Fortinet black logo

CLI Reference

config ssh-filter profile

config ssh-filter profile

SSH filter profile.

config ssh-filter profile
    Description: SSH filter profile.
    edit <name>
        set block {option1}, {option2}, ...
        set default-command-log [enable|disable]
        set log {option1}, {option2}, ...
        config shell-commands
            Description: SSH command filter.
            edit <id>
                set type [simple|regex]
                set pattern {string}
                set action [block|allow]
                set log [enable|disable]
                set alert [enable|disable]
                set severity [low|medium|...]
            next
        end
    next
end

config ssh-filter profile

Parameter

Description

Type

Size

Default

block

SSH blocking options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

disable

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

log

SSH logging options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

name

SSH filter profile name.

string

Maximum length: 35

config shell-commands

Parameter

Description

Type

Size

Default

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

type

Matching type.

option

-

simple

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Maximum length: 128

action

Action to take for SSH shell command matches.

option

-

block

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

disable

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

medium

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.

config ssh-filter profile

SSH filter profile.

config ssh-filter profile
    Description: SSH filter profile.
    edit <name>
        set block {option1}, {option2}, ...
        set default-command-log [enable|disable]
        set log {option1}, {option2}, ...
        config shell-commands
            Description: SSH command filter.
            edit <id>
                set type [simple|regex]
                set pattern {string}
                set action [block|allow]
                set log [enable|disable]
                set alert [enable|disable]
                set severity [low|medium|...]
            next
        end
    next
end

config ssh-filter profile

Parameter

Description

Type

Size

Default

block

SSH blocking options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

default-command-log

Enable/disable logging unmatched shell commands.

option

-

disable

Option

Description

enable

Enable log unmatched shell commands.

disable

Disable log unmatched shell commands.

log

SSH logging options.

option

-

Option

Description

x11

X server forwarding.

shell

SSH shell.

exec

SSH execution.

port-forward

Port forwarding.

tun-forward

Tunnel forwarding.

sftp

SFTP.

scp

SCP.

unknown

Unknown channel.

name

SSH filter profile name.

string

Maximum length: 35

config shell-commands

Parameter

Description

Type

Size

Default

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

type

Matching type.

option

-

simple

Option

Description

simple

Match single command.

regex

Match command line using regular expression.

pattern

SSH shell command pattern.

string

Maximum length: 128

action

Action to take for SSH shell command matches.

option

-

block

Option

Description

block

Block the SSH shell command.

allow

Allow the SSH shell command.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable logging.

disable

Disable logging.

alert

Enable/disable alert.

option

-

disable

Option

Description

enable

Enable alert.

disable

Disable alert.

severity

Log severity.

option

-

medium

Option

Description

low

Severity low.

medium

Severity medium.

high

Severity high.

critical

Severity critical.