Firewall profile command keywords and variables – Fortinet 100A User Manual

230

01-28007-0068-20041203

Fortinet Inc.

Profile CLI configuration

Firewall

firewall profile command keywords and variables

Keywords and
variables

Description

Default

Availability

ftp
{block
content-archive
no-content-summary
oversize
quarantine scan
splice}

Select the actions that this profile will

use for filtering FTP traffic for a policy.
• Enter splice to enable the

FortiGate unit to simultaneously

buffer a file for scanning and upload

the file to an FTP server. If a virus is

detected, the FortiGate unit stops the

upload and attempts to delete the

partially uploaded file from the FTP

server. To delete the file successfully,

the server permissions must be set

to allow deletes. When downloading

files from an FTP server the

FortiGate unit sends 1 byte every 30

seconds to prevent the client from

timing out during scanning and

download. If a virus is detected, the

FortiGate unit stops the download.

The user must then delete the

partially downloaded file. There

should not be enough content in the

file to cause any harm. Enabling

splice reduces timeouts when

uploading and downloading large

files. When splice is disabled for ftp,

the FortiGate unit buffers the file for

scanning before uploading it to the

FTP server. If the file is clean, the

FortiGate unit will allow the upload to

continue.

Enter all the actions you want this

profile to use. Use a space to separate

the options you enter. If you want to

remove an option from the list or add

an option to the list, you must retype

the list with the option removed or

added.

splice

All models.

http
{bannedword block
catblock
chunkedbypass
content-archive
no-content-summary
oversize
quarantine
rangeblock scan
scriptfilter
urlblock
urlexempt}

Select the actions that this profile will

use for filtering HTTP traffic for a

policy.
• Enter chunkedbypass to allow web

sites that use chunked encoding for

HTTP to bypass the firewall.

Chunked encoding means the HTTP

message body is altered to allow it to

be transferred in a series of chunks.

Use this feature at your own risk.

Malicious content could enter your

network if you allow web content to

bypass the firewall.

Enter all the actions you want this

profile to use. Use a space to separate

the options you enter. If you want to

remove an option from the list or add

an option to the list, you must retype

the list with the option removed or

added.

No default. All models.