waf ftp-file-security

Use this command to create FTP file check rules so that FortiWeb places restrictions on uploading or downloading files and scans files that clients attempt to upload to or download from your server(s). When configured, FortiWeb can also send files to FortiSandbox for analysis and perform an antivirus scan.

For details about applying an FTP file check rule to an FTP server policy, see waf ftp-protection-profile.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

If ftp-security isn't enabled in feature-visibility, you must enable it before you can create an FTP file check rule. To enable ftp-security, see system feature-visibility.

Syntax

config waf ftp-file security

edit "<rule_name>"

set action {alert | alert_deny | block-period | deny_no_log}

set block-period <block_period_int>

set severity {High | Info | Low | Medium}

set trigger "<policy_name>"

set check-dir {both | download | upload}

set av-scan {enable | disable}

set send-files-to-fortisandbox {enable | disable}

set icap-server-check {enable | disable}

end

Variable	Description	Default
"<rule_name>"	Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.	No default.
action {alert \| alert_deny \| block-period \| deny_no_log}	Select which action FortiWeb will take when it detects a violation of the rule: `alert`—Accept the connection and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert and/or log message. `deny_no_log`—Block the request (or reset the connection). `block-period`—Block subsequent requests from the client for a number of seconds. Also configure waf ftp-file-security. Note: This setting will be ignored if monitor-mode {enable \| disable} is enabled in a server policy.	alert_deny
block-period <block_period_int>	Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600 seconds. This setting is available only if waf ftp-file-security is set to `block-period`.	`600`
severity {High \| Info \| Low \| Medium}	When rule violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs a violation of the rule: `Info` `Low` `Medium` `High`	Medium
trigger "<policy_name>"	Enter the name of a trigger policy, if any, that FortiWeb will use when it logs and/or sends an alert email about a violation of the rule.	No default.
check-dir {both \| download \| upload}	Select one of the following: `both`—FortiWeb applies the rule to files being either downloaded from or uploaded to your server(s). `download`—FortiWeb applies the rule to files being downloaded from your server(s). `upload`—FortiWeb applies the rule to files being uploaded to your server(s).	upload
av-scan {enable \| disable}	Enable so that FortiWeb performs an antivirus scan on files that match the waf ftp-file-security.	disable
send-files-to-fortisandbox {enable \| disable}	Enable so that FortiWeb sends files to FortiSandbox that match the waf ftp-file-security. Also specify the FortiSandbox settings for your FortiWeb. For details, see system fortisandbox. FortiSandbox evaluates the file and returns the results to FortiWeb. If waf ftp-file-security is enabled and FortiWeb detects a virus, it does not send the file to FortiSandbox.	disable
icap-server-check {enable \| disable}	Enable so that FortiWeb sends files to ICAP server that matches the uploading or downloading directions.	disable

Syntax

config waf ftp-file security

edit "<rule_name>"

set action {alert | alert_deny | block-period | deny_no_log}

set block-period <block_period_int>

set severity {High | Info | Low | Medium}

set trigger "<policy_name>"

set check-dir {both | download | upload}

set av-scan {enable | disable}

set send-files-to-fortisandbox {enable | disable}

set icap-server-check {enable | disable}

end

Variable	Description	Default
"<rule_name>"	Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters.	No default.
action {alert \| alert_deny \| block-period \| deny_no_log}	Select which action FortiWeb will take when it detects a violation of the rule: `alert`—Accept the connection and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert and/or log message. `deny_no_log`—Block the request (or reset the connection). `block-period`—Block subsequent requests from the client for a number of seconds. Also configure waf ftp-file-security. Note: This setting will be ignored if monitor-mode {enable \| disable} is enabled in a server policy.	alert_deny
block-period <block_period_int>	Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600 seconds. This setting is available only if waf ftp-file-security is set to `block-period`.	`600`
severity {High \| Info \| Low \| Medium}	When rule violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs a violation of the rule: `Info` `Low` `Medium` `High`	Medium
trigger "<policy_name>"	Enter the name of a trigger policy, if any, that FortiWeb will use when it logs and/or sends an alert email about a violation of the rule.	No default.
check-dir {both \| download \| upload}	Select one of the following: `both`—FortiWeb applies the rule to files being either downloaded from or uploaded to your server(s). `download`—FortiWeb applies the rule to files being downloaded from your server(s). `upload`—FortiWeb applies the rule to files being uploaded to your server(s).	upload
av-scan {enable \| disable}	Enable so that FortiWeb performs an antivirus scan on files that match the waf ftp-file-security.	disable
send-files-to-fortisandbox {enable \| disable}	Enable so that FortiWeb sends files to FortiSandbox that match the waf ftp-file-security. Also specify the FortiSandbox settings for your FortiWeb. For details, see system fortisandbox. FortiSandbox evaluates the file and returns the results to FortiWeb. If waf ftp-file-security is enabled and FortiWeb detects a virus, it does not send the file to FortiSandbox.	disable
icap-server-check {enable \| disable}	Enable so that FortiWeb sends files to ICAP server that matches the uploading or downloading directions.	disable

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference