Fortinet white logo
Fortinet white logo

CLI Reference

config firewall profile-protocol-options

config firewall profile-protocol-options

Configure protocol options.

config firewall profile-protocol-options

Description: Configure protocol options.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set oversize-log [disable|enable]

set switching-protocols-log [disable|enable]

config http

Description: Configure HTTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set range-block [disable|enable]

set strip-x-forwarded-for [disable|enable]

set post-lang {option1}, {option2}, ...

set streaming-content-bypass [enable|disable]

set switching-protocols [bypass|block]

set unknown-http-version [reject|tunnel|...]

set tunnel-non-http [enable|disable]

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set block-page-status-code {integer}

set retry-count {integer}

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

set address-ip-rating [enable|disable]

end

config ftp

Description: Configure FTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

end

config imap

Description: Configure IMAP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config mapi

Description: Configure MAPI protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config pop3

Description: Configure POP3 protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config smtp

Description: Configure SMTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set server-busy [enable|disable]

set ssl-offloaded [no|yes]

end

config nntp

Description: Configure NNTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config ssh

Description: Configure SFTP and SCP protocol options.

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

end

config dns

Description: Configure DNS protocol options.

set ports {integer}

set status [enable|disable]

end

config cifs

Description: Configure CIFS protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set server-credential-type [none|credential-replication|...]

set domain-controller {string}

config server-keytab

Description: Server keytab.

edit <principal>

set keytab {string}

next

end

end

config mail-signature

Description: Configure Mail signature.

set status [disable|enable]

set signature {string}

end

set rpc-over-http [enable|disable]

next

end

config firewall profile-protocol-options

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

replacemsg-group

Name of the replacement message group to be used.

string

Maximum length: 35

oversize-log

Enable/disable logging for antivirus oversize file blocking.

option

-

disable

Option

Description

disable

Disable logging for antivirus oversize file blocking.

enable

Enable logging for antivirus oversize file blocking.

switching-protocols-log

Enable/disable logging for HTTP/HTTPS switching protocols.

option

-

disable

Option

Description

disable

Disable logging for HTTP/HTTPS switching protocols.

enable

Enable logging for HTTP/HTTPS switching protocols.

rpc-over-http

Enable/disable inspection of RPC over HTTP.

option

-

disable

Option

Description

enable

Enable inspection of RPC over HTTP.

disable

Disable inspection of RPC over HTTP.

config http

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

clientcomfort

Prevent client timeout.

servercomfort

Prevent server timeout.

oversize

Block oversized file.

chunkedbypass

Bypass chunked transfer encoded sites.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

10

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

1

range-block

Enable/disable blocking of partial downloads.

option

-

disable

Option

Description

disable

Disable range header blocking (allow partial file downloads)

enable

Enable range header blocking (treat all partial file downloads as full file download)

strip-x-forwarded-for

Enable/disable stripping of HTTP X-Forwarded-For header.

option

-

disable

Option

Description

disable

Disable changing of HTTP X-Forwarded-For header.

enable

Enable replacement of X-Forwarded-For value with 1.1.1.1.

post-lang

ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets).

option

-

Option

Description

jisx0201

Japanese Industrial Standard 0201.

jisx0208

Japanese Industrial Standard 0208.

jisx0212

Japanese Industrial Standard 0212.

gb2312

Guojia Biaozhun 2312 (simplified Chinese).

ksc5601-ex

Wansung Korean standard 5601.

euc-jp

Extended Unicode Japanese.

sjis

Shift Japanese Industrial Standard.

iso2022-jp

ISO 2022 Japanese.

iso2022-jp-1

ISO 2022-1 Japanese.

iso2022-jp-2

ISO 2022-2 Japanese.

euc-cn

Extended Unicode Chinese.

ces-gbk

Extended GB2312 (simplified Chinese).

hz

Hanzi simplified Chinese.

ces-big5

Big-5 traditional Chinese.

euc-kr

Extended Unicode Korean.

iso2022-jp-3

ISO 2022-3 Japanese.

iso8859-1

ISO 8859 Part 1 (Western European).

tis620

Thai Industrial Standard 620.

cp874

Code Page 874 (Thai).

cp1252

Code Page 1252 (Western European Latin).

cp1251

Code Page 1251 (Cyrillic).

streaming-content-bypass

Enable/disable bypassing of streaming content from buffering.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

switching-protocols

Bypass from scanning, or block a connection that attempts to switch protocol.

option

-

bypass

Option

Description

bypass

Bypass connections when switching protocols.

block

Block connections when switching protocols.

