config system fortiguard
Configure FortiGuard services.
config system fortiguard
Description: Configure FortiGuard services.
set FDS-license-expiring-days {integer}
set antispam-cache [enable|disable]
set antispam-cache-mpermille {integer}
set antispam-cache-ttl {integer}
set antispam-expiration {integer}
set antispam-force-off [enable|disable]
set antispam-license {integer}
set antispam-timeout {integer}
set anycast-sdns-server-ip {ipv4-address}
set anycast-sdns-server-port {integer}
set auto-firmware-upgrade [enable|disable]
set auto-firmware-upgrade-day {option1}, {option2}, ...
set auto-firmware-upgrade-delay {integer}
set auto-firmware-upgrade-end-hour {integer}
set auto-firmware-upgrade-start-hour {integer}
set auto-join-forticloud [enable|disable]
set ddns-server-ip {ipv4-address}
set ddns-server-ip6 {ipv6-address}
set ddns-server-port {integer}
set fortiguard-anycast [enable|disable]
set fortiguard-anycast-source [fortinet|aws|...]
set interface {string}
set interface-select-method [auto|sdwan|...]
set load-balance-servers {integer}
set outbreak-prevention-cache [enable|disable]
set outbreak-prevention-cache-mpermille {integer}
set outbreak-prevention-cache-ttl {integer}
set outbreak-prevention-expiration {integer}
set outbreak-prevention-force-off [enable|disable]
set outbreak-prevention-license {integer}
set outbreak-prevention-timeout {integer}
set persistent-connection [enable|disable]
set port [8888|53|...]
set protocol [udp|http|...]
set proxy-password {password}
set proxy-server-ip {string}
set proxy-server-port {integer}
set proxy-username {string}
set sandbox-inline-scan [enable|disable]
set sandbox-region {string}
set sdns-options {option1}, {option2}, ...
set sdns-server-ip {user}
set sdns-server-port {integer}
set service-account-id {string}
set source-ip {ipv4-address}
set source-ip6 {ipv6-address}
set subscribe-update-notification [enable|disable]
set update-build-proxy [enable|disable]
set update-dldb [enable|disable]
set update-extdb [enable|disable]
set update-ffdb [enable|disable]
set update-server-location [automatic|usa|...]
set update-uwdb [enable|disable]
set vdom {string}
set vrf-select {integer}
set webfilter-cache [enable|disable]
set webfilter-cache-ttl {integer}
set webfilter-expiration {integer}
set webfilter-force-off [enable|disable]
set webfilter-license {integer}
set webfilter-timeout {integer}
end
config system fortiguard
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
FDS-license-expiring-days |
Threshold for number of days before FortiGuard license expiration to generate license expiring event log (1 - 100 days, default = 15). |
integer |
Minimum value: 1 Maximum value: 100 |
15 |
||||||||||||||||
|
antispam-cache |
Enable/disable FortiGuard antispam request caching. Uses a small amount of memory but improves performance. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
antispam-cache-mpermille |
Maximum permille of FortiGate memory the antispam cache is allowed to use (1 - 150). |
integer |
Minimum value: 1 Maximum value: 150 |
1 |
||||||||||||||||
|
antispam-cache-ttl |
Time-to-live for antispam cache entries in seconds (300 - 86400). Lower times reduce the cache size. Higher times may improve performance since the cache will have more entries. |
integer |
Minimum value: 300 Maximum value: 86400 |
1800 |
||||||||||||||||
|
antispam-expiration |
Expiration date of the FortiGuard antispam contract. Read-only. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
|
antispam-force-off |
Enable/disable turning off the FortiGuard antispam service. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
antispam-license |
Interval of time between license checks for the FortiGuard antispam contract. Read-only. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
|
antispam-timeout |
Antispam query time out (1 - 30 sec, default = 7). |
integer |
Minimum value: 1 Maximum value: 30 |
7 |
||||||||||||||||
|
anycast-sdns-server-ip |
IP address of the FortiGuard anycast DNS rating server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
|
anycast-sdns-server-port |
Port to connect to on the FortiGuard anycast DNS rating server. |
integer |
Minimum value: 1 Maximum value: 65535 |
853 |
||||||||||||||||
|
auto-firmware-upgrade |
Enable/disable automatic patch-level firmware upgrade from FortiGuard. The FortiGate unit searches for new patches only in the same major and minor version. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
auto-firmware-upgrade-day |
Allowed day(s) of the week to install an automatic patch-level firmware upgrade from FortiGuard (default is none). Disallow any day of the week to use auto-firmware-upgrade-delay instead, which waits for designated days before installing an automatic patch-level firmware upgrade. |
option |
- |
|
||||||||||||||||
|
|
|
|||||||||||||||||||
|
auto-firmware-upgrade-delay |
Delay of day(s) before installing an automatic patch-level firmware upgrade from FortiGuard (default = 3). Set it 0 to use auto-firmware-upgrade-day instead, which selects allowed day(s) of the week for installing an automatic patch-level firmware upgrade. |
integer |
Minimum value: 0 Maximum value: 14 |
3 |
||||||||||||||||
|
auto-firmware-upgrade-end-hour |
End time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time (0 ~ 23, default = 4). When the end time is smaller than the start time, the end time is interpreted as the next day. The actual upgrade time is selected randomly within the time window. |
integer |
Minimum value: 0 Maximum value: 23 |
4 |
||||||||||||||||
|
auto-firmware-upgrade-start-hour |
Start time in the designated time window for automatic patch-level firmware upgrade from FortiGuard in 24 hour time (0 ~ 23, default = 2). The actual upgrade time is selected randomly within the time window. |
integer |
Minimum value: 0 Maximum value: 23 |
1 |
||||||||||||||||
|
auto-join-forticloud * |
Automatically connect to and login to FortiCloud. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
ddns-server-ip |
