Fortinet black logo

CLI Reference

ips rule

Configure IPS rules.

  config ips rule
      Description: Configure IPS rules.
      edit <name>
          set status [disable|enable]
          set log [disable|enable]
          set log-packet [disable|enable]
          set action [pass|block]
          set group {string}
          set severity {user}
          set location {user}
          set os {user}
          set application {user}
          set service {user}
          set rule-id {integer}
          set rev {integer}
          set date {integer}
          config metadata
              Description: Meta data.
              edit <id>
                  set metaid {integer}
                  set valueid {integer}
              next
          end
      next
  end

config ips rule

Parameter Name Description Type Size
status Enable/disable status.
disable: Disable status.
enable: Enable status.
option -
log Enable/disable logging.
disable: Disable logging.
enable: Enable logging.
option -
log-packet Enable/disable packet logging.
disable: Disable packet logging.
enable: Enable packet logging.
option -
action Action.
pass: Pass or allow matching traffic.
block: Block or drop matching traffic.
option -
group Group. string Maximum length: 63
severity Severity. user Not Specified
location Vulnerable location. user Not Specified
os Vulnerable operation systems. user Not Specified
application Vulnerable applications. user Not Specified
service Vulnerable service. user Not Specified
rule-id Rule ID. integer Minimum value: 0 Maximum value: 4294967295
rev Revision. integer Minimum value: 0 Maximum value: 4294967295
date Date. integer Minimum value: 0 Maximum value: 4294967295

config metadata

Parameter Name Description Type Size
metaid Meta ID. integer Minimum value: 0 Maximum value: 4294967295
valueid Value ID. integer Minimum value: 0 Maximum value: 4294967295

Configure IPS rules.

  config ips rule
      Description: Configure IPS rules.
      edit <name>
          set status [disable|enable]
          set log [disable|enable]
          set log-packet [disable|enable]
          set action [pass|block]
          set group {string}
          set severity {user}
          set location {user}
          set os {user}
          set application {user}
          set service {user}
          set rule-id {integer}
          set rev {integer}
          set date {integer}
          config metadata
              Description: Meta data.
              edit <id>
                  set metaid {integer}
                  set valueid {integer}
              next
          end
      next
  end

config ips rule

Parameter Name Description Type Size
status Enable/disable status.
disable: Disable status.
enable: Enable status.
option -
log Enable/disable logging.
disable: Disable logging.
enable: Enable logging.
option -
log-packet Enable/disable packet logging.
disable: Disable packet logging.
enable: Enable packet logging.
option -
action Action.
pass: Pass or allow matching traffic.
block: Block or drop matching traffic.
option -
group Group. string Maximum length: 63
severity Severity. user Not Specified
location Vulnerable location. user Not Specified
os Vulnerable operation systems. user Not Specified
application Vulnerable applications. user Not Specified
service Vulnerable service. user Not Specified
rule-id Rule ID. integer Minimum value: 0 Maximum value: 4294967295
rev Revision. integer Minimum value: 0 Maximum value: 4294967295
date Date. integer Minimum value: 0 Maximum value: 4294967295

config metadata

Parameter Name Description Type Size
metaid Meta ID. integer Minimum value: 0 Maximum value: 4294967295
valueid Value ID. integer Minimum value: 0 Maximum value: 4294967295