Fortinet white logo
Fortinet white logo

CLI Reference

config firewall service custom

config firewall service custom

Configure custom services.

config firewall service custom
    Description: Configure custom services.
    edit <name>
        set app-category <id1>, <id2>, ...
        set app-service-type [disable|app-id|...]
        set application <id1>, <id2>, ...
        set category {string}
        set check-reset-range [disable|strict|...]
        set color {integer}
        set comment {var-string}
        set fqdn {string}
        set helper [auto|disable|...]
        set icmpcode {integer}
        set icmptype {integer}
        set iprange {user}
        set protocol [TCP/UDP/SCTP|ICMP|...]
        set protocol-number {integer}
        set proxy [enable|disable]
        set sctp-portrange {user}
        set session-ttl {user}
        set tcp-halfclose-timer {integer}
        set tcp-halfopen-timer {integer}
        set tcp-portrange {user}
        set tcp-timewait-timer {integer}
        set udp-idle-timer {integer}
        set udp-portrange {user}
        set visibility [enable|disable]
    next
end

config firewall service custom

Parameter

Description

Type

Size

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

app-service-type

Application service type.

option

-

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

category

Service category.

string

Maximum length: 63

check-reset-range

Configure the type of ICMP error message verification.

option

-

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

comment

Comment.

var-string

Maximum length: 255

fqdn

Fully qualified domain name.

string

Maximum length: 255

helper

Helper name.

option

-

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

iprange

Start and end of the IP range associated with service.

user

Not Specified

name

Custom service name.

string

Maximum length: 79

protocol

Protocol type based on IANA numbers.

option

-

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

proxy

Enable/disable web proxy service.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

session-ttl

Session TTL.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet.

integer

Minimum value: 0 Maximum value: 86400

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet.

integer

Minimum value: 0 Maximum value: 86400

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds.

integer

Minimum value: 0 Maximum value: 300

udp-idle-timer

UDP half close timeout.

integer

Minimum value: 0 Maximum value: 86400

udp-portrange

Multiple UDP port ranges.

user

Not Specified

visibility

Enable/disable the visibility of the service on the GUI.

option

-

Option

Description

enable

Show in service selection.

disable

Hide from service selection.

config firewall service custom

config firewall service custom

Configure custom services.

config firewall service custom
    Description: Configure custom services.
    edit <name>
        set app-category <id1>, <id2>, ...
        set app-service-type [disable|app-id|...]
        set application <id1>, <id2>, ...
        set category {string}
        set check-reset-range [disable|strict|...]
        set color {integer}
        set comment {var-string}
        set fqdn {string}
        set helper [auto|disable|...]
        set icmpcode {integer}
        set icmptype {integer}
        set iprange {user}
        set protocol [TCP/UDP/SCTP|ICMP|...]
        set protocol-number {integer}
        set proxy [enable|disable]
        set sctp-portrange {user}
        set session-ttl {user}
        set tcp-halfclose-timer {integer}
        set tcp-halfopen-timer {integer}
        set tcp-portrange {user}
        set tcp-timewait-timer {integer}
        set udp-idle-timer {integer}
        set udp-portrange {user}
        set visibility [enable|disable]
    next
end

config firewall service custom

Parameter

Description

Type

Size

app-category <id>

Application category ID.

Application category id.

integer

Minimum value: 0 Maximum value: 4294967295

app-service-type

Application service type.

option

-

Option

Description

disable

Disable application type.

app-id

Application ID.

app-category

Applicatin category.

application <id>

Application ID.

Application id.

integer

Minimum value: 0 Maximum value: 4294967295

category

Service category.

string

Maximum length: 63

check-reset-range

Configure the type of ICMP error message verification.

option

-

Option

Description

disable

Disable RST range check.

strict

Check RST range strictly.

default

Using system default setting.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

comment

Comment.

var-string

Maximum length: 255

fqdn

Fully qualified domain name.

string

Maximum length: 255

helper

Helper name.

option

-

Option

Description

auto

Automatically select helper based on protocol and port.

disable

Disable helper.

ftp

FTP.

tftp

TFTP.

ras

RAS.

h323

H323.

tns

TNS.

mms

MMS.

sip

SIP.

pptp

PPTP.

rtsp

RTSP.

dns-udp

DNS UDP.

dns-tcp

DNS TCP.

pmap

PMAP.

rsh

RSH.

dcerpc

DCERPC.

mgcp

MGCP.

icmpcode

ICMP code.

integer

Minimum value: 0 Maximum value: 255

icmptype

ICMP type.

integer

Minimum value: 0 Maximum value: 4294967295

iprange

Start and end of the IP range associated with service.

user

Not Specified

name

Custom service name.

string

Maximum length: 79

protocol

Protocol type based on IANA numbers.

option

-

Option

Description

TCP/UDP/SCTP

TCP, UDP and SCTP.

ICMP

ICMP.

ICMP6

ICMP6.

IP

IP.

HTTP

HTTP - for web proxy.

FTP

FTP - for web proxy.

CONNECT

Connect - for web proxy.

SOCKS-TCP

Socks TCP - for web proxy.

SOCKS-UDP

Socks UDP - for web proxy.

ALL

All - for web proxy.

protocol-number

IP protocol number.

integer

Minimum value: 0 Maximum value: 254

proxy

Enable/disable web proxy service.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

sctp-portrange

Multiple SCTP port ranges.

user

Not Specified

session-ttl

Session TTL.

user

Not Specified

tcp-halfclose-timer

Wait time to close a TCP session waiting for an unanswered FIN packet.

integer

Minimum value: 0 Maximum value: 86400

tcp-halfopen-timer

Wait time to close a TCP session waiting for an unanswered open session packet.

integer

Minimum value: 0 Maximum value: 86400

tcp-portrange

Multiple TCP port ranges.

user

Not Specified

tcp-timewait-timer

Set the length of the TCP TIME-WAIT state in seconds.

integer

Minimum value: 0 Maximum value: 300

udp-idle-timer

UDP half close timeout.

integer

Minimum value: 0 Maximum value: 86400

udp-portrange

Multiple UDP port ranges.

user

Not Specified

visibility

Enable/disable the visibility of the service on the GUI.

option

-

Option

Description

enable

Show in service selection.

disable

Hide from service selection.