Fortinet black logo

CLI Reference

config ips rule

config ips rule

Configure IPS rules.

config ips rule
    Description: Configure IPS rules.
    edit <name>
        set action [pass|block]
        set application {user}
        set date {integer}
        set group {string}
        set location {user}
        set log [disable|enable]
        set log-packet [disable|enable]
        config metadata
            Description: Meta data.
            edit <id>
                set metaid {integer}
                set valueid {integer}
            next
        end
        set os {user}
        set rev {integer}
        set rule-id {integer}
        set service {user}
        set severity {user}
    next
end

config ips rule

Parameter

Description

Type

Size

Default

action

Action.

option

-

pass

Option

Description

pass

Pass or allow matching traffic.

block

Block or drop matching traffic.

application

Vulnerable applications.

user

Not Specified

date

Date.

integer

Minimum value: 0 Maximum value: 4294967295

0

group

Group.

string

Maximum length: 63

location

Vulnerable location.

user

Not Specified

log

Enable/disable logging.

option

-

enable

Option

Description

disable

Disable logging.

enable

Enable logging.

log-packet

Enable/disable packet logging.

option

-

disable

Option

Description

disable

Disable packet logging.

enable

Enable packet logging.

name

Rule name.

string

Maximum length: 63

os

Vulnerable operation systems.

user

Not Specified

rev

Revision.

integer

Minimum value: 0 Maximum value: 4294967295

0

rule-id

Rule ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

service

Vulnerable service.

user

Not Specified

severity

Severity.

user

Not Specified

config metadata

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

metaid

Meta ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

valueid

Value ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

config ips rule

Configure IPS rules.

config ips rule
    Description: Configure IPS rules.
    edit <name>
        set action [pass|block]
        set application {user}
        set date {integer}
        set group {string}
        set location {user}
        set log [disable|enable]
        set log-packet [disable|enable]
        config metadata
            Description: Meta data.
            edit <id>
                set metaid {integer}
                set valueid {integer}
            next
        end
        set os {user}
        set rev {integer}
        set rule-id {integer}
        set service {user}
        set severity {user}
    next
end

config ips rule

Parameter

Description

Type

Size

Default

action

Action.

option

-

pass

Option

Description

pass

Pass or allow matching traffic.

block

Block or drop matching traffic.

application

Vulnerable applications.

user

Not Specified

date

Date.

integer

Minimum value: 0 Maximum value: 4294967295

0

group

Group.

string

Maximum length: 63

location

Vulnerable location.

user

Not Specified

log

Enable/disable logging.

option

-

enable

Option

Description

disable

Disable logging.

enable

Enable logging.

log-packet

Enable/disable packet logging.

option

-

disable

Option

Description

disable

Disable packet logging.

enable

Enable packet logging.

name

Rule name.

string

Maximum length: 63

os

Vulnerable operation systems.

user

Not Specified

rev

Revision.

integer

Minimum value: 0 Maximum value: 4294967295

0

rule-id

Rule ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

service

Vulnerable service.

user

Not Specified

severity

Severity.

user

Not Specified

config metadata

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

metaid

Meta ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

valueid

Value ID.

integer

Minimum value: 0 Maximum value: 4294967295

0