Fortinet black logo

CLI Reference

waf ftp-protection-profile

waf ftp-protection-profile

Use this command to configure an FTP security inline profile.

FTP security inline profiles combine previously-configured rules, profiles, and policies in a comprehensive set that can be applied in an FTP server policy. Apply the profile in an FTP server policy. For details, see server-policy policy.

To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

Before creating an FTP security inline profile

Prior to creating an FTP security inline profile, you should create and configure the rules, profiles, and policies that you plan to add to the FTP security inline profile. You can include the following:

tooltip icon

If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP security inline profile. To enable ftp-security, see system feature-visibility.

Syntax

config waf ftp-protection-profile

edit "<policy_name>"

set ftp-file-check "<rule_name>"

set ftp-geo-ip "<rule_name>"

set ftp-ip-check "<rule_name>"

set ftp-ip-intelligence {enable | disable}

set ftp-restriction-command-type "<rule_name>"

Variable Description Default

"<policy_name>"

Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.

No default.

ftp-file-check "<rule_name>"

Enter the name of an FTP file check rule that you previously created. If you haven't created an FTP file check rule to include in this profile yet, see waf ftp-file-security for instructions about creating one.

No default.

ftp-geo-ip "<rule_name>"

Enter the name of a geo IP block policy that you previously created. If you haven't created a geo IP block policy to include in this profile yet, see waf geo-block-list for instructions about creating one.

No default.

ftp-ip-check "<rule_name>"

Enter the name of an IP List that you previously created. If you haven't created an IP List rule to include in this profile yet, see waf ip-list for instructions about creating one.

No default.

ftp-ip-intelligence {enable | disable}

Enable to include the active IP reputation policy in this profile. If you haven't created an IP reputation policy to include in this profile yet, see To configure an IP reputation policy for instructions about creating one.

disable

ftp-restriction-command-type "<rule_name>"

Enter the name of an FTP command restriction rule that you previously created. If you haven't created an FTP command restriction rule to include in this profile yet, see waf ip-intelligence for instructions about creating one.

No default.

Related Topics

waf ftp-protection-profile

Use this command to configure an FTP security inline profile.

FTP security inline profiles combine previously-configured rules, profiles, and policies in a comprehensive set that can be applied in an FTP server policy. Apply the profile in an FTP server policy. For details, see server-policy policy.

To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

Before creating an FTP security inline profile

Prior to creating an FTP security inline profile, you should create and configure the rules, profiles, and policies that you plan to add to the FTP security inline profile. You can include the following:

tooltip icon

If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP security inline profile. To enable ftp-security, see system feature-visibility.

Syntax

config waf ftp-protection-profile

edit "<policy_name>"

set ftp-file-check "<rule_name>"

set ftp-geo-ip "<rule_name>"

set ftp-ip-check "<rule_name>"

set ftp-ip-intelligence {enable | disable}

set ftp-restriction-command-type "<rule_name>"

Variable Description Default

"<policy_name>"

Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.

No default.

ftp-file-check "<rule_name>"

Enter the name of an FTP file check rule that you previously created. If you haven't created an FTP file check rule to include in this profile yet, see waf ftp-file-security for instructions about creating one.

No default.

ftp-geo-ip "<rule_name>"

Enter the name of a geo IP block policy that you previously created. If you haven't created a geo IP block policy to include in this profile yet, see waf geo-block-list for instructions about creating one.

No default.

ftp-ip-check "<rule_name>"

Enter the name of an IP List that you previously created. If you haven't created an IP List rule to include in this profile yet, see waf ip-list for instructions about creating one.

No default.

ftp-ip-intelligence {enable | disable}

Enable to include the active IP reputation policy in this profile. If you haven't created an IP reputation policy to include in this profile yet, see To configure an IP reputation policy for instructions about creating one.

disable

ftp-restriction-command-type "<rule_name>"

Enter the name of an FTP command restriction rule that you previously created. If you haven't created an FTP command restriction rule to include in this profile yet, see waf ip-intelligence for instructions about creating one.

No default.

Related Topics