config webfilter profile
Description: Configure Web filter profiles.
edit <name>
set comment {var-string}
set feature-set [flow|proxy]
set replacemsg-group {string}
set options {option1}, {option2}, ...
config file-filter
Description: File filter.
set status [enable|disable]
set log [enable|disable]
set scan-archive-contents [enable|disable]
config entries
Description: File filter entries.
edit <filter>
set comment {var-string}
set protocol {option1}, {option2}, ...
set action [log|block]
set direction [incoming|outgoing|...]
set password-protected [yes|any]
set file-type <name1>, <name2>, ...
next
end
end
set https-replacemsg [enable|disable]
set ovrd-perm {option1}, {option2}, ...
set post-action [normal|block]
config override
Description: Web Filter override settings.
set ovrd-cookie [allow|deny]
set ovrd-scope [user|user-group|...]
set profile-type [list|radius]
set ovrd-dur-mode [constant|ask]
set ovrd-dur {user}
set profile-attribute [User-Name|NAS-IP-Address|...]
set ovrd-user-group <name1>, <name2>, ...
set profile <name1>, <name2>, ...
end
config web
Description: Web content filtering settings.
set bword-threshold {integer}
set bword-table {integer}
set urlfilter-table {integer}
set content-header-list {integer}
set blacklist [enable|disable]
set whitelist {option1}, {option2}, ...
set safe-search {option1}, {option2}, ...
set youtube-restrict [none|strict|...]
set log-search [enable|disable]
set keyword-match <pattern1>, <pattern2>, ...
end
set youtube-channel-status [disable|blacklist|...]
config youtube-channel-filter
Description: YouTube channel filter.
edit <id>
set channel-id {string}
set comment {var-string}
next
end
config ftgd-wf
Description: FortiGuard Web Filter settings.
set options {option1}, {option2}, ...
set exempt-quota {user}
set ovrd {user}
config filters
Description: FortiGuard filters.
edit <id>
set category {integer}
set action [block|authenticate|...]
set warn-duration {user}
set auth-usr-grp <name1>, <name2>, ...
set log [enable|disable]
set override-replacemsg {string}
set warning-prompt [per-domain|per-category]
set warning-duration-type [session|timeout]
next
end
config quota
Description: FortiGuard traffic quota settings.
edit <id>
set category {user}
set type [time|traffic]
set unit [B|KB|...]
set value {integer}
set duration {user}
set override-replacemsg {string}
next
end
set max-quota-timeout {integer}
set rate-image-urls [disable|enable]
set rate-javascript-urls [disable|enable]
set rate-css-urls [disable|enable]
set rate-crl-urls [disable|enable]
end
config antiphish
Description: AntiPhishing profile.
set status [enable|disable]
set domain-controller {string}
set default-action [exempt|log|...]
set check-uri [enable|disable]
set check-basic-auth [enable|disable]
set max-body-len {integer}
config inspection-entries
Description: AntiPhishing entries.
edit <name>
set fortiguard-category {user}
set action [exempt|log|...]
next
end
config custom-patterns
Description: Custom username and password regex patterns.
edit <pattern>
set category [username|password]
next
end
end
set wisp [enable|disable]
set wisp-servers <name1>, <name2>, ...
set wisp-algorithm [primary-secondary|round-robin|...]
