What’s new
The tables below list commands newly added for FortiWeb 6.3.0.
| Command | Change |
|---|---|
| backup full-config-with-ML-data | |
|
execute backup full-config-with-ML-data |
Use this command to back up full configurations with machine learning data. |
| debug proxy log | |
diagnose debug proxy log {1 | 2 |3}
|
Use this command to print the logs generated by proxyd. |
| system firewall fwmark-policy | |
|
config system firewall fwmark-policy edit "<fwmark-policy-name>" set from <firewall_source-address_name> set to <firewall_destination-address_name> set in-interface <incoming_interface_name> set service <firewall-service_name>" set mark <mark_int> end |
New command. |
| router policy | |
|
config router policy edit <policy_index> set action {forward-traffic | stop-policy-routing} set fwmark <fwmark_int> next end |
New commands. |
| system firewall dnat policy | |
|
config system firewall dnat-policy edit "<policy_name>" set external-start <external_ipv4> set mapped-start <mapped_ipv4> set mapped-end <mapped_ipv4> set ingress-interface <ingress_port> set protocol {tcp | udp | icmp} set port-forwarding {enable | disable} set external-port-start <external_port> set external-port-end <external_port> set mapped-port-start <mapped_port> set mapped-port-end <mapped_port> next end |
New commands. |
| system firewall snat-policy | |
|
config system firewall snat-policy edit "<policy_name>" set source-start <source_ipv4> set source-end <source_ipv4> set destination-start <destination_ipv4> set destination-end <destination_ipv4> set trans-to-type {ip | pool | no-nat} next end |
New commands. |
| server-policy setting | |
|
config server-policy setting set using-dns-proxy {enable | disable} end |
Enable to use |
| system global | |
|
config system global set fortiguard-anycast {enable | disable} set ipv6-dad-ha {enable | disable} end |
New commands. |
| system network-option | |
|
config system network-option set ipfrag-high-thresh <ipfrag-high-thresh_int> set ipfrag-low-thresh <ipfrag-low-thresh_int> set ipfrag-timeout <ipfrag-timeout_int> set ip6frag-high-thresh <ip6frag-high-thresh_int> set ip6frag-low-thresh <ip6frag-low-thresh_int> set ip6frag-timeout <ip6frag-timeout_int> end |
Configure the IP fragmentation protection feature. |
|
|
|
|
config system feature-visibility set acceleration-policy {enable | disable} set web-cache {enable | disable} end |
Add acceleration and web cache switch on/off. |
|
|
|
|
config server-policy setting set df-flag {enable | disable} end |
Enable to allow FortiWeb to send non DF-flag packet to pass the device with low MTU. |
| waf user-tracking rule | |
|
config waf user-tracking rule edit <rule_name> set hostname-ip "<hostname-ip_str>" set host-status { enable | disable} set limit-users {enable | disable} set maximum-users <maximum-users_int> set session-idle-timeout <session-idle-timeout_int> set session-timeout-enable {enable | disable} next end |
You can now configure FortiWeb to limit the concurrent number of users accessing the same account in User Tracking |
| waf file-upload-restriction-rule | |
|
config waf file-upload-restriction-rule edit "<file-upload-restriction-rule_name>" set host-status {enable | disable} set host "<protected-host_name>" set request-file "<url_pattern>" set request-type {regular | plain} set file-uncompress {enable | disable} next end |
Enable file unzip in CLI to verify file type and size in the compressed files. |
| waf x-forwarded-for | |
|
config waf x-forwarded-for edit "<x-forwarded-for_name>" set x-forwarded-for-support {enable | disable} set add-source-port {enable | disable} set x-forwarded-port {enable | disable} next end |
Configure to add the X-Forwarded-Port and Source Port in X-Forwarded-For Rule to record the source IP of TCP connection. |
| waf application-layer-dos-prevention | |
|
config waf application-layer-dos-prevention edit "<app-dos-policy_name>" set enable-http-session-based-prevention {enable | disable} set layer3-fragment-protection {enable | disable} next end |
