Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config

The config commands configure your FortiWeb appliance’s feature settings.

This section describes the following commands:

log alertMail

log attack-log

log custom-sensitive-rule

log disk

log email-policy

log event-log

log forti-analyzer

log fortianalyzer-policy

log ftp-policy

log reports

log sensitive

log siem-message-policy

log siem-policy

log syslogd

log syslog-policy

log traffic-log

log trigger-policy

router policy

router setting

router static

server-policy allow-hosts

server-policy http-content-routing-policy

server-policy pattern custom-data-type

server-policy pattern custom-global-white-list-group

server-policy pattern threat-weight

server-policy persistence-policy

server-policy policy

server-policy server-pool

server-policy service custom

server-policy setting

server policy traffic-mirror

server-policy vserver

system accprofile

system admin

system admin-certificate ca

system admin-certificate local

system advanced

system antivirus

system autoupdate override

system autoupdate schedule

system autoupdate tunneling

system backup

system central-management

system certificate ca

system certificate ca-group

system certificate crl

system certificate crl-group

system certificate intermediate-certificate

system certificate intermediate-certificate-group

system certificate local

system certificate remote

system certificate server-certificate-verify

system certificate sni

system certificate tsl-ca

system hsm partition

system interface

system ip-detection

system network-option

system password-policy

system raid

system replacemsg

system replacemsg-image

system settings


system conf-sync

system console

system device-tracking

system dns

system eventhub

system fail-open

system fds proxy

system feature-visibility

system fabric-connectors

system fips-cc

system firewall address

system firewall firewall-policy

system firewall service

system firewall snat-policy

system fortigate-integration

system fortisandbox

system global

system ha

system hsm info

system snmp community

system snmp sysinfo

system snmp user

system tcpdump

system v-zone

system wccp

system certificate xml-client-certificate

system certificate xml-client-certificate-group

system certificate xml-server-certificate

user admin-usergrp

user kerberos-user

user ldap-user

user local-user

user ntlm-user

user pki-user

user radius-user

user saml-user

user user-group

wad file-filter

wad website

waf allow-method-exceptions

waf allow-method-policy

waf allowed-origins

waf application-layer-dos-prevention

waf base-signature-disable

waf brute-force-login

waf cookie-security

waf cors-protection-policy

waf cors-protection-rule

waf csrf-protection

waf custom-access policy

waf custom-access rule

waf custom-protection-group

waf custom-protection-rule

waf device-reputation

waf exclude-url

waf file-compress-rule

waf file-upload-restriction-policy

waf file-upload-restriction-rule

waf ftp-command-restriction-rule

waf ftp-file-security

waf geo-block-list

waf geo-ip-except

waf hidden-fields-protection

waf hidden-fields-rule

waf http-authen http-authen-policy

waf http-authen http-authen-rule

waf http-connection-flood-check-rule

waf http-constraints-exceptions

waf http-header-security

waf http-protocol-parameter-restriction

waf http-request-flood-prevention-rule

waf input-rule

waf ip-intelligence

waf ip-intelligence-exception

waf ip-list

waf json-schema

waf json-validation

waf layer4-access-limit-rule

waf layer4-connection-flood-check-rule

waf machine-learning

waf machine-learning-policy

waf mitb-policy

waf mitb-rule

waf openapi-file

waf openapi-validation-policy

waf padding-oracle

waf page-access-rule

waf parameter-validation-rule

waf signature

waf site-publish-helper authentication-server-pool

waf site-publish-helper keytab_file

waf site-publish-helper policy

waf site-publish-helper rule

waf start-pages

waf url-access url-access-policy

waf url-access url-access-rule

waf url-rewrite url-rewrite-policy

waf url-rewrite url-rewrite-rule

waf user-tracking policy

waf user-tracking rule

waf web-cache-exception

waf web-cache-policy

waf web-protection-profile inline-protection

waf web-protection-profile offline-protection

waf websocket-security

waf websocket-security policy

waf x-forwarded-for

waf xml-exempted-urls

waf xml-schema

waf xml-validation

waf xml-wsdl

waf websocket-security

waf ws security

wvs policy

wvs profile

wvs schedule

wvs template

wvs limit

Although not usually explicitly shown in each config command’s “Syntax” section, for all config commands, there are related get and show commands which display that part of the configuration, either in the form of a list of settings and values, or commands that are required to achieve that configuration from the firmware’s default state, respectively. get and show commands use the same syntax as their related config command, unless otherwise mentioned.

config

The config commands configure your FortiWeb appliance’s feature settings.

