Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config ssh-filter profile

SSH filter profile.

config ssh-filter profile

Description: SSH filter profile.

edit <name>

set block {option1}, {option2}, ...

set log {option1}, {option2}, ...

set default-command-log [enable|disable]

config shell-commands

Description: SSH command filter.

edit <id>

set type [simple|regex]

set pattern {string}

set action [block|allow]

set log [enable|disable]

set alert [enable|disable]

set severity [low|medium|...]

next

end

config file-filter

Description: File filter.

set status [enable|disable]

set log [enable|disable]

set scan-archive-contents [enable|disable]

config entries

Description: File filter entries.

edit <filter>

set comment {var-string}

set action [log|block]

set direction [incoming|outgoing|...]

set password-protected [yes|any]

set file-type <name1>, <name2>, ...

next

end

end

next

end

config ssh-filter profile

Parameter name

Description

Type

Size

block

SSH blocking options.

option

-

 

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

log

SSH logging options.

option

-

 

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

 

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

config shell-commands

Parameter name

Description

Type

Size

type

Matching type.

option

-

 

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Maximum length: 128

action

Action to take for URL filter matches.

option

-

 

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

 

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

 

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.

config file-filter

Parameter name

Description

Type

Size

status

Enable/disable file filter.

option

-

 

Option

Description

enable

Enable file filter.

disable

Disable file filter.

log

Enable/disable file filter logging.

option

-

 

Option

Description

enable

Enable file filter logging.

disable

Disable file filter logging.

scan-archive-contents

Enable/disable file filter archive contents scan.

option

-

 

Option

Description

enable

Enable file filter archive contents scan.

disable

Disable file filter archive contents scan.

config entries

Parameter name

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

action

Action taken for matched file.

option

-

 

Option

Description

log

Allow the content and write a log message.

block

Block the content and write a log message.

direction

Match files transmitted in the session's originating or reply direction.

option

-

 

Option

Description

incoming

Match files transmitted in the session's originating direction.

outgoing

Match files transmitted in the session's reply direction.

any

Match files transmitted in the session's originating and reply direction.

password-protected

Match password-protected files.

option

-

 

Option

Description

yes

Match only password-protected files.

any

Match any file.

file-type <name>

Select file type.

File type name.

string

Maximum length: 39

config ssh-filter profile

SSH filter profile.

config ssh-filter profile

Description: SSH filter profile.

edit <name>

set block {option1}, {option2}, ...

set log {option1}, {option2}, ...

set default-command-log [enable|disable]

config shell-commands

Description: SSH command filter.

edit <id>

set type [simple|regex]

set pattern {string}

set action [block|allow]

set log [enable|disable]

set alert [enable|disable]

set severity [low|medium|...]

next

end

config file-filter

Description: File filter.

set status [enable|disable]

set log [enable|disable]

set scan-archive-contents [enable|disable]

config entries

Description: File filter entries.

edit <filter>

set comment {var-string}

set action [log|block]

set direction [incoming|outgoing|...]

set password-protected [yes|any]

set file-type <name1>, <name2>, ...

next

end

end

next

end

config ssh-filter profile

Parameter name

Description

Type

Size

block

SSH blocking options.

option

-

 

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

log

SSH logging options.

option

-

 

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

 

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

config shell-commands

Parameter name

Description

Type

Size

type

Matching type.

option

-

 

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Maximum length: 128

action

Action to take for URL filter matches.

option

-

 

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

 

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

 

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.

config file-filter

Parameter name

Description

Type

Size

status

Enable/disable file filter.

option

-

 

Option

Description

enable

Enable file filter.

disable

Disable file filter.

log

Enable/disable file filter logging.

option

-

 

Option

Description

enable

Enable file filter logging.

disable

Disable file filter logging.

scan-archive-contents

Enable/disable file filter archive contents scan.

option

-

 

Option

Description

enable

Enable file filter archive contents scan.

disable

Disable file filter archive contents scan.

config entries

Parameter name

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

action

Action taken for matched file.

option

-

 

Option

Description

log

Allow the content and write a log message.

block

Block the content and write a log message.

direction

Match files transmitted in the session's originating or reply direction.

option

-

 

Option

Description

incoming

Match files transmitted in the session's originating direction.

outgoing

Match files transmitted in the session's reply direction.

any

Match files transmitted in the session's originating and reply direction.

password-protected

Match password-protected files.

option

-

 

Option

Description

yes

Match only password-protected files.

any

Match any file.

file-type <name>

Select file type.

File type name.

string

Maximum length: 39