config webfilter profile
Configure Web filter profiles.
config webfilter profile Description: Configure Web filter profiles. edit <name> set comment {var-string} set replacemsg-group {string} set options {option1}, {option2}, ... set https-replacemsg [enable|disable] set ovrd-perm {option1}, {option2}, ... set post-action [normal|block] config override Description: Web Filter override settings. set ovrd-cookie [allow|deny] set ovrd-scope [user|user-group|...] set profile-type [list|radius] set ovrd-dur-mode [constant|ask] set ovrd-dur {user} set profile-attribute [User-Name|NAS-IP-Address|...] set ovrd-user-group <name1>, <name2>, ... set profile <name1>, <name2>, ... end config web Description: Web content filtering settings. set bword-threshold {integer} set bword-table {integer} set urlfilter-table {integer} set content-header-list {integer} set blocklist [enable|disable] set allowlist {option1}, {option2}, ... set safe-search {option1}, {option2}, ... set youtube-restrict [none|strict|...] set qwant-restrict [none|strict|...] set vimeo-restrict {string} set log-search [enable|disable] set keyword-match <pattern1>, <pattern2>, ... end config ftgd-wf Description: FortiGuard Web Filter settings. set options {option1}, {option2}, ... set exempt-quota {user} set ovrd {user} config filters Description: FortiGuard filters. edit <id> set category {integer} set action [block|authenticate|...] set warn-duration {user} set auth-usr-grp <name1>, <name2>, ... set log [enable|disable] set override-replacemsg {string} set warning-prompt [per-domain|per-category] set warning-duration-type [session|timeout] next end config risk Description: FortiGuard risk level settings. edit <id> set risk-level {string} set action [block|monitor] set log [enable|disable] next end config quota Description: FortiGuard traffic quota settings. edit <id> set category {user} set type [time|traffic] set unit [B|KB|...] set value {integer} set duration {user} set override-replacemsg {string} next end set max-quota-timeout {integer} set rate-javascript-urls [disable|enable] set rate-css-urls [disable|enable] set rate-crl-urls [disable|enable] end config antiphish Description: AntiPhishing profile. set status [enable|disable] set default-action [exempt|log|...] set check-uri [enable|disable] set check-basic-auth [enable|disable] set check-username-only [enable|disable] set max-body-len {integer} config inspection-entries Description: AntiPhishing entries. edit <name> set fortiguard-category {user} set action [exempt|log|...] next end config custom-patterns Description: Custom username and password regex patterns. edit <pattern> set category [username|password] set type [regex|literal] next end set authentication [domain-controller|ldap] set domain-controller {string} set ldap {string} end set wisp [enable|disable] set wisp-servers <name1>, <name2>, ... set wisp-algorithm [primary-secondary|round-robin|...] set ia-categorization [enable|disable] set log-all-url [enable|disable] set web-content-log [enable|disable] set web-filter-activex-log [enable|disable] set web-filter-command-block-log [enable|disable] set web-filter-cookie-log [enable|disable] set web-filter-applet-log [enable|disable] set web-filter-jscript-log [enable|disable] set web-filter-js-log [enable|disable] set web-filter-vbs-log [enable|disable] set web-filter-unknown-log [enable|disable] set web-filter-referer-log [enable|disable] set web-filter-cookie-removal-log [enable|disable] set web-url-log [enable|disable] set web-invalid-domain-log [enable|disable] set web-ftgd-err-log [enable|disable] set web-ftgd-quota-usage [enable|disable] set web-antiphishing-log [enable|disable] next end
config webfilter profile
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
name |
Profile name. |
string |
Maximum length: 35 |
|
||||||||||||||||||||||||||
comment |
Optional comments. |
var-string |
Maximum length: 255 |
|
||||||||||||||||||||||||||
replacemsg-group |
Replacement message group. |
string |
Maximum length: 35 |
|
||||||||||||||||||||||||||
options |
Options. |
option |
- |
|
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
https-replacemsg |
Enable replacement messages for HTTPS. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
ovrd-perm |
Permitted override types. |
option |
- |
|
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
post-action |
Action taken for HTTP POST traffic. |
option |
- |
normal |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
wisp |
Enable/disable web proxy WISP. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
wisp-servers |
WISP servers. Server name. |
string |
Maximum length: 79 |
|
||||||||||||||||||||||||||
wisp-algorithm |
WISP server selection algorithm. |
option |
- |
