FortiOS CLI Reference for FortiOS 5.0

FortiOS CLI Reference for FortiOS 5.0

August 31, 2016

01-509-99686-20160831

Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback techdocs@fortinet.com

http://docs.fortinet.comhttp://kb.fortinet.comhttps://support.fortinet.comhttp://training.fortinet.comhttp://www.fortiguard.com/mailto:techdocs@fortinet.com?Subject=Technical%20Documentation%20Feedback

Contents

Introduction..................................................................................................... 19How this guide is organized............................................................................. 19Availability of commands and options............................................................. 19

Managing Firmware with the FortiGate BIOS.............................................. 20Accessing the BIOS............................................................................................... 20

Navigating the menu........................................................................................ 20

Loading firmware ................................................................................................... 21Configuring TFTP parameters.......................................................................... 21Initiating TFTP firmware transfer...................................................................... 22

Booting the backup firmware ................................................................................ 22

Whats new...................................................................................................... 23

alertemail......................................................................................................... 55setting .................................................................................................................... 56

antivirus........................................................................................................... 60heuristic ................................................................................................................. 61

mms-checksum ..................................................................................................... 62

notification ............................................................................................................. 63

profile ..................................................................................................................... 64config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp |

smtps | nntp | im} ........................................................................................... 65config nac-quar................................................................................................ 66

quarantine .............................................................................................................. 67

service.................................................................................................................... 70

settings .................................................................................................................. 71

application....................................................................................................... 72custom ................................................................................................................... 73

list .......................................................................................................................... 74

name ...................................................................................................................... 78

client-reputation ............................................................................................. 79profile ..................................................................................................................... 80

dlp .................................................................................................................... 82filepattern ............................................................................................................... 83

fp-doc-source ........................................................................................................ 85

fp-sensitivity........................................................................................................... 87

sensor .................................................................................................................... 88

settings .................................................................................................................. 90

Page 3

endpoint-control............................................................................................. 91forticlient-registration-sync.................................................................................... 92

profile ..................................................................................................................... 93

settings .................................................................................................................. 98

firewall ............................................................................................................. 99address, address6 ............................................................................................... 100

addrgrp, addrgrp6 ............................................................................................... 103

auth-portal ........................................................................................................... 104

carrier-endpoint-bwl ............................................................................................ 105

carrier-endpoint-ip-filter....................................................................................... 107

central-nat............................................................................................................ 108

deep-inspection-options ..................................................................................... 109config ftps ...................................................................................................... 110config https .................................................................................................... 111config imaps .................................................................................................. 111config pop3s .................................................................................................. 112config smtps .................................................................................................. 112config ssl........................................................................................................ 113config ssl-server............................................................................................. 113

dnstranslation ...................................................................................................... 115

DoS-policy, DoS-policy6 ..................................................................................... 116

gtp........................................................................................................................ 118

identity-based-route ............................................................................................ 134

interface-policy .................................................................................................... 135

interface-policy6 .................................................................................................. 13