Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config firewall service custom

Configure custom services.

config firewall service custom

Description: Configure custom services.

edit <name>

set proxy [enable|disable]

set category {string}

set protocol [TCP/UDP/SCTP|ICMP|...]

set helper [auto|disable|...]

set iprange {user}

set fqdn {string}

set protocol-number {integer}

set icmptype {integer}

set icmpcode {integer}

set tcp-portrange {user}

set udp-portrange {user}

set sctp-portrange {user}

set tcp-halfclose-timer {integer}

set tcp-halfopen-timer {integer}

set tcp-timewait-timer {integer}

set tcp-rst-timer {integer}

set udp-idle-timer {integer}

set session-ttl {user}

set check-reset-range [disable|strict|...]

set comment {var-string}

set color {integer}

set visibility [enable|disable]

set app-service-type [disable|app-id|...]

set app-category <id1>, <id2>, ...

set application <id1>, <id2>, ...

set fabric-object [enable|disable]

next

end

config firewall service custom

Parameter

Description

Type

Size

Default

proxy

Enable/disable web proxy service.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

category

Service category.

string

Maximum length: 63

protocol

Protocol type based on IANA numbers.

option

-

TCP/UDP/SCTP

 

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

helper

Helper name.

option

-

auto

 

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

iprange

Start and end of the IP range associated with service.

user

Not Specified

fqdn

Fully qualified domain name.

string

Maximum length: 255

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

0

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

udp-portrange

Multiple UDP port ranges.

user

Not Specified

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet .

integer

Minimum value: 0 Maximum value: 86400

0

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet .

integer

Minimum value: 0 Maximum value: 86400

0

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds .

integer

Minimum value: 0 Maximum value: 300

0

tcp-rst-timer

Set the length of the TCP CLOSE state in seconds .

integer

Minimum value: 5 Maximum value: 300

0

udp-idle-timer

UDP half close timeout .

integer

Minimum value: 0 Maximum value: 86400

0

session-ttl

Session TTL .

user

Not Specified

check-reset-range

Configure the type of ICMP error message verification.

option

-

default

 

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

comment

Comment.

var-string

Maximum length: 255

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

visibility

Enable/disable the visibility of the service on the GUI.

option

-

enable

 

Option

Description

enable

Show in service selection.

disable

Hide from service selection.

app-service-type

Application service type.

option

-

disable

 

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

0

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

0

fabric-object

Security Fabric global object setting.

option

-

disable

 

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

config firewall service custom

Configure custom services.

config firewall service custom

Description: Configure custom services.

edit <name>

set proxy [enable|disable]

set category {string}

set protocol [TCP/UDP/SCTP|ICMP|...]

set helper [auto|disable|...]

set iprange {user}

set fqdn {string}

set protocol-number {integer}

set icmptype {integer}

set icmpcode {integer}

set tcp-portrange {user}

set udp-portrange {user}

set sctp-portrange {user}

set tcp-halfclose-timer {integer}

set tcp-halfopen-timer {integer}

set tcp-timewait-timer {integer}

set tcp-rst-timer {integer}

set udp-idle-timer {integer}

set session-ttl {user}

set check-reset-range [disable|strict|...]

set comment {var-string}

set color {integer}

set visibility [enable|disable]

set app-service-type [disable|app-id|...]

set app-category <id1>, <id2>, ...

set application <id1>, <id2>, ...

set fabric-object [enable|disable]

next

end

config firewall service custom

Parameter

Description

Type

Size

Default

proxy

Enable/disable web proxy service.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

category

Service category.

string

Maximum length: 63

protocol

Protocol type based on IANA numbers.

option

-

TCP/UDP/SCTP

 

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

helper

Helper name.

option

-

auto

 

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

iprange

Start and end of the IP range associated with service.

user

Not Specified

fqdn

Fully qualified domain name.

string

Maximum length: 255

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

0

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

udp-portrange

Multiple UDP port ranges.

user

Not Specified

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet .

integer

Minimum value: 0 Maximum value: 86400

0

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet .

integer

Minimum value: 0 Maximum value: 86400

0

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds .

integer

Minimum value: 0 Maximum value: 300

0

tcp-rst-timer

Set the length of the TCP CLOSE state in seconds .

integer

Minimum value: 5 Maximum value: 300

0

udp-idle-timer

UDP half close timeout .

integer

Minimum value: 0 Maximum value: 86400

0

session-ttl

Session TTL .

user

Not Specified

check-reset-range

Configure the type of ICMP error message verification.

option

-

default

 

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

comment

Comment.

var-string

Maximum length: 255

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

visibility

Enable/disable the visibility of the service on the GUI.

option

-

enable

 

Option

Description

enable

Show in service selection.

disable

Hide from service selection.

app-service-type

Application service type.

option

-

disable

 

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

0

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

0

fabric-object

Security Fabric global object setting.

option

-

disable

 

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.