Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 7.0.2 CLI Reference
    7.0.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    waf ftp-protection-profile

    waf ftp-protection-profile

    Use this command to configure an FTP security inline profile.

    FTP security inline profiles combine previously-configured rules, profiles, and policies in a comprehensive set that can be applied in an FTP server policy. Apply the profile in an FTP server policy. For details, see server-policy policy.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

    Before creating an FTP security inline profile

    Prior to creating an FTP security inline profile, you should create and configure the rules, profiles, and policies that you plan to add to the FTP security inline profile. You can include the following:

    tooltip icon

    If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP security inline profile. To enable ftp-security, see system feature-visibility.

    Syntax

    config waf ftp-protection-profile

    edit "<policy_name>"

    set ftp-file-check "<rule_name>"

    set ftp-geo-ip "<rule_name>"

    set ftp-ip-check "<rule_name>"

    set ftp-ip-intelligence {enable | disable}

    set ftp-restriction-command-type "<rule_name>"

    Variable Description Default

    "<policy_name>"

    Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.

    No default.

    ftp-file-check "<rule_name>"

    		 Enter the name of an FTP file check rule that you previously created. If you haven't created an FTP file check rule to include in this profile yet, see waf ftp-file-security for instructions about creating one.

    No default.

    ftp-geo-ip "<rule_name>"

    Enter the name of a geo IP block policy that you previously created. If you haven't created a geo IP block policy to include in this profile yet, see waf geo-block-list for instructions about creating one.

    No default.

    ftp-ip-check "<rule_name>"

    Enter the name of an IP List that you previously created. If you haven't created an IP List rule to include in this profile yet, see waf ip-list for instructions about creating one.

    No default.

    ftp-ip-intelligence {enable | disable}

    Enable to include the active IP reputation policy in this profile. If you haven't created an IP reputation policy to include in this profile yet, see "To configure an IP reputation policy" on page 1 for instructions about creating one.

    disable

    ftp-restriction-command-type "<rule_name>"

    Enter the name of an FTP command restriction rule that you previously created. If you haven't created an FTP command restriction rule to include in this profile yet, see waf ip-intelligence for instructions about creating one.

    No default.

    Related Topics

    Previous
    Next

    waf ftp-protection-profile

    waf ftp-protection-profile

    Use this command to configure an FTP security inline profile.

    FTP security inline profiles combine previously-configured rules, profiles, and policies in a comprehensive set that can be applied in an FTP server policy. Apply the profile in an FTP server policy. For details, see server-policy policy.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

    Before creating an FTP security inline profile

    Prior to creating an FTP security inline profile, you should create and configure the rules, profiles, and policies that you plan to add to the FTP security inline profile. You can include the following:

    tooltip icon

    If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP security inline profile. To enable ftp-security, see system feature-visibility.

    Syntax

    config waf ftp-protection-profile

    edit "<policy_name>"

    set ftp-file-check "<rule_name>"

    set ftp-geo-ip "<rule_name>"

    set ftp-ip-check "<rule_name>"

    set ftp-ip-intelligence {enable | disable}

    set ftp-restriction-command-type "<rule_name>"

    Variable Description Default

    "<policy_name>"

    Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.

    No default.

    ftp-file-check "<rule_name>"

    		 Enter the name of an FTP file check rule that you previously created. If you haven't created an FTP file check rule to include in this profile yet, see waf ftp-file-security for instructions about creating one.

    No default.

    ftp-geo-ip "<rule_name>"

    Enter the name of a geo IP block policy that you previously created. If you haven't created a geo IP block policy to include in this profile yet, see waf geo-block-list for instructions about creating one.

    No default.

    ftp-ip-check "<rule_name>"

    Enter the name of an IP List that you previously created. If you haven't created an IP List rule to include in this profile yet, see waf ip-list for instructions about creating one.

    No default.

    ftp-ip-intelligence {enable | disable}

    Enable to include the active IP reputation policy in this profile. If you haven't created an IP reputation policy to include in this profile yet, see "To configure an IP reputation policy" on page 1 for instructions about creating one.

    disable

    ftp-restriction-command-type "<rule_name>"

    Enter the name of an FTP command restriction rule that you previously created. If you haven't created an FTP command restriction rule to include in this profile yet, see waf ip-intelligence for instructions about creating one.

    No default.

    Related Topics

    Previous
    Next