Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.0.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config firewall sniffer

    config firewall sniffer

    Configure sniffer.

    config firewall sniffer

    Description: Configure sniffer.

    edit <id>

    set status [enable|disable]

    set logtraffic [all|utm|...]

    set ipv6 [enable|disable]

    set non-ip [enable|disable]

    set interface {string}

    set host {string}

    set port {string}

    set protocol {string}

    set vlan {string}

    set application-list-status [enable|disable]

    set application-list {string}

    set ips-sensor-status [enable|disable]

    set ips-sensor {string}

    set dsri [enable|disable]

    set av-profile-status [enable|disable]

    set av-profile {string}

    set webfilter-profile-status [enable|disable]

    set webfilter-profile {string}

    set emailfilter-profile-status [enable|disable]

    set emailfilter-profile {string}

    set dlp-sensor-status [enable|disable]

    set dlp-sensor {string}

    set ip-threatfeed-status [enable|disable]

    set ip-threatfeed <name1>, <name2>, ...

    set file-filter-profile-status [enable|disable]

    set file-filter-profile {string}

    set ips-dos-status [enable|disable]

    config anomaly

    Description: Configuration method to edit Denial of Service (DoS) anomaly settings.

    edit <name>

    set status [disable|enable]

    set log [enable|disable]

    set action [pass|block]

    set quarantine [none|attacker]

    set quarantine-expiry {user}

    set quarantine-log [disable|enable]

    set threshold {integer}

    set threshold(default) {integer}

    next

    end

    set max-packet-count {integer}

    next

    end

    config firewall sniffer

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable the active status of the sniffer.

    option

    -

    enable

    Option

    Description

    enable

    Enable sniffer status.

    disable

    Disable sniffer status.

    logtraffic

    Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.

    option

    -

    utm

    Option

    Description

    all

    Log all sessions accepted or denied by this policy.

    utm

    Log traffic that has a security profile applied to it.

    disable

    Disable all logging for this policy.

    ipv6

    Enable/disable sniffing IPv6 packets.

    option

    -

    disable

    Option

    Description

    enable

    Enable sniffer for IPv6 packets.

    disable

    Disable sniffer for IPv6 packets.

    non-ip

    Enable/disable sniffing non-IP packets.

    option

    -

    disable

    Option

    Description

    enable

    Enable sniffer for non-IP packets.

    disable

    Disable sniffer for non-IP packets.

    interface

    Interface name that traffic sniffing will take place on.

    string

    Maximum length: 35

    host

    Hosts to filter for in sniffer traffic .

    string

    Maximum length: 63

    port

    Ports to sniff .

    string

    Maximum length: 63

    protocol

    Integer value for the protocol type as defined by IANA .

    string

    Maximum length: 63

    vlan

    List of VLANs to sniff.

    string

    Maximum length: 63

    application-list-status

    Enable/disable application control profile.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    application-list

    Name of an existing application list.

    string

    Maximum length: 35

    ips-sensor-status

    Enable/disable IPS sensor.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ips-sensor

    Name of an existing IPS sensor.

    string

    Maximum length: 35

    dsri

    Enable/disable DSRI.

    option

    -

    disable

    Option

    Description

    enable

    Enable DSRI.

    disable

    Disable DSRI.

    av-profile-status

    Enable/disable antivirus profile.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    av-profile

    Name of an existing antivirus profile.

    string

    Maximum length: 35

    webfilter-profile-status

    Enable/disable web filter profile.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    webfilter-profile

    Name of an existing web filter profile.

    string

    Maximum length: 35

    emailfilter-profile-status

    Enable/disable emailfilter.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    emailfilter-profile

    Name of an existing email filter profile.

    string

    Maximum length: 35

    dlp-sensor-status

    Enable/disable DLP sensor.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    dlp-sensor

    Name of an existing DLP sensor.

    string

    Maximum length: 35

    ip-threatfeed-status

    Enable/disable IP threat feed.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ip-threatfeed <name>

    Name of an existing IP threat feed.

    Threat feed name.

    string

    Maximum length: 79

    file-filter-profile-status

    Enable/disable file filter.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    file-filter-profile

    Name of an existing file-filter profile.

    string

    Maximum length: 35

    ips-dos-status

    Enable/disable IPS DoS anomaly detection.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    max-packet-count

    Maximum packet count .

    integer

    Minimum value: 1 Maximum value: 10000 **

    4000

    ** Values may differ between models.

    config anomaly

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable this anomaly.

    option

    -

    disable

    Option

    Description

    disable

    Disable this status.

    enable

    Enable this status.

    log

    Enable/disable anomaly logging.

    option

    -

    disable

    Option

    Description

    enable

    Enable anomaly logging.

    disable

    Disable anomaly logging.

    action

    Action taken when the threshold is reached.

    option

    -

    pass

    Option

    Description

    pass

    Allow traffic but record a log message if logging is enabled.

    block

    Block traffic if this anomaly is found.

    quarantine

    Quarantine method.

    option

    -

    none

    Option

    Description

    none

    Quarantine is disabled.

    attacker

    Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

    quarantine-expiry

    Duration of quarantine. . Requires quarantine set to attacker.

    user

    Not Specified

    5m

    quarantine-log

    Enable/disable quarantine logging.

    option

    -

    enable

    Option

    Description

    disable

    Disable quarantine logging.

    enable

    Enable quarantine logging.

    threshold

    Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.

    integer

    Minimum value: 1 Maximum value: 2147483647

    0

    threshold(default)

    Number of detected instances per minute which triggers action . Note that each anomaly has a different threshold value assigned to it.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0
    Previous
    Next

    config firewall sniffer

    config firewall sniffer

    Configure sniffer.