set log-all-url [enable|disable]
set web-content-log [enable|disable]
set web-filter-activex-log [enable|disable]
set web-filter-command-block-log [enable|disable]
set web-filter-cookie-log [enable|disable]
set web-filter-applet-log [enable|disable]
set web-filter-jscript-log [enable|disable]
set web-filter-js-log [enable|disable]
set web-filter-vbs-log [enable|disable]
set web-filter-unknown-log [enable|disable]
set web-filter-referer-log [enable|disable]
set web-filter-cookie-removal-log [enable|disable]
set web-url-log [enable|disable]
set web-invalid-domain-log [enable|disable]
set web-ftgd-err-log [enable|disable]
set web-ftgd-quota-usage [enable|disable]
set extended-log [enable|disable]
set web-extended-all-action-log [enable|disable]
set web-antiphishing-log [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Optional comments. | var-string | Maximum length: 255 |
feature-set | Flow/proxy feature set. flow: Flow feature set. proxy: Proxy feature set. |
option | - |
replacemsg-group | Replacement message group. | string | Maximum length: 35 |
options | Options. activexfilter: ActiveX filter. cookiefilter: Cookie filter. javafilter: Java applet filter. block-invalid-url: Block sessions contained an invalid domain name. jscript: Javascript block. js: JS block. vbs: VB script block. unknown: Unknown script block. intrinsic: Intrinsic script block. wf-referer: Referring block. wf-cookie: Cookie block. per-user-bwl: Per-user black/white list filter |
option | - |
https-replacemsg | Enable replacement messages for HTTPS. enable: Enable setting. disable: Disable setting. |
option | - |
ovrd-perm | Permitted override types. bannedword-override: Banned word override. urlfilter-override: URL filter override. fortiguard-wf-override: FortiGuard Web Filter override. contenttype-check-override: Content-type header override. |
option | - |
post-action | Action taken for HTTP POST traffic. normal: Normal, POST requests are allowed. block: POST requests are blocked. |
option | - |
youtube-channel-status | YouTube channel filter status. disable: Disable YouTube channel filter. blacklist: Block matches. whitelist: Allow matches. |
option | - |
wisp | Enable/disable web proxy WISP. enable: Enable web proxy WISP. disable: Disable web proxy WISP. |
option | - |
wisp-servers <name> |
WISP servers. Server name. |
string | Maximum length: 79 |
wisp-algorithm | WISP server selection algorithm. primary-secondary: Select the first healthy server in order. round-robin: Select the next healthy server. auto-learning: Select the lightest loading healthy server. |
option | - |
log-all-url | Enable/disable logging all URLs visited. enable: Enable setting. disable: Disable setting. |
option | - |
web-content-log | Enable/disable logging logging blocked web content. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-activex-log | Enable/disable logging ActiveX. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-command-block-log | Enable/disable logging blocked commands. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-cookie-log | Enable/disable logging cookie filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-applet-log | Enable/disable logging Java applets. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-jscript-log | Enable/disable logging JScripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-js-log | Enable/disable logging Java scripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-vbs-log | Enable/disable logging VBS scripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-unknown-log | Enable/disable logging unknown scripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-referer-log | Enable/disable logging referrers. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-cookie-removal-log | Enable/disable logging blocked cookies. enable: Enable setting. disable: Disable setting. |
option | - |
web-url-log | Enable/disable logging URL filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-invalid-domain-log | Enable/disable logging invalid domain names. enable: Enable setting. disable: Disable setting. |
option | - |
web-ftgd-err-log | Enable/disable logging rating errors. enable: Enable setting. disable: Disable setting. |
option | - |
web-ftgd-quota-usage | Enable/disable logging daily quota usage. enable: Enable setting. disable: Disable setting. |
option | - |
extended-log | Enable/disable extended logging for web filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-extended-all-action-log | Enable/disable extended any filter action logging for web filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-antiphishing-log | Enable/disable logging of AntiPhishing checks. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable file filter. enable: Enable file filter. disable: Disable file filter. |
