Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config casb profile

    config casb profile

    Configure CASB profile.

    config casb profile
    Description: Configure CASB profile.
    edit <name>
        set comment {var-string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        config saas-application
            Description: CASB profile SaaS application.
            edit <name>
                config access-rule
                    Description: CASB profile access rule.
                    edit <name>
                        set action [monitor|bypass|...]
                        config attribute-filter
                            Description: CASB profile attribute filter.
                            edit <id>
                                set action [monitor|bypass|...]
                                set attribute-match {string}
                            next
                        end
                        set bypass {option1}, {option2}, ...
                    next
                end
                config advanced-tenant-control
                    Description: CASB profile advanced tenant control.
                    edit <name>
                        config attribute
                            Description: CASB advanced tenant control attribute.
                            edit <name>
                                set input <value1>, <value2>, ...
                            next
                        end
                    next
                end
                config custom-control
                    Description: CASB profile custom control.
                    edit <name>
                        config attribute-filter
                            Description: CASB attribute filter.
                            edit <id>
                                set action [monitor|bypass|...]
                                set attribute-match {string}
                            next
                        end
                        config option
                            Description: CASB custom control option.
                            edit <name>
                                set user-input <value1>, <value2>, ...
                            next
                        end
                    next
                end
                set domain-control [enable|disable]
                set domain-control-domains <name1>, <name2>, ...
                set log [enable|disable]
                set safe-search [enable|disable]
                set safe-search-control <name1>, <name2>, ...
                set status [enable|disable]
                set tenant-control [enable|disable]
                set tenant-control-tenants <name1>, <name2>, ...
            next
        end
        set uuid {uuid}
    next
end

    config casb profile

    Parameter

    Description

    Type

    Size

    Default

    comment

    Comment.

    var-string

    Maximum length: 255

    fabric-force-sync *

    Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

    option

    -

    disable

    Option

    Description

    enable

    Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    disable

    Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    fabric-object *

    Security Fabric global object setting.

    option

    -

    disable

    Option

    Description

    enable

    Object is set as a security fabric-wide global object.

    disable

    Object is local to this security fabric member.

    fabric-object-source *

    Source of truth for fabric object.

    option

    -

    root

    Option

    Description

    member

    Source of truth for this object is a non-root member of fabric.

    local

    Source of truth for this object is this security fabric member.

    root

    Source of truth for this object is the root of the fabric.

    name

    CASB profile name.

    string

    Maximum length: 47

    uuid *

    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

    uuid

    Not Specified

    00000000-0000-0000-0000-000000000000

    * This parameter may not exist in some models.

    config saas-application

    Parameter

    Description

    Type

    Size

    Default

    domain-control

    Enable/disable domain control.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    domain-control-domains <name>

    CASB profile domain control domains.

    Domain control domain name.

    string

    Maximum length: 79

    log

    Enable/disable log settings.

    option

    -

    enable

    Option

    Description

    enable

    Enable log setting.

    disable

    Disable log setting.

    name

    CASB profile SaaS application name.

    string

    Maximum length: 79

    safe-search

    Enable/disable safe search.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    safe-search-control <name>

    CASB profile safe search control.

    Safe search control name.

    string

    Maximum length: 79

    status

    Enable/disable setting.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    tenant-control

    Enable/disable tenant control.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    tenant-control-tenants <name>

    CASB profile tenant control tenants.

    Tenant control tenants name.

    string

    Maximum length: 79

    config access-rule

    Parameter

    Description

    Type

    Size

    Default

    action

    CASB access rule action.

    option

    -

    monitor

    Option

    Description

    monitor

    Log when log is enabled.

    bypass

    Apply bypass options.

    block

    Block the request.

    bypass

    CASB bypass options.

    option

    -

    Option

    Description

    av

    Exempt from AV scanning.

    dlp

    Exempt from data loss prevention (DLP).

    web-filter

    Exempt from web filter.

    file-filter

    Exempt from file filter.

    video-filter

    Exempt from video filter.

    name

    CASB access rule activity name.

    string

    Maximum length: 79

    config attribute-filter

    Parameter

    Description

    Type

    Size

    Default

    action

    CASB access rule tenant control action.

    option

    -

    monitor

    Option

    Description

    monitor

    Log when log is enabled.

    bypass

    Apply bypass options.

    block

    Block the request.

    attribute-match

    CASB access rule tenant match.

    string

    Maximum length: 79

    id

    CASB tenant control ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    config advanced-tenant-control

    Parameter

    Description

    Type

    Size

    Default

    name

    CASB advanced tenant control name.

    string

    Maximum length: 79

    config attribute

    Parameter

    Description

    Type

    Size

    Default

    input <value>

    CASB extend user input value.

    User input value.

    string

    Maximum length: 79

    name

    CASB extend user input name.

    string

    Maximum length: 79

    config custom-control

    Parameter

    Description

    Type

    Size

    Default

    name

    CASB custom control user activity name.

    string

    Maximum length: 79

    config attribute-filter

    Parameter

    Description

    Type

    Size

    Default

    action

    CASB access rule tenant control action.

    option

    -

    monitor

    Option

    Description

    monitor

    Log when log is enabled.

    bypass

    Apply bypass options.

    block

    Block the request.

    attribute-match

    CASB access rule tenant match.

    string

    Maximum length: 79

    id

    CASB tenant control ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0
    config option

    Parameter

    Description

    Type

    Size

    Default

    name

    CASB custom control option name.

    string

    Maximum length: 79

    user-input <value>

    CASB custom control user input.

    user input value.

