Support User Manuals

Fortinet 100A Router User Manual

Open as PDF

of 374

230 01-28007-0068-20041203 Fortinet Inc.

Profile CLI configuration Firewall

firewall profile command keywords and variables

Keywords and

variables

Description Default Availability

ftp

{block

content-archive

no-content-summary

oversize

quarantine scan

splice}

Select the actions that this profile will

use for filtering FTP traffic for a policy.

• Enter splice to enable the

FortiGate unit to simultaneously

buffer a file for scanning and upload

the file to an FTP server. If a virus is

detected, the FortiGate unit stops the

upload and attempts to delete the

partially uploaded file from the FTP

server. To delete the file successfully,

the server permissions must be set

to allow deletes. When downloading

files from an FTP server the

FortiGate unit sends 1 byte every 30

seconds to prevent the client from

timing out during scanning and

download. If a virus is detected, the

FortiGate unit stops the download.

The user must then delete the

partially downloaded file. There

should not be enough content in the

file to cause any harm. Enabling

splice reduces timeouts when

uploading and downloading large

files. When splice is disabled for ftp,

the FortiGate unit buffers the file for

scanning before uploading it to the

FTP server. If the file is clean, the

FortiGate unit will allow the upload to

continue.

Enter all the actions you want this

profile to use. Use a space to separate

the options you enter. If you want to

remove an option from the list or add

an option to the list, you must retype

the list with the option removed or

added.

splice All models.

http

{bannedword block

catblock

chunkedbypass

content-archive

no-content-summary

oversize

quarantine

rangeblock scan

scriptfilter

urlblock

urlexempt}

Select the actions that this profile will

use for filtering HTTP traffic for a

policy.

• Enter chunkedbypass to allow web

sites that use chunked encoding for

HTTP to bypass the firewall.

Chunked encoding means the HTTP

message body is altered to allow it to

be transferred in a series of chunks.

Use this feature at your own risk.

Malicious content could enter your

network if you allow web content to

bypass the firewall.

Enter all the actions you want this

profile to use. Use a space to separate

the options you enter. If you want to

remove an option from the list or add

an option to the list, you must retype

the list with the option removed or

added.

No default. All models.

previous next