IP address of the FortiDDNS server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
|
ddns-server-ip6 |
IPv6 address of the FortiDDNS server. |
ipv6-address |
Not Specified |
:: |
||||||||||||||||
|
ddns-server-port |
Port used to communicate with FortiDDNS servers. |
integer |
Minimum value: 1 Maximum value: 65535 |
443 |
||||||||||||||||
|
fortiguard-anycast |
Enable/disable use of FortiGuard's Anycast network. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
fortiguard-anycast-source |
Configure which of Fortinet's servers to provide FortiGuard services in FortiGuard's anycast network. Default is Fortinet. |
option |
- |
fortinet |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||||||||||||
|
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
load-balance-servers |
Number of servers to alternate between as first FortiGuard option. |
integer |
Minimum value: 1 Maximum value: 266 |
1 |
||||||||||||||||
|
outbreak-prevention-cache |
Enable/disable FortiGuard Virus Outbreak Prevention cache. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
outbreak-prevention-cache-mpermille |
Maximum permille of memory FortiGuard Virus Outbreak Prevention cache can use (1 - 150 permille, default = 1). |
integer |
Minimum value: 1 Maximum value: 150 |
1 |
||||||||||||||||
|
outbreak-prevention-cache-ttl |
Time-to-live for FortiGuard Virus Outbreak Prevention cache entries (300 - 86400 sec, default = 300). |
integer |
Minimum value: 300 Maximum value: 86400 |
300 |
||||||||||||||||
|
outbreak-prevention-expiration |
Expiration date of FortiGuard Virus Outbreak Prevention contract. Read-only. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
|
outbreak-prevention-force-off |
Turn off FortiGuard Virus Outbreak Prevention service. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
outbreak-prevention-license |
Interval of time between license checks for FortiGuard Virus Outbreak Prevention contract. Read-only. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
|
outbreak-prevention-timeout |
FortiGuard Virus Outbreak Prevention time out (1 - 30 sec, default = 7). |
integer |
Minimum value: 1 Maximum value: 30 |
7 |
||||||||||||||||
|
persistent-connection |
Enable/disable use of persistent connection to receive update notification from FortiGuard. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
port |
Port used to communicate with the FortiGuard servers. |
option |
- |
443 |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
protocol |
Protocol used to communicate with the FortiGuard servers. |
option |
- |
https |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
proxy-password |
Proxy user password. |
password |
Not Specified |
|
||||||||||||||||
|
proxy-server-ip |
Hostname or IPv4 address of the proxy server. |
string |
Maximum length: 63 |
|
||||||||||||||||
|
proxy-server-port |
Port used to communicate with the proxy server. |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
||||||||||||||||
|
proxy-username |
Proxy user name. |
string |
Maximum length: 64 |
|
||||||||||||||||
|
sandbox-inline-scan * |
Enable/disable FortiCloud Sandbox inline-scan. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
sandbox-region |
FortiCloud Sandbox region. |
string |
Maximum length: 63 |
|
||||||||||||||||
|
sdns-options |
Customization options for the FortiGuard DNS service. |
option |
- |
|
||||||||||||||||
|
|
|
|||||||||||||||||||
|
sdns-server-ip |
IP address of the FortiGuard DNS rating server. |
user |
Not Specified |
|
||||||||||||||||
|
sdns-server-port |
Port to connect to on the FortiGuard DNS rating server. |
integer |
Minimum value: 1 Maximum value: 65535 |
53 |
||||||||||||||||
|
service-account-id |
Service account ID. |
string |
Maximum length: 50 |
|
||||||||||||||||
|
source-ip |
Source IPv4 address used to communicate with FortiGuard. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||||||||
|
source-ip6 |
Source IPv6 address used to communicate with FortiGuard. |
ipv6-address |
Not Specified |
:: |
||||||||||||||||
|
subscribe-update-notification |
Enable/disable subscription to receive update notification from FortiGuard. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-build-proxy |
Enable/disable proxy dictionary rebuild. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-dldb |
Enable/disable DLP signature update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-extdb |
Enable/disable external resource update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-ffdb |
Enable/disable Internet Service Database update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-server-location |
Location from which to receive FortiGuard updates. |
option |
- |
automatic |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
update-uwdb |
Enable/disable allowlist update. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
vdom |
FortiGuard Service virtual domain name. |
string |
Maximum length: 31 |
|
||||||||||||||||
|
vrf-select |
VRF ID used for connection to server. |
integer |
Minimum value: 0 Maximum value: 511 |
0 |
||||||||||||||||
|
webfilter-cache |
Enable/disable FortiGuard web filter caching. |
option |
- |
enable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
webfilter-cache-ttl |
Time-to-live for web filter cache entries in seconds (300 - 86400). |
integer |
Minimum value: 300 Maximum value: 86400 |
3600 |
||||||||||||||||
|
webfilter-expiration |
Expiration date of the FortiGuard web filter contract. Read-only. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||
|
webfilter-force-off |
Enable/disable turning off the FortiGuard web filtering service. |
option |
- |
disable |
||||||||||||||||
|
|
|
|||||||||||||||||||
|
webfilter-license |
Interval of time between license checks for the FortiGuard web filter contract. Read-only. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
4294967295 |
||||||||||||||||
|
webfilter-timeout |
Web filter query time out (1 - 30 sec, default = 15). |
integer |
Minimum value: 1 Maximum value: 30 |
15 |
||||||||||||||||
* This parameter may not exist in some models.