auto-learning |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
ia-categorization |
Enable/Disable use of image-analyzer engine to help categorize images with unknown category. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
log-all-url |
Enable/disable logging all URLs visited. |
option |
- |
disable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-content-log |
Enable/disable logging logging blocked web content. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-activex-log |
Enable/disable logging ActiveX. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-command-block-log |
Enable/disable logging blocked commands. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-cookie-log |
Enable/disable logging cookie filtering. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-applet-log |
Enable/disable logging Java applets. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-jscript-log |
Enable/disable logging JScripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-js-log |
Enable/disable logging Java scripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-vbs-log |
Enable/disable logging VBS scripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-unknown-log |
Enable/disable logging unknown scripts. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-referer-log |
Enable/disable logging referrers. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-filter-cookie-removal-log |
Enable/disable logging blocked cookies. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-url-log |
Enable/disable logging URL filtering. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-invalid-domain-log |
Enable/disable logging invalid domain names. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-ftgd-err-log |
Enable/disable logging rating errors. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-ftgd-quota-usage |
Enable/disable logging daily quota usage. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
web-antiphishing-log |
Enable/disable logging of AntiPhishing checks. |
option |
- |
enable |
||||||||||||||||||||||||||
|
|
config override
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ovrd-cookie |
Allow/deny browser-based (cookie) overrides. |
option |
- |
deny |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
ovrd-scope |
Override scope. |
option |
- |
user |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
profile-type |
Override profile type. |
option |
- |
list |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
ovrd-dur-mode |
Override duration mode. |
option |
- |
constant |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
ovrd-dur |
Override duration. |
user |
Not Specified |
15m |
||||||||||||||||||||||||||||||||||||||||||||||
profile-attribute |
Profile attribute to retrieve from the RADIUS server. |
option |
- |
Login-LAT-Service |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
ovrd-user-group |
User groups with permission to use the override. User group name. |
string |
Maximum length: 79 |
|
||||||||||||||||||||||||||||||||||||||||||||||
profile |
Web filter profile with permission to create overrides. Web profile. |
string |
Maximum length: 79 |
|
config web
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
bword-threshold |
Banned word score threshold. |
integer |
Minimum value: 0 Maximum value: 2147483647 |
10 |
||||||||||||||
bword-table |
Banned word table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
urlfilter-table |
URL filter table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
content-header-list |
Content header list. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||
blocklist |
Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. |
option |
- |
disable |
||||||||||||||
|
|
|||||||||||||||||
allowlist |
FortiGuard allowlist settings. |
option |
- |
|
||||||||||||||
|
|
|||||||||||||||||
safe-search |
Safe search type. |
option |
- |
|
||||||||||||||
|
|
|||||||||||||||||
youtube-restrict |
YouTube EDU filter level. |
option |
- |
none |
||||||||||||||
|
|
|||||||||||||||||
qwant-restrict |
Qwant safe search level. |
option |
- |
strict |
||||||||||||||
|
|
|||||||||||||||||
vimeo-restrict |
Set Vimeo-restrict ("7" = don't show mature content, "134" = don't show unrated and mature content). A value of cookie "content_rating". |
string |
Maximum length: 63 |
|
||||||||||||||
log-search |
Enable/disable logging all search phrases. |
option |
- |
disable |
||||||||||||||
|
|
|||||||||||||||||
keyword-match |
Search keywords to log when match is found. Pattern/keyword to search for. |
string |
Maximum length: 79 |
|
config ftgd-wf
Parameter |
Description |
Type |
Size |
Default |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Options for FortiGuard Web Filter. |
