Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.6.1
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config firewall access-proxy-virtual-host

    config firewall access-proxy-virtual-host

    Configure Access Proxy virtual hosts.

    config firewall access-proxy-virtual-host
    Description: Configure Access Proxy virtual hosts.
    edit <name>
        set client-cert [disable|enable]
        set empty-cert-action [accept|block|...]
        set host {string}
        set host-type [sub-string|wildcard]
        set replacemsg-group {string}
        set ssl-certificate <name1>, <name2>, ...
        set user-agent-detect [disable|enable]
    next
end

    config firewall access-proxy-virtual-host

    Parameter

    Description

    Type

    Size

    Default

    client-cert

    Enable/disable requesting client certificate.

    option

    -

    enable

    Option

    Description

    disable

    Disable client certificate request.

    enable

    Enable client certificate request.

    empty-cert-action

    Action for an empty client certificate.

    option

    -

    block

    Option

    Description

    accept

    Accept the SSL handshake if the client certificate is empty.

    block

    Block the SSL handshake if the client certificate is empty.

    accept-unmanageable

    Accept the SSL handshake only if the end-point is unmanageable.

    host

    The host name.

    string

    Maximum length: 79

    host-type

    Type of host pattern.

    option

    -

    sub-string

    Option

    Description

    sub-string

    Match the pattern if a string contains the sub-string.

    wildcard

    Match the pattern with wildcards.

    name

    Virtual host name.

    string

    Maximum length: 79

    replacemsg-group

    Access-proxy-virtual-host replacement message override group.

    string

    Maximum length: 35

    ssl-certificate <name>

    SSL certificates for this host.

    Certificate list.

    string

    Maximum length: 79

    user-agent-detect

    Enable/disable detecting device type by HTTP user-agent if no client certificate is provided.

    option

    -

    enable

    Option

    Description

    disable

    Disable detecting unknown devices by HTTP user-agent if no client certificate is provided.

    enable

    Enable detecting unknown devices by HTTP user-agent if no client certificate is provided.
    Previous
    Next

    config firewall access-proxy-virtual-host

    config firewall access-proxy-virtual-host

    Configure Access Proxy virtual hosts.

    config firewall access-proxy-virtual-host
    Description: Configure Access Proxy virtual hosts.
    edit <name>
        set client-cert [disable|enable]
        set empty-cert-action [accept|block|...]
        set host {string}
        set host-type [sub-string|wildcard]
        set replacemsg-group {string}
        set ssl-certificate <name1>, <name2>, ...
        set user-agent-detect [disable|enable]
    next
end

    config firewall access-proxy-virtual-host

    Parameter

    Description

    Type

    Size

    Default

    client-cert

    Enable/disable requesting client certificate.

    option

    -

    enable

    Option

    Description

    disable

    Disable client certificate request.

    enable

    Enable client certificate request.

    empty-cert-action

    Action for an empty client certificate.

    option

    -

    block

    Option

    Description

    accept

    Accept the SSL handshake if the client certificate is empty.

    block

    Block the SSL handshake if the client certificate is empty.

    accept-unmanageable

    Accept the SSL handshake only if the end-point is unmanageable.

    host

    The host name.

    string

    Maximum length: 79

    host-type

    Type of host pattern.

    option

    -

    sub-string

    Option

    Description

    sub-string

    Match the pattern if a string contains the sub-string.

    wildcard

    Match the pattern with wildcards.

    name

    Virtual host name.

    string

    Maximum length: 79

    replacemsg-group

    Access-proxy-virtual-host replacement message override group.

    string

    Maximum length: 35

    ssl-certificate <name>

    SSL certificates for this host.

    Certificate list.

    string

    Maximum length: 79

    user-agent-detect

    Enable/disable detecting device type by HTTP user-agent if no client certificate is provided.

    option

    -

    enable

    Option

    Description

    disable

    Disable detecting unknown devices by HTTP user-agent if no client certificate is provided.

    enable

    Enable detecting unknown devices by HTTP user-agent if no client certificate is provided.
    Previous
    Next