Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

SSH filter profile.

  config ssh-filter profile
      Description: SSH filter profile.
      edit <name>
          set block {option1}, {option2}, ...
          set log {option1}, {option2}, ...
          set default-command-log [enable|disable]
          config shell-commands
              Description: SSH command filter.
              edit <id>
                  set type [simple|regex]
                  set pattern {string}
                  set action [block|allow]
                  set log [enable|disable]
                  set alert [enable|disable]
                  set severity [low|medium|...]
              next
          end
      next
  end

config ssh-filter profile

Parameter Name Description Type Size
block SSH blocking options.
x11: X server forwarding.
shell: SSH shell.
exec: SSH execution.
port-forward: Port forwarding.
tun-forward: Tunnel forwarding.
sftp: SFTP.
unknown: Unknown channel.
option -
log SSH logging options.
x11: X server forwarding.
shell: SSH shell.
exec: SSH execution.
port-forward: Port forwarding.
tun-forward: Tunnel forwarding.
sftp: SFTP.
unknown: Unknown channel.
option -
default-command-log Enable/disable logging unmatched shell commands.
enable: Enable log unmatched shell commands.
disable: Disable log unmatched shell commands.
option -

config shell-commands

Parameter Name Description Type Size
type Matching type.
simple: Match single command.
regex: Match command line using regular expression.
option -
pattern SSH shell command pattern. string Maximum length: 128
action Action to take for URL filter matches.
block: Block the SSH shell command.
allow: Allow the SSH shell command.
option -
log Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
alert Enable/disable alert.
enable: Enable alert.
disable: Disable alert.
option -
severity Log severity.
low: Severity low.
medium: Severity medium.
high: Severity high.
critical: Severity critical.
option -

SSH filter profile.

  config ssh-filter profile
      Description: SSH filter profile.
      edit <name>
          set block {option1}, {option2}, ...
          set log {option1}, {option2}, ...
          set default-command-log [enable|disable]
          config shell-commands
              Description: SSH command filter.
              edit <id>
                  set type [simple|regex]
                  set pattern {string}
                  set action [block|allow]
                  set log [enable|disable]
                  set alert [enable|disable]
                  set severity [low|medium|...]
              next
          end
      next
  end

config ssh-filter profile

Parameter Name Description Type Size
block SSH blocking options.
x11: X server forwarding.
shell: SSH shell.
exec: SSH execution.
port-forward: Port forwarding.
tun-forward: Tunnel forwarding.
sftp: SFTP.
unknown: Unknown channel.
option -
log SSH logging options.
x11: X server forwarding.
shell: SSH shell.
exec: SSH execution.
port-forward: Port forwarding.
tun-forward: Tunnel forwarding.
sftp: SFTP.
unknown: Unknown channel.
option -
default-command-log Enable/disable logging unmatched shell commands.
enable: Enable log unmatched shell commands.
disable: Disable log unmatched shell commands.
option -

config shell-commands

Parameter Name Description Type Size
type Matching type.
simple: Match single command.
regex: Match command line using regular expression.
option -
pattern SSH shell command pattern. string Maximum length: 128
action Action to take for URL filter matches.
block: Block the SSH shell command.
allow: Allow the SSH shell command.
option -
log Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
alert Enable/disable alert.
enable: Enable alert.
disable: Disable alert.
option -
severity Log severity.
low: Severity low.
medium: Severity medium.
high: Severity high.
critical: Severity critical.
option -