Fortinet black logo

CLI Reference

config system fortiguard

config system fortiguard

Configure FortiGuard services.

config system fortiguard

Description: Configure FortiGuard services.

set fortiguard-anycast [enable|disable]

set fortiguard-anycast-source [fortinet|aws|...]

set protocol [udp|http|...]

set port [8888|53|...]

set load-balance-servers {integer}

set update-server-location [usa|any]

set sandbox-region {string}

set antispam-force-off [enable|disable]

set antispam-cache [enable|disable]

set antispam-cache-ttl {integer}

set antispam-cache-mpercent {integer}

set antispam-license {integer}

set antispam-expiration {integer}

set antispam-timeout {integer}

set outbreak-prevention-force-off [enable|disable]

set outbreak-prevention-cache [enable|disable]

set outbreak-prevention-cache-ttl {integer}

set outbreak-prevention-cache-mpercent {integer}

set outbreak-prevention-license {integer}

set outbreak-prevention-expiration {integer}

set outbreak-prevention-timeout {integer}

set webfilter-force-off [enable|disable]

set webfilter-cache [enable|disable]

set webfilter-cache-ttl {integer}

set webfilter-license {integer}

set webfilter-expiration {integer}

set webfilter-timeout {integer}

set sdns-server-ip {user}

set sdns-server-port {integer}

set anycast-sdns-server-ip {ipv4-address}

set anycast-sdns-server-port {integer}

set sdns-options {option1}, {option2}, ...

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set proxy-server-ip {ipv4-address}

set proxy-server-port {integer}

set proxy-username {string}

set proxy-password {password}

set ddns-server-ip {ipv4-address}

set ddns-server-port {integer}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system fortiguard

Parameter name

Description

Type

Size

fortiguard-anycast

Enable/disable use of FortiGuard's anycast network.

option

-

Option

Description

enable

Enable use of FortiGuard's anycast network.

disable

Disable use of FortiGuard's anycast network.

fortiguard-anycast-source

Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet.

option

-

Option

Description

fortinet

Use Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network.

aws

Use Fortinet's AWS servers to provide FortiGuard services in FortiGuard's anycast network.

debug

Use Fortinet's internal test servers to provide FortiGuard services in FortiGuard's anycast network.

protocol

Protocol used to communicate with the FortiGuard servers.

option

-

Option

Description

udp

UDP for server communication (for use by FortiGuard or FortiManager).

http

HTTP for server communication (for use only by FortiManager).

https

HTTPS for server communication (for use by FortiGuard or FortiManager).

port

Port used to communicate with the FortiGuard servers.

option

-

Option

Description

8888

port 8888 for server communication.

53

port 53 for server communication.

80

port 80 for server communication.

443

port 443 for server communication.

load-balance-servers

Number of servers to alternate between as first FortiGuard option.

integer

Minimum value: 1 Maximum value: 266

update-server-location

Signature update server location.

option

-

Option

Description

usa

FGD servers in United States.

any

FGD servers in any location.

sandbox-region

Cloud sandbox region.

string

Maximum length: 63

antispam-force-off

Enable/disable turning off the FortiGuard antispam service.

option

-

Option

Description

enable

Turn off the FortiGuard antispam service.

disable

Allow the FortiGuard antispam service.

antispam-cache

Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance.

option

-

Option

Description

enable

Enable FortiGuard antispam request caching.

disable

Disable FortiGuard antispam request caching.

antispam-cache-ttl

Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries.

integer

Minimum value: 300 Maximum value: 86400

antispam-cache-mpercent

Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%).

integer

Minimum value: 1 Maximum value: 15

antispam-license

Interval of time between license checks for the FortiGuard antispam contract.

integer

Minimum value: 0 Maximum value: 4294967295

antispam-expiration

Expiration date of the FortiGuard antispam contract.

integer

Minimum value: 0 Maximum value: 4294967295

antispam-timeout

Antispam query time out (1 - 30 sec, default = 7).

integer

Minimum value: 1 Maximum value: 30

outbreak-prevention-force-off

Turn off FortiGuard Virus Outbreak Prevention service.

option

-

Option

Description

enable

Turn off FortiGuard antivirus service.

disable

Allow the FortiGuard antivirus service.

outbreak-prevention-cache

Enable/disable FortiGuard Virus Outbreak Prevention cache.

option

-

Option

Description

enable

Enable FortiGuard antivirus caching.

disable

Disable FortiGuard antivirus caching.

outbreak-prevention-cache-ttl

Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec, default = 300).

integer

Minimum value: 300 Maximum value: 86400

outbreak-prevention-cache-mpercent

Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%, default = 2).

integer

Minimum value: 1 Maximum value: 15

outbreak-prevention-license

Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract.

integer

Minimum value: 0 Maximum value: 4294967295

outbreak-prevention-expiration

Expiration date of FortiGuard Virus Outbreak Prevention contract.

integer

Minimum value: 0 Maximum value: 4294967295

outbreak-prevention-timeout

FortiGuard Virus Outbreak Prevention time out (1 - 30 sec, default = 7).