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

-

reject

Option

Description

reject

Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.

tunnel

Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

best-effort

Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

-

enable

Option

Description

enable

Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

disable

Drop or tear down non-HTTP sessions accepted by the profile.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

0

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

block-page-status-code

Code number returned for blocked HTTP pages .

integer

Minimum value: 100 Maximum value: 599

403

retry-count

Number of attempts to retry HTTP connection .

integer

Minimum value: 0 Maximum value: 100

0

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

address-ip-rating

Enable/disable IP based URL rating.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

** Values may differ between models.

config ftp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

clientcomfort

Prevent client timeout.

oversize

Block oversized file.

splice

Enable splice mode.

bypass-rest-command

Bypass REST command.

bypass-mode-command

Bypass MODE command.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

10

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

1

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

0

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config imap

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config mapi

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

** Values may differ between models.

config pop3

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config smtp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

splice

Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

server-busy

Enable/disable SMTP server busy when server not available.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config nntp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

oversize

Block oversized file.

splice

Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

** Values may differ between models.

config ssh

Parameter

Description

Type

Size

Default

options

One or more options that can be applied to the session.

option

-

Option

Description

oversize

Block oversized file.

clientcomfort

Prevent client timeout.

servercomfort

Prevent server timeout.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

10

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

1

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

0

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config dns

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

config cifs

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

oversize

Block oversized file.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

server-credential-type

CIFS server credential type.

option

-

none

Option

Description

none

Credential derivation not set.

credential-replication

Credential derived using Replication account on Domain Controller.

credential-keytab

Credential derived using server keytab.

domain-controller

Domain for which to decrypt CIFS traffic.

string

Maximum length: 63

** Values may differ between models.

config server-keytab

Parameter

Description

Type

Size

Default

keytab

Base64 encoded keytab file containing credential of the server.

string

Maximum length: 8191

config mail-signature

Parameter

Description

Type

Size

Default

status

Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate.

option

-

disable

Option

Description

disable

Disable mail signature.

enable

Enable mail signature.

signature

Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks).

string

Maximum length: 1023

config firewall profile-protocol-options

config firewall profile-protocol-options

Configure protocol options.

config firewall profile-protocol-options

Description: Configure protocol options.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set oversize-log [disable|enable]

set switching-protocols-log [disable|enable]

config http

Description: Configure HTTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set range-block [disable|enable]

set strip-x-forwarded-for [disable|enable]

set post-lang {option1}, {option2}, ...

set streaming-content-bypass [enable|disable]

set switching-protocols [bypass|block]

set unknown-http-version [reject|tunnel|...]

set tunnel-non-http [enable|disable]

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set block-page-status-code {integer}

set retry-count {integer}

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

set address-ip-rating [enable|disable]

end

config ftp

Description: Configure FTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

end

config imap

Description: Configure IMAP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config mapi

Description: Configure MAPI protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config pop3

Description: Configure POP3 protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set ssl-offloaded [no|yes]

end

config smtp

Description: Configure SMTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set server-busy [enable|disable]

set ssl-offloaded [no|yes]

end

config nntp

Description: Configure NNTP protocol options.

set ports {integer}

set status [enable|disable]

set inspect-all [enable|disable]

set proxy-after-tcp-handshake [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

end

config ssh

Description: Configure SFTP and SCP protocol options.

set options {option1}, {option2}, ...

set comfort-interval {integer}

set comfort-amount {integer}

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set stream-based-uncompressed-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set ssl-offloaded [no|yes]

end

config dns

Description: Configure DNS protocol options.

