Fortinet black logo

CLI Reference

waf ftp-file-security

waf ftp-file-security

Use this command to create FTP file check rules so that FortiWeb places restrictions on uploading or downloading files and scans files that clients attempt to upload to or download from your server(s). When configured, FortiWeb can also send files to FortiSandbox for analysis and perform an antivirus scan.

For details about applying an FTP file check rule to an FTP server policy, see waf ftp-propredefined-global-white-listtection-profile.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

tooltip icon

If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP file check rule. To enable ftp-security, see system feature-visibility.

Syntax

config waf ftp-file security

edit "<rule_name>"

set action {alert | alert_deny | block-period | deny_no_log}

set block-period <block_period_int>

set severity {High | Info | Low | Medium}

set trigger "<policy_name>"

set check-dir {both | download | upload}

set av-scan {enable | disable}

set send-files-to-fortisandbox {enable | disable}

set icap-server-check {enable | disable}

next

end

Variable Description Default

"<rule_name>"

Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.

No default.

action {alert | alert_deny | block-period | deny_no_log}

Select which action FortiWeb will take when it detects a violation of the rule:

  • alert—Accept the connection and generate an alert email and/or log message.

  • alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.

  • deny_no_log—Block the request (or reset the connection).

  • block-period—Block subsequent requests from the client for a number of seconds. Also configure waf ftp-file-security.

Note: This setting will be ignored if monitor-mode {enable | disable} is enabled in a server policy.

alert_deny

block-period <block_period_int>

Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600.

This setting is available only if waf ftp-file-security is set to block-period.

60

severity {High | Info | Low | Medium}

When rule violations are recorded in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiWeb will use when it logs a violation of the rule:

  • Info
  • Low
  • Medium
  • High

Medium

trigger "<policy_name>"

Enter the name of a trigger policy, if any, that FortiWeb will use when it logs and/or sends an alert email about a violation of the rule.

No default.

check-dir {both | download | upload}

Select one of the following:

  • bothFortiWeb applies the rule to files being either downloaded from or uploaded to your server(s).
  • downloadFortiWeb applies the rule to files being downloaded from your server(s).
  • uploadFortiWeb applies the rule to files being uploaded to your server(s).

upload

av-scan {enable | disable}

Enable so that FortiWeb performs an antivirus scan on files that match the waf ftp-file-security.

disable

send-files-to-fortisandbox {enable | disable}

Enable so that FortiWeb sends files to FortiSandbox that match the waf ftp-file-security.

Also specify the FortiSandbox settings for your FortiWeb. For details, see system fortisandbox.

FortiSandbox evaluates the file and returns the results to FortiWeb.

If waf ftp-file-security is enabled and FortiWeb detects a virus, it does not send the file to FortiSandbox.

disable

icap-server-check {enable | disable}

Enable so that FortiWeb sends files to ICAP server that matches the uploading or downloading directions.

disable

Related Topic

waf ftp-file-security

Use this command to create FTP file check rules so that FortiWeb places restrictions on uploading or downloading files and scans files that clients attempt to upload to or download from your server(s). When configured, FortiWeb can also send files to FortiSandbox for analysis and perform an antivirus scan.

For details about applying an FTP file check rule to an FTP server policy, see waf ftp-propredefined-global-white-listtection-profile.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

tooltip icon

If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP file check rule. To enable ftp-security, see system feature-visibility.

Syntax

config waf ftp-file security

edit "<rule_name>"

set action {alert | alert_deny | block-period | deny_no_log}

set block-period <block_period_int>

set severity {High | Info | Low | Medium}

set trigger "<policy_name>"

set check-dir {both | download | upload}

set av-scan {enable | disable}

set send-files-to-fortisandbox {enable | disable}

set icap-server-check {enable | disable}

next

end

Variable Description Default

"<rule_name>"

Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.

No default.

action {alert | alert_deny | block-period | deny_no_log}

Select which action FortiWeb will take when it detects a violation of the rule:

  • alert—Accept the connection and generate an alert email and/or log message.

  • alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.

  • deny_no_log—Block the request (or reset the connection).

  • block-period—Block subsequent requests from the client for a number of seconds. Also configure waf ftp-file-security.

Note: This setting will be ignored if monitor-mode {enable | disable} is enabled in a server policy.

alert_deny

block-period <block_period_int>

Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600.

This setting is available only if waf ftp-file-security is set to block-period.

60

severity {High | Info | Low | Medium}

When rule violations are recorded in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiWeb will use when it logs a violation of the rule:

  • Info
  • Low
  • Medium
  • High

Medium

trigger "<policy_name>"

Enter the name of a trigger policy, if any, that FortiWeb will use when it logs and/or sends an alert email about a violation of the rule.

No default.

check-dir {both | download | upload}

Select one of the following:

  • bothFortiWeb applies the rule to files being either downloaded from or uploaded to your server(s).
  • downloadFortiWeb applies the rule to files being downloaded from your server(s).
  • uploadFortiWeb applies the rule to files being uploaded to your server(s).

upload

av-scan {enable | disable}

Enable so that FortiWeb performs an antivirus scan on files that match the waf ftp-file-security.

disable

send-files-to-fortisandbox {enable | disable}

Enable so that FortiWeb sends files to FortiSandbox that match the waf ftp-file-security.

Also specify the FortiSandbox settings for your FortiWeb. For details, see system fortisandbox.

FortiSandbox evaluates the file and returns the results to FortiWeb.

If waf ftp-file-security is enabled and FortiWeb detects a virus, it does not send the file to FortiSandbox.

disable

icap-server-check {enable | disable}

Enable so that FortiWeb sends files to ICAP server that matches the uploading or downloading directions.

disable

Related Topic