Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.3
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    firewall sniffer

    Configure sniffer.

      config firewall sniffer
      Description: Configure sniffer.
      edit <id>
          set status [enable|disable]
          set logtraffic [all|utm|...]
          set ipv6 [enable|disable]
          set non-ip [enable|disable]
          set interface {string}
          set host {string}
          set port {string}
          set protocol {string}
          set vlan {string}
          set application-list-status [enable|disable]
          set application-list {string}
          set ips-sensor-status [enable|disable]
          set ips-sensor {string}
          set dsri [enable|disable]
          set av-profile-status [enable|disable]
          set av-profile {string}
          set webfilter-profile-status [enable|disable]
          set webfilter-profile {string}
          set emailfilter-profile-status [enable|disable]
          set emailfilter-profile {string}
          set dlp-sensor-status [enable|disable]
          set dlp-sensor {string}
          set ips-dos-status [enable|disable]
          config anomaly
              Description: Configuration method to edit Denial of Service (DoS) anomaly settings.
              edit <name>
                  set status [disable|enable]
                  set log [enable|disable]
                  set action [pass|block|...]
                  set quarantine [none|attacker]
                  set quarantine-expiry {user}
                  set quarantine-log [disable|enable]
                  set threshold {integer}
                  set threshold(default) {integer}
              next
          end
          set max-packet-count {integer}
      next
  end

    config firewall sniffer

    Parameter Name Description Type Size
    status Enable/disable the active status of the sniffer.
    enable: Enable sniffer status.
    disable: Disable sniffer status.
    		 option -
    logtraffic Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.
    all: Log all sessions accepted or denied by this policy.
    utm: Log traffic that has a security profile applied to it.
    disable: Disable all logging for this policy.
    		 option -
    ipv6 Enable/disable sniffing IPv6 packets.
    enable: Enable sniffer for IPv6 packets.
    disable: Disable sniffer for IPv6 packets.
    		 option -
    non-ip Enable/disable sniffing non-IP packets.
    enable: Enable sniffer for non-IP packets.
    disable: Disable sniffer for non-IP packets.
    		 option -
    interface Interface name that traffic sniffing will take place on. string Maximum length: 35
    host Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). string Maximum length: 63
    port Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). string Maximum length: 63
    protocol Integer value for the protocol type as defined by IANA (0 - 255). string Maximum length: 63
    vlan List of VLANs to sniff. string Maximum length: 63
    application-list-status Enable/disable application control profile.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    application-list Name of an existing application list. string Maximum length: 35
    ips-sensor-status Enable/disable IPS sensor.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    ips-sensor Name of an existing IPS sensor. string Maximum length: 35
    dsri Enable/disable DSRI.
    enable: Enable DSRI.
    disable: Disable DSRI.
    		 option -
    av-profile-status Enable/disable antivirus profile.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    av-profile Name of an existing antivirus profile. string Maximum length: 35
    webfilter-profile-status Enable/disable web filter profile.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    webfilter-profile Name of an existing web filter profile. string Maximum length: 35
    emailfilter-profile-status Enable/disable emailfilter.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    emailfilter-profile Name of an existing email filter profile. string Maximum length: 35
    dlp-sensor-status Enable/disable DLP sensor.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    dlp-sensor Name of an existing DLP sensor. string Maximum length: 35
    ips-dos-status Enable/disable IPS DoS anomaly detection.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    max-packet-count Maximum packet count (1 - 1000000, default = 4000). integer Minimum value: 1 Maximum value: 1000000

    config anomaly

    Parameter Name Description Type Size
    status Enable/disable this anomaly.
    disable: Disable this status.
    enable: Enable this status.
    		 option -
    log Enable/disable anomaly logging.
    enable: Enable anomaly logging.
    disable: Disable anomaly logging.
    		 option -
    action Action taken when the threshold is reached.
    pass: Allow traffic but record a log message if logging is enabled.
    block: Block traffic if this anomaly is found.
    proxy: Use a proxy to control the traffic flow.
    		 option -
    quarantine Quarantine method.
    none: Quarantine is disabled.
    attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
    		 option -
    quarantine-expiry Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. user Not Specified
    quarantine-log Enable/disable quarantine logging.
    disable: Disable quarantine logging.
    enable: Enable quarantine logging.
    		 option -
    threshold Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. integer Minimum value: 1 Maximum value: 2147483647
    threshold(default) Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it. integer Minimum value: 0 Maximum value: 4294967295
    Previous
    Next

    firewall sniffer

    Configure sniffer.

