config firewall profile-protocol-options
Configure protocol options.
config firewall profile-protocol-options
Description: Configure protocol options.
edit <name>
config cifs
Description: Configure CIFS protocol options.
set domain-controller {string}
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set scan-bzip2 [enable|disable]
set server-credential-type [none|credential-replication|...]
config server-keytab
Description: Server keytab.
edit <principal>
set keytab {string}
next
end
set status [enable|disable]
set tcp-window-maximum {integer}
set tcp-window-minimum {integer}
set tcp-window-size {integer}
set tcp-window-type [auto-tuning|system|...]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
set comment {var-string}
config dns
Description: Configure DNS protocol options.
set ports {integer}
set status [enable|disable]
end
config ftp
Description: Configure FTP protocol options.
set comfort-amount {integer}
set comfort-interval {integer}
set explicit-ftp-tls [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
set status [enable|disable]
set stream-based-uncompressed-limit {integer}
set tcp-window-maximum {integer}
set tcp-window-minimum {integer}
set tcp-window-size {integer}
set tcp-window-type [auto-tuning|system|...]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
config http
Description: Configure HTTP protocol options.
set address-ip-rating [enable|disable]
set block-page-status-code {integer}
set comfort-amount {integer}
set comfort-interval {integer}
set domain-fronting [allow|monitor|...]
set h2c [enable|disable]
set http-0 9 [allow|block]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set post-lang {option1}, {option2}, ...
set proxy-after-tcp-handshake [enable|disable]
set range-block [disable|enable]
set retry-count {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
set status [enable|disable]
set stream-based-uncompressed-limit {integer}
set streaming-content-bypass [enable|disable]
set strip-x-forwarded-for [disable|enable]
set switching-protocols [bypass|block]
set tcp-window-maximum {integer}
set tcp-window-minimum {integer}
set tcp-window-size {integer}
set tcp-window-type [auto-tuning|system|...]
set tunnel-non-http [enable|disable]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
set unknown-content-encoding [block|inspect|...]
set unknown-http-version [reject|tunnel|...]
set verify-dns-for-policy-matching [enable|disable]
end
config imap
Description: Configure IMAP protocol options.
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set proxy-after-tcp-handshake [enable|disable]
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
set status [enable|disable]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
config mail-signature
Description: Configure Mail signature.
set signature {string}
set status [disable|enable]
end
config mapi
Description: Configure MAPI protocol options.
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set scan-bzip2 [enable|disable]
set status [enable|disable]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
config nntp
Description: Configure NNTP protocol options.
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set proxy-after-tcp-handshake [enable|disable]
set scan-bzip2 [enable|disable]
set status [enable|disable]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
set oversize-log [disable|enable]
config pop3
Description: Configure POP3 protocol options.
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set proxy-after-tcp-handshake [enable|disable]
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
set status [enable|disable]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
set replacemsg-group {string}
set rpc-over-http [enable|disable]
config smtp
Description: Configure SMTP protocol options.
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set ports {integer}
set proxy-after-tcp-handshake [enable|disable]
set scan-bzip2 [enable|disable]
set server-busy [enable|disable]
set ssl-offloaded [no|yes]
set status [enable|disable]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
config ssh
Description: Configure SFTP and SCP protocol options.
set comfort-amount {integer}
set comfort-interval {integer}
set options {option1}, {option2}, ...
set oversize-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
set stream-based-uncompressed-limit {integer}
set tcp-window-maximum {integer}
set tcp-window-minimum {integer}
set tcp-window-size {integer}
set tcp-window-type [auto-tuning|system|...]
