config webfilter profile
Configure Web filter profiles.
config webfilter profile
Description: Configure Web filter profiles.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set options {option1}, {option2}, ...
set https-replacemsg [enable|disable]
set ovrd-perm {option1}, {option2}, ...
set post-action [normal|block]
config override
Description: Web Filter override settings.
set ovrd-cookie [allow|deny]
set ovrd-scope [user|user-group|...]
set profile-type [list|radius]
set ovrd-dur-mode [constant|ask]
set ovrd-dur {user}
set profile-attribute [User-Name|NAS-IP-Address|...]
set ovrd-user-group <name1>, <name2>, ...
set profile <name1>, <name2>, ...
end
config web
Description: Web content filtering settings.
set bword-threshold {integer}
set bword-table {integer}
set urlfilter-table {integer}
set content-header-list {integer}
set blocklist [enable|disable]
set allowlist {option1}, {option2}, ...
set safe-search {option1}, {option2}, ...
set youtube-restrict [none|strict|...]
set vimeo-restrict {string}
set log-search [enable|disable]
set keyword-match <pattern1>, <pattern2>, ...
end
config ftgd-wf
Description: FortiGuard Web Filter settings.
set options {option1}, {option2}, ...
set exempt-quota {user}
set ovrd {user}
config filters
Description: FortiGuard filters.
edit <id>
set category {integer}
set action [block|authenticate|...]
set warn-duration {user}
set auth-usr-grp <name1>, <name2>, ...
set log [enable|disable]
set override-replacemsg {string}
set warning-prompt [per-domain|per-category]
set warning-duration-type [session|timeout]
next
end
config quota
Description: FortiGuard traffic quota settings.
edit <id>
set category {user}
set type [time|traffic]
set unit [B|KB|...]
set value {integer}
set duration {user}
set override-replacemsg {string}
next
end
set max-quota-timeout {integer}
set rate-javascript-urls [disable|enable]
set rate-css-urls [disable|enable]
set rate-crl-urls [disable|enable]
end
config antiphish
Description: AntiPhishing profile.
set status [enable|disable]
set default-action [exempt|log|...]
set check-uri [enable|disable]
set check-basic-auth [enable|disable]
set check-username-only [enable|disable]
set max-body-len {integer}
config inspection-entries
Description: AntiPhishing entries.
edit <name>
set fortiguard-category {user}
set action [exempt|log|...]
next
end
config custom-patterns
Description: Custom username and password regex patterns.
edit <pattern>
set category [username|password]
set type [regex|literal]
next
end
set authentication [domain-controller|ldap]
set domain-controller {string}
set ldap {string}
end
set wisp [enable|disable]
set wisp-servers <name1>, <name2>, ...
set wisp-algorithm [primary-secondary|round-robin|...]
set log-all-url [enable|disable]
set web-content-log [enable|disable]
set web-filter-activex-log [enable|disable]
set web-filter-command-block-log [enable|disable]
set web-filter-cookie-log [enable|disable]
set web-filter-applet-log [enable|disable]
set web-filter-jscript-log [enable|disable]
set web-filter-js-log [enable|disable]
set web-filter-vbs-log [enable|disable]
set web-filter-unknown-log [enable|disable]
set web-filter-referer-log [enable|disable]
set web-filter-cookie-removal-log [enable|disable]
set web-url-log [enable|disable]
set web-invalid-domain-log [enable|disable]
set web-ftgd-err-log [enable|disable]
set web-ftgd-quota-usage [enable|disable]
set extended-log [enable|disable]
set web-extended-all-action-log [enable|disable]
set web-antiphishing-log [enable|disable]
next
end
config webfilter profile
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
comment |
Optional comments. |
var-string |
Maximum length: 255 |
|
||||||||||||||||||||||||||
|
replacemsg-group |
Replacement message group. |
string |
Maximum length: 35 |
|
||||||||||||||||||||||||||
|
options |
Options. |
option |
- |
|
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
https-replacemsg |
Enable replacement messages for HTTPS. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
ovrd-perm |
Permitted override types. |
option |
- |
|
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
post-action |
Action taken for HTTP POST traffic. |
option |
- |
normal |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
wisp |
Enable/disable web proxy WISP. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
wisp-servers |
WISP servers. Server name. |
string |
Maximum length: 79 |
|
||||||||||||||||||||||||||
|
wisp-algorithm |
WISP server selection algorithm. |
option |
- |
auto-learning |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
log-all-url |
Enable/disable logging all URLs visited. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-content-log |
Enable/disable logging logging blocked web content. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-activex-log |
Enable/disable logging ActiveX. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-command-block-log |
Enable/disable logging blocked commands. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-cookie-log |
Enable/disable logging cookie filtering. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-applet-log |
Enable/disable logging Java applets. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-jscript-log |
Enable/disable logging JScripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-js-log |
Enable/disable logging Java scripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-vbs-log |
Enable/disable logging VBS scripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-unknown-log |
Enable/disable logging unknown scripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-referer-log |
Enable/disable logging referrers. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-filter-cookie-removal-log |
Enable/disable logging blocked cookies. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-url-log |
Enable/disable logging URL filtering. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-invalid-domain-log |
Enable/disable logging invalid domain names. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-ftgd-err-log |
Enable/disable logging rating errors. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-ftgd-quota-usage |
Enable/disable logging daily quota usage. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
extended-log |
Enable/disable extended logging for web filtering. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-extended-all-action-log |
Enable/disable extended any filter action logging for web filtering. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
web-antiphishing-log |
Enable/disable logging of AntiPhishing checks. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
