Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.3.18 CLI Reference
    6.3.18
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    waf ws security

    waf ws security

    Use this command to create WS-security rules.

    You can use WS-Security rules to do the following:

    • Encrypt and decrypt parts of SOAP messages
    • Digitally sign parts of SOAP messages
    • Verify parts of SOAP messages using digital signatures

    Syntax

    config waf ws-security rule

    edit "<ws-security_rule_name>"

    set encryption-algorithm {3EDS | AES-128 | AES-256}

    set encryption-part {Element Value | Element Markup}

    set key-transport-algorithm {RSA-15 | RSA-OAEP}

    set request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify}

    set request-security-status {enable | disable}

    set response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign}

    set response-security-status {enable | disable}

    set signature-algorithm {RSA-SHA-1 | HMAC-SHA-1}

    set xml-client-certificate-group <xml-client-certificate_group_str>

    set xml-server-certificate <xml-server-certificate_str>

    config namespace-mapping

    edit waf ws security

    set prefix <prefix _str>

    set namespace <namespace_str>

    next

    end

    config element-list

    edit waf ws security

    set xpath <xpath_str>

    set direction {request | response}

    next

    end

    next

    end

    Variable Description Default

    "<ws-security_rule_name>"

    		 Enter a name that can be referenced by other parts of the configuration. No default.

    encryption-algorithm {3EDS | AES-128 | AES-256}

    Select the encryption algorithm.

    • 3EDS
    • AES-128
    • AES-256

    Available only when response-security-status {enable | disable} is

    enable, and response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} is Encrypt, Sign & Encrypt, or Encrypt & Sign.

    3EDS

    encryption-part {Element Value | Element Markup}

    Select which part of the SOAP messages to encrypt.

    • Element Value
    • Element Markup

    Element Value

    key-transport-algorithm {RSA-15 | RSA-OAEP}

    Select the key transport algorithm.

    • RSA-15
    • RSA-OAEP

    RSA-15

    request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify}

    Select the operation that FortiWeb performs for the encryped SOAP messages from the client.

    • Sign Verify & Decrypt
    • Decrypt
    • Sign Verify

    Sign Verify

    request-security-status {enable | disable}

    Enable to configure FortiWeb to decrypt, sign and verify the encryped SOAP messages from the client.

    disable

    response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign}

    Select the operation that FortiWeb performs for the SOAP messages returned from the server.

    • Sign
    • Encrypt
    • Sign & Encrypt
    • Encrypt & Sign

    Sign

    response-security-status {enable | disable}

    Enable to configure FortiWeb to encrypt , and sign the SOAP messages returned from the server.

    disable

    signature-algorithm {RSA-SHA-1 | HMAC-SHA-1}

    Select the signature algorithm.

    • RSA-SHA-1
    • HMAC-SHA-1

    RSA-SHA-1

    xml-client-certificate-group <xml-client-certificate_group_str>

    Select the XML client certificate group created from XML Certificate > Client Certifcate Group.

    Available only when request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} is enable, and the request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} is Sign Verify & Decrypt or Sign Verify.

    Or

    Available only when response-security-status {enable | disable} is enable, and the response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} is Encrypt, Sign & Encrypt or Encrypt & Sign.

    No default.

    xml-server-certificate <xml-server-certificate_str>

    Select the XML server certificate uploaded from XML Certificate>

    Server Certifcate.

    Available only when request-security-status {enable | disable} is

    enable, and the request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} is Sign Verify & Decrypt or Decrypt .

    Or

    Available only when response-security-status {enable | disable} is enable, and the response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} is Sign, Sign & Encrypt, or Encrypt & Sign.

    No default.

    "<namespace-mapping_name_id>"

    Enter the index number of an entry to create a namespace mapping.

    No default.

    namespace <namespace_str>

    Enter the namespace.

    No default.

    prefix <prefix _str>

    Enter a prefix for the namaspace.

    No default.

    "<element-list_name_id>"

    Enter the index number of an entry to create an element list.

    No default.

    xpath <xpath_str>

    Enter an XPath to specify which part of the XML file to process.

    No default.

    direction {request | response}

    Select either Request or Response to define in which direction the XPath applies to.

    request

    Related topics

    Previous
    Next

    waf ws security

    waf ws security

    Use this command to create WS-security rules.

