Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

Configure file-filter profiles.

  config file-filter profile
      Description: Configure file-filter profiles.
      edit <name>
          set comment {var-string}
          set feature-set [flow|proxy]
          set replacemsg-group {string}
          set log [disable|enable]
          set extended-log [disable|enable]
          set scan-archive-contents [disable|enable]
          config rules
              Description: File filter rules.
              edit <name>
                  set comment {var-string}
                  set protocol {option1}, {option2}, ...
                  set action [log-only|block]
                  set direction [incoming|outgoing|...]
                  set password-protected [yes|any]
                  set file-type <name1>, <name2>, ...
              next
          end
      next
  end

config file-filter profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
feature-set Flow/proxy feature set.
flow: Flow feature set.
proxy: Proxy feature set.
option -
replacemsg-group Replacement message group string Maximum length: 35
log Enable/disable file-filter logging.
disable: Disable logging.
enable: Enable logging.
option -
extended-log Enable/disable file-filter extended logging.
disable: Disable extended logging.
enable: Enable extended logging.
option -
scan-archive-contents Enable/disable archive contents scan. (Not for CIFS)
disable: Disable scanning archive contents.
enable: Enable scanning archive contents.
option -

config rules

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
protocol Protocols to apply rule to.
http: Filter on HTTP.
ftp: Filter on FTP.
smtp: Filter on SMTP.
imap: Filter on IMAP.
pop3: Filter on POP3.
mapi: Filter on MAPI. (Proxy mode only.)
cifs: Filter on CIFS.
ssh: Filter on SFTP and SCP. (Proxy mode only.)
option -
action Action taken for matched file.
log-only: Allow the content and write a log message.
block: Block the content and write a log message.
option -
direction Traffic direction. (HTTP, FTP, SSH, CIFS only)
incoming: Match files transmitted in the session's reply direction.
outgoing: Match files transmitted in the session's originating direction.
any: Match files transmitted in the session's originating and reply directions.
option -
password-protected Match password-protected files.
yes: Match only password-protected files.
any: Match any file.
option -
file-type <name> Select file type.
File type name.
string Maximum length: 39

Configure file-filter profiles.

  config file-filter profile
      Description: Configure file-filter profiles.
      edit <name>
          set comment {var-string}
          set feature-set [flow|proxy]
          set replacemsg-group {string}
          set log [disable|enable]
          set extended-log [disable|enable]
          set scan-archive-contents [disable|enable]
          config rules
              Description: File filter rules.
              edit <name>
                  set comment {var-string}
                  set protocol {option1}, {option2}, ...
                  set action [log-only|block]
                  set direction [incoming|outgoing|...]
                  set password-protected [yes|any]
                  set file-type <name1>, <name2>, ...
              next
          end
      next
  end

config file-filter profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
feature-set Flow/proxy feature set.
flow: Flow feature set.
proxy: Proxy feature set.
option -
replacemsg-group Replacement message group string Maximum length: 35
log Enable/disable file-filter logging.
disable: Disable logging.
enable: Enable logging.
option -
extended-log Enable/disable file-filter extended logging.
disable: Disable extended logging.
enable: Enable extended logging.
option -
scan-archive-contents Enable/disable archive contents scan. (Not for CIFS)
disable: Disable scanning archive contents.
enable: Enable scanning archive contents.
option -

config rules

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
protocol Protocols to apply rule to.
http: Filter on HTTP.
ftp: Filter on FTP.
smtp: Filter on SMTP.
imap: Filter on IMAP.
pop3: Filter on POP3.
mapi: Filter on MAPI. (Proxy mode only.)
cifs: Filter on CIFS.
ssh: Filter on SFTP and SCP. (Proxy mode only.)
option -
action Action taken for matched file.
log-only: Allow the content and write a log message.
block: Block the content and write a log message.
option -
direction Traffic direction. (HTTP, FTP, SSH, CIFS only)
incoming: Match files transmitted in the session's reply direction.
outgoing: Match files transmitted in the session's originating direction.
any: Match files transmitted in the session's originating and reply directions.
option -
password-protected Match password-protected files.
yes: Match only password-protected files.
any: Match any file.
option -
file-type <name> Select file type.
File type name.
string Maximum length: 39