option | - |
log | Enable/disable file filter logging. enable: Enable file filter logging. disable: Disable file filter logging. |
option | - |
scan-archive-contents | Enable/disable file filter archive contents scan. enable: Enable file filter archive contents scan. disable: Disable file filter archive contents scan. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Comment. | var-string | Maximum length: 255 |
protocol | Protocols to apply with. http: Enable/disable HTTP. ftp: Enable/disable FTP. |
option | - |
action | Action taken for matched file. log: Allow the content and write a log message. block: Block the content and write a log message. |
option | - |
direction | Match files transmitted in the session's originating or reply direction. incoming: Match files transmitted in the session's originating direction. outgoing: Match files transmitted in the session's reply direction. any: Match files transmitted in the session's originating and reply direction. |
option | - |
password-protected | Match password-protected files. yes: Match only password-protected files. any: Match any file. |
option | - |
file-type <name> |
Select file type. File type name. |
string | Maximum length: 39 |
Parameter Name | Description | Type | Size |
---|---|---|---|
ovrd-cookie | Allow/deny browser-based (cookie) overrides. allow: Allow browser-based (cookie) override. deny: Deny browser-based (cookie) override. |
option | - |
ovrd-scope | Override scope. user: Override for the user. user-group: Override for the user's group. ip: Override for the initiating IP. browser: Create browser-based (cookie) override. ask: Prompt for scope when initiating an override. |
option | - |
profile-type | Override profile type. list: Profile chosen from list. radius: Profile determined by RADIUS server. |
option | - |
ovrd-dur-mode | Override duration mode. constant: Constant mode. ask: Prompt for duration when initiating an override. |
option | - |
ovrd-dur | Override duration. | user | Not Specified |
profile-attribute | Profile attribute to retrieve from the RADIUS server. User-Name: Use this attribute. NAS-IP-Address: Use this attribute. Framed-IP-Address: Use this attribute. Framed-IP-Netmask: Use this attribute. Filter-Id: Use this attribute. Login-IP-Host: Use this attribute. Reply-Message: Use this attribute. Callback-Number: Use this attribute. Callback-Id: Use this attribute. Framed-Route: Use this attribute. Framed-IPX-Network: Use this attribute. Class: Use this attribute. Called-Station-Id: Use this attribute. Calling-Station-Id: Use this attribute. NAS-Identifier: Use this attribute. Proxy-State: Use this attribute. Login-LAT-Service: Use this attribute. Login-LAT-Node: Use this attribute. Login-LAT-Group: Use this attribute. Framed-AppleTalk-Zone: Use this attribute. Acct-Session-Id: Use this attribute. Acct-Multi-Session-Id: Use this attribute. |
option | - |
ovrd-user-group <name> |
User groups with permission to use the override. User group name. |
string | Maximum length: 79 |
profile <name> |
Web filter profile with permission to create overrides. Web profile. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
bword-threshold | Banned word score threshold. | integer | Minimum value: 0 Maximum value: 2147483647 |
bword-table | Banned word table ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
urlfilter-table | URL filter table ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
content-header-list | Content header list. | integer | Minimum value: 0 Maximum value: 4294967295 |
blacklist | Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. enable: Enable setting. disable: Disable setting. |
option | - |
whitelist | FortiGuard whitelist settings. exempt-av: Exempt antivirus. exempt-webcontent: Exempt web content. exempt-activex-java-cookie: Exempt ActiveX-JAVA-Cookie. exempt-dlp: Exempt DLP. exempt-rangeblock: Exempt RangeBlock. extended-log-others: Support extended log. |
option | - |
safe-search | Safe search type. url: Insert safe search string into URL. header: Insert safe search header. |
option | - |
youtube-restrict | YouTube EDU filter level. none: Full access for YouTube. strict: Strict access for YouTube. moderate: Moderate access for YouTube. |
option | - |
log-search | Enable/disable logging all search phrases. enable: Enable setting. disable: Disable setting. |
option | - |
keyword-match <pattern> |
Search keywords to log when match is found. Pattern/keyword to search for. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
channel-id | YouTube channel ID to be filtered. | string | Maximum length: 255 |
