium: Use the medium level score for IPS medium severity events. high: Use the high level score for IPS medium severity events. critical: Use the critical level score for IPS medium severity events.	option	-
high-severity	Threat weight score for IPS high severity events. disable: Disable threat weight scoring for IPS high severity events. low: Use the low level score for IPS high severity events. medium: Use the medium level score for IPS high severity events. high: Use the high level score for IPS high severity events. critical: Use the critical level score for IPS high severity events.	option	-
critical-severity	Threat weight score for IPS critical severity events. disable: Disable threat weight scoring for IPS critical severity events. low: Use the low level score for IPS critical severity events. medium: Use the medium level score for IPS critical severity events. high: Use the high level score for IPS critical severity events. critical: Use the critical level score for IPS critical severity events.	option	-

Parameter Name	Description	Type	Size
category	Threat weight score for web category filtering matches.	integer	Minimum value: 0 Maximum value: 255
level	Threat weight score for web category filtering matches. disable: Disable threat weight scoring for web category filtering matches. low: Use the low level score for web category filtering matches. medium: Use the medium level score for web category filtering matches. high: Use the high level score for web category filtering matches. critical: Use the critical level score for web category filtering matches.	option	-

Parameter Name	Description	Type	Size
country	Country code.	string	Maximum length: 2
level	Threat weight score for Geolocation-based events. disable: Disable threat weight scoring for Geolocation-based events. low: Use the low level score for Geolocation-based events. medium: Use the medium level score for Geolocation-based events. high: Use the high level score for Geolocation-based events. critical: Use the critical level score for Geolocation-based events.	option	-

Parameter Name	Description	Type	Size
category	Application category.	integer	Minimum value: 0 Maximum value: 65535
level	Threat weight score for Application events. disable: Disable threat weight scoring for Application events. low: Use the low level score for Application events. medium: Use the medium level score for Application events. high: Use the high level score for Application events. critical: Use the critical level score for Application events.	option	-

Configure threat weight settings.

config log threat-weight Description: Configure threat weight settings. set status [enable|disable] config level Description: Score mapping for threat weight levels. set low {integer} set medium {integer} set high {integer} set critical {integer} end set blocked-connection [disable|low|...] set failed-connection [disable|low|...] set url-block-detected [disable|low|...] set botnet-connection-detected [disable|low|...] config malware Description: Anti-virus malware threat weight settings. set virus-infected [disable|low|...] set file-blocked [disable|low|...] set command-blocked [disable|low|...] set oversized [disable|low|...] set virus-scan-error [disable|low|...] set switch-proto [disable|low|...] set mimefragmented [disable|low|...] set virus-file-type-executable [disable|low|...] set virus-outbreak-prevention [disable|low|...] set content-disarm [disable|low|...] set malware-list [disable|low|...] set fsa-malicious [disable|low|...] set fsa-high-risk [disable|low|...] set fsa-medium-risk [disable|low|...] end config ips Description: IPS threat weight settings. set info-severity [disable|low|...] set low-severity [disable|low|...] set medium-severity [disable|low|...] set high-severity [disable|low|...] set critical-severity [disable|low|...] end config web Description: Web filtering threat weight settings. edit <id> set category {integer} set level [disable|low|...] next end config geolocation Description: Geolocation-based threat weight settings. edit <id> set country {string} set level [disable|low|...] next end config application Description: Application-control threat weight settings. edit <id> set category {integer} set level [disable|low|...] next end end

config log threat-weight

Parameter Name

Description

Type

Size

status

Enable/disable the threat weight feature.
enable: Enable the threat weight feature.
disable: Disable the threat weight feature.

option

blocked-connection

Threat weight score for blocked connections.
disable: Disable threat weight scoring for blocked connections.
low: Use the low level score for blocked connections.
medium: Use the medium level score for blocked connections.
high: Use the high level score for blocked connections.
critical: Use the critical level score for blocked connections.