integer

Minimum value: 1 Maximum value: 30

webfilter-force-off

Enable/disable turning off the FortiGuard web filtering service.

option

-

Option

Description

enable

Turn off the FortiGuard web filtering service.

disable

Allow the FortiGuard web filtering service to operate.

webfilter-cache

Enable/disable FortiGuard web filter caching.

option

-

Option

Description

enable

Enable FortiGuard web filter caching.

disable

Disable FortiGuard web filter caching.

webfilter-cache-ttl

Time-to-live for web filter cache entries in seconds (300 - 86400).

integer

Minimum value: 300 Maximum value: 86400

webfilter-license

Interval of time between license checks for the FortiGuard web filter contract.

integer

Minimum value: 0 Maximum value: 4294967295

webfilter-expiration

Expiration date of the FortiGuard web filter contract.

integer

Minimum value: 0 Maximum value: 4294967295

webfilter-timeout

Web filter query time out (1 - 30 sec, default = 7).

integer

Minimum value: 1 Maximum value: 30

sdns-server-ip

IP address of the FortiGuard DNS rating server.

user

Not Specified

sdns-server-port

Port to connect to on the FortiGuard DNS rating server.

integer

Minimum value: 1 Maximum value: 65535

anycast-sdns-server-ip

IP address of the FortiGuard anycast DNS rating server.

ipv4-address

Not Specified

anycast-sdns-server-port

Port to connect to on the FortiGuard anycast DNS rating server.

integer

Minimum value: 1 Maximum value: 65535

sdns-options

Customization options for the FortiGuard DNS service.

option

-

Option

Description

include-question-section

Include DNS question section in the FortiGuard DNS setup message.

source-ip

Source IPv4 address used to communicate with FortiGuard.

ipv4-address

Not Specified

source-ip6

Source IPv6 address used to communicate with FortiGuard.

ipv6-address

Not Specified

proxy-server-ip

IP address of the proxy server.

ipv4-address

Not Specified

proxy-server-port

Port used to communicate with the proxy server.

integer

Minimum value: 0 Maximum value: 65535

proxy-username

Proxy user name.

string

Maximum length: 64

proxy-password

Proxy user password.

password

Not Specified

ddns-server-ip

IP address of the FortiDDNS server.

ipv4-address

Not Specified

ddns-server-port

Port used to communicate with FortiDDNS servers.

integer

Minimum value: 1 Maximum value: 65535

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config system fortiguard

Configure FortiGuard services.

config system fortiguard

Description: Configure FortiGuard services.

set fortiguard-anycast [enable|disable]

set fortiguard-anycast-source [fortinet|aws|...]

set protocol [udp|http|...]

set port [8888|53|...]

set load-balance-servers {integer}

set update-server-location [usa|any]

set sandbox-region {string}

set antispam-force-off [enable|disable]

set antispam-cache [enable|disable]

set antispam-cache-ttl {integer}

set antispam-cache-mpercent {integer}

set antispam-license {integer}

set antispam-expiration {integer}

set antispam-timeout {integer}

set outbreak-prevention-force-off [enable|disable]

set outbreak-prevention-cache [enable|disable]

set outbreak-prevention-cache-ttl {integer}

set outbreak-prevention-cache-mpercent {integer}

set outbreak-prevention-license {integer}

set outbreak-prevention-expiration {integer}

set outbreak-prevention-timeout {integer}

set webfilter-force-off [enable|disable]

set webfilter-cache [enable|disable]

set webfilter-cache-ttl {integer}

set webfilter-license {integer}

set webfilter-expiration {integer}

set webfilter-timeout {integer}

set sdns-server-ip {user}

set sdns-server-port {integer}

set anycast-sdns-server-ip {ipv4-address}

set anycast-sdns-server-port {integer}

set sdns-options {option1}, {option2}, ...

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set proxy-server-ip {ipv4-address}

set proxy-server-port {integer}

set proxy-username {string}

set proxy-password {password}

set ddns-server-ip {ipv4-address}

set ddns-server-port {integer}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system fortiguard

Parameter name

Description

Type

Size

fortiguard-anycast

Enable/disable use of FortiGuard's anycast network.

option

-

Option

Description

enable

Enable use of FortiGuard's anycast network.

disable

Disable use of FortiGuard's anycast network.

fortiguard-anycast-source

Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet.

option

-

Option

Description

fortinet

Use Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network.

aws

Use Fortinet's AWS servers to provide FortiGuard services in FortiGuard's anycast network.

debug

Use Fortinet's internal test servers to provide FortiGuard services in FortiGuard's anycast network.

protocol

Protocol used to communicate with the FortiGuard servers.

option

-

Option

Description

udp

UDP for server communication (for use by FortiGuard or FortiManager).

http

HTTP for server communication (for use only by FortiManager).

https

HTTPS for server communication (for use by FortiGuard or FortiManager).

port

Port used to communicate with the FortiGuard servers.

option

-

Option

Description

8888

port 8888 for server communication.

