config firewall profile-protocol-options
Configure protocol options.
config firewall profile-protocol-options Description: Configure protocol options. edit <name> config cifs Description: Configure CIFS protocol options. set ports {integer} set status [enable|disable] set server-credential-type [none|credential-replication|...] config server-keytab Description: Server keytab. edit <principal> set keytab {string} next end end set comment {var-string} config dns Description: Configure DNS protocol options. set ports {integer} set status [enable|disable] end config ftp Description: Configure FTP protocol options. set ports {integer} set status [enable|disable] set inspect-all [enable|disable] set options {option1}, {option2}, ... set comfort-interval {integer} set comfort-amount {integer} set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] set ssl-offloaded [no|yes] end config http Description: Configure HTTP protocol options. set ports {integer} set status [enable|disable] set inspect-all [enable|disable] set options {option1}, {option2}, ... set comfort-interval {integer} set comfort-amount {integer} set range-block [disable|enable] set strip-x-forwarded-for [disable|enable] set post-lang {option1}, {option2}, ... set fortinet-bar [enable|disable] set fortinet-bar-port {integer} set streaming-content-bypass [enable|disable] set switching-protocols [bypass|block] set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set stream-based-uncompressed-limit {integer} set scan-bzip2 [enable|disable] set block-page-status-code {integer} set retry-count {integer} set tcp-window-type [system|static|...] set tcp-window-minimum {integer} set tcp-window-maximum {integer} set tcp-window-size {integer} set ssl-offloaded [no|yes] end config imap Description: Configure IMAP protocol options. set ports {integer} set status [enable|disable] set inspect-all [enable|disable] set options {option1}, {option2}, ... set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] set ssl-offloaded [no|yes] end config mail-signature Description: Configure Mail signature. set status [disable|enable] set signature {string} end config mapi Description: Configure MAPI protocol options. set ports {integer} set status [enable|disable] set options {option1}, {option2}, ... set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] end config nntp Description: Configure NNTP protocol options. set ports {integer} set status [enable|disable] set inspect-all [enable|disable] set options {option1}, {option2}, ... set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] end set oversize-log [disable|enable] config pop3 Description: Configure POP3 protocol options. set ports {integer} set status [enable|disable] set inspect-all [enable|disable] set options {option1}, {option2}, ... set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] set ssl-offloaded [no|yes] end set replacemsg-group {string} set rpc-over-http [enable|disable] config smtp Description: Configure SMTP protocol options. set ports {integer} set status [enable|disable] set inspect-all [enable|disable] set options {option1}, {option2}, ... set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] set server-busy [enable|disable] set ssl-offloaded [no|yes] end config ssh Description: Configure SFTP and SCP protocol options. set options {option1}, {option2}, ... set comfort-interval {integer} set comfort-amount {integer} set oversize-limit {integer} set uncompressed-oversize-limit {integer} set uncompressed-nest-limit {integer} set scan-bzip2 [enable|disable] end set switching-protocols-log [disable|enable] next end
config firewall profile-protocol-options
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
comment |
Optional comments. |
var-string |
Maximum length: 255 |
|||||||
name |
Name. |
string |
Maximum length: 35 |
|||||||
oversize-log |
Enable/disable logging for antivirus oversize file blocking. |
option |
- |
|||||||
|
|
|||||||||
replacemsg-group |
Name of the replacement message group to be used |
string |
Maximum length: 35 |
|||||||
rpc-over-http |
Enable/disable inspection of RPC over HTTP. |
option |
- |
|||||||
|
|
|||||||||
switching-protocols-log |
Enable/disable logging for HTTP/HTTPS switching protocols. |
option |
- |
|||||||
|
|
config cifs
Parameter |
Description |
Type |
Size |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||
|
|
|||||||||||
server-credential-type |
CIFS server credential type. |
option |
- |
|||||||||
|
|
config server-keytab
Parameter |
Description |
Type |
Size |
---|---|---|---|
principal |
Service principal. For example, "host/cifsserver.example.com@example.com". |
string |
Maximum length: 511 |
keytab |
Base64 encoded keytab file containing credential of the server. |
string |
Maximum length: 8191 |
config dns
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
config ftp
Parameter |
Description |
Type |
Size |
|||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
comfort-interval |
Period of time between start, or last transmission, and the next client comfort transmission of data. |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||||||||
comfort-amount |
Amount of data to send in a transmission for client comforting. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
