Fortinet black logo

CLI Reference

config ssh-filter profile

config ssh-filter profile

SSH filter profile.

config ssh-filter profile
    Description: SSH filter profile.
    edit <name>
        set block {option1}, {option2}, ...
        set default-command-log [enable|disable]
        set log {option1}, {option2}, ...
        set name {string}
        config shell-commands
            Description: SSH command filter.
            edit <id>
                set id {integer}
                set type [simple|regex]
                set pattern {string}
                set action [block|allow]
                set log [enable|disable]
                set alert [enable|disable]
                set severity [low|medium|...]
            next
        end
    next
end

config ssh-filter profile

Parameter

Description

Type

Size

Default

block

SSH blocking options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

disable

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

log

SSH logging options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

name

SSH filter profile name.

string

Not Specified

config shell-commands

Parameter

Description

Type

Size

Default

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

type

Matching type.

option

-

simple

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Not Specified

action

Action to take for SSH shell command matches.

option

-

block

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

disable

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

medium

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.

config ssh-filter profile

SSH filter profile.

config ssh-filter profile
    Description: SSH filter profile.
    edit <name>
        set block {option1}, {option2}, ...
        set default-command-log [enable|disable]
        set log {option1}, {option2}, ...
        set name {string}
        config shell-commands
            Description: SSH command filter.
            edit <id>
                set id {integer}
                set type [simple|regex]
                set pattern {string}
                set action [block|allow]
                set log [enable|disable]
                set alert [enable|disable]
                set severity [low|medium|...]
            next
        end
    next
end

config ssh-filter profile

Parameter

Description

Type

Size

Default

block

SSH blocking options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

disable

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

log

SSH logging options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

name

SSH filter profile name.

string

Not Specified

config shell-commands

Parameter

Description

Type

Size

Default

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

type

Matching type.

option

-

simple

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Not Specified

action

Action to take for SSH shell command matches.

option

-

block

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

disable

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

medium

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.