What’s new
The tables below list commands newly added for FortiWeb 6.1.1.
Command | Change |
---|---|
system hsm info | |
config system hsm info set register-status {enable| disable} end |
New. Update the command name. |
server-policy server-pool | |
config server-policy server-pool edit <server-pool_name> config pserver-list edit <entry_index> set set tls-v13 {enable | disable} set tls13-custom-cipher next end next end |
New. Add two commands. |
server-policy policy | |
config server-policy policy edit <policy_name> set tls-v13 {enable | disable} set tls13-custom-cipher next end |
New. Add two commands. |
server-policy setting | |
config server-policy setting set tls13-early-data-mode {enable | disable} set record-content-routing-error-log {enable | disable} set server-invalid-no-reponse {enable | disable}
end |
New. Add three commands. |
log attack-log | |
config log attack-log set status {enable | disable} set http-parse-error-output {enable | disable} set packet-log {account-lockout-detection | anti-virus-detection | cookie-security | credential-db-detection | csrf-detection | custom-access | custom-protection-rule | fsa-detection | hidden-fields-failed | http-protocol-constraints | illegal-file-type | illegal-filesize | cors-protection | json-protection | ip-intelligence | padding-oracle | parameter-rule-failed | signature-detection | trojan-detection | user-tracking-detection | xml-protection | machine-learning | openapi-validation | websocket-security} end |
New. Add two fields cors-protection and json-protection for packet log. |
waf xml-exempted-urls | |
config waf xml-exempted-urls edit "<xml-exempted-urls_name>" config exempted-url-list edit exempted-url-list <exempted-url-list_str> set url-type {plain | regular} set exempted-url <exempted-url_str> next end next end |
New. When you configure schema location to forbid using location field to perform malicious requests, you can use this command to exempt specific URLs from XML protection. |
waf xml-validation | |
config waf xml-validation rule edit "<xml_rule_name>" set x-include-check {enable | disable} set schema-location-check {enable | disable} set schema-location-exempted-urls <schema-location-exempted-urls_str>
next end config waf xml-validation policy edit "<xml_policy_name>" set enable-signature-detection {enable | disable} next end |
New. Add SSRF attack detections. |
waf web-protection-profile inline-protection | |
config waf web-protection-profile inline-protection edit "<inline-protection-profile_name>" set json-validation-policy "<json-validation-policy_name>" set cors-protection-policy "<cors-protection-policy>" next end |
New. Add the JSON and CORS protection policy configurations. |
waf web-protection-profile offline-protection | |
config waf web-protection-profile inline-protection edit "<inline-protection-profile_name>" set json-validation-policy "<json-validation-policy_name>" next end |
New. Add the JSON protection policy configuration. |
server-policy pattern custom-global-white-list-group | |
config server-policy pattern custom-global-white-list-group edit <entry_index> set status {enable | disable} set type {Cookie | Parameter | URL | Header_Field} set header-type {plain | regular} next end |
New. Add the HTTP header field configuration. |
waf http-constraints-exceptions | |
config waf http-constraints-exceptions edit "<http-exception_name>" config http_constraints-exception-list edit <entry_index> set null-byte-in-url-check {enable | disable} set Illegal-byte-in-url-check {enable | disable} set web-socket-protocol-check {enable | disable} set odd-and-even-space-attack-check {enable | disable} next end next end |
New. Add more exceptions to HTTP constraints. |
waf json-schema | |
config waf json-schema file edit "<json_schema_file_name>" end |
New. Use this command to view JSON schema files that have already been uploaded to FortiWeb. |
waf json-validation | |
config waf json-validation rule edit "<json_rule_name>" set host-status {enable | disable} set host "<host_name_str>" set request-type {plain | regular} set request-file "<file_str>" set action {alert | alert_deny | block-period | redirect | send_403_forbidden | deny_no_log} set block-period <period_int> set severity {High Low | Medium | Info} set trigger "<trigger_policy_name>" set schema-file "<schema_file_name>" set json-limits {enable | disable} set json-data-size "<json-data-size_int>" set key-size "<key-size_int>" set key-number "<key-number_int>" set value-size "<value-size_int>" set value-number-in-array "<value-number-in-array _int>" set object-depth "<object-depth _int>"
next end config waf json-validation policy edit "<json_policy_name>" set enable-signature-detection {enable | disable} config input-rule-list edit "<input-rule-list_id>" set json_input_rule "<json_input_rule_str>" next end next end |