    You can use WS-Security rules to do the following:

    • Encrypt and decrypt parts of SOAP messages
    • Digitally sign parts of SOAP messages
    • Verify parts of SOAP messages using digital signatures

    Syntax

    config waf ws-security rule

    edit "<ws-security_rule_name>"

    set encryption-algorithm {3EDS | AES-128 | AES-256}

    set encryption-part {Element Value | Element Markup}

    set key-transport-algorithm {RSA-15 | RSA-OAEP}

    set request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify}

    set request-security-status {enable | disable}

    set response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign}

    set response-security-status {enable | disable}

    set signature-algorithm {RSA-SHA-1 | HMAC-SHA-1}

    set xml-client-certificate-group <xml-client-certificate_group_str>

    set xml-server-certificate <xml-server-certificate_str>

    config namespace-mapping

    edit waf ws security

    set prefix <prefix _str>

    set namespace <namespace_str>

    next

    end

    config element-list

    edit waf ws security

    set xpath <xpath_str>

    set direction {request | response}

    next

    end

    next

    end

    Variable Description Default

    "<ws-security_rule_name>"

    		 Enter a name that can be referenced by other parts of the configuration. No default.

    encryption-algorithm {3EDS | AES-128 | AES-256}

    Select the encryption algorithm.

    • 3EDS
    • AES-128
    • AES-256

    Available only when response-security-status {enable | disable} is

    enable, and response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} is Encrypt, Sign & Encrypt, or Encrypt & Sign.

    3EDS

    encryption-part {Element Value | Element Markup}

    Select which part of the SOAP messages to encrypt.

    • Element Value
    • Element Markup

    Element Value

    key-transport-algorithm {RSA-15 | RSA-OAEP}

    Select the key transport algorithm.

    • RSA-15
    • RSA-OAEP

    RSA-15

    request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify}

    Select the operation that FortiWeb performs for the encryped SOAP messages from the client.

    • Sign Verify & Decrypt
    • Decrypt
    • Sign Verify

    Sign Verify

    request-security-status {enable | disable}

    Enable to configure FortiWeb to decrypt, sign and verify the encryped SOAP messages from the client.

    disable

    response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign}

    Select the operation that FortiWeb performs for the SOAP messages returned from the server.

    • Sign
    • Encrypt
    • Sign & Encrypt
    • Encrypt & Sign

    Sign

    response-security-status {enable | disable}

    Enable to configure FortiWeb to encrypt , and sign the SOAP messages returned from the server.

    disable

    signature-algorithm {RSA-SHA-1 | HMAC-SHA-1}

    Select the signature algorithm.

    • RSA-SHA-1
    • HMAC-SHA-1

    RSA-SHA-1

    xml-client-certificate-group <xml-client-certificate_group_str>

    Select the XML client certificate group created from XML Certificate > Client Certifcate Group.

    Available only when request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} is enable, and the request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} is Sign Verify & Decrypt or Sign Verify.

    Or

    Available only when response-security-status {enable | disable} is enable, and the response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} is Encrypt, Sign & Encrypt or Encrypt & Sign.

    No default.

    xml-server-certificate <xml-server-certificate_str>

    Select the XML server certificate uploaded from XML Certificate>

    Server Certifcate.

    Available only when request-security-status {enable | disable} is

    enable, and the request-operation {Sign Verify & Decrypt | Decrypt | Sign Verify} is Sign Verify & Decrypt or Decrypt .

    Or

    Available only when response-security-status {enable | disable} is enable, and the response-operation {Sign | Encrypt | Sign & Encrypt | Encrypt & Sign} is Sign, Sign & Encrypt, or Encrypt & Sign.

    No default.

    "<namespace-mapping_name_id>"

    Enter the index number of an entry to create a namespace mapping.

    No default.

    namespace <namespace_str>

    Enter the namespace.

    No default.

    prefix <prefix _str>

    Enter a prefix for the namaspace.

    No default.

    "<element-list_name_id>"

    Enter the index number of an entry to create an element list.

    No default.

    xpath <xpath_str>

    Enter an XPath to specify which part of the XML file to process.

    No default.

    direction {request | response}

    Select either Request or Response to define in which direction the XPath applies to.

    request

    Related topics

    Previous
    Next