comment | Comment. | var-string | Maximum length: 255 |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Options for FortiGuard Web Filter. error-allow: Allow web pages with a rating error to pass through. rate-server-ip: Rate the server IP in addition to the domain name. connect-request-bypass: Bypass connection which has CONNECT request. ftgd-disable: Disable FortiGuard scanning. |
option | - |
exempt-quota | Do not stop quota for these categories. | user | Not Specified |
ovrd | Allow web filter profile overrides. | user | Not Specified |
max-quota-timeout | Maximum FortiGuard quota used by single page view in seconds (excludes streams). | integer | Minimum value: 1 Maximum value: 86400 |
rate-image-urls | Enable/disable rating images by URL. disable: Disable rating images by URL (blocked images are replaced with blanks). enable: Enable rating images by URL (blocked images are replaced with blanks). |
option | - |
rate-javascript-urls | Enable/disable rating JavaScript by URL. disable: Disable rating JavaScript by URL. enable: Enable rating JavaScript by URL. |
option | - |
rate-css-urls | Enable/disable rating CSS by URL. disable: Disable rating CSS by URL. enable: Enable rating CSS by URL. |
option | - |
rate-crl-urls | Enable/disable rating CRL by URL. disable: Disable rating CRL by URL. enable: Enable rating CRL by URL. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | Categories and groups the filter examines. | integer | Minimum value: 0 Maximum value: 255 |
action | Action to take for matches. block: Block access. authenticate: Authenticate user before allowing access. monitor: Allow access while logging the action. warning: Allow access after warning the user. |
option | - |
warn-duration | Duration of warnings. | user | Not Specified |
auth-usr-grp <name> |
Groups with permission to authenticate. User group name. |
string | Maximum length: 79 |
log | Enable/disable logging. enable: Enable setting. disable: Disable setting. |
option | - |
override-replacemsg | Override replacement message. | string | Maximum length: 28 |
warning-prompt | Warning prompts in each category or each domain. per-domain: Per-domain warnings. per-category: Per-category warnings. |
option | - |
warning-duration-type | Re-display warning after closing browser or after a timeout. session: After session ends. timeout: After timeout occurs. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | FortiGuard categories to apply quota to (category action must be set to monitor). | user | Not Specified |
type | Quota type. time: Use a time-based quota. traffic: Use a traffic-based quota. |
option | - |
unit | Traffic quota unit of measurement. B: Quota in bytes. KB: Quota in kilobytes. MB: Quota in megabytes. GB: Quota in gigabytes. |
option | - |
value | Traffic quota value. | integer | Minimum value: 1 Maximum value: 4294967295 |
duration | Duration of quota. | user | Not Specified |
override-replacemsg | Override replacement message. | string | Maximum length: 28 |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Toggle AntiPhishing functionality. enable: Enable AntiPhishing functionality. disable: Disable AntiPhishing functionality. |
option | - |
domain-controller | Domain for which to verify received credentials against. | string | Maximum length: 63 |
default-action | Action to be taken when there is no matching rule. exempt: Exempt requests from matching. log: Log all matched requests. block: Block all matched requests. |
option | - |
check-uri | Enable/disable checking of GET URI parameters for known credentials. enable: Enable checking of GET URI for username and password fields. disable: Disable checking of GET URI for username and password fields. |
option | - |
check-basic-auth | Enable/disable checking of HTTP Basic Auth field for known credentials. enable: Enable checking of HTTP Basic Auth field for known credentials. disable: Disable checking of HTTP Basic Auth field for known credentials. |
option | - |
max-body-len | Maximum size of a POST body to check for credentials. | integer | Minimum value: 0 Maximum value: 4294967295 |
Parameter Name | Description | Type | Size |
---|---|---|---|
fortiguard-category | FortiGuard category to match. | user | Not Specified |
action | Action to be taken upon an AntiPhishing match. exempt: Exempt requests from matching. log: Log all matched requests. block: Block all matched requests. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | Category that the pattern matches. username: Pattern matches username fields. password: Pattern matches password fields. |
option | - |
config webfilter profile
Description: Configure Web filter profiles.
