Fortinet white logo
Fortinet white logo

CLI Reference

config dnsfilter domain-filter

config dnsfilter domain-filter

Configure DNS domain filters.

config dnsfilter domain-filter
    Description: Configure DNS domain filters.
    edit <id>
        set comment {var-string}
        config entries
            Description: DNS domain filter entries.
            edit <id>
                set action [block|allow|...]
                set comment {var-string}
                set domain {string}
                set status [enable|disable]
                set type [simple|regex|...]
            next
        end
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set name {string}
        set uuid {uuid}
    next
end

config dnsfilter domain-filter

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

-

disable

Option

Description

enable

Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

disable

Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object *

Security Fabric global object setting.

option

-

disable

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

-

root

Option

Description

member

Source of truth for this object is a non-root member of fabric.

local

Source of truth for this object is this security fabric member.

root

Source of truth for this object is the root of the fabric.

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

Name of table.

string

Maximum length: 63

uuid *

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.

config entries

Parameter

Description

Type

Size

Default

action

Action to take for domain filter matches.

option

-

block

Option

Description

block

Block DNS requests matching the domain filter.

allow

Allow DNS requests matching the domain filter without logging.

monitor

Allow DNS requests matching the domain filter with logging.

comment

Comment.

var-string

Maximum length: 255

domain

Domain entries to be filtered.

string

Maximum length: 511

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

status

Enable/disable this domain filter.

option

-

enable

Option

Description

enable

Enable this domain filter.

disable

Disable this domain filter.

type

DNS domain filter type.

option

-

simple

Option

Description

simple

Simple domain string.

regex

Regular expression domain string.

wildcard

Wildcard domain string.

config dnsfilter domain-filter

config dnsfilter domain-filter

Configure DNS domain filters.

config dnsfilter domain-filter
    Description: Configure DNS domain filters.
    edit <id>
        set comment {var-string}
        config entries
            Description: DNS domain filter entries.
            edit <id>
                set action [block|allow|...]
                set comment {var-string}
                set domain {string}
                set status [enable|disable]
                set type [simple|regex|...]
            next
        end
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set name {string}
        set uuid {uuid}
    next
end

config dnsfilter domain-filter

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

-

disable

Option

Description

enable

Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

disable

Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object *

Security Fabric global object setting.

option

-

disable

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

-

root

Option

Description

member

Source of truth for this object is a non-root member of fabric.

local

Source of truth for this object is this security fabric member.

root

Source of truth for this object is the root of the fabric.

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

Name of table.

string

Maximum length: 63

uuid *

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.

config entries

Parameter

Description

Type

Size

Default

action

Action to take for domain filter matches.

option

-

block

Option

Description

block

Block DNS requests matching the domain filter.

allow

Allow DNS requests matching the domain filter without logging.

monitor

Allow DNS requests matching the domain filter with logging.

comment

Comment.

var-string

Maximum length: 255

domain

Domain entries to be filtered.

string

Maximum length: 511

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

status

Enable/disable this domain filter.

option

-

enable

Option

Description

enable

Enable this domain filter.

disable

Disable this domain filter.

type

DNS domain filter type.

option

-

simple

Option

Description

simple

Simple domain string.

regex

Regular expression domain string.

wildcard

Wildcard domain string.