    config firewall sniffer

    Description: Configure sniffer.

    edit <id>

    set status [enable|disable]

    set logtraffic [all|utm|...]

    set ipv6 [enable|disable]

    set non-ip [enable|disable]

    set interface {string}

    set host {string}

    set port {string}

    set protocol {string}

    set vlan {string}

    set application-list-status [enable|disable]

    set application-list {string}

    set ips-sensor-status [enable|disable]

    set ips-sensor {string}

    set dsri [enable|disable]

    set av-profile-status [enable|disable]

    set av-profile {string}

    set webfilter-profile-status [enable|disable]

    set webfilter-profile {string}

    set emailfilter-profile-status [enable|disable]

    set emailfilter-profile {string}

    set dlp-sensor-status [enable|disable]

    set dlp-sensor {string}

    set ip-threatfeed-status [enable|disable]

    set ip-threatfeed <name1>, <name2>, ...

    set file-filter-profile-status [enable|disable]

    set file-filter-profile {string}

    set ips-dos-status [enable|disable]

    config anomaly

    Description: Configuration method to edit Denial of Service (DoS) anomaly settings.

    edit <name>

    set status [disable|enable]

    set log [enable|disable]

    set action [pass|block]

    set quarantine [none|attacker]

    set quarantine-expiry {user}

    set quarantine-log [disable|enable]

    set threshold {integer}

    set threshold(default) {integer}

    next

    end

    set max-packet-count {integer}

    next

    end

    config firewall sniffer

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable the active status of the sniffer.

    option

    -

    enable

    Option

    Description

    enable

    Enable sniffer status.

    disable

    Disable sniffer status.

    logtraffic

    Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy.

    option

    -

    utm

    Option

    Description

    all

    Log all sessions accepted or denied by this policy.

    utm

    Log traffic that has a security profile applied to it.

    disable

    Disable all logging for this policy.

    ipv6

    Enable/disable sniffing IPv6 packets.

    option

    -

    disable

    Option

    Description

    enable

    Enable sniffer for IPv6 packets.

    disable

    Disable sniffer for IPv6 packets.

    non-ip

    Enable/disable sniffing non-IP packets.

    option

    -

    disable

    Option

    Description

    enable

    Enable sniffer for non-IP packets.

    disable

    Disable sniffer for non-IP packets.

    interface

    Interface name that traffic sniffing will take place on.

    string

    Maximum length: 35

    host

    Hosts to filter for in sniffer traffic .

    string

    Maximum length: 63

    port

    Ports to sniff .

    string

    Maximum length: 63

    protocol

    Integer value for the protocol type as defined by IANA .

    string

    Maximum length: 63

    vlan

    List of VLANs to sniff.

    string

    Maximum length: 63

    application-list-status

    Enable/disable application control profile.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    application-list

    Name of an existing application list.

    string

    Maximum length: 35

    ips-sensor-status

    Enable/disable IPS sensor.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ips-sensor

    Name of an existing IPS sensor.

    string

    Maximum length: 35

    dsri

    Enable/disable DSRI.

    option

    -

    disable

    Option

    Description

    enable

    Enable DSRI.

    disable

    Disable DSRI.

    av-profile-status

    Enable/disable antivirus profile.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    av-profile

    Name of an existing antivirus profile.

    string

    Maximum length: 35

    webfilter-profile-status

    Enable/disable web filter profile.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    webfilter-profile

    Name of an existing web filter profile.

    string

    Maximum length: 35

    emailfilter-profile-status

    Enable/disable emailfilter.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    emailfilter-profile

    Name of an existing email filter profile.

    string

    Maximum length: 35

    dlp-sensor-status

    Enable/disable DLP sensor.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    dlp-sensor

    Name of an existing DLP sensor.

    string

    Maximum length: 35

    ip-threatfeed-status

    Enable/disable IP threat feed.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    ip-threatfeed <name>

    Name of an existing IP threat feed.

    Threat feed name.

    string

    Maximum length: 79

    file-filter-profile-status

    Enable/disable file filter.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    file-filter-profile

    Name of an existing file-filter profile.

    string

    Maximum length: 35

    ips-dos-status

    Enable/disable IPS DoS anomaly detection.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    max-packet-count

    Maximum packet count .

    integer

    Minimum value: 1 Maximum value: 10000 **

    4000

    ** Values may differ between models.

    config anomaly

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable this anomaly.

    option

    -

    disable

    Option

    Description

    disable

    Disable this status.

    enable

    Enable this status.

    log

    Enable/disable anomaly logging.

    option

    -

    disable

    Option

    Description

    enable

    Enable anomaly logging.

    disable

    Disable anomaly logging.

    action

    Action taken when the threshold is reached.

    option

    -

    pass

    Option

    Description

    pass

    Allow traffic but record a log message if logging is enabled.

    block

    Block traffic if this anomaly is found.

    quarantine

    Quarantine method.

    option

    -

    none

    Option

    Description

    none

    Quarantine is disabled.

    attacker

    Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

    quarantine-expiry

    Duration of quarantine. . Requires quarantine set to attacker.

    user

    Not Specified

    5m

    quarantine-log

    Enable/disable quarantine logging.

    option

    -

    enable

    Option

    Description

    disable

    Disable quarantine logging.

    enable

    Enable quarantine logging.

    threshold

    Anomaly threshold. Number of detected instances per minute that triggers the anomaly action.

    integer

    Minimum value: 1 Maximum value: 2147483647

    0

    threshold(default)

    Number of detected instances per minute which triggers action . Note that each anomaly has a different threshold value assigned to it.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0
    Previous
    Next