Fortinet black logo

CLI Reference

config firewall sniffer

config firewall sniffer

Configure sniffer.

config firewall sniffer

Description: Configure sniffer.

edit <id>

set status [enable|disable]

set logtraffic [all|utm|...]

set ipv6 [enable|disable]

set non-ip [enable|disable]

set interface {string}

set host {string}

set port {string}

set protocol {string}

set vlan {string}

set application-list-status [enable|disable]

set application-list {string}

set ips-sensor-status [enable|disable]

set ips-sensor {string}

set dsri [enable|disable]

set av-profile-status [enable|disable]

set av-profile {string}

set webfilter-profile-status [enable|disable]

set webfilter-profile {string}

set emailfilter-profile-status [enable|disable]

set emailfilter-profile {string}

set dlp-sensor-status [enable|disable]

set dlp-sensor {string}

set ips-dos-status [enable|disable]

config anomaly

Description: Configuration method to edit Denial of Service (DoS) anomaly settings.

edit <name>

set status [disable|enable]

set log [enable|disable]

set action [pass|block|...]

set quarantine [none|attacker]

set quarantine-expiry {user}

set quarantine-log [disable|enable]

set threshold {integer}

set threshold(default) {integer}

next

end

set max-packet-count {integer}

next

end

config firewall sniffer

Parameter name

Description

Type

Size

status

Enable/disable the active status of the sniffer.

option

-

Option

Description

enable

Enable sniffer status.

disable

Disable sniffer status.

logtraffic

Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.

option

-

Option

Description

all

Log all sessions accepted or denied by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

ipv6

Enable/disable sniffing IPv6 packets.

option

-

Option

Description

enable

Enable sniffer for IPv6 packets.

disable

Disable sniffer for IPv6 packets.

non-ip

Enable/disable sniffing non-IP packets.

option

-

Option

Description

enable

Enable sniffer for non-IP packets.

disable

Disable sniffer for non-IP packets.

interface

Interface name that traffic sniffing will take place on.

string

Maximum length: 35

host

Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).

string

Maximum length: 63

port

Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).

string

Maximum length: 63

protocol

Integer value for the protocol type as defined by IANA (0 - 255).

string

Maximum length: 63

vlan

List of VLANs to sniff.

string

Maximum length: 63

application-list-status

Enable/disable application control profile.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

application-list

Name of an existing application list.

string

Maximum length: 35

ips-sensor-status

Enable/disable IPS sensor.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ips-sensor

Name of an existing IPS sensor.

string

Maximum length: 35

dsri

Enable/disable DSRI.

option

-

Option

Description

enable

Enable DSRI.

disable

Disable DSRI.

av-profile-status

Enable/disable antivirus profile.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

av-profile

Name of an existing antivirus profile.

string

Maximum length: 35

webfilter-profile-status

Enable/disable web filter profile.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

webfilter-profile

Name of an existing web filter profile.

string

Maximum length: 35

emailfilter-profile-status

Enable/disable emailfilter.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

emailfilter-profile

Name of an existing email filter profile.

string

Maximum length: 35

dlp-sensor-status

Enable/disable DLP sensor.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

dlp-sensor

Name of an existing DLP sensor.

string

Maximum length: 35

ips-dos-status

Enable/disable IPS DoS anomaly detection.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-packet-count

Maximum packet count (1 - 1000000, default = 4000).

integer

Minimum value: 1 Maximum value: 1000000

config anomaly

Parameter name

Description

Type

Size

status

Enable/disable this anomaly.

option

-

Option

Description

disable

Disable this status.

enable

Enable this status.

log

Enable/disable anomaly logging.

option

-

Option

Description

enable

Enable anomaly logging.

disable

Disable anomaly logging.

action

Action taken when the threshold is reached.

option

-

Option

Description

pass

Allow traffic but record a log message if logging is enabled.

block

Block traffic if this anomaly is found.

proxy

Use a proxy to control the traffic flow.

quarantine

Quarantine method.

option

-

Option

Description

none

Quarantine is disabled.

attacker

Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker.

user

Not Specified

quarantine-log

Enable/disable quarantine logging.

option

-

Option

Description

disable

Disable quarantine logging.

enable

Enable quarantine logging.

threshold

Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.

integer

Minimum value: 1 Maximum value: 2147483647

threshold(default)

Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it.

