Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config firewall service custom

Configure custom services.

config firewall service custom

Description: Configure custom services.

edit <name>

set proxy [enable|disable]

set category {string}

set protocol [TCP/UDP/SCTP|ICMP|...]

set helper [auto|disable|...]

set iprange {user}

set fqdn {string}

set protocol-number {integer}

set icmptype {integer}

set icmpcode {integer}

set tcp-portrange {user}

set udp-portrange {user}

set sctp-portrange {user}

set tcp-halfclose-timer {integer}

set tcp-halfopen-timer {integer}

set tcp-timewait-timer {integer}

set udp-idle-timer {integer}

set session-ttl {user}

set check-reset-range [disable|strict|...]

set comment {var-string}

set color {integer}

set visibility [enable|disable]

set app-service-type [disable|app-id|...]

set app-category <id1>, <id2>, ...

set application <id1>, <id2>, ...

next

end

config firewall service custom

Parameter name

Description

Type

Size

proxy

Enable/disable web proxy service.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

category

Service category.

string

Maximum length: 63

protocol

Protocol type based on IANA numbers.

option

-

 

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

helper

Helper name.

option

-

 

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

gtp-c

GTP-C.

gtp-u

GTP-U.

gtp-b

GTP-B.

iprange

Start and end of the IP range associated with service.

user

Not Specified

fqdn

Fully qualified domain name.

string

Maximum length: 255

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

udp-portrange

Multiple UDP port ranges.

user

Not Specified

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 86400

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 86400

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 300

udp-idle-timer

UDP half close timeout (0 - 86400 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 86400

session-ttl

Session TTL (300 - 2764800, 0 = default).

user

Not Specified

check-reset-range

Configure the type of ICMP error message verification.

option

-

 

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

comment

Comment.

var-string

Maximum length: 255

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

visibility

Enable/disable the visibility of the service on the GUI.

option

-

 

Option

Description

enable

Show in service selection.

disable

Hide from service selection.

app-service-type

Application service type.

option

-

 

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

config firewall service custom

Configure custom services.

config firewall service custom

Description: Configure custom services.

edit <name>

set proxy [enable|disable]

set category {string}

set protocol [TCP/UDP/SCTP|ICMP|...]

set helper [auto|disable|...]

set iprange {user}

set fqdn {string}

set protocol-number {integer}

set icmptype {integer}

set icmpcode {integer}

set tcp-portrange {user}

set udp-portrange {user}

set sctp-portrange {user}

set tcp-halfclose-timer {integer}

set tcp-halfopen-timer {integer}

set tcp-timewait-timer {integer}

set udp-idle-timer {integer}

set session-ttl {user}

set check-reset-range [disable|strict|...]

set comment {var-string}

set color {integer}

set visibility [enable|disable]

set app-service-type [disable|app-id|...]

set app-category <id1>, <id2>, ...

set application <id1>, <id2>, ...

next

end

config firewall service custom

Parameter name

Description

Type

Size

proxy

Enable/disable web proxy service.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

category

Service category.

string

Maximum length: 63

protocol

Protocol type based on IANA numbers.

option

-

 

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

helper

Helper name.

option

-

 

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

gtp-c

GTP-C.

gtp-u

GTP-U.

gtp-b

GTP-B.

iprange

Start and end of the IP range associated with service.

user

Not Specified

fqdn

Fully qualified domain name.

string

Maximum length: 255

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

udp-portrange

Multiple UDP port ranges.

user

Not Specified

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 86400

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 86400

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 300

udp-idle-timer

UDP half close timeout (0 - 86400 sec, 0 = default).

integer

Minimum value: 0 Maximum value: 86400

session-ttl

Session TTL (300 - 2764800, 0 = default).

user

Not Specified

check-reset-range

Configure the type of ICMP error message verification.

option

-

 

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

comment

Comment.

var-string

Maximum length: 255

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

visibility

Enable/disable the visibility of the service on the GUI.

option

-

 

Option

Description

enable

Show in service selection.

disable

Hide from service selection.

app-service-type

Application service type.

option

-

 

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295