Fortinet black logo

CLI Reference

waf user-tracking policy

waf user-tracking policy

Use this command to group user tracking rules, which track sessions by user and capture a username to reference in traffic and attack log messages.

Before you configure a user-tracking policy, define the rules to add. For details, see waf user-tracking rule.

To apply a user tracking policy, you select it in an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection and waf web-protection-profile offline-protection.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf user-tracking policy

edit "<user-tracking-policy_name>"

config input-rule-list

edit <entry_index>

set input-rule "<input-rule_name>"

next

end

next

end

Variable Description Default

"<user-tracking-policy_name>"

Enter the name of a new or existing policy. The maximum length is 63 characters.

To display the list of existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

input-rule "<input-rule_name>"

Enter the name of an existing rule. No default.

waf user-tracking policy

Use this command to group user tracking rules, which track sessions by user and capture a username to reference in traffic and attack log messages.

Before you configure a user-tracking policy, define the rules to add. For details, see waf user-tracking rule.

To apply a user tracking policy, you select it in an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection and waf web-protection-profile offline-protection.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf user-tracking policy

edit "<user-tracking-policy_name>"

config input-rule-list

edit <entry_index>

set input-rule "<input-rule_name>"

next

end

next

end

Variable Description Default

"<user-tracking-policy_name>"

Enter the name of a new or existing policy. The maximum length is 63 characters.

To display the list of existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

input-rule "<input-rule_name>"

Enter the name of an existing rule. No default.