edit <name>
set comment {var-string}
set feature-set [flow|proxy]
set replacemsg-group {string}
set options {option1}, {option2}, ...
config file-filter
Description: File filter.
set status [enable|disable]
set log [enable|disable]
set scan-archive-contents [enable|disable]
config entries
Description: File filter entries.
edit <filter>
set comment {var-string}
set protocol {option1}, {option2}, ...
set action [log|block]
set direction [incoming|outgoing|...]
set password-protected [yes|any]
set file-type <name1>, <name2>, ...
next
end
end
set https-replacemsg [enable|disable]
set ovrd-perm {option1}, {option2}, ...
set post-action [normal|block]
config override
Description: Web Filter override settings.
set ovrd-cookie [allow|deny]
set ovrd-scope [user|user-group|...]
set profile-type [list|radius]
set ovrd-dur-mode [constant|ask]
set ovrd-dur {user}
set profile-attribute [User-Name|NAS-IP-Address|...]
set ovrd-user-group <name1>, <name2>, ...
set profile <name1>, <name2>, ...
end
config web
Description: Web content filtering settings.
set bword-threshold {integer}
set bword-table {integer}
set urlfilter-table {integer}
set content-header-list {integer}
set blacklist [enable|disable]
set whitelist {option1}, {option2}, ...
set safe-search {option1}, {option2}, ...
set youtube-restrict [none|strict|...]
set log-search [enable|disable]
set keyword-match <pattern1>, <pattern2>, ...
end
set youtube-channel-status [disable|blacklist|...]
config youtube-channel-filter
Description: YouTube channel filter.
edit <id>
set channel-id {string}
set comment {var-string}
next
end
config ftgd-wf
Description: FortiGuard Web Filter settings.
set options {option1}, {option2}, ...
set exempt-quota {user}
set ovrd {user}
config filters
Description: FortiGuard filters.
edit <id>
set category {integer}
set action [block|authenticate|...]
set warn-duration {user}
set auth-usr-grp <name1>, <name2>, ...
set log [enable|disable]
set override-replacemsg {string}
set warning-prompt [per-domain|per-category]
set warning-duration-type [session|timeout]
next
end
config quota
Description: FortiGuard traffic quota settings.
edit <id>
set category {user}
set type [time|traffic]
set unit [B|KB|...]
set value {integer}
set duration {user}
set override-replacemsg {string}
next
end
set max-quota-timeout {integer}
set rate-image-urls [disable|enable]
set rate-javascript-urls [disable|enable]
set rate-css-urls [disable|enable]
set rate-crl-urls [disable|enable]
end
config antiphish
Description: AntiPhishing profile.
set status [enable|disable]
set domain-controller {string}
set default-action [exempt|log|...]
set check-uri [enable|disable]
set check-basic-auth [enable|disable]
set max-body-len {integer}
config inspection-entries
Description: AntiPhishing entries.
edit <name>
set fortiguard-category {user}
set action [exempt|log|...]
next
end
config custom-patterns
Description: Custom username and password regex patterns.
edit <pattern>
set category [username|password]
next
end
end
set wisp [enable|disable]
set wisp-servers <name1>, <name2>, ...
set wisp-algorithm [primary-secondary|round-robin|...]