|||||||||||||
|
|
** Values may differ between models.
config http
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||||||||||||||||||||||||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
comfort-interval |
Period of time between start, or last transmission, and the next client comfort transmission of data. |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||||||||||||||||||||||||||||||||||||||||
comfort-amount |
Amount of data to send in a transmission for client comforting. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||||||||||||||||||||||||||||
range-block |
Enable/disable blocking of partial downloads. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
strip-x-forwarded-for |
Enable/disable stripping of HTTP X-Forwarded-For header. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
post-lang |
ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
fortinet-bar |
Enable/disable Fortinet bar on HTML content. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
fortinet-bar-port |
Port for use by Fortinet Bar. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||||||||||||||||||||||||||||
streaming-content-bypass |
Enable/disable bypassing of streaming content from buffering. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
switching-protocols |
Bypass from scanning, or block a connection that attempts to switch protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||||||||||||||||||||||||||||||||||||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||||||||||||||||||||||||||||||||||||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||||||||||||||||||||||||||||||||||||||
stream-based-uncompressed-limit |
Maximum stream-based uncompressed data size that will be scanned. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||||||||||||||||||||||||||||||||||||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
block-page-status-code |
Code number returned for blocked HTTP pages. |
integer |
Minimum value: 100 Maximum value: 599 |
|||||||||||||||||||||||||||||||||||||||||||||
retry-count |
Number of attempts to retry HTTP connection. |
integer |
Minimum value: 0 Maximum value: 100 |
|||||||||||||||||||||||||||||||||||||||||||||
tcp-window-type |
Specify type of TCP window to use for this protocol. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||
tcp-window-minimum |
Minimum dynamic TCP window size. |
integer |
Minimum value: 65536 Maximum value: 1048576 |
|||||||||||||||||||||||||||||||||||||||||||||
tcp-window-maximum |
Maximum dynamic TCP window size. |
integer |
Minimum value: 1048576 Maximum value: 33554432 |
|||||||||||||||||||||||||||||||||||||||||||||
tcp-window-size |
Set TCP static window size. |
integer |
Minimum value: 65536 Maximum value: 33554432 |
|||||||||||||||||||||||||||||||||||||||||||||
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
|||||||||||||||||||||||||||||||||||||||||||||
|
|
** Values may differ between models.
config imap
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|||||||||
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
|||||||
|
|
|||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
|||||||||
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
|||||||
|
|
** Values may differ between models.
config mail-signature
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. |
option |
- |
|||||||
|
|
|||||||||
signature |
Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). |
string |
Maximum length: 1023 |
config mapi
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
** Values may differ between models.
config nntp
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|||||||||
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
|||||||
|
|
|||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
** Values may differ between models.
config pop3
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||
|
|
|||||||||
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
|||||||
|
|
|||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||
|
|
|||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||
|
|
|||||||||
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
|||||||
|
|
** Values may differ between models.
config smtp
Parameter |
Description |
Type |
Size |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ports |
Ports to scan for content. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
status |
Enable/disable the active status of scanning for this protocol. |
option |
- |
|||||||||
|
|
|||||||||||
inspect-all |
Enable/disable the inspection of all ports for the protocol. |
option |
- |
|||||||||
|
|
|||||||||||
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||
|
|
|||||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||
|
|
|||||||||||
server-busy |
Enable/disable SMTP server busy when server not available. |
option |
- |
|||||||||
|
|
|||||||||||
ssl-offloaded |
SSL decryption and encryption performed by an external device. |
option |
- |
|||||||||
|
|
** Values may differ between models.
config ssh
Parameter |
Description |
Type |
Size |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
One or more options that can be applied to the session. |
option |
- |
|||||||||
|
|
|||||||||||
comfort-interval |
Period of time between start, or last transmission, and the next client comfort transmission of data. |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||||
comfort-amount |
Amount of data to send in a transmission for client comforting. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
oversize-limit |
Maximum in-memory file size that can be scanned. |
integer |
Minimum value: 1 Maximum value: 1606 ** |
|||||||||
uncompressed-oversize-limit |
Maximum in-memory uncompressed file size that can be scanned. |
integer |
Minimum value: 0 Maximum value: 1606 ** |
|||||||||
uncompressed-nest-limit |
Maximum nested levels of compression that can be uncompressed and scanned. |
integer |
Minimum value: 2 Maximum value: 100 |
|||||||||
scan-bzip2 |
Enable/disable scanning of BZip2 compressed files. |
option |
- |
|||||||||
|
|
** Values may differ between models.