53

port 53 for server communication.

80

port 80 for server communication.

443

port 443 for server communication.

load-balance-servers

Number of servers to alternate between as first FortiGuard option.

integer

Minimum value: 1 Maximum value: 266

update-server-location

Signature update server location.

option

-

Option

Description

usa

FGD servers in United States.

any

FGD servers in any location.

sandbox-region

Cloud sandbox region.

string

Maximum length: 63

antispam-force-off

Enable/disable turning off the FortiGuard antispam service.

option

-

Option

Description

enable

Turn off the FortiGuard antispam service.

disable

Allow the FortiGuard antispam service.

antispam-cache

Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance.

option

-

Option

Description

enable

Enable FortiGuard antispam request caching.

disable

Disable FortiGuard antispam request caching.

antispam-cache-ttl

Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries.

integer

Minimum value: 300 Maximum value: 86400

antispam-cache-mpercent

Maximum percent of FortiGate memory the antispam cache is allowed to use (1 - 15%).

integer

Minimum value: 1 Maximum value: 15

antispam-license

Interval of time between license checks for the FortiGuard antispam contract.

integer

Minimum value: 0 Maximum value: 4294967295

antispam-expiration

Expiration date of the FortiGuard antispam contract.

integer

Minimum value: 0 Maximum value: 4294967295

antispam-timeout

Antispam query time out (1 - 30 sec, default = 7).

integer

Minimum value: 1 Maximum value: 30

outbreak-prevention-force-off

Turn off FortiGuard Virus Outbreak Prevention service.

option

-

Option

Description

enable

Turn off FortiGuard antivirus service.

disable

Allow the FortiGuard antivirus service.

outbreak-prevention-cache

Enable/disable FortiGuard Virus Outbreak Prevention cache.

option

-

Option

Description

enable

Enable FortiGuard antivirus caching.

disable

Disable FortiGuard antivirus caching.

outbreak-prevention-cache-ttl

Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec, default = 300).

integer

Minimum value: 300 Maximum value: 86400

outbreak-prevention-cache-mpercent

Maximum percent of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 15%, default = 2).

integer

Minimum value: 1 Maximum value: 15

outbreak-prevention-license

Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract.

integer

Minimum value: 0 Maximum value: 4294967295

outbreak-prevention-expiration

Expiration date of FortiGuard Virus Outbreak Prevention contract.

integer

Minimum value: 0 Maximum value: 4294967295

outbreak-prevention-timeout

FortiGuard Virus Outbreak Prevention time out (1 - 30 sec, default = 7).

integer

Minimum value: 1 Maximum value: 30

webfilter-force-off

Enable/disable turning off the FortiGuard web filtering service.

option

-

Option

Description

enable

Turn off the FortiGuard web filtering service.

disable

Allow the FortiGuard web filtering service to operate.

webfilter-cache

Enable/disable FortiGuard web filter caching.

option

-

Option

Description

enable

Enable FortiGuard web filter caching.

disable

Disable FortiGuard web filter caching.

webfilter-cache-ttl

Time-to-live for web filter cache entries in seconds (300 - 86400).

integer

Minimum value: 300 Maximum value: 86400

webfilter-license

Interval of time between license checks for the FortiGuard web filter contract.

integer

Minimum value: 0 Maximum value: 4294967295

webfilter-expiration

Expiration date of the FortiGuard web filter contract.

integer

Minimum value: 0 Maximum value: 4294967295

webfilter-timeout

Web filter query time out (1 - 30 sec, default = 7).

integer

Minimum value: 1 Maximum value: 30

sdns-server-ip

IP address of the FortiGuard DNS rating server.

user

Not Specified

sdns-server-port

Port to connect to on the FortiGuard DNS rating server.

integer

Minimum value: 1 Maximum value: 65535

anycast-sdns-server-ip

IP address of the FortiGuard anycast DNS rating server.

ipv4-address

Not Specified

anycast-sdns-server-port

Port to connect to on the FortiGuard anycast DNS rating server.

integer

Minimum value: 1 Maximum value: 65535

sdns-options

Customization options for the FortiGuard DNS service.

option

-

Option

Description

include-question-section

Include DNS question section in the FortiGuard DNS setup message.

source-ip

Source IPv4 address used to communicate with FortiGuard.

ipv4-address

Not Specified

source-ip6

Source IPv6 address used to communicate with FortiGuard.

ipv6-address

Not Specified

proxy-server-ip

IP address of the proxy server.

ipv4-address

Not Specified

proxy-server-port

Port used to communicate with the proxy server.

integer

Minimum value: 0 Maximum value: 65535

proxy-username

Proxy user name.

string

Maximum length: 64

proxy-password

Proxy user password.

password

Not Specified

ddns-server-ip

IP address of the FortiDDNS server.

ipv4-address

Not Specified

ddns-server-port

Port used to communicate with FortiDDNS servers.

integer

Minimum value: 1 Maximum value: 65535

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15