option |
- |
ftgd-disable |
||||||||||
|
|
|||||||||||||
exempt-quota |
Do not stop quota for these categories. |
user |
Not Specified |
17 |
||||||||||
ovrd |
Allow web filter profile overrides. |
user |
Not Specified |
|
||||||||||
max-quota-timeout |
Maximum FortiGuard quota used by single page view in seconds (excludes streams). |
integer |
Minimum value: 1 Maximum value: 86400 |
300 |
||||||||||
rate-javascript-urls |
Enable/disable rating JavaScript by URL. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
rate-css-urls |
Enable/disable rating CSS by URL. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
rate-crl-urls |
Enable/disable rating CRL by URL. |
option |
- |
enable |
||||||||||
|
|
config filters
Parameter |
Description |
Type |
Size |
Default |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
ID number. |
integer |
Minimum value: 0 Maximum value: 255 |
0 |
||||||||||
category |
Categories and groups the filter examines. |
integer |
Minimum value: 0 Maximum value: 255 |
0 |
||||||||||
action |
Action to take for matches. |
option |
- |
monitor |
||||||||||
|
|
|||||||||||||
warn-duration |
Duration of warnings. |
user |
Not Specified |
5m |
||||||||||
auth-usr-grp |
Groups with permission to authenticate. User group name. |
string |
Maximum length: 79 |
|
||||||||||
log |
Enable/disable logging. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
override-replacemsg |
Override replacement message. |
string |
Maximum length: 28 |
|
||||||||||
warning-prompt |
Warning prompts in each category or each domain. |
option |
- |
per-category |
||||||||||
|
|
|||||||||||||
warning-duration-type |
Re-display warning after closing browser or after a timeout. |
option |
- |
timeout |
||||||||||
|
|
config risk
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
id |
ID number. |
integer |
Minimum value: 0 Maximum value: 255 |
0 |
||||||
risk-level |
Risk level to be examined. |
string |
Maximum length: 35 |
|
||||||
action |
Action to take for matches. |
option |
- |
monitor |
||||||
|
|
|||||||||
log |
Enable/disable logging. |
option |
- |
enable |
||||||
|
|
config quota
Parameter |
Description |
Type |
Size |
Default |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
ID number. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||
category |
FortiGuard categories to apply quota to (category action must be set to monitor). |
user |
Not Specified |
|
||||||||||
type |
Quota type. |
option |
- |
time |
||||||||||
|
|
|||||||||||||
unit |
Traffic quota unit of measurement. |
option |
- |
MB |
||||||||||
|
|
|||||||||||||
value |
Traffic quota value. |
integer |
Minimum value: 1 Maximum value: 4294967295 |
1024 |
||||||||||
duration |
Duration of quota. |
user |
Not Specified |
5m |
||||||||||
override-replacemsg |
Override replacement message. |
string |
Maximum length: 28 |
|
config antiphish
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Toggle AntiPhishing functionality. |
option |
- |
disable |
||||||||
|
|
|||||||||||
default-action |
Action to be taken when there is no matching rule. |
option |
- |
exempt |
||||||||
|
|
|||||||||||
check-uri |
Enable/disable checking of GET URI parameters for known credentials. |
option |
- |
disable |
||||||||
|
|
|||||||||||
check-basic-auth |
Enable/disable checking of HTTP Basic Auth field for known credentials. |
option |
- |
disable |
||||||||
|
|
|||||||||||
check-username-only |
Enable/disable username only matching of credentials. Action will be taken for valid usernames regardless of password validity. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-body-len |
Maximum size of a POST body to check for credentials. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
65536 |
||||||||
authentication |
Authentication methods. |
option |
- |
domain-controller |
||||||||
|
|
|||||||||||
domain-controller |
Domain for which to verify received credentials against. |
string |
Maximum length: 63 |
|
||||||||
ldap |
LDAP server for which to verify received credentials against. |
string |
Maximum length: 63 |
|
config inspection-entries
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
name |
Inspection target name. |
string |
Maximum length: 63 |
|
||||||||
fortiguard-category |
FortiGuard category to match. |
user |
Not Specified |
0 |
||||||||
action |
Action to be taken upon an AntiPhishing match. |
option |
- |
exempt |
||||||||
|
|
config custom-patterns
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
pattern |
Target pattern. |
string |
Maximum length: 255 |
|
||||||
category |
Category that the pattern matches. |
option |
- |
username |
||||||
|
|
|||||||||
type |
Pattern will be treated either as a regex pattern or literal string. |
option |
- |
regex |
||||||
|
|