230 01-28007-0068-20041203 Fortinet Inc.
Profile CLI configuration Firewall
firewall profile command keywords and variables
Keywords and
variables
Description Default Availability
ftp
{block
content-archive
no-content-summary
oversize
quarantine scan
splice}
Select the actions that this profile will
use for filtering FTP traffic for a policy.
• Enter splice to enable the
FortiGate unit to simultaneously
buffer a file for scanning and upload
the file to an FTP server. If a virus is
detected, the FortiGate unit stops the
upload and attempts to delete the
partially uploaded file from the FTP
server. To delete the file successfully,
the server permissions must be set
to allow deletes. When downloading
files from an FTP server the
FortiGate unit sends 1 byte every 30
seconds to prevent the client from
timing out during scanning and
download. If a virus is detected, the
FortiGate unit stops the download.
The user must then delete the
partially downloaded file. There
should not be enough content in the
file to cause any harm. Enabling
splice reduces timeouts when
uploading and downloading large
files. When splice is disabled for ftp,
the FortiGate unit buffers the file for
scanning before uploading it to the
FTP server. If the file is clean, the
FortiGate unit will allow the upload to
continue.
Enter all the actions you want this
profile to use. Use a space to separate
the options you enter. If you want to
remove an option from the list or add
an option to the list, you must retype
the list with the option removed or
added.
splice All models.
http
{bannedword block
catblock
chunkedbypass
content-archive
no-content-summary
oversize
quarantine
rangeblock scan
scriptfilter
urlblock
urlexempt}
Select the actions that this profile will
use for filtering HTTP traffic for a
policy.
• Enter chunkedbypass to allow web
sites that use chunked encoding for
HTTP to bypass the firewall.
Chunked encoding means the HTTP
message body is altered to allow it to
be transferred in a series of chunks.
Use this feature at your own risk.
Malicious content could enter your
network if you allow web content to
bypass the firewall.
Enter all the actions you want this
profile to use. Use a space to separate
the options you enter. If you want to
remove an option from the list or add
an option to the list, you must retype
the list with the option removed or
added.
No default. All models.