    string

    Maximum length: 79

    Previous
    Next

    config casb profile

    config casb profile

    Configure CASB profile.

    config casb profile
    Description: Configure CASB profile.
    edit <name>
        set comment {var-string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        config saas-application
            Description: CASB profile SaaS application.
            edit <name>
                config access-rule
                    Description: CASB profile access rule.
                    edit <name>
                        set action [monitor|bypass|...]
                        config attribute-filter
                            Description: CASB profile attribute filter.
                            edit <id>
                                set action [monitor|bypass|...]
                                set attribute-match {string}
                            next
                        end
                        set bypass {option1}, {option2}, ...
                    next
                end
                config advanced-tenant-control
                    Description: CASB profile advanced tenant control.
                    edit <name>
                        config attribute
                            Description: CASB advanced tenant control attribute.
                            edit <name>
                                set input <value1>, <value2>, ...
                            next
                        end
                    next
                end
                config custom-control
                    Description: CASB profile custom control.
                    edit <name>
                        config attribute-filter
                            Description: CASB attribute filter.
                            edit <id>
                                set action [monitor|bypass|...]
                                set attribute-match {string}
                            next
                        end
                        config option
                            Description: CASB custom control option.
                            edit <name>
                                set user-input <value1>, <value2>, ...
                            next
                        end
                    next
                end
                set domain-control [enable|disable]
                set domain-control-domains <name1>, <name2>, ...
                set log [enable|disable]
                set safe-search [enable|disable]
                set safe-search-control <name1>, <name2>, ...
                set status [enable|disable]
                set tenant-control [enable|disable]
                set tenant-control-tenants <name1>, <name2>, ...
            next
        end
        set uuid {uuid}
    next
end

    config casb profile

    Parameter

    Description

    Type

    Size

    Default

    comment

    Comment.

    var-string

    Maximum length: 255

    fabric-force-sync *

    Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

    option

    -

    disable

    Option

    Description

    enable

    Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    disable

    Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    fabric-object *

    Security Fabric global object setting.

    option

    -

    disable

    Option

    Description

    enable

    Object is set as a security fabric-wide global object.

    disable

    Object is local to this security fabric member.

    fabric-object-source *

    Source of truth for fabric object.

    option

    -

    root

    Option

    Description

    member

    Source of truth for this object is a non-root member of fabric.

    local

    Source of truth for this object is this security fabric member.

    root

    Source of truth for this object is the root of the fabric.

    name

    CASB profile name.

    string

    Maximum length: 47

    uuid *

    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

    uuid

    Not Specified

    00000000-0000-0000-0000-000000000000

    * This parameter may not exist in some models.

    config saas-application

    Parameter

    Description

    Type

    Size

    Default

    domain-control

    Enable/disable domain control.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    domain-control-domains <name>

    CASB profile domain control domains.

    Domain control domain name.

    string

    Maximum length: 79

    log

    Enable/disable log settings.

    option

    -

    enable

    Option

    Description

    enable

    Enable log setting.

    disable

    Disable log setting.

    name

    CASB profile SaaS application name.

    string

    Maximum length: 79

    safe-search

    Enable/disable safe search.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    safe-search-control <name>

    CASB profile safe search control.

    Safe search control name.

    string

    Maximum length: 79

    status

    Enable/disable setting.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    tenant-control

    Enable/disable tenant control.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    tenant-control-tenants <name>

    CASB profile tenant control tenants.

    Tenant control tenants name.

    string

    Maximum length: 79

    config access-rule

    Parameter

    Description

    Type

    Size

    Default

    action

    CASB access rule action.

    option

    -

    monitor

    Option

    Description

    monitor

    Log when log is enabled.

    bypass

    Apply bypass options.

    block

    Block the request.

    bypass

    CASB bypass options.

    option

    -

    Option

    Description

    av

    Exempt from AV scanning.

    dlp

    Exempt from data loss prevention (DLP).

    web-filter

    Exempt from web filter.

    file-filter

    Exempt from file filter.

    video-filter

    Exempt from video filter.

    name

    CASB access rule activity name.

    string

    Maximum length: 79

    config attribute-filter

    Parameter

    Description

    Type

    Size

    Default

    action

    CASB access rule tenant control action.

    option

    -

    monitor

    Option

    Description

    monitor

    Log when log is enabled.

    bypass

    Apply bypass options.

    block

    Block the request.

    attribute-match

    CASB access rule tenant match.

    string

    Maximum length: 79

    id

    CASB tenant control ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    config advanced-tenant-control

    Parameter

    Description

    Type

    Size

    Default

    name

    CASB advanced tenant control name.

    string

    Maximum length: 79

    config attribute

    Parameter

    Description

    Type

    Size

    Default

    input <value>

    CASB extend user input value.

    User input value.

    string

    Maximum length: 79

    name

    CASB extend user input name.

    string

    Maximum length: 79

    config custom-control

    Parameter

    Description

    Type

    Size

    Default

    name

    CASB custom control user activity name.

    string

    Maximum length: 79

    config attribute-filter

    Parameter

    Description

    Type

    Size

    Default

    action

    CASB access rule tenant control action.

    option

    -

    monitor

    Option

    Description

    monitor

    Log when log is enabled.

    bypass

    Apply bypass options.

    block

    Block the request.

    attribute-match

    CASB access rule tenant match.

    string

    Maximum length: 79

    id

    CASB tenant control ID.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0
    config option

    Parameter

    Description

    Type

    Size

    Default

    name

    CASB custom control option name.

    string

    Maximum length: 79

    user-input <value>

    CASB custom control user input.

    user input value.

    string

    Maximum length: 79

    Previous
    Next