This section describes the following commands:

log alertMail

log attack-log

log custom-sensitive-rule

log disk

log email-policy

log event-log

log forti-analyzer

log fortianalyzer-policy

log ftp-policy

log reports

log sensitive

log siem-message-policy

log siem-policy

log syslogd

log syslog-policy

log traffic-log

log trigger-policy

router policy

router setting

router static

server-policy allow-hosts

server-policy http-content-routing-policy

server-policy pattern custom-data-type

server-policy pattern custom-global-white-list-group

server-policy pattern threat-weight

server-policy persistence-policy

server-policy policy

server-policy server-pool

server-policy service custom

server-policy setting

server policy traffic-mirror

server-policy vserver

system accprofile

system admin

system admin-certificate ca

system admin-certificate local

system advanced

system antivirus

system autoupdate override

system autoupdate schedule

system autoupdate tunneling

system backup

system central-management

system certificate ca

system certificate ca-group

system certificate crl

system certificate crl-group

system certificate intermediate-certificate

system certificate intermediate-certificate-group

system certificate local

system certificate remote

system certificate server-certificate-verify

system certificate sni

system certificate tsl-ca

system hsm partition

system interface

system ip-detection

system network-option

system password-policy

system raid

system replacemsg

system replacemsg-image

system settings


system conf-sync

system console

system device-tracking

system dns

system eventhub

system fail-open

system fds proxy

system feature-visibility

system fabric-connectors

system fips-cc

system firewall address

system firewall firewall-policy

system firewall service

system firewall snat-policy

system fortigate-integration

system fortisandbox

system global

system ha

system hsm info

system snmp community

system snmp sysinfo

system snmp user

system tcpdump

system v-zone

system wccp

system certificate xml-client-certificate

system certificate xml-client-certificate-group

system certificate xml-server-certificate

user admin-usergrp

user kerberos-user

user ldap-user

user local-user

user ntlm-user

user pki-user

user radius-user

user saml-user

user user-group

wad file-filter

wad website

waf allow-method-exceptions

waf allow-method-policy

waf allowed-origins

waf application-layer-dos-prevention

waf base-signature-disable

waf brute-force-login

waf cookie-security

waf cors-protection-policy

waf cors-protection-rule

waf csrf-protection

waf custom-access policy

waf custom-access rule

waf custom-protection-group

waf custom-protection-rule

waf device-reputation

waf exclude-url

waf file-compress-rule

waf file-upload-restriction-policy

waf file-upload-restriction-rule

waf ftp-command-restriction-rule

waf ftp-file-security

waf geo-block-list

waf geo-ip-except

waf hidden-fields-protection

waf hidden-fields-rule

waf http-authen http-authen-policy

waf http-authen http-authen-rule

waf http-connection-flood-check-rule

waf http-constraints-exceptions

waf http-header-security

waf http-protocol-parameter-restriction

waf http-request-flood-prevention-rule

waf input-rule

waf ip-intelligence

waf ip-intelligence-exception

waf ip-list

waf json-schema

waf json-validation

waf layer4-access-limit-rule

waf layer4-connection-flood-check-rule

waf machine-learning

waf machine-learning-policy

waf mitb-policy

waf mitb-rule

waf openapi-file

waf openapi-validation-policy

waf padding-oracle

waf page-access-rule

waf parameter-validation-rule

waf signature

waf site-publish-helper authentication-server-pool

waf site-publish-helper keytab_file

waf site-publish-helper policy

waf site-publish-helper rule

waf start-pages

waf url-access url-access-policy

waf url-access url-access-rule

waf url-rewrite url-rewrite-policy

waf url-rewrite url-rewrite-rule

waf user-tracking policy

waf user-tracking rule

waf web-cache-exception

waf web-cache-policy

waf web-protection-profile inline-protection

waf web-protection-profile offline-protection

waf websocket-security

waf websocket-security policy

waf x-forwarded-for

waf xml-exempted-urls

waf xml-schema

waf xml-validation

waf xml-wsdl

waf websocket-security

waf ws security

wvs policy

wvs profile

wvs schedule

wvs template

wvs limit

Although not usually explicitly shown in each config command’s “Syntax” section, for all config commands, there are related get and show commands which display that part of the configuration, either in the form of a list of settings and values, or commands that are required to achieve that configuration from the firmware’s default state, respectively. get and show commands use the same syntax as their related config command, unless otherwise mentioned.