Fortinet black logo

CLI Reference

waf device-reputation

waf device-reputation

Use this command to create or edit a device reputation security policy.

When Device Tracking is enabled and a device reputation security policy is selected, FortiWeb evaluates the reputation of client devices that trigger security violations. If a device triggers a security violation in a device reputation security policy, it will acquire a lower device reputation. Access to networks and servers can be managed according to a device's reputation.

For information on device reputation security policies, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config waf device-reputation reputation-security-policy

edit "<policy_name>"

set action-for-high-level {alert | alert_deny | block-period | deny_no_log}

set action-for-low-level {alert | alert_deny | block-period | deny_no_log}

set action-for-medium-level {alert | alert_deny | block-period | deny_no_log}

set action-for-unindentified {alert | alert_deny | block-period | using_local_action | deny_no_log}

set high-level-score-begin <weight_int>

set low-level-score-end <weight_int>

set reputation-exception-rule "<rule_name>"

next

config waf device-reputation reputation-exceptions

edit "<exception_name>"

config reputation-exceptions-list

edit <ID_int>

set feature-name "<exception_name>"

next

delete <ID_int>

purge <y/n>

end

next

end

Variable Description Default

"<policy_name>"

Enter the name of the device reputation security policy to be created or edited. The maximum length is 63 characters. No default.

action-for-high-level {alert | alert_deny | block-period | deny_no_log}

Set the action for a device based on its risk level. The options are:

  • alert—Accept the request and generate an alert email and/or log message.
  • alert_deny—Block the request (or reset the connection) and generate an alert email and/or log message.

You can customize the web page that returns to the client with the HTTP status code. For details, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

  • block-period—Block subsequent requests from the client for a number of seconds. Also configure Block Period.

You can customize the web page that returns to the client with the HTTP status code. For details, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

  • using_local_action—Takes the local action specified in a protection profile.
  • deny_no_log—Deny a request. Do not generate a log message.

alert_deny

action-for-low-level {alert | alert_deny | block-period | deny_no_log}

alert

action-for-medium-level {alert | alert_deny | block-period | deny_no_log}

alert_deny

action-for-unindentified {alert | alert_deny | block-period | using_local_action | deny_no_log}

using_local_action

high-level-score-begin <weight_int>

Sets the weight range for a high risk level. The acceptable range is 3–1000.

200

low-level-score-end <weight_int>

Sets the weight range for a low risk level. The acceptable range is 2–1000.

50

reputation-exception-rule "<rule_name>"

Enter the name of the device reputation exceptions, if any.

No default.

"<exception_name>"

Enter the name of the device reputation exception to be created or edited. The maximum length is 63 characters. No default.

<ID_int>

Enter the Security Feature Name ID to be created or edited. No default.

feature-name "<exception_name>"

Enter the name of the security feature name to be included as a reputation exception. The available security feature names are:

  • bad_robot
  • cookie_security_policy
  • cross_site_scripting
  • cross_site_scripting_extended
  • csrf_protection
  • custom_policy
  • custom_signature
  • dos_protection
  • file_upload_restriction
  • generic_attacks
  • generic_attacks_extended
  • hidden_field_protection
  • http_protocol_constraints
  • ip_reputation
  • know_exploits
  • padding_oracle_protection
  • parameter_validation
  • sql_injection
  • sql_injection_extended
  • sql_injection_syntax
  • trojans
  • user_tracking
No default.

delete <ID_int>

Deletes a security feature from the list of device reputation exceptions according to its ID. No default.

purge <y/n>

Deletes all security feature exceptions. No default.

Example

This example creates a device reputation security policy and defines a device reputation exception.

config waf device-reputation reputation-security-policy

edit "<policy1>"

set action-for-high-level alert_deny

set action-for-low-level alert

set action-for-medium-level alert

set action-for-unindentified block-period

set block-period-unindentified-level 60

set high-level-score-begin 300

set low-level-score-end 100

set reputation-exception-rule "<exception_rule1>"

next

end

config waf device-reputation reputation-exceptions

edit "<exception1>"

config reputation-exceptions-list

edit 1

set feature-name trojans

next

end

end

Related Topics

waf device-reputation

Use this command to create or edit a device reputation security policy.

