Text strings

Text strings are used to name entities in the FortiGate configuration. For example, the name of a firewall address, administrator, or interface are all text strings.

The following characters cannot be used in text strings, as they present cross-site scripting (XSS) vulnerabilities:

  • - double quotes
  • ' - single quote
  • > - greater than
  • < - less than

Most GUI text fields prevent XSS vulnerable characters from being added.


VDOM names and hostnames can only use numbers (0-9), letters (a-z and A-Z), dashes, and underscores.

The tree CLI command can be used to view the number of characters allowed in a name field. For example, entering the following commands show that a firewall address name can contain up to 80 characters, while its FQDN can contain 256 characters:

config fire address
(address) # tree
    -- [address] --*name    (80)
             |- uuid 
             |- subnet 
             |- type 
             |- start-mac