set log-all-url [enable|disable]
set web-content-log [enable|disable]
set web-filter-activex-log [enable|disable]
set web-filter-command-block-log [enable|disable]
set web-filter-cookie-log [enable|disable]
set web-filter-applet-log [enable|disable]
set web-filter-jscript-log [enable|disable]
set web-filter-js-log [enable|disable]
set web-filter-vbs-log [enable|disable]
set web-filter-unknown-log [enable|disable]
set web-filter-referer-log [enable|disable]
set web-filter-cookie-removal-log [enable|disable]
set web-url-log [enable|disable]
set web-invalid-domain-log [enable|disable]
set web-ftgd-err-log [enable|disable]
set web-ftgd-quota-usage [enable|disable]
set extended-log [enable|disable]
set web-extended-all-action-log [enable|disable]
set web-antiphishing-log [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Optional comments. | var-string | Maximum length: 255 |
feature-set | Flow/proxy feature set. flow: Flow feature set. proxy: Proxy feature set. |
option | - |
replacemsg-group | Replacement message group. | string | Maximum length: 35 |
options | Options. activexfilter: ActiveX filter. cookiefilter: Cookie filter. javafilter: Java applet filter. block-invalid-url: Block sessions contained an invalid domain name. jscript: Javascript block. js: JS block. vbs: VB script block. unknown: Unknown script block. intrinsic: Intrinsic script block. wf-referer: Referring block. wf-cookie: Cookie block. per-user-bwl: Per-user black/white list filter |
option | - |
https-replacemsg | Enable replacement messages for HTTPS. enable: Enable setting. disable: Disable setting. |
option | - |
ovrd-perm | Permitted override types. bannedword-override: Banned word override. urlfilter-override: URL filter override. fortiguard-wf-override: FortiGuard Web Filter override. contenttype-check-override: Content-type header override. |
option | - |
post-action | Action taken for HTTP POST traffic. normal: Normal, POST requests are allowed. block: POST requests are blocked. |
option | - |
youtube-channel-status | YouTube channel filter status. disable: Disable YouTube channel filter. blacklist: Block matches. whitelist: Allow matches. |
option | - |
wisp | Enable/disable web proxy WISP. enable: Enable web proxy WISP. disable: Disable web proxy WISP. |
option | - |
wisp-servers <name> |
WISP servers. Server name. |
string | Maximum length: 79 |
wisp-algorithm | WISP server selection algorithm. primary-secondary: Select the first healthy server in order. round-robin: Select the next healthy server. auto-learning: Select the lightest loading healthy server. |
option | - |
log-all-url | Enable/disable logging all URLs visited. enable: Enable setting. disable: Disable setting. |
option | - |
web-content-log | Enable/disable logging logging blocked web content. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-activex-log | Enable/disable logging ActiveX. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-command-block-log | Enable/disable logging blocked commands. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-cookie-log | Enable/disable logging cookie filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-applet-log | Enable/disable logging Java applets. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-jscript-log | Enable/disable logging JScripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-js-log | Enable/disable logging Java scripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-vbs-log | Enable/disable logging VBS scripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-unknown-log | Enable/disable logging unknown scripts. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-referer-log | Enable/disable logging referrers. enable: Enable setting. disable: Disable setting. |
option | - |
web-filter-cookie-removal-log | Enable/disable logging blocked cookies. enable: Enable setting. disable: Disable setting. |
option | - |
web-url-log | Enable/disable logging URL filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-invalid-domain-log | Enable/disable logging invalid domain names. enable: Enable setting. disable: Disable setting. |
option | - |
web-ftgd-err-log | Enable/disable logging rating errors. enable: Enable setting. disable: Disable setting. |
option | - |
web-ftgd-quota-usage | Enable/disable logging daily quota usage. enable: Enable setting. disable: Disable setting. |
option | - |
extended-log | Enable/disable extended logging for web filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-extended-all-action-log | Enable/disable extended any filter action logging for web filtering. enable: Enable setting. disable: Disable setting. |
option | - |