When Device Tracking is enabled and a device reputation security policy is selected, FortiWeb evaluates the reputation of client devices that trigger security violations. If a device triggers a security violation in a device reputation security policy, it will acquire a lower device reputation. Access to networks and servers can be managed according to a device's reputation.

For information on device reputation security policies, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config waf device-reputation reputation-security-policy

edit "<policy_name>"

set action-for-high-level {alert | alert_deny | block-period | deny_no_log}

set action-for-low-level {alert | alert_deny | block-period | deny_no_log}

set action-for-medium-level {alert | alert_deny | block-period | deny_no_log}

set action-for-unindentified {alert | alert_deny | block-period | using_local_action | deny_no_log}

set high-level-score-begin <weight_int>

set low-level-score-end <weight_int>

set reputation-exception-rule "<rule_name>"

next

config waf device-reputation reputation-exceptions

edit "<exception_name>"

config reputation-exceptions-list

edit <ID_int>

set feature-name "<exception_name>"

next

delete <ID_int>

purge <y/n>

end

next

end

Variable Description Default

"<policy_name>"

Enter the name of the device reputation security policy to be created or edited. The maximum length is 63 characters. No default.

action-for-high-level {alert | alert_deny | block-period | deny_no_log}

Set the action for a device based on its risk level. The options are:

  • alert—Accept the request and generate an alert email and/or log message.
  • alert_deny—Block the request (or reset the connection) and generate an alert email and/or log message.

You can customize the web page that returns to the client with the HTTP status code. For details, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

  • block-period—Block subsequent requests from the client for a number of seconds. Also configure Block Period.

You can customize the web page that returns to the client with the HTTP status code. For details, see the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

  • using_local_action—Takes the local action specified in a protection profile.
  • deny_no_log—Deny a request. Do not generate a log message.

alert_deny

action-for-low-level {alert | alert_deny | block-period | deny_no_log}

alert

action-for-medium-level {alert | alert_deny | block-period | deny_no_log}

alert_deny

action-for-unindentified {alert | alert_deny | block-period | using_local_action | deny_no_log}

using_local_action

high-level-score-begin <weight_int>

Sets the weight range for a high risk level. The acceptable range is 3–1000.

200

low-level-score-end <weight_int>

Sets the weight range for a low risk level. The acceptable range is 2–1000.

50

reputation-exception-rule "<rule_name>"

Enter the name of the device reputation exceptions, if any.

No default.

"<exception_name>"

Enter the name of the device reputation exception to be created or edited. The maximum length is 63 characters. No default.

<ID_int>

Enter the Security Feature Name ID to be created or edited. No default.

feature-name "<exception_name>"

Enter the name of the security feature name to be included as a reputation exception. The available security feature names are:

  • bad_robot
  • cookie_security_policy
  • cross_site_scripting
  • cross_site_scripting_extended
  • csrf_protection
  • custom_policy
  • custom_signature
  • dos_protection
  • file_upload_restriction
  • generic_attacks
  • generic_attacks_extended
  • hidden_field_protection
  • http_protocol_constraints
  • ip_reputation
  • know_exploits
  • padding_oracle_protection
  • parameter_validation
  • sql_injection
  • sql_injection_extended
  • sql_injection_syntax
  • trojans
  • user_tracking
No default.

delete <ID_int>

Deletes a security feature from the list of device reputation exceptions according to its ID. No default.

purge <y/n>

Deletes all security feature exceptions. No default.

Example

This example creates a device reputation security policy and defines a device reputation exception.

config waf device-reputation reputation-security-policy

edit "<policy1>"

set action-for-high-level alert_deny

set action-for-low-level alert

set action-for-medium-level alert

set action-for-unindentified block-period

set block-period-unindentified-level 60

set high-level-score-begin 300

set low-level-score-end 100

set reputation-exception-rule "<exception_rule1>"

next

end

config waf device-reputation reputation-exceptions

edit "<exception1>"

config reputation-exceptions-list

edit 1

set feature-name trojans

next

end

end

Related Topics