option

failed-connection

Threat weight score for failed connections.
disable: Disable threat weight scoring for failed connections.
low: Use the low level score for failed connections.
medium: Use the medium level score for failed connections.
high: Use the high level score for failed connections.
critical: Use the critical level score for failed connections.

option

url-block-detected

Threat weight score for URL blocking.
disable: Disable threat weight scoring for URL blocking.
low: Use the low level score for URL blocking.
medium: Use the medium level score for URL blocking.
high: Use the high level score for URL blocking.
critical: Use the critical level score for URL blocking.

option

botnet-connection-detected

Threat weight score for detected botnet connections.
disable: Disable threat weight scoring for detected botnet connections.
low: Use the low level score for detected botnet connections.
medium: Use the medium level score for detected botnet connections.
high: Use the high level score for detected botnet connections.
critical: Use the critical level score for detected botnet connections.

option

Parameter Name

Description

Type

Size

low

Low level score value (1 - 100).

integer

Minimum value: 1 Maximum value: 100

medium

Medium level score value (1 - 100).

integer

Minimum value: 1 Maximum value: 100

high

High level score value (1 - 100).

integer

Minimum value: 1 Maximum value: 100

critical

Critical level score value (1 - 100).

integer

Minimum value: 1 Maximum value: 100

Parameter Name

Description

Type

Size

virus-infected

Threat weight score for virus (infected) detected.
disable: Disable threat weight scoring for virus (infected) detected.
low: Use the low level score for virus (infected) detected.
medium: Use the medium level score for virus (infected) detected.
high: Use the high level score for virus (infected) detected.
critical: Use the critical level score for virus (infected) detected.

option

file-blocked

Threat weight score for blocked file detected.
disable: Disable threat weight scoring for blocked file detected.
low: Use the low level score for blocked file detected.
medium: Use the medium level score for blocked file detected.
high: Use the high level score for blocked file detected.
critical: Use the critical level score for blocked file detected.

option

command-blocked

Threat weight score for blocked command detected.
disable: Disable threat weight scoring for blocked command detected.
low: Use the low level score for blocked command detected.
medium: Use the medium level score for blocked command detected.
high: Use the high level score for blocked command detected.
critical: Use the critical level score for blocked command detected.

option

oversized

Threat weight score for oversized file detected.
disable: Disable threat weight scoring for oversized file detected.
low: Use the low level score for oversized file detected.
medium: Use the medium level score for oversized file detected.
high: Use the high level score for oversized file detected.
critical: Use the critical level score for oversized file detected.

option

virus-scan-error

Threat weight score for virus (scan error) detected.
disable: Disable threat weight scoring for virus (scan error) detected.
low: Use the low level score for virus (scan error) detected.
medium: Use the medium level score for virus (scan error) detected.
high: Use the high level score for virus (scan error) detected.
critical: Use the critical level score for virus (scan error) detected.

option

switch-proto

Threat weight score for switch proto detected.
disable: Disable threat weight scoring for switch proto detected.
low: Use the low level score for switch proto detected.
medium: Use the medium level score for switch proto detected.
high: Use the high level score for switch proto detected.
critical: Use the critical level score for switch proto detected.

option

mimefragmented

Threat weight score for mimefragmented detected.
disable: Disable threat weight scoring for mimefragmented detected.
low: Use the low level score for mimefragmented detected.
medium: Use the medium level score for mimefragmented detected.
high: Use the high level score for mimefragmented detected.
critical: Use the critical level score for mimefragmented detected.

option

virus-file-type-executable

Threat weight score for virus (filetype executable) detected.
disable: Disable threat weight scoring for virus (filetype executable) detected.
low: Use the low level score for virus (filetype executable) detected.
medium: Use the medium level score for virus (filetype executable) detected.
high: Use the high level score for virus (filetype executable) detected.
critical: Use the critical level score for virus (filetype executable) detected.