set uncompressed-nest-limit {integer}
set uncompressed-oversize-limit {integer}
end
set switching-protocols-log [disable|enable]
next
end
config firewall profile-protocol-options
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
comment |
Optional comments. |
var-string |
Maximum length: 255 |
|
||||||
|
name |
Name. |
string |
Maximum length: 47 |
|
||||||
|
oversize-log |
Enable/disable logging for antivirus oversize file blocking. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
replacemsg-group |
Name of the replacement message group to be used. |
string |
Maximum length: 35 |
|
||||||
|
rpc-over-http |
Enable/disable inspection of RPC over HTTP. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
switching-protocols-log |
Enable/disable logging for HTTP/HTTPS switching protocols. |
option |
- |
disable |
||||||
|
|
|
|||||||||
config cifs
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
domain-controller |
Domain for which to decrypt CIFS traffic. |
string |
Maximum length: 63 |
|
||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||||||
|
|
|
|||||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||
|
ports |
Ports to scan for content (1 - 65535, default = 445). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
server-credential-type |
CIFS server credential type. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 16777216 |
8388608 |
||||||||||
|
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
131072 |
||||||||||
|
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 16777216 |
262144 |
||||||||||
|
tcp-window-type |
TCP window type to use for this protocol. |
option |
- |
auto-tuning |
||||||||||
|
|
|
|||||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||
** Values may differ between models.
config server-keytab
|
Parameter |
Description |
Type |
Size |
Default |
|---|---|---|---|---|
|
keytab |
Base64 encoded keytab file containing credential of the server. |
string |
Maximum length: 8191 |
|
|
principal |
Service principal. For example, host/cifsserver.example.com@example.com. |
string |
Maximum length: 511 |
|
config dns
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content (1 - 65535, default = 53). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||
|
|
|
|||||||||
config ftp
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
comfort-amount |
Number of bytes to send in each transmission for client comforting (bytes). |
integer |
Minimum value: 1 Maximum value: 65535 |
1 |
||||||||||||
|
comfort-interval |
Interval between successive transmissions of data for client comforting (seconds). |
integer |
Minimum value: 1 Maximum value: 900 |
10 |
||||||||||||
|
explicit-ftp-tls |
Enable/disable FTP redirection for explicit FTPS. |
option |
- |
disable |
||||||||||||
|
|
|
|||||||||||||||
|
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
disable |
||||||||||||
|
|
|
|||||||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||||||||
|
|
|
|||||||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||||
|
ports |
Ports to scan for content (1 - 65535, default = 21). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||||||||
|
|
|
|||||||||||||||
|
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
no |
||||||||||||
|
|
|
|||||||||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||||||||
|
|
|
|||||||||||||||
|
stream-based-uncompressed-limit |
Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0, default = 0). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
|
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 16777216 |
8388608 |
||||||||||||
|
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
131072 |
||||||||||||
|
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 16777216 |
262144 |
||||||||||||
|
tcp-window-type |
TCP window type to use for this protocol. |
option |
- |
auto-tuning |
||||||||||||
|
|
|
|||||||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||||
** Values may differ between models.
config http
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
address-ip-rating |
Enable/disable IP based URL rating. |
option |
- |
enable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
block-page-status-code |
Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599, default = 403). |
integer |
Minimum value: 100 Maximum value: 599 |
403 |
||||||||||||||||||||||||||||||||||||||||||||
|
comfort-amount |
Number of bytes to send in each transmission for client comforting (bytes). |
integer |
Minimum value: 1 Maximum value: 65535 |
1 |
||||||||||||||||||||||||||||||||||||||||||||
|
comfort-interval |
Interval between successive transmissions of data for client comforting (seconds). |
integer |
Minimum value: 1 Maximum value: 900 |
10 |
||||||||||||||||||||||||||||||||||||||||||||
|
domain-fronting * |
Configure HTTP domain fronting (default = block). |
option |
- |
block |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
h2c |
Enable/disable h2c HTTP connection upgrade. |
option |
- |
disable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
http-0 9 |
Configure action to take upon receipt of HTTP 0.9 request. |
option |
- |
allow |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
disable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||||||||||||||||||||||||||||||||||||
|
ports |
Ports to scan for content (1 - 65535, default = 80). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||||||||||||||||||||||||||||||||||||||||
|
post-lang |
ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). |
option |
- |
|
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
proxy-after-tcp-handshake |
Proxy traffic after the TCP 3-way handshake has been established (not before). |
option |
- |
disable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
range-block |
Enable/disable blocking of partial downloads. |
option |
- |
disable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
retry-count |
Number of attempts to retry HTTP connection (0 - 100, default = 0). |