set ports {integer}

set status [enable|disable]

end

config cifs

Description: Configure CIFS protocol options.

set ports {integer}

set status [enable|disable]

set options {option1}, {option2}, ...

set oversize-limit {integer}

set uncompressed-oversize-limit {integer}

set uncompressed-nest-limit {integer}

set scan-bzip2 [enable|disable]

set tcp-window-type [auto-tuning|system|...]

set tcp-window-minimum {integer}

set tcp-window-maximum {integer}

set tcp-window-size {integer}

set server-credential-type [none|credential-replication|...]

set domain-controller {string}

config server-keytab

Description: Server keytab.

edit <principal>

set keytab {string}

next

end

end

config mail-signature

Description: Configure Mail signature.

set status [disable|enable]

set signature {string}

end

set rpc-over-http [enable|disable]

next

end

config firewall profile-protocol-options

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

replacemsg-group

Name of the replacement message group to be used.

string

Maximum length: 35

oversize-log

Enable/disable logging for antivirus oversize file blocking.

option

-

disable

Option

Description

disable

Disable logging for antivirus oversize file blocking.

enable

Enable logging for antivirus oversize file blocking.

switching-protocols-log

Enable/disable logging for HTTP/HTTPS switching protocols.

option

-

disable

Option

Description

disable

Disable logging for HTTP/HTTPS switching protocols.

enable

Enable logging for HTTP/HTTPS switching protocols.

rpc-over-http

Enable/disable inspection of RPC over HTTP.

option

-

disable

Option

Description

enable

Enable inspection of RPC over HTTP.

disable

Disable inspection of RPC over HTTP.

config http

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

clientcomfort

Prevent client timeout.

servercomfort

Prevent server timeout.

oversize

Block oversized file.

chunkedbypass

Bypass chunked transfer encoded sites.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

10

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

1

range-block

Enable/disable blocking of partial downloads.

option

-

disable

Option

Description

disable

Disable range header blocking (allow partial file downloads)

enable

Enable range header blocking (treat all partial file downloads as full file download)

strip-x-forwarded-for

Enable/disable stripping of HTTP X-Forwarded-For header.

option

-

disable

Option

Description

disable

Disable changing of HTTP X-Forwarded-For header.

enable

Enable replacement of X-Forwarded-For value with 1.1.1.1.

post-lang

ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets).

option

-

Option

Description

jisx0201

Japanese Industrial Standard 0201.

jisx0208

Japanese Industrial Standard 0208.

jisx0212

Japanese Industrial Standard 0212.

gb2312

Guojia Biaozhun 2312 (simplified Chinese).

ksc5601-ex

Wansung Korean standard 5601.

euc-jp

Extended Unicode Japanese.

sjis

Shift Japanese Industrial Standard.

iso2022-jp

ISO 2022 Japanese.

iso2022-jp-1

ISO 2022-1 Japanese.

iso2022-jp-2

ISO 2022-2 Japanese.

euc-cn

Extended Unicode Chinese.

ces-gbk

Extended GB2312 (simplified Chinese).

hz

Hanzi simplified Chinese.

ces-big5

Big-5 traditional Chinese.

euc-kr

Extended Unicode Korean.

iso2022-jp-3

ISO 2022-3 Japanese.

iso8859-1

ISO 8859 Part 1 (Western European).

tis620

Thai Industrial Standard 620.

cp874

Code Page 874 (Thai).

cp1252

Code Page 1252 (Western European Latin).

cp1251

Code Page 1251 (Cyrillic).

streaming-content-bypass

Enable/disable bypassing of streaming content from buffering.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

switching-protocols

Bypass from scanning, or block a connection that attempts to switch protocol.

option

-

bypass

Option

Description

bypass

Bypass connections when switching protocols.

block

Block connections when switching protocols.