option

virus-outbreak-prevention

Threat weight score for virus (outbreak prevention) event.
disable: Disable threat weight scoring for virus (outbreak prevention) event.
low: Use the low level score for virus (outbreak prevention) event.
medium: Use the medium level score for virus (outbreak prevention) event.
high: Use the high level score for virus (outbreak prevention) event.
critical: Use the critical level score for virus (outbreak prevention) event.

option

content-disarm

Threat weight score for virus (content disarm) detected.
disable: Disable threat weight scoring for virus (content disarm) detected.
low: Use the low level score for virus (content disarm) detected.
medium: Use the medium level score for virus (content disarm) detected.
high: Use the high level score for virus (content disarm) detected.
critical: Use the critical level score for virus (content disarm) detected.

option

malware-list

Threat weight score for virus (malware list) detected.
disable: Disable threat weight scoring for virus (malware list) detected.
low: Use the low level score for virus (malware list) detected.
medium: Use the medium level score for virus (malware list) detected.
high: Use the high level score for virus (malware list) detected.
critical: Use the critical level score for virus (malware list) detected.

option

fsa-malicious

Threat weight score for FortiSandbox malicious malware detected.
disable: Disable threat weight scoring for FortiSandbox malicious malware detected.
low: Use the low level score for FortiSandbox malicious malware detected.
medium: Use the medium level score for FortiSandbox malicious malware detected.
high: Use the high level score for FortiSandbox malicious malware detected.
critical: Use the critical level score for FortiSandbox malicious malware detected.

option

fsa-high-risk

Threat weight score for FortiSandbox high risk malware detected.
disable: Disable threat weight scoring for FortiSandbox high risk malware detected.
low: Use the low level score for FortiSandbox high risk malware detected.
medium: Use the medium level score for FortiSandbox high risk malware detected.
high: Use the high level score for FortiSandbox high risk malware detected.
critical: Use the critical level score for FortiSandbox high risk malware detected.

option

fsa-medium-risk

Threat weight score for FortiSandbox medium risk malware detected.
disable: Disable threat weight scoring for FortiSandbox medium risk malware detected.
low: Use the low level score for FortiSandbox medium risk malware detected.
medium: Use the medium level score for FortiSandbox medium risk malware detected.
high: Use the high level score for FortiSandbox medium risk malware detected.
critical: Use the critical level score for FortiSandbox medium risk malware detected.

option

Parameter Name

Description

Type

Size

info-severity

Threat weight score for IPS info severity events.
disable: Disable threat weight scoring for IPS info severity events.
low: Use the low level score for IPS info severity events.
medium: Use the medium level score for IPS info severity events.
high: Use the high level score for IPS info severity events.
critical: Use the critical level score for IPS info severity events.

option

low-severity

Threat weight score for IPS low severity events.
disable: Disable threat weight scoring for IPS low severity events.
low: Use the low level score for IPS low severity events.
medium: Use the medium level score for IPS low severity events.
high: Use the high level score for IPS low severity events.
critical: Use the critical level score for IPS low severity events.

option

medium-severity

Threat weight score for IPS medium severity events.
disable: Disable threat weight scoring for IPS medium severity events.
low: Use the low level score for IPS medium severity events.
medium: Use the medium level score for IPS medium severity events.
high: Use the high level score for IPS medium severity events.
critical: Use the critical level score for IPS medium severity events.

option

high-severity

Threat weight score for IPS high severity events.
disable: Disable threat weight scoring for IPS high severity events.
low: Use the low level score for IPS high severity events.
medium: Use the medium level score for IPS high severity events.
high: Use the high level score for IPS high severity events.
critical: Use the critical level score for IPS high severity events.

option

critical-severity

Threat weight score for IPS critical severity events.
disable: Disable threat weight scoring for IPS critical severity events.
low: Use the low level score for IPS critical severity events.
medium: Use the medium level score for IPS critical severity events.
high: Use the high level score for IPS critical severity events.
critical: Use the critical level score for IPS critical severity events.

option

Parameter Name

Description

Type

Size

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

log threat-weight

Configure threat weight settings.

config log threat-weight

log threat-weight

Configure threat weight settings.

config log threat-weight