Text strings
Text strings are used to name entities in the FortiGate configuration. For example, the name of a firewall address, administrator, or interface are all text strings.
The following characters cannot be used in text strings, as they present cross-site scripting (XSS) vulnerabilities:
“
- double quotes'
- single quote>
- greater than<
- less than
Most GUI text fields prevent XSS vulnerable characters from being added.
![]() |
VDOM names and hostnames can only use numbers (0-9), letters (a-z and A-Z), dashes, and underscores. |
The tree
CLI command can be used to view the number of characters allowed in a name field. For example, entering the following commands show that a firewall address name can contain up to 80 characters, while its FQDN can contain 256 characters:
config fire address (address) # tree -- [address] --*name (80) |- uuid |- subnet |- type |- start-mac