Fortinet black logo

CLI Reference

config file-filter profile

config file-filter profile

Configure file-filter profiles.

config file-filter profile

Description: Configure file-filter profiles.

edit <name>

set comment {var-string}

set feature-set [flow|proxy]

set replacemsg-group {string}

set log [disable|enable]

set extended-log [disable|enable]

set scan-archive-contents [disable|enable]

config rules

Description: File filter rules.

edit <name>

set comment {var-string}

set protocol {option1}, {option2}, ...

set action [log-only|block]

set direction [incoming|outgoing|...]

set password-protected [yes|any]

set file-type <name1>, <name2>, ...

next

end

next

end

config file-filter profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

feature-set

Flow/proxy feature set.

option

-

flow

Option

Description

flow

Flow feature set.

proxy

Proxy feature set.

replacemsg-group

Replacement message group

string

Maximum length: 35

log

Enable/disable file-filter logging.

option

-

enable

Option

Description

disable

Disable logging.

enable

Enable logging.

extended-log

Enable/disable file-filter extended logging.

option

-

disable

Option

Description

disable

Disable extended logging.

enable

Enable extended logging.

scan-archive-contents

Enable/disable archive contents scan.

option

-

enable

Option

Description

disable

Disable scanning archive contents.

enable

Enable scanning archive contents.

config rules

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

protocol

Protocols to apply rule to.

option

-

http ftp smtp imap pop3 mapi cifs ssh

Option

Description

http

Filter on HTTP.

ftp

Filter on FTP.

smtp

Filter on SMTP.

imap

Filter on IMAP.

pop3

Filter on POP3.

mapi

Filter on MAPI. (Proxy mode only.)

cifs

Filter on CIFS.

ssh

Filter on SFTP and SCP. (Proxy mode only.)

action

Action taken for matched file.

option

-

log-only

Option

Description

log-only

Allow the content and write a log message.

block

Block the content and write a log message.

direction

Traffic direction. (HTTP, FTP, SSH, CIFS only)

option

-

any

Option

Description

incoming

Match files transmitted in the session's reply direction.

outgoing

Match files transmitted in the session's originating direction.

any

Match files transmitted in the session's originating and reply directions.

password-protected

Match password-protected files.

option

-

any

Option

Description

yes

Match only password-protected files.

any

Match any file.

file-type <name>

Select file type.

File type name.

string

Maximum length: 39

config file-filter profile

Configure file-filter profiles.

config file-filter profile

Description: Configure file-filter profiles.

edit <name>

set comment {var-string}

set feature-set [flow|proxy]

set replacemsg-group {string}

set log [disable|enable]

set extended-log [disable|enable]

set scan-archive-contents [disable|enable]

config rules

Description: File filter rules.

edit <name>

set comment {var-string}

set protocol {option1}, {option2}, ...

set action [log-only|block]

set direction [incoming|outgoing|...]

set password-protected [yes|any]

set file-type <name1>, <name2>, ...

next

end

next

end

config file-filter profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

feature-set

Flow/proxy feature set.

option

-

flow

Option

Description

flow

Flow feature set.

proxy

Proxy feature set.

replacemsg-group

Replacement message group

string

Maximum length: 35

log

Enable/disable file-filter logging.

option

-

enable

Option

Description

disable

Disable logging.

enable

Enable logging.

extended-log

Enable/disable file-filter extended logging.

option

-

disable

Option

Description

disable

Disable extended logging.

enable

Enable extended logging.

scan-archive-contents

Enable/disable archive contents scan.

option

-

enable

Option

Description

disable

Disable scanning archive contents.

enable

Enable scanning archive contents.

config rules

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

protocol

Protocols to apply rule to.

option

-

http ftp smtp imap pop3 mapi cifs ssh

Option

Description

http

Filter on HTTP.

ftp

Filter on FTP.

smtp

Filter on SMTP.

imap

Filter on IMAP.

pop3

Filter on POP3.

mapi

Filter on MAPI. (Proxy mode only.)

cifs

Filter on CIFS.

ssh

Filter on SFTP and SCP. (Proxy mode only.)

action

Action taken for matched file.

option

-

log-only

Option

Description

log-only

Allow the content and write a log message.

block

Block the content and write a log message.

direction

Traffic direction. (HTTP, FTP, SSH, CIFS only)

option

-

any

Option

Description

incoming

Match files transmitted in the session's reply direction.

outgoing

Match files transmitted in the session's originating direction.

any

Match files transmitted in the session's originating and reply directions.

password-protected

Match password-protected files.

option

-

any

Option

Description

yes

Match only password-protected files.

any

Match any file.

file-type <name>

Select file type.

File type name.

string

Maximum length: 39