Enable to prevent attacks of fragmented packets. |
| waf web-protection-profile inline-protection | |
|
config waf web-protection-profile inline-protection edit "<inline-protection-profile_name>" set url-encryption-policy <url-encryption-policy_str> next end |
Select the URL encryption policy name. |
| server-policy server-pool | |
|
config server-policy server-pool edit <server-pool_name> set adfs-server-name <adfs-server-name_str> next end |
Enter the ADFS server name. |
|
|
|
|
set ip-list <ip-list_str> |
Add these two fields to configur multiple IPs or IP range. |
| server-policy policy | |
|
config server-policy policy edit <policy_name> set acceleration-policy <acceleration-policy_str> set web-cache {enable | disable} set real-ip-addr <real-ip-addr_str> set retry-on {enable | disable} set retry-on-cache-size <retry-on-cache-size_int> set retry-on-connect-failure {enable | disable} set retry-times-on-connect-failure <retry-times-on-connect-failure_int> set retry-on-http-layer {enable | disable} set retry-times-on-http-layer <retry-times-on-http-layer_int> set retry-on-http-response-codes {404 | 408 | 500 | 501 | 502 | 503 | 504} next end |
Add acceleration policy, web cache, and retry on related commands. |
|
|
|
|
config server-policy acceleration exception edit "<exception_name>" config list edit "<exception-item_id>" set host-status {enable | disable} set host <host_int> set url-type {plain | regular} set url-pattern <url-pattern_str> next end next end config server-policy acceleration policy edit "<policy_name>" set exception <exception_str> set html-minify {enable | disable} set html-combine-heads {enable | disable} set html-css2head {enable | disable} set js-minify {enable | disable} set css-minify {enable | disable} next end |
Configure the acceleration module to speed up web application response and optimize web pages and resources in real time. |
| waf web-cache | |
|
config waf web-cache-rule edit "<web-cache-rule_name>" set host-status {enable | disable} set host <host_str> set path <path_str> set http-method {get-head | get-head-options | all-methods} set request-file-type {text | picture | media | binary | other} set allow-return-code {allow-200 | allow-200-206 | allow-200-206-301-302} set cache-inactive-time <cache-inactive-time_int> set inactive-time-type {minutes | hours} set client-cache-expire <client-cache-expire_int> set client-cache-expire-type {minutes | hours} set key-factor {method | protocol | host | url | arguments | cookies} set enable-client-expire {enable | disable} set policy-id <entry_index> config cookie-name-list edit <cookie-name-list_name> set cookie-name "<cookie-name_str>" end config bypass-sub-url edit <bypass-sub-url_id> set http-method {get | post | head | options | trace | connect | delete | put | patch | any} set type {plain | regular} set url-expression <url-expression_str> set enable-bypass-args {enable | disable} set bypass-args <bypass-args_str> set enable-bypass-cookies {enable | disable} set bypass-cookies <bypass-cookies_str> end next end config waf web-cache-policy edit "<web-cache-policy_name>" next end |
Configure web cache rules and policies. |
| waf url-encryption | |
|
config waf url-encryption url-encryption-rule edit "<encryption-rule_name>" set host-status {enable | disable} set host <host_str> set allow-unencrypted {enable | disable} set action {alert | deny_no_log | alert_deny | block-period} set block-period <block-period_int> set severity {High | Medium | Low | Info} set trigger <trigger_str> config url-list edit "<url-list_id>" set url-type {plain | regular} set url-pattern <url-pattern_str> end config exceptions edit "<exceptions-item_id>" set url-type {plain | regular} set url-pattern <url-pattern_str> end next end
config waf url-encryption url-encryption-policy edit "<url-encryption-policy_name>" set full-mode {enable | disable} config rule-list edit "<rule-list_id>" set rule <rule_str> end next end |
Configure the URL encryption rules and policies. |