Fortinet white logo
Fortinet white logo

CLI Reference

config firewall service custom

config firewall service custom

Configure custom services.

config firewall service custom
    Description: Configure custom services.
    edit <name>
        set app-category <id1>, <id2>, ...
        set app-service-type [disable|app-id|...]
        set application <id1>, <id2>, ...
        set category {string}
        set check-reset-range [disable|strict|...]
        set color {integer}
        set comment {var-string}
        set fabric-object [enable|disable]
        set fqdn {string}
        set helper [auto|disable|...]
        set icmpcode {integer}
        set icmptype {integer}
        set iprange {user}
        set name {string}
        set protocol [TCP/UDP/SCTP|ICMP|...]
        set protocol-number {integer}
        set proxy [enable|disable]
        set sctp-portrange {user}
        set session-ttl {user}
        set tcp-halfclose-timer {integer}
        set tcp-halfopen-timer {integer}
        set tcp-portrange {user}
        set tcp-timewait-timer {integer}
        set udp-idle-timer {integer}
        set udp-portrange {user}
        set visibility [enable|disable]
    next
end

config firewall service custom

Parameter

Description

Type

Size

Default

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

app-service-type

Application service type.

option

-

disable

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

category

Service category.

string

Not Specified

check-reset-range

Configure the type of ICMP error message verification.

option

-

default

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

comment

Comment.

var-string

Not Specified

fabric-object

Security Fabric global object setting.

option

-

disable

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

fqdn

Fully qualified domain name.

string

Not Specified

helper

Helper name.

option

-

auto

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

iprange

Start and end of the IP range associated with service.

user

Not Specified

name

Custom service name.

string

Not Specified

protocol

Protocol type based on IANA numbers.

option

-

TCP/UDP/SCTP

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

0

proxy

Enable/disable web proxy service.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

session-ttl

Session TTL.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet.

integer

Minimum value: 0 Maximum value: 86400

0

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet.

integer

Minimum value: 0 Maximum value: 86400

0

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds.

integer

Minimum value: 0 Maximum value: 300

0

udp-idle-timer

UDP half close timeout.

integer

Minimum value: 0 Maximum value: 86400

0

udp-portrange

Multiple UDP port ranges.

user

Not Specified

visibility

Enable/disable the visibility of the service on the GUI.

option

-

enable

Option

Description

enable

Show in service selection.

disable

Hide from service selection.

config firewall service custom

config firewall service custom

Configure custom services.

config firewall service custom
    Description: Configure custom services.
    edit <name>
        set app-category <id1>, <id2>, ...
        set app-service-type [disable|app-id|...]
        set application <id1>, <id2>, ...
        set category {string}
        set check-reset-range [disable|strict|...]
        set color {integer}
        set comment {var-string}
        set fabric-object [enable|disable]
        set fqdn {string}
        set helper [auto|disable|...]
        set icmpcode {integer}
        set icmptype {integer}
        set iprange {user}
        set name {string}
        set protocol [TCP/UDP/SCTP|ICMP|...]
        set protocol-number {integer}
        set proxy [enable|disable]
        set sctp-portrange {user}
        set session-ttl {user}
        set tcp-halfclose-timer {integer}
        set tcp-halfopen-timer {integer}
        set tcp-portrange {user}
        set tcp-timewait-timer {integer}
        set udp-idle-timer {integer}
        set udp-portrange {user}
        set visibility [enable|disable]
    next
end

config firewall service custom

Parameter

Description

Type

Size

Default

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

app-service-type

Application service type.

option

-

disable

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

category

Service category.

string

Not Specified

check-reset-range

Configure the type of ICMP error message verification.

option

-

default

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

comment

Comment.

var-string

Not Specified

fabric-object

Security Fabric global object setting.

option

-

disable

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

fqdn

Fully qualified domain name.

string

Not Specified

helper

Helper name.

option

-

auto

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

iprange

Start and end of the IP range associated with service.

user

Not Specified

name

Custom service name.

string

Not Specified

protocol

Protocol type based on IANA numbers.

option

-

TCP/UDP/SCTP

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

0

proxy

Enable/disable web proxy service.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

session-ttl

Session TTL.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet.

integer

Minimum value: 0 Maximum value: 86400

0

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet.

integer

Minimum value: 0 Maximum value: 86400

0

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds.

integer

Minimum value: 0 Maximum value: 300

0

udp-idle-timer

UDP half close timeout.

integer

Minimum value: 0 Maximum value: 86400

0

udp-portrange

Multiple UDP port ranges.

user

Not Specified

visibility

Enable/disable the visibility of the service on the GUI.

option

-

enable

Option

Description

enable

Show in service selection.

disable

Hide from service selection.