integer

Minimum value: 0 Maximum value: 4294967295

config firewall sniffer

Configure sniffer.

config firewall sniffer

Description: Configure sniffer.

edit <id>

set status [enable|disable]

set logtraffic [all|utm|...]

set ipv6 [enable|disable]

set non-ip [enable|disable]

set interface {string}

set host {string}

set port {string}

set protocol {string}

set vlan {string}

set application-list-status [enable|disable]

set application-list {string}

set ips-sensor-status [enable|disable]

set ips-sensor {string}

set dsri [enable|disable]

set av-profile-status [enable|disable]

set av-profile {string}

set webfilter-profile-status [enable|disable]

set webfilter-profile {string}

set emailfilter-profile-status [enable|disable]

set emailfilter-profile {string}

set dlp-sensor-status [enable|disable]

set dlp-sensor {string}

set ips-dos-status [enable|disable]

config anomaly

Description: Configuration method to edit Denial of Service (DoS) anomaly settings.

edit <name>

set status [disable|enable]

set log [enable|disable]

set action [pass|block|...]

set quarantine [none|attacker]

set quarantine-expiry {user}

set quarantine-log [disable|enable]

set threshold {integer}

set threshold(default) {integer}

next

end

set max-packet-count {integer}

next

end

config firewall sniffer

Parameter name

Description

Type

Size

status

Enable/disable the active status of the sniffer.

option

-

Option

Description

enable

Enable sniffer status.

disable

Disable sniffer status.

logtraffic

Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.

option

-

Option

Description

all

Log all sessions accepted or denied by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

ipv6

Enable/disable sniffing IPv6 packets.

option

-

Option

Description

enable

Enable sniffer for IPv6 packets.

disable

Disable sniffer for IPv6 packets.

non-ip

Enable/disable sniffing non-IP packets.

option

-

Option

Description

enable

Enable sniffer for non-IP packets.

disable

Disable sniffer for non-IP packets.

interface

Interface name that traffic sniffing will take place on.

string

Maximum length: 35

host

Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240).

string

Maximum length: 63

port

Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200).

string

Maximum length: 63

protocol

Integer value for the protocol type as defined by IANA (0 - 255).

string

Maximum length: 63

vlan

List of VLANs to sniff.

string

Maximum length: 63

application-list-status

Enable/disable application control profile.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

application-list

Name of an existing application list.

string

Maximum length: 35

ips-sensor-status

Enable/disable IPS sensor.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ips-sensor

Name of an existing IPS sensor.

string

Maximum length: 35

dsri

Enable/disable DSRI.

option

-

Option

Description

enable

Enable DSRI.

disable

Disable DSRI.

av-profile-status

Enable/disable antivirus profile.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

av-profile

Name of an existing antivirus profile.

string

Maximum length: 35

webfilter-profile-status

Enable/disable web filter profile.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

webfilter-profile

Name of an existing web filter profile.

string

Maximum length: 35

emailfilter-profile-status

Enable/disable emailfilter.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

emailfilter-profile

Name of an existing email filter profile.

string

Maximum length: 35

dlp-sensor-status

Enable/disable DLP sensor.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

dlp-sensor

Name of an existing DLP sensor.

string

Maximum length: 35

ips-dos-status

Enable/disable IPS DoS anomaly detection.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-packet-count

Maximum packet count (1 - 1000000, default = 4000).

integer

Minimum value: 1 Maximum value: 1000000

config anomaly

Parameter name

Description

Type

Size

status

Enable/disable this anomaly.

option

-

Option

Description

disable

Disable this status.

enable

Enable this status.

log

Enable/disable anomaly logging.

option

-

Option

Description

enable

Enable anomaly logging.

disable

Disable anomaly logging.

action

Action taken when the threshold is reached.

option

-

Option

Description

pass

Allow traffic but record a log message if logging is enabled.

block

Block traffic if this anomaly is found.

proxy

Use a proxy to control the traffic flow.

quarantine

Quarantine method.

option

-

Option

Description

none

Quarantine is disabled.

attacker

Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

quarantine-expiry

Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker.

user

Not Specified

quarantine-log

Enable/disable quarantine logging.

option

-

Option

Description

disable

Disable quarantine logging.

enable

Enable quarantine logging.

threshold

Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.

integer

Minimum value: 1 Maximum value: 2147483647

threshold(default)

Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it.

integer

Minimum value: 0 Maximum value: 4294967295