config system fortiguard
Configure FortiGuard services.
config system fortiguard
Description: Configure FortiGuard services.
set FDS-license-expiring-days {integer}
set antispam-cache [enable|disable]
set antispam-cache-mpermille {integer}
set antispam-cache-ttl {integer}
set antispam-expiration {integer}
set antispam-force-off [enable|disable]
set antispam-license {integer}
set antispam-timeout {integer}
set anycast-sdns-server-ip {ipv4-address}
set anycast-sdns-server-port {integer}
set auto-firmware-upgrade [enable|disable]
set auto-firmware-upgrade-day {option1}, {option2}, ...
set auto-firmware-upgrade-delay {integer}
set auto-firmware-upgrade-end-hour {integer}
set auto-firmware-upgrade-start-hour {integer}
set auto-join-forticloud [enable|disable]
set ddns-server-ip {ipv4-address}
set ddns-server-ip6 {ipv6-address}
set ddns-server-port {integer}
set fortiguard-anycast [enable|disable]
set fortiguard-anycast-source [fortinet|aws|...]
set interface {string}
set interface-select-method [auto|sdwan|...]
set load-balance-servers {integer}
set outbreak-prevention-cache [enable|disable]
set outbreak-prevention-cache-mpermille {integer}
set outbreak-prevention-cache-ttl {integer}
set outbreak-prevention-expiration {integer}
set outbreak-prevention-force-off [enable|disable]
set outbreak-prevention-license {integer}
set outbreak-prevention-timeout {integer}
set persistent-connection [enable|disable]
set port [8888|53|...]
set protocol [udp|http|...]
set proxy-password {password}
set proxy-server-ip {string}
set proxy-server-port {integer}
set proxy-username {string}
set sandbox-inline-scan [enable|disable]
set sandbox-region {string}
set sdns-options {option1}, {option2}, ...
set sdns-server-ip {user}
set sdns-server-port {integer}
set service-account-id {string}
set source-ip {ipv4-address}
set source-ip6 {ipv6-address}
set update-build-proxy [enable|disable]
set update-dldb [enable|disable]
set update-extdb [enable|disable]
set update-ffdb [enable|disable]
set update-server-location [automatic|usa|...]
set update-uwdb [enable|disable]
set vdom {string}
set webfilter-cache [enable|disable]
set webfilter-cache-ttl {integer}
set webfilter-expiration {integer}
set webfilter-force-off [enable|disable]
set webfilter-license {integer}
set webfilter-timeout {integer}
end
config system fortiguard
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
FDS-license-expiring-days |
Threshold for number of days before FortiGuard license expiration to generate license expiring event log. |
integer |
Minimum value: 1 Maximum value: 100 |
15 |
||||||||||||||||
|
antispam-cache |
Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
antispam-cache-mpermille |
Maximum permille of FortiGate memory the antispam cache is allowed to use. |
integer |
Minimum value: 1 Maximum value: 150 |
1 |
||||||||||||||||
|
antispam-cache-ttl |
Time-to-live for antispam cache entries in seconds. Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. |
integer |
Minimum value: 300 Maximum value: 86400 |
1800 |
||||||||||||||||
|
antispam-expiration |
Expiration date of the FortiGuard antispam contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
|
antispam-force-off |
Enable/disable turning off the FortiGuard antispam service. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
antispam-license |
Interval of time between license checks for the FortiGuard antispam contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
|
antispam-timeout |
Antispam query time out. |
integer |
Minimum value: 1 Maximum value: 30 |
7 |
||||||||||||||||
|
anycast-sdns-server-ip |
IP address of the FortiGuard anycast DNS rating server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
|
anycast-sdns-server-port |
Port to connect to on the FortiGuard anycast DNS rating server. |
integer |
Minimum value: 1 Maximum value: 65535 |
853 |
||||||||||||||||
|
auto-firmware-upgrade |
Enable/disable automatic patch-level firmware upgrade from FortiGuard. The FortiGate unit searches for new patches only in the same major and minor version. Enabled by default for entry-level FortiGates; see Automatic firmware updates. |
option |
- |
disable ** |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
auto-firmware-upgrade-day |
Allowed day. Disallow any day of the week to use auto-firmware-upgrade-delay instead, which waits for designated days before installing an automatic patch-level firmware upgrade. |
option |
- |
|
||||||||||||||||
|
|
|
|||||||||||||||||||
|
auto-firmware-upgrade-delay |
Delay of day of the week for installing an automatic patch-level firmware upgrade. |
integer |
Minimum value: 0 Maximum value: 14 |
3 |
||||||||||||||||
|
auto-firmware-upgrade-end-hour |
End time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time. When the end time is smaller than the start time, the end time is interpreted as the next day. The actual upgrade time is selected randomly within the time window. |
integer |
Minimum value: 0 Maximum value: 23 |
4 |
||||||||||||||||
|
auto-firmware-upgrade-start-hour |
Start time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time. The actual upgrade time is selected randomly within the time window. |
integer |
Minimum value: 0 Maximum value: 23 |
1 |
||||||||||||||||
|
auto-join-forticloud * |
Automatically connect to and login to FortiCloud. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
ddns-server-ip |