      config firewall sniffer
      Description: Configure sniffer.
      edit <id>
          set status [enable|disable]
          set logtraffic [all|utm|...]
          set ipv6 [enable|disable]
          set non-ip [enable|disable]
          set interface {string}
          set host {string}
          set port {string}
          set protocol {string}
          set vlan {string}
          set application-list-status [enable|disable]
          set application-list {string}
          set ips-sensor-status [enable|disable]
          set ips-sensor {string}
          set dsri [enable|disable]
          set av-profile-status [enable|disable]
          set av-profile {string}
          set webfilter-profile-status [enable|disable]
          set webfilter-profile {string}
          set emailfilter-profile-status [enable|disable]
          set emailfilter-profile {string}
          set dlp-sensor-status [enable|disable]
          set dlp-sensor {string}
          set ips-dos-status [enable|disable]
          config anomaly
              Description: Configuration method to edit Denial of Service (DoS) anomaly settings.
              edit <name>
                  set status [disable|enable]
                  set log [enable|disable]
                  set action [pass|block|...]
                  set quarantine [none|attacker]
                  set quarantine-expiry {user}
                  set quarantine-log [disable|enable]
                  set threshold {integer}
                  set threshold(default) {integer}
              next
          end
          set max-packet-count {integer}
      next
  end

    config firewall sniffer

    Parameter Name Description Type Size
    status Enable/disable the active status of the sniffer.
    enable: Enable sniffer status.
    disable: Disable sniffer status.
    		 option -
    logtraffic Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.
    all: Log all sessions accepted or denied by this policy.
    utm: Log traffic that has a security profile applied to it.
    disable: Disable all logging for this policy.
    		 option -
    ipv6 Enable/disable sniffing IPv6 packets.
    enable: Enable sniffer for IPv6 packets.
    disable: Disable sniffer for IPv6 packets.
    		 option -
    non-ip Enable/disable sniffing non-IP packets.
    enable: Enable sniffer for non-IP packets.
    disable: Disable sniffer for non-IP packets.
    		 option -
    interface Interface name that traffic sniffing will take place on. string Maximum length: 35
    host Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). string Maximum length: 63
    port Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). string Maximum length: 63
    protocol Integer value for the protocol type as defined by IANA (0 - 255). string Maximum length: 63
    vlan List of VLANs to sniff. string Maximum length: 63
    application-list-status Enable/disable application control profile.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    application-list Name of an existing application list. string Maximum length: 35
    ips-sensor-status Enable/disable IPS sensor.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    ips-sensor Name of an existing IPS sensor. string Maximum length: 35
    dsri Enable/disable DSRI.
    enable: Enable DSRI.
    disable: Disable DSRI.
    		 option -
    av-profile-status Enable/disable antivirus profile.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    av-profile Name of an existing antivirus profile. string Maximum length: 35
    webfilter-profile-status Enable/disable web filter profile.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    webfilter-profile Name of an existing web filter profile. string Maximum length: 35
    emailfilter-profile-status Enable/disable emailfilter.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    emailfilter-profile Name of an existing email filter profile. string Maximum length: 35
    dlp-sensor-status Enable/disable DLP sensor.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    dlp-sensor Name of an existing DLP sensor. string Maximum length: 35
    ips-dos-status Enable/disable IPS DoS anomaly detection.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    max-packet-count Maximum packet count (1 - 1000000, default = 4000). integer Minimum value: 1 Maximum value: 1000000

    config anomaly

    Parameter Name Description Type Size
    status Enable/disable this anomaly.
    disable: Disable this status.
    enable: Enable this status.
    		 option -
    log Enable/disable anomaly logging.
    enable: Enable anomaly logging.
    disable: Disable anomaly logging.
    		 option -
    action Action taken when the threshold is reached.
    pass: Allow traffic but record a log message if logging is enabled.
    block: Block traffic if this anomaly is found.
    proxy: Use a proxy to control the traffic flow.
    		 option -
    quarantine Quarantine method.
    none: Quarantine is disabled.
    attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
    		 option -
    quarantine-expiry Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. user Not Specified
    quarantine-log Enable/disable quarantine logging.
    disable: Disable quarantine logging.
    enable: Enable quarantine logging.
    		 option -
    threshold Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. integer Minimum value: 1 Maximum value: 2147483647
    threshold(default) Number of detected instances per minute which triggers action (1 - 2147483647, default = 1000). Note that each anomaly has a different threshold value assigned to it. integer Minimum value: 0 Maximum value: 4294967295
    Previous
    Next