config override
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ovrd-cookie |
Allow/deny browser-based (cookie) overrides. |
option |
- |
deny |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-scope |
Override scope. |
option |
- |
user |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
profile-type |
Override profile type. |
option |
- |
list |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-dur-mode |
Override duration mode. |
option |
- |
constant |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-dur |
Override duration. |
user |
Not Specified |
15m |
||||||||||||||||||||||||||||||||||||||||||||||
|
profile-attribute |
Profile attribute to retrieve from the RADIUS server. |
option |
- |
Login-LAT-Service |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
ovrd-user-group |
User groups with permission to use the override. User group name. |
string |
Maximum length: 79 |
|
||||||||||||||||||||||||||||||||||||||||||||||
|
profile |
Web filter profile with permission to create overrides. Web profile. |
string |
Maximum length: 79 |
|
||||||||||||||||||||||||||||||||||||||||||||||
config web
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
bword-threshold |
Banned word score threshold. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
10 |
||||||||||||||
|
bword-table |
Banned word table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
urlfilter-table |
URL filter table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
content-header-list |
Content header list. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
|
blocklist |
Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
allowlist |
FortiGuard allowlist settings. |
option |
- |
|
||||||||||||||
|
|
|
|||||||||||||||||
|
safe-search |
Safe search type. |
option |
- |
|
||||||||||||||
|
|
|
|||||||||||||||||
|
youtube-restrict |
YouTube EDU filter level. |
option |
- |
none |
||||||||||||||
|
|
|
|||||||||||||||||
|
vimeo-restrict |
Set Vimeo-restrict ("7" = don't show mature content, "134" = don't show unrated and mature content). A value of cookie "content_rating". |
string |
Maximum length: 63 |
|
||||||||||||||
|
log-search |
Enable/disable logging all search phrases. |
option |
- |
disable |
||||||||||||||
|
|
|
|||||||||||||||||
|
keyword-match |
Search keywords to log when match is found. Pattern/keyword to search for. |
string |
Maximum length: 79 |
|
||||||||||||||
config ftgd-wf
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
options |
Options for FortiGuard Web Filter. |
option |
- |
ftgd-disable |
||||||||||
|
|
|
|||||||||||||
|
exempt-quota |
Do not stop quota for these categories. |
user |
Not Specified |
17 |
||||||||||
|
ovrd |
Allow web filter profile overrides. |
user |
Not Specified |
|
||||||||||
|
max-quota-timeout |
Maximum FortiGuard quota used by single page view in seconds (excludes streams). |
integer |
Minimum value: 1 Maximum value: 86400 |
300 |
||||||||||
|
rate-javascript-urls |
Enable/disable rating JavaScript by URL. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
rate-css-urls |
Enable/disable rating CSS by URL. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
rate-crl-urls |
Enable/disable rating CRL by URL. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
config filters
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
category |
Categories and groups the filter examines. |
integer |
Minimum value: 0 Maximum value: 255 |
0 |
||||||||||
|
action |
Action to take for matches. |
option |
- |
monitor |
||||||||||
|
|
|
|||||||||||||
|
warn-duration |
Duration of warnings. |
user |
Not Specified |
5m |
||||||||||
|
auth-usr-grp |
Groups with permission to authenticate. User group name. |
string |
Maximum length: 79 |
|
||||||||||
|
log |
Enable/disable logging. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
override-replacemsg |
Override replacement message. |
string |
Maximum length: 28 |
|
||||||||||
|
warning-prompt |
Warning prompts in each category or each domain. |
option |
- |
per-category |
||||||||||
|
|
|
|||||||||||||
|
warning-duration-type |
Re-display warning after closing browser or after a timeout. |
option |
- |
timeout |
||||||||||
|
|
|
|||||||||||||
config quota
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
category |
FortiGuard categories to apply quota to (category action must be set to monitor). |
user |
Not Specified |
|
||||||||||
|
type |
Quota type. |
option |
- |
time |
||||||||||
|
|
|
|||||||||||||
|
unit |
Traffic quota unit of measurement. |
option |
- |
MB |
||||||||||
|
|
|
|||||||||||||
|
value |
Traffic quota value. |
integer |
Minimum value: 1 Maximum value: 4294967295 |
1024 |
||||||||||
|
duration |
Duration of quota. |
user |
Not Specified |
5m |
||||||||||
|
override-replacemsg |
Override replacement message. |
string |
Maximum length: 28 |
|
||||||||||
config antiphish
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
status |
Toggle AntiPhishing functionality. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
default-action |
Action to be taken when there is no matching rule. |
option |
- |
exempt |
||||||||
|
|
|
|||||||||||
|
check-uri |
Enable/disable checking of GET URI parameters for known credentials. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
check-basic-auth |
Enable/disable checking of HTTP Basic Auth field for known credentials. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
check-username-only |
Enable/disable username only matching of credentials. Action will be taken for valid usernames regardless of password validity. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
max-body-len |
Maximum size of a POST body to check for credentials. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
65536 |
||||||||
|
authentication |
Authentication methods. |
option |
- |
domain-controller |
||||||||
|
|
|
|||||||||||
|
domain-controller |
Domain for which to verify received credentials against. |
string |
Maximum length: 63 |
|
||||||||
|
ldap |
LDAP server for which to verify received credentials against. |
string |
Maximum length: 63 |
|
||||||||
config inspection-entries
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
fortiguard-category |
FortiGuard category to match. |
user |
Not Specified |
0 |
||||||||
|
action |
Action to be taken upon an AntiPhishing match. |
option |
- |
exempt |
||||||||
|
|
|
|||||||||||
config custom-patterns
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
category |
Category that the pattern matches. |
option |
- |
username |
||||||
|
|
|
|||||||||
|
type |
Pattern will be treated either as a regex pattern or literal string. |
option |
- |
regex |
||||||
|
|
|
|||||||||