Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.0.6
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config ips global

    config ips global

    Configure IPS global parameter.

    config ips global

    Description: Configure IPS global parameter.

    set fail-open [enable|disable]

    set database [regular|extended]

    set traffic-submit [enable|disable]

    set anomaly-mode [periodical|continuous]

    set session-limit-mode [accurate|heuristic]

    set socket-size {integer}

    set engine-count {integer}

    set sync-session-ttl [enable|disable]

    set np-accel-mode [none|basic]

    set cp-accel-mode [none|basic|...]

    set deep-app-insp-timeout {integer}

    set deep-app-insp-db-limit {integer}

    set exclude-signatures [none|industrial]

    set packet-log-queue-depth {integer}

    set ngfw-max-scan-range {integer}

    config tls-active-probe

    Description: TLS active probe configuration.

    set interface-select-method [auto|sdwan|...]

    set interface {string}

    set vdom {string}

    set source-ip {ipv4-address}

    set source-ip6 {ipv6-address}

    end

    end

    config ips global

    Parameter

    Description

    Type

    Size

    Default

    fail-open

    Enable to allow traffic if the IPS buffer is full. Default is disable and IPS traffic is blocked when the IPS buffer is full.

    option

    -

    disable

    Option

    Description

    enable

    Enable IPS fail open.

    disable

    Disable IPS fail open.

    database

    Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks.

    option

    -

    regular **

    Option

    Description

    regular

    IPS regular database package.

    extended

    IPS extended database package.

    traffic-submit

    Enable/disable submitting attack data found by this FortiGate to FortiGuard.

    option

    -

    disable

    Option

    Description

    enable

    Enable traffic submit.

    disable

    Disable traffic submit.

    anomaly-mode

    Global blocking mode for rate-based anomalies.

    option

    -

    continuous

    Option

    Description

    periodical

    After an anomaly is detected, allow the number of packets per second according to the anomaly configuration.

    continuous

    Block packets once an anomaly is detected. Overrides individual anomaly settings.

    session-limit-mode

    Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics).

    option

    -

    heuristic

    Option

    Description

    accurate

    Accurately count concurrent sessions, demands more resources.

    heuristic

    Use heuristics to estimate the number of concurrent sessions. Acceptable in most cases.

    socket-size

    IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.

    integer

    Minimum value: 0 Maximum value: 128 **

    64 **

    engine-count

    Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.

    integer

    Minimum value: 0 Maximum value: 255

    0

    sync-session-ttl

    Enable/disable use of kernel session TTL for IPS sessions.

    option

    -

    enable

    Option

    Description

    enable

    Enable use of kernel session TTL for IPS sessions.

    disable

    Disable use of kernel session TTL for IPS sessions.

    np-accel-mode *

    Acceleration mode for IPS processing by NPx processors.

    option

    -

    basic

    Option

    Description

    none

    NPx acceleration disabled.

    basic

    NPx acceleration enabled.

    cp-accel-mode *

    IPS Pattern matching acceleration/offloading to CPx processors.

    option

    -

    advanced

    Option

    Description

    none

    CPx acceleration/offloading disabled.

    basic

    Offload basic pattern matching to CPx processors.

    advanced

    Offload more types of pattern matching resulting in higher throughput than basic mode. Requires two CP8s or one CP9.

    deep-app-insp-timeout

    Timeout for Deep application inspection .

    integer

    Minimum value: 0 Maximum value: 2147483647

    0

    deep-app-insp-db-limit

    Limit on number of entries in deep application inspection database .

    integer

    Minimum value: 0 Maximum value: 2147483647

    0

    exclude-signatures

    Excluded signatures.

    option

    -

    industrial

    Option

    Description

    none

    No signatures excluded.

    industrial

    Exclude industrial signatures.

    packet-log-queue-depth

    Packet/pcap log queue depth per IPS engine.

    integer

    Minimum value: 128 Maximum value: 4096

    128

    ngfw-max-scan-range

    NGFW policy-mode app detection threshold.

    integer

    Minimum value: 0 Maximum value: 4294967295

    4096

    * This parameter may not exist in some models.