IP address of the FortiDDNS server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
|
ddns-server-ip6 |
IPv6 address of the FortiDDNS server. |
ipv6-address |
Not Specified |
:: |
||||||||||||||||
|
ddns-server-port |
Port used to communicate with FortiDDNS servers. |
integer |
Minimum value: 1 Maximum value: 65535 |
443 |
||||||||||||||||
|
fortiguard-anycast |
Enable/disable use of FortiGuard's Anycast network. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
fortiguard-anycast-source |
Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet. |
option |
- |
fortinet |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||||||||||||
|
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
load-balance-servers |
Number of servers to alternate between as first FortiGuard option. |
integer |
Minimum value: 1 Maximum value: 266 |
1 |
||||||||||||||||
|
outbreak-prevention-cache |
Enable/disable FortiGuard Virus Outbreak Prevention cache. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
outbreak-prevention-cache-mpermille |
Maximum permille of memory FortiGuard Virus Outbreak Prevention cache can use. |
integer |
Minimum value: 1 Maximum value: 150 |
1 |
||||||||||||||||
|
outbreak-prevention-cache-ttl |
Time-to-live for FortiGuard Virus Outbreak Prevention cache entries. |
integer |
Minimum value: 300 Maximum value: 86400 |
300 |
||||||||||||||||
|
outbreak-prevention-expiration |
Expiration date of FortiGuard Virus Outbreak Prevention contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
|
outbreak-prevention-force-off |
Turn off FortiGuard Virus Outbreak Prevention service. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
outbreak-prevention-license |
Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
|
outbreak-prevention-timeout |
FortiGuard Virus Outbreak Prevention time out. |
integer |
Minimum value: 1 Maximum value: 30 |
7 |
||||||||||||||||
|
persistent-connection |
Enable/disable use of persistent connection to receive update notification from FortiGuard. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
port |
Port used to communicate with the FortiGuard servers. |
option |
- |
443 |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
protocol |
Protocol used to communicate with the FortiGuard servers. |
option |
- |
https |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
proxy-password |
Proxy user password. |
password |
Not Specified |
|
||||||||||||||||
|
proxy-server-ip |
Hostname or IPv4 address of the proxy server. |
string |
Maximum length: 63 |
|
||||||||||||||||
|
proxy-server-port |
Port used to communicate with the proxy server. |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
||||||||||||||||
|
proxy-username |
Proxy user name. |
string |
Maximum length: 64 |
|
||||||||||||||||
|
sandbox-inline-scan |
Enable/disable FortiCloud Sandbox inline-scan. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
sandbox-region |
FortiCloud Sandbox region. |
string |
Maximum length: 63 |
|
||||||||||||||||
|
sdns-options |
Customization options for the FortiGuard DNS service. |
option |
- |
|
||||||||||||||||
|
|
|
|||||||||||||||||||
|
sdns-server-ip |
IP address of the FortiGuard DNS rating server. |
user |
Not Specified |
|
||||||||||||||||
|
sdns-server-port |
Port to connect to on the FortiGuard DNS rating server. |
integer |
Minimum value: 1 Maximum value: 65535 |
53 |
||||||||||||||||
|
service-account-id |
Service account ID. |
string |
Maximum length: 50 |
|
||||||||||||||||
|
source-ip |
Source IPv4 address used to communicate with FortiGuard. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
|
source-ip6 |
Source IPv6 address used to communicate with FortiGuard. |
ipv6-address |
Not Specified |
:: |
||||||||||||||||
|
update-build-proxy |
Enable/disable proxy dictionary rebuild. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-dldb |
Enable/disable DLP signature update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-extdb |
Enable/disable external resource update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-ffdb |
Enable/disable Internet Service Database update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-server-location |
Location from which to receive FortiGuard updates. |
option |
- |
automatic |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-uwdb |
Enable/disable allowlist update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
vdom |
FortiGuard Service virtual domain name. |
string |
Maximum length: 31 |
|
||||||||||||||||
|
webfilter-cache |
Enable/disable FortiGuard web filter caching. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
webfilter-cache-ttl |
Time-to-live for web filter cache entries in seconds. |
integer |
Minimum value: 300 Maximum value: 86400 |
3600 |
||||||||||||||||
|
webfilter-expiration |
Expiration date of the FortiGuard web filter contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
|
webfilter-force-off |
Enable/disable turning off the FortiGuard web filtering service. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
webfilter-license |
Interval of time between license checks for the FortiGuard web filter contract. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
|
webfilter-timeout |
Web filter query time out. |
integer |
Minimum value: 1 Maximum value: 30 |
15 |
||||||||||||||||
* This parameter may not exist in some models.
** Values may differ between models.