config firewall profile-protocol-options
Configure protocol options.
config firewall profile-protocol-options
Description: Configure protocol options.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set oversize-log [disable|enable]
set switching-protocols-log [disable|enable]
config http
Description: Configure HTTP protocol options.
set ports {integer}
set status [enable|disable]
set options [clientcomfort|servercomfort|...]
set comfort-interval {integer}
set comfort-amount {integer}
set range-block [disable|enable]
set post-lang [jisx0201|jisx0208|...]
set fortinet-bar [enable|disable]
set fortinet-bar-port {integer}
set streaming-content-bypass [enable|disable]
set dns-protection [enable|disable]
set switching-protocols [bypass|block]
set unknown-http-version [reject|tunnel|...]
set tunnel-non-http [enable|disable]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set stream-based-uncompressed-limit {integer}
set scan-bzip2 [enable|disable]
set block-page-status-code {integer}
set retry-count {integer}
set tcp-window-type [system|static|...]
set tcp-window-minimum {integer}
set tcp-window-maximum {integer}
set tcp-window-size {integer}
set address-ip-rating [enable|disable]
end
config ftp
Description: Configure FTP protocol options.
set ports {integer}
set status [enable|disable]
set options [clientcomfort|oversize|...]
set comfort-interval {integer}
set comfort-amount {integer}
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config rtmp
Description: RTMP.
set ports {integer}
set status [enable|disable]
set rtmpt [enable|disable]
set http-tunnel [enable|disable]
end
config imap
Description: Configure IMAP protocol options.
set ports {integer}
set status [enable|disable]
set options [fragmail|oversize]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config mapi
Description: Configure MAPI protocol options.
set ports {integer}
set status [enable|disable]
set options [fragmail|oversize]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config pop3
Description: Configure POP3 protocol options.
set ports {integer}
set status [enable|disable]
set options [fragmail|oversize]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config smtp
Description: Configure SMTP protocol options.
set ports {integer}
set status [enable|disable]
set options [fragmail|oversize|...]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set server-busy [enable|disable]
end
config ssh
Description: Configure SFTP and SCP protocol options.
set options [oversize|clientcomfort|...]
set comfort-interval {integer}
set comfort-amount {integer}
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config dns
Description: Configure DNS protocol options.
set ports {integer}
set status [enable|disable]
end
config cifs
Description: CIFS.
set ports {integer}
set status [enable|disable]
set tcp-window-type [system|static|...]
set tcp-window-minimum {integer}
set tcp-window-maximum {integer}
set tcp-window-size {integer}
end
set rpc-over-http [enable|disable]
next
end
config firewall profile-protocol-options
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Name. |
string |
Maximum length: 35 |
|||||||
|
comment |
Optional comments. |
var-string |
Maximum length: 255 |
|||||||
|
replacemsg-group |
Name of the replacement message group to be used |
string |
Maximum length: 35 |
|||||||
|
oversize-log |
Enable/disable logging for antivirus oversize file blocking. |
option |
- |
|||||||
|
|
|
|||||||||
|
switching-protocols-log |
Enable/disable logging for HTTP/HTTPS switching protocols. |
option |
- |
|||||||
|
|
|
|||||||||
|
rpc-over-http |
Enable/disable inspection of RPC over HTTP. |
option |
- |
|||||||
|
|
|
|||||||||
config http
|
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||||||||||||||||||||||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
comfort-interval |
Period of time between start, or last transmission, and the next client comfort transmission of data. |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||||||||||||||||||||||||||||||||||||||||
|
comfort-amount |
Amount of data to send in a transmission for client comforting. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||||||||||||||||||||||||||||
|
range-block |
Enable/disable blocking of partial downloads. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
post-lang |
ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
fortinet-bar |
Enable/disable Fortinet bar on HTML content. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
fortinet-bar-port |
Port for use by Fortinet Bar. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||||||||||||||||||||||||||||
|
streaming-content-bypass |
Enable/disable bypassing of streaming content from buffering. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
dns-protection |
Enable/disable DNS protection for HTTP/HTTPS traffic. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
switching-protocols |
Bypass from scanning, or block a connection that attempts to switch protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
unknown-http-version |
How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
tunnel-non-http |
Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||||||||||||||||||||||||||||||||||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||||||||||||||||||||||||||||||||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||||||||||||||||||||||||||||||||||||||
|
stream-based-uncompressed-limit |
Maximum stream-based uncompressed data size that will be scanned. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||||||||||||||||||||||||||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
block-page-status-code |
Code number returned for blocked HTTP pages. |
integer |
Minimum value: 100 Maximum value: 599 |
|||||||||||||||||||||||||||||||||||||||||||||
|
retry-count |
Number of attempts to retry HTTP connection. |
integer |
Minimum value: 0 Maximum value: 100 |
|||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-type |
Specify type of TCP window to use for this protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
|||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 33554432 |
|||||||||||||||||||||||||||||||||||||||||||||
|
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 33554432 |
|||||||||||||||||||||||||||||||||||||||||||||
|
address-ip-rating |
Enable/disable IP based URL rating. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
config ftp
|
Parameter |
Description |
Type |
Size |
|||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
|
comfort-interval |
Period of time between start, or last transmission, and the next client comfort transmission of data. |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||||||||
|
comfort-amount |
Amount of data to send in a transmission for client comforting. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||||||
|
|
|
|||||||||||||||
config rtmp
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|
|||||||||
|
rtmpt |
Enable/disable RTMPT. |
option |
- |
|||||||
|
|
|
|||||||||
|
http-tunnel |
Enable/disable RTMP http tunnel. |
option |
- |
|||||||
|
|
|
|||||||||
config imap
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|
|||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
|
|||||||||
config mapi
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|
|||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
|
|||||||||
config pop3
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|
|||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
|
|||||||||
config smtp
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
server-busy |
Enable/disable SMTP server busy when server not available. |
option |
- |
|||||||||
|
|
|
|||||||||||
config ssh
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
comfort-interval |
Period of time between start, or last transmission, and the next client comfort transmission of data. |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||||
|
comfort-amount |
Amount of data to send in a transmission for client comforting. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
|
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 435 |
|||||||||
|
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 435 |
|||||||||
|
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||
|
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||
|
|
|
|||||||||||
config dns
|
Parameter |
Description |
Type |
Size |
|||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|
|||||||||
config cifs
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
|
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
tcp-window-type |
Specify type of TCP window to use for this protocol. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
|||||||||
|
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 33554432 |
|||||||||
|
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 33554432 |
|||||||||