    ** Values may differ between models.

    config tls-active-probe

    Parameter

    Description

    Type

    Size

    Default

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    vdom

    Virtual domain name for TLS active probe.

    string

    Maximum length: 31

    source-ip

    Source IP address used for TLS active probe.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ip6

    Source IPv6 address used for TLS active probe.

    ipv6-address

    Not Specified

    ::
    Previous
    Next

    config ips global

    config ips global

    Configure IPS global parameter.

    config ips global

    Description: Configure IPS global parameter.

    set fail-open [enable|disable]

    set database [regular|extended]

    set traffic-submit [enable|disable]

    set anomaly-mode [periodical|continuous]

    set session-limit-mode [accurate|heuristic]

    set socket-size {integer}

    set engine-count {integer}

    set sync-session-ttl [enable|disable]

    set np-accel-mode [none|basic]

    set cp-accel-mode [none|basic|...]

    set deep-app-insp-timeout {integer}

    set deep-app-insp-db-limit {integer}

    set exclude-signatures [none|industrial]

    set packet-log-queue-depth {integer}

    set ngfw-max-scan-range {integer}

    config tls-active-probe

    Description: TLS active probe configuration.

    set interface-select-method [auto|sdwan|...]

    set interface {string}

    set vdom {string}

    set source-ip {ipv4-address}

    set source-ip6 {ipv6-address}

    end

    end

    config ips global

    Parameter

    Description

    Type

    Size

    Default

    fail-open

    Enable to allow traffic if the IPS buffer is full. Default is disable and IPS traffic is blocked when the IPS buffer is full.

    option

    -

    disable

    Option

    Description

    enable

    Enable IPS fail open.

    disable

    Disable IPS fail open.

    database

    Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks.

    option

    -

    regular **

    Option

    Description

    regular

    IPS regular database package.

    extended

    IPS extended database package.

    traffic-submit

    Enable/disable submitting attack data found by this FortiGate to FortiGuard.

    option

    -

    disable

    Option

    Description

    enable

    Enable traffic submit.

    disable

    Disable traffic submit.

    anomaly-mode

    Global blocking mode for rate-based anomalies.

    option

    -

    continuous

    Option

    Description

    periodical

    After an anomaly is detected, allow the number of packets per second according to the anomaly configuration.

    continuous

    Block packets once an anomaly is detected. Overrides individual anomaly settings.

    session-limit-mode

    Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics).

    option

    -

    heuristic

    Option

    Description

    accurate

    Accurately count concurrent sessions, demands more resources.

    heuristic

    Use heuristics to estimate the number of concurrent sessions. Acceptable in most cases.

    socket-size

    IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.

    integer

    Minimum value: 0 Maximum value: 128 **

    64 **

    engine-count

    Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.

    integer

    Minimum value: 0 Maximum value: 255

    0

    sync-session-ttl

    Enable/disable use of kernel session TTL for IPS sessions.

    option

    -

    enable

    Option

    Description

    enable

    Enable use of kernel session TTL for IPS sessions.

    disable

    Disable use of kernel session TTL for IPS sessions.

    np-accel-mode *

    Acceleration mode for IPS processing by NPx processors.

    option

    -

    basic

    Option

    Description

    none

    NPx acceleration disabled.

    basic

    NPx acceleration enabled.

    cp-accel-mode *

    IPS Pattern matching acceleration/offloading to CPx processors.

    option

    -

    advanced

    Option

    Description

    none

    CPx acceleration/offloading disabled.

    basic

    Offload basic pattern matching to CPx processors.

    advanced

    Offload more types of pattern matching resulting in higher throughput than basic mode. Requires two CP8s or one CP9.

    deep-app-insp-timeout

    Timeout for Deep application inspection .

    integer

    Minimum value: 0 Maximum value: 2147483647

    0

    deep-app-insp-db-limit

    Limit on number of entries in deep application inspection database .

    integer

    Minimum value: 0 Maximum value: 2147483647

    0

    exclude-signatures

    Excluded signatures.

    option

    -

    industrial

    Option

    Description

    none

    No signatures excluded.

    industrial

    Exclude industrial signatures.

    packet-log-queue-depth

    Packet/pcap log queue depth per IPS engine.

    integer

    Minimum value: 128 Maximum value: 4096

    128

    ngfw-max-scan-range

    NGFW policy-mode app detection threshold.

    integer

    Minimum value: 0 Maximum value: 4294967295

    4096

    * This parameter may not exist in some models.

    ** Values may differ between models.

    config tls-active-probe

    Parameter

    Description

    Type

    Size

    Default

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    vdom

    Virtual domain name for TLS active probe.

    string

    Maximum length: 31

    source-ip

    Source IP address used for TLS active probe.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ip6

    Source IPv6 address used for TLS active probe.

    ipv6-address

    Not Specified

    ::
    Previous
    Next