web-antiphishing-log | Enable/disable logging of AntiPhishing checks. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable file filter. enable: Enable file filter. disable: Disable file filter. |
option | - |
log | Enable/disable file filter logging. enable: Enable file filter logging. disable: Disable file filter logging. |
option | - |
scan-archive-contents | Enable/disable file filter archive contents scan. enable: Enable file filter archive contents scan. disable: Disable file filter archive contents scan. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Comment. | var-string | Maximum length: 255 |
protocol | Protocols to apply with. http: Enable/disable HTTP. ftp: Enable/disable FTP. |
option | - |
action | Action taken for matched file. log: Allow the content and write a log message. block: Block the content and write a log message. |
option | - |
direction | Match files transmitted in the session's originating or reply direction. incoming: Match files transmitted in the session's originating direction. outgoing: Match files transmitted in the session's reply direction. any: Match files transmitted in the session's originating and reply direction. |
option | - |
password-protected | Match password-protected files. yes: Match only password-protected files. any: Match any file. |
option | - |
file-type <name> |
Select file type. File type name. |
string | Maximum length: 39 |
Parameter Name | Description | Type | Size |
---|---|---|---|
ovrd-cookie | Allow/deny browser-based (cookie) overrides. allow: Allow browser-based (cookie) override. deny: Deny browser-based (cookie) override. |
option | - |
ovrd-scope | Override scope. user: Override for the user. user-group: Override for the user's group. ip: Override for the initiating IP. browser: Create browser-based (cookie) override. ask: Prompt for scope when initiating an override. |
option | - |
profile-type | Override profile type. list: Profile chosen from list. radius: Profile determined by RADIUS server. |
option | - |
ovrd-dur-mode | Override duration mode. constant: Constant mode. ask: Prompt for duration when initiating an override. |
option | - |
ovrd-dur | Override duration. | user | Not Specified |
profile-attribute | Profile attribute to retrieve from the RADIUS server. User-Name: Use this attribute. NAS-IP-Address: Use this attribute. Framed-IP-Address: Use this attribute. Framed-IP-Netmask: Use this attribute. Filter-Id: Use this attribute. Login-IP-Host: Use this attribute. Reply-Message: Use this attribute. Callback-Number: Use this attribute. Callback-Id: Use this attribute. Framed-Route: Use this attribute. Framed-IPX-Network: Use this attribute. Class: Use this attribute. Called-Station-Id: Use this attribute. Calling-Station-Id: Use this attribute. NAS-Identifier: Use this attribute. Proxy-State: Use this attribute. Login-LAT-Service: Use this attribute. Login-LAT-Node: Use this attribute. Login-LAT-Group: Use this attribute. Framed-AppleTalk-Zone: Use this attribute. Acct-Session-Id: Use this attribute. Acct-Multi-Session-Id: Use this attribute. |
option | - |
ovrd-user-group <name> |
User groups with permission to use the override. User group name. |
string | Maximum length: 79 |
profile <name> |
Web filter profile with permission to create overrides. Web profile. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
bword-threshold | Banned word score threshold. | integer | Minimum value: 0 Maximum value: 2147483647 |
bword-table | Banned word table ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
urlfilter-table | URL filter table ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
content-header-list | Content header list. | integer | Minimum value: 0 Maximum value: 4294967295 |
blacklist | Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. enable: Enable setting. disable: Disable setting. |
option | - |
whitelist | FortiGuard whitelist settings. exempt-av: Exempt antivirus. exempt-webcontent: Exempt web content. exempt-activex-java-cookie: Exempt ActiveX-JAVA-Cookie. exempt-dlp: Exempt DLP. exempt-rangeblock: Exempt RangeBlock. extended-log-others: Support extended log. |
option | - |
safe-search | Safe search type. url: Insert safe search string into URL. header: Insert safe search header. |
option | - |
youtube-restrict | YouTube EDU filter level. none: Full access for YouTube. strict: Strict access for YouTube. moderate: Moderate access for YouTube. |
option | - |
log-search | Enable/disable logging all search phrases. enable: Enable setting. disable: Disable setting. |
option | - |
keyword-match <pattern> |
Search keywords to log when match is found. Pattern/keyword to search for. |
string | Maximum length: 79 |
Parameter Name | Description | Type | Size |