New. Use this command to create JSON protection rules and configure JSON protection policies. |
waf allowed-origins | |
config waf allowed-origins edit <allowed-origin-list-name> config origin-list edit <origin-id> set protocol {HTTP | HTTPS | ANY} set origin-name <the_foreign_application_domain_name> set port <port_number> set include-sub-domains {enable | disable} next end next end |
New. Use this command to configure a list of foreign applications that are allowed to access your application through CORS request. |
waf cors-protection-rule | |
config waf cors-protection-rule edit <cors-protection-rule-name> set host-status {enable | disable} set host <string> set request-type {plain | regular} set request-file <string> set block-cors-traffic {enable | disable} set allowed-origins-list <datasource> set allowed-methods {enable | disable} set allowed-credentials {none | false | true} set allowed-maximum-age <integer> config allowed-methods-list edit <allowed-methods-list-id> set method {get | post | head | trace | connect | delete | put | patch} next end set allowed-headers {enable | disable} config allowed-headers-list edit <allowed-headers-list-id> set header <string> next end set exposed-headers {enable | disable} config exposed-headers-list edit <exposed-headers-list-id> set header <string> next end set remove-other-headers {enable | disable} next end |
New. Use this command to add CORS protection rules to block CORS traffic or add restrictions for the CORS traffic. |
waf cors-protection-policy | |
config waf cors-protection-policy edit <cors-protection-policy-name> config rule-list edit <cors-protection-rule-id> set cors-rule <cors-protection-rule-name> next end next end |
New. Use this command to include one or more CORS protection rules in a CORS protection policy so that they can take effect as a whole. |
waf ws security | |
config waf ws-security rule edit "<ws-security_rule_name>" set encryption-algorithm {3EDS | AES-128 | AES-256} set encryption-part {Element Value | Element Markup} set key-transport-algorithm {RSA-15 | RSA-OAEP} set request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} set request-security-status {enable | disable} set response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} set response-security-status {enable | disable} set signature-algorithm {RSA-SHA-1 | HMAC-SHA-1} set xml-client-certificate-group <xml-client-certificate_group_str> set xml-server-certificate <xml-server-certificate_str> config namespace-mapping edit "<namespace-mapping_name>" set prefix <prefix _str> set namespace <namespace_str> next end config element-list edit "<element-list_name>" set xpath <xpath_str> set direction {request | response} next end next end |
New. Use this command to create WS-security rules. |
system certificate xml-client-certificate | |
config system certificate xml-client-certificate edit "<xml-client-certificate_name>" set certificate <certificate_str> set secret-key <secret-key_str> next end |
New. Use this command to show names of the uploaded XML client certificates that are stored locally on the FortiWeb appliance. |
system certificate xml-server-certificate | |
config system certificate xml-server-certificate edit "<xml-server-certificate_name>" set certificate <certificate_str> set private-key <private-key_str> set passwd <passwd_str> next end |
New. Use this command to show names of the uploaded XML server certificates that are stored locally on the FortiWeb appliance. |
system certificate xml-client-certificate-group | |
config system certificate xml-client-certificate-group edit "<xml-client-certificate-group_name>" config members edit <entry_index> set client-name <name_str> next end next end |
New. Use this command to group XML client certificates. |
|
|
config system feature-visibility set adfs-policy (enable | disable} end |
New. Use this command to enable ADFS feature. |
|
|
config system manager set callback-interval <integer> next end |
New. Use this command to configure callback interval. |
|
|
config system fabric-connectors set name <string> set type {oci | azure} set tenant-ocid <string> set user-ocid <string> set compartment-ocid <string> set loadbalancer-ocid <string> set server-region {ca-toronto-server|eu-frankfurt-server|uk-london-server|us-ashburn-server|us-phoenix-server|ap-tokyo-server|ap-seoul-server} set private-key <userdef> set rg-name <string> set sub-id <string> set tenant-id <string> set pass <passwd> set app-id <string> set nicFWBA <string> set nicFWBB <string> set public-ip <string> end |
New. Use this command to notify the load balancer to distribute the traffic to the new master node when fail-over occurs. |