Text strings
Text strings are used to name entities in the FortiGate configuration. For example, the name of a firewall address, administrator, or interface are all text strings.
The following characters cannot be used in text strings, as they present cross-site scripting (XSS) vulnerabilities:
-
“
- double quotes -
'
- single quote -
>
- greater than -
<
- less than
Most GUI text fields prevent XSS vulnerable characters from being added.
VDOM names and hostnames can only use numbers (0-9), letters (a-z and A-Z), dashes, and underscores. |
The tree
CLI command can be used to view the number of characters allowed in a name field. For example, entering the following commands show that a firewall address name can contain up to 80 characters, while its FQDN can contain 256 characters:
config fire address (address) # tree -- [address] --*name (80) |- uuid |- subnet |- type |- start-mac |- end-mac |- start-ip |- end-ip |- fqdn (256) |- country (3) |- wildcard-fqdn (256) |- cache-ttl (0,86400) |- wildcard |- sdn (36) |- interface (36) |- tenant (36) |- organization (36) |- epg-name (256) |- subnet-name (256) |- sdn-tag (16) |- policy-group (16) |- comment |- visibility |- associated-interface (36) |- color (0,32) |- filter |- sdn-addr-type |- obj-id |- [list] --*ip (36) |- obj-id (128) +- net-id (128) |- [tagging] --*name (64) |- category (64) +- [tags] --*name (80) +- allow-routing