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

-

reject

Option

Description

reject

Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.

tunnel

Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

best-effort

Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

-

enable

Option

Description

enable

Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

disable

Drop or tear down non-HTTP sessions accepted by the profile.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

0

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

block-page-status-code

Code number returned for blocked HTTP pages .

integer

Minimum value: 100 Maximum value: 599

403

retry-count

Number of attempts to retry HTTP connection .

integer

Minimum value: 0 Maximum value: 100

0

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

address-ip-rating

Enable/disable IP based URL rating.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

** Values may differ between models.

config ftp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

clientcomfort

Prevent client timeout.

oversize

Block oversized file.

splice

Enable splice mode.

bypass-rest-command

Bypass REST command.

bypass-mode-command

Bypass MODE command.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

10

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

1

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

0

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config imap

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config mapi

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

** Values may differ between models.

config pop3

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config smtp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

fragmail

Pass fragmented email.

oversize

Block oversized email.

splice

Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

server-busy

Enable/disable SMTP server busy when server not available.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config nntp

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

inspect-all

Enable/disable the inspection of all ports for the protocol.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

proxy-after-tcp-handshake

Proxy traffic after the TCP 3-way handshake has been established (not before).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

oversize

Block oversized file.

splice

Enable splice mode.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

** Values may differ between models.

config ssh

Parameter

Description

Type

Size

Default

options

One or more options that can be applied to the session.

option

-

Option

Description

oversize

Block oversized file.

clientcomfort

Prevent client timeout.

servercomfort

Prevent server timeout.

comfort-interval

Period of time between start, or last transmission, and the next client comfort transmission of data .

integer

Minimum value: 1 Maximum value: 900

10

comfort-amount

Amount of data to send in a transmission for client comforting .

integer

Minimum value: 1 Maximum value: 65535

1

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

stream-based-uncompressed-limit

Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions .

integer

Minimum value: 0 Maximum value: 4294967295

0

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

ssl-offloaded

SSL decryption and encryption performed by an external device.

option

-

no

Option

Description

no

SSL decryption and encryption performed by FortiGate when deep-inspection is enabled.

yes

SSL decryption and encryption performed by an external device.

** Values may differ between models.

config dns

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

config cifs

Parameter

Description

Type

Size

Default

ports

Ports to scan for content .

integer

Minimum value: 1 Maximum value: 65535

status

Enable/disable the active status of scanning for this protocol.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

options

One or more options that can be applied to the session.

option

-

Option

Description

oversize

Block oversized file.

oversize-limit

Maximum in-memory file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-oversize-limit

Maximum in-memory uncompressed file size that can be scanned .

integer

Minimum value: 1 Maximum value: 383 **

10

uncompressed-nest-limit

Maximum nested levels of compression that can be uncompressed and scanned .

integer

Minimum value: 2 Maximum value: 100

12

scan-bzip2

Enable/disable scanning of BZip2 compressed files.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

tcp-window-type

TCP window type to use for this protocol.

option

-

auto-tuning

Option

Description

auto-tuning

Allow system to auto-tune TCP window size (default).

system

Use system default TCP window size for this protocol.

static

Manually specify TCP window size.

dynamic

Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.

tcp-window-minimum

Minimum dynamic TCP window size.

integer

Minimum value: 65536 Maximum value: 1048576

131072

tcp-window-maximum

Maximum dynamic TCP window size.

integer

Minimum value: 1048576 Maximum value: 33554432

8388608

tcp-window-size

Set TCP static window size.

integer

Minimum value: 65536 Maximum value: 33554432

262144

server-credential-type

CIFS server credential type.

option

-

none

Option

Description

none

Credential derivation not set.

credential-replication

Credential derived using Replication account on Domain Controller.

credential-keytab

Credential derived using server keytab.

domain-controller

Domain for which to decrypt CIFS traffic.

string

Maximum length: 63

** Values may differ between models.

config server-keytab

Parameter

Description

Type

Size

Default

keytab

Base64 encoded keytab file containing credential of the server.

string

Maximum length: 8191

config mail-signature

Parameter

Description

Type

Size

Default

status

Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate.

option

-

disable

Option

Description

disable

Disable mail signature.

enable

Enable mail signature.

signature

Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks).

string

Maximum length: 1023