---|---|---|---|
channel-id | YouTube channel ID to be filtered. | string | Maximum length: 255 |
comment | Comment. | var-string | Maximum length: 255 |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Options for FortiGuard Web Filter. error-allow: Allow web pages with a rating error to pass through. rate-server-ip: Rate the server IP in addition to the domain name. connect-request-bypass: Bypass connection which has CONNECT request. ftgd-disable: Disable FortiGuard scanning. |
option | - |
exempt-quota | Do not stop quota for these categories. | user | Not Specified |
ovrd | Allow web filter profile overrides. | user | Not Specified |
max-quota-timeout | Maximum FortiGuard quota used by single page view in seconds (excludes streams). | integer | Minimum value: 1 Maximum value: 86400 |
rate-image-urls | Enable/disable rating images by URL. disable: Disable rating images by URL (blocked images are replaced with blanks). enable: Enable rating images by URL (blocked images are replaced with blanks). |
option | - |
rate-javascript-urls | Enable/disable rating JavaScript by URL. disable: Disable rating JavaScript by URL. enable: Enable rating JavaScript by URL. |
option | - |
rate-css-urls | Enable/disable rating CSS by URL. disable: Disable rating CSS by URL. enable: Enable rating CSS by URL. |
option | - |
rate-crl-urls | Enable/disable rating CRL by URL. disable: Disable rating CRL by URL. enable: Enable rating CRL by URL. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | Categories and groups the filter examines. | integer | Minimum value: 0 Maximum value: 255 |
action | Action to take for matches. block: Block access. authenticate: Authenticate user before allowing access. monitor: Allow access while logging the action. warning: Allow access after warning the user. |
option | - |
warn-duration | Duration of warnings. | user | Not Specified |
auth-usr-grp <name> |
Groups with permission to authenticate. User group name. |
string | Maximum length: 79 |
log | Enable/disable logging. enable: Enable setting. disable: Disable setting. |
option | - |
override-replacemsg | Override replacement message. | string | Maximum length: 28 |
warning-prompt | Warning prompts in each category or each domain. per-domain: Per-domain warnings. per-category: Per-category warnings. |
option | - |
warning-duration-type | Re-display warning after closing browser or after a timeout. session: After session ends. timeout: After timeout occurs. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | FortiGuard categories to apply quota to (category action must be set to monitor). | user | Not Specified |
type | Quota type. time: Use a time-based quota. traffic: Use a traffic-based quota. |
option | - |
unit | Traffic quota unit of measurement. B: Quota in bytes. KB: Quota in kilobytes. MB: Quota in megabytes. GB: Quota in gigabytes. |
option | - |
value | Traffic quota value. | integer | Minimum value: 1 Maximum value: 4294967295 |
duration | Duration of quota. | user | Not Specified |
override-replacemsg | Override replacement message. | string | Maximum length: 28 |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Toggle AntiPhishing functionality. enable: Enable AntiPhishing functionality. disable: Disable AntiPhishing functionality. |
option | - |
domain-controller | Domain for which to verify received credentials against. | string | Maximum length: 63 |
default-action | Action to be taken when there is no matching rule. exempt: Exempt requests from matching. log: Log all matched requests. block: Block all matched requests. |
option | - |
check-uri | Enable/disable checking of GET URI parameters for known credentials. enable: Enable checking of GET URI for username and password fields. disable: Disable checking of GET URI for username and password fields. |
option | - |
check-basic-auth | Enable/disable checking of HTTP Basic Auth field for known credentials. enable: Enable checking of HTTP Basic Auth field for known credentials. disable: Disable checking of HTTP Basic Auth field for known credentials. |
option | - |
max-body-len | Maximum size of a POST body to check for credentials. | integer | Minimum value: 0 Maximum value: 4294967295 |
Parameter Name | Description | Type | Size |
---|---|---|---|
fortiguard-category | FortiGuard category to match. | user | Not Specified |
action | Action to be taken upon an AntiPhishing match. exempt: Exempt requests from matching. log: Log all matched requests. block: Block all matched requests. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | Category that the pattern matches. username: Pattern matches username fields. password: Pattern matches password fields. |
option | - |