Fortinet white logo
Fortinet white logo

CLI Reference

config ssh-filter profile

config ssh-filter profile

SSH filter profile.

config ssh-filter profile

Description: SSH filter profile.

edit <name>

set block {option1}, {option2}, ...

set log {option1}, {option2}, ...

set default-command-log [enable|disable]

config shell-commands

Description: SSH command filter.

edit <id>

set type [simple|regex]

set pattern {string}

set action [block|allow]

set log [enable|disable]

set alert [enable|disable]

set severity [low|medium|...]

next

end

next

end

config ssh-filter profile

Parameter

Description

Type

Size

Default

block

SSH blocking options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

log

SSH logging options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

disable

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

config shell-commands

Parameter

Description

Type

Size

Default

type

Matching type.

option

-

simple

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Not Specified

action

Action to take for SSH shell command matches.

option

-

block

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

disable

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

medium

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.

config ssh-filter profile

config ssh-filter profile

SSH filter profile.

config ssh-filter profile

Description: SSH filter profile.

edit <name>

set block {option1}, {option2}, ...

set log {option1}, {option2}, ...

set default-command-log [enable|disable]

config shell-commands

Description: SSH command filter.

edit <id>

set type [simple|regex]

set pattern {string}

set action [block|allow]

set log [enable|disable]

set alert [enable|disable]

set severity [low|medium|...]

next

end

next

end

config ssh-filter profile

Parameter

Description

Type

Size

Default

block

SSH blocking options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

log

SSH logging options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

disable

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

config shell-commands

Parameter

Description

Type

Size

Default

type

Matching type.

option

-

simple

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Not Specified

action

Action to take for SSH shell command matches.

option

-

block

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

disable

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

medium

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.