integer |
Minimum value: 0 Maximum value: 100 |
0 |
||||||||||||||||||||||||||||||||||||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
no |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
stream-based-uncompressed-limit |
Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0, default = 0). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||||||||||||||||||||||||||||||
|
streaming-content-bypass |
Enable/disable bypassing of streaming content from buffering. |
option |
- |
enable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
strip-x-forwarded-for |
Enable/disable stripping of HTTP X-Forwarded-For header. |
option |
- |
disable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
switching-protocols |
Bypass from scanning, or block a connection that attempts to switch protocol. |
option |
- |
bypass |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 16777216 |
8388608 |
||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
131072 |
||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 16777216 |
262144 |
||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-type |
TCP window type to use for this protocol. |
option |
- |
auto-tuning |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
tunnel-non-http |
Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. |
option |
- |
enable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||||||||||||||||||||||||||||||||||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||||||||||||||||||||||||||||||||||||
|
unknown-content-encoding |
Configure the action the FortiGate unit will take on unknown content-encoding. |
option |
- |
block |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
unknown-http-version |
How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. |
option |
- |
reject |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
verify-dns-for-policy-matching |
Enable/disable verification of DNS for policy matching. |
option |
- |
enable |
||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
* This parameter may not exist in some models.
** Values may differ between models.
config imap
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
|
ports |
Ports to scan for content (1 - 65535, default = 143). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||
|
proxy-after-tcp-handshake |
Proxy traffic after the TCP 3-way handshake has been established (not before). |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
no |
||||||
|
|
|
|||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
** Values may differ between models.
config mail-signature
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
signature |
Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). |
string |
Maximum length: 1023 |
|
||||||
|
status |
Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. |
option |
- |
disable |
||||||
|
|
|
|||||||||
config mapi
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
|
ports |
Ports to scan for content (1 - 65535, default = 135). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
** Values may differ between models.
config nntp
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
|
ports |
Ports to scan for content (1 - 65535, default = 119). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||
|
proxy-after-tcp-handshake |
Proxy traffic after the TCP 3-way handshake has been established (not before). |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
** Values may differ between models.
config pop3
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
|
ports |
Ports to scan for content (1 - 65535, default = 110). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||
|
proxy-after-tcp-handshake |
Proxy traffic after the TCP 3-way handshake has been established (not before). |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
no |
||||||
|
|
|
|||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||
** Values may differ between models.
config smtp
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||||
|
|
|
|||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||
|
ports |
Ports to scan for content (1 - 65535, default = 25). |
integer |
Minimum value: 1 Maximum value: 65535 |
|
||||||||
|
proxy-after-tcp-handshake |
Proxy traffic after the TCP 3-way handshake has been established (not before). |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
server-busy |
Enable/disable SMTP server busy when server not available. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
no |
||||||||
|
|
|
|||||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||
** Values may differ between models.
config ssh
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
comfort-amount |
Number of bytes to send in each transmission for client comforting (bytes). |
integer |
Minimum value: 1 Maximum value: 65535 |
1 |
||||||||||
|
comfort-interval |
Interval between successive transmissions of data for client comforting (seconds). |
integer |
Minimum value: 1 Maximum value: 900 |
10 |
||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|
||||||||||
|
|
|
|||||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
no |
||||||||||
|
|
|
|||||||||||||
|
stream-based-uncompressed-limit |
Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0, default = 0). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||
|
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 16777216 |
8388608 |
||||||||||
|
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
131072 |
||||||||||
|
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 16777216 |
262144 |
||||||||||
|
tcp-window-type |
TCP window type to use for this protocol. |
option |
- |
auto-tuning |
||||||||||
|
|
|
|||||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). |
integer |
Minimum value: 2 Maximum value: 100 |
12 |
||||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned (MB). |
integer |
Minimum value: 1 Maximum value: 1606 ** |
10 |
||||||||||
** Values may differ between models.