Firewall Profile CLI configuration
FortiGate-100A Administration Guide 01-28007-0068-20041203 229
To add a protection profile to a policy
You can enable protection profiles for firewall policies with action set to allow or
encrypt and with service set to ANY, HTTP, FTP, IMAP, POP3, SMTP, or a service
group that includes these services.
1 Go to Firewall > Policy.
2 Select a policy list to which you want to add a protection profile.
For example, to enable network protection for files downloaded from the web by
internal network users, select an internal to external policy list.
3 Select Create New to add a policy or select Edit for the policy you want to modify.
4 Select protection profile.
5 Select a protection profile from the list.
6 Configure the remaining policy settings, if required.
7 Select OK.
8 Repeat this procedure for any policies for which you want to enable network
protection.
Profile CLI configuration
Use this command to add, edit or delete protection profiles. Use protection profiles to
apply different protection settings for traffic controlled by firewall policies.
Command syntax pattern
config firewall profile
edit <profilename_str>
set <keyword> <variable>
end
config firewall profile
edit <profilename_str>
unset <keyword>
end
config firewall profile
delete <profilename_str>
end
get firewall profile [<profilename_str>]
show firewall profile [<profilename_str>]
Note: This guide only describes Command Line Interface (CLI) commands, keywords, or
variables (in bold) that are not represented in the web-based manager. For complete
descriptions and examples of how to use CLI commands see the FortiGate CLI Reference
Guide.