Firewall
Protection profile
FortiGate-5000 series Administration Guide
01-28008-0013-20050204
241
firewall profile command keywords and variables
Keywords and
variables
Description
Default
Availability
ftp
{block
content-archive
no-content-summary
oversize
quarantine scan
splice
}
Select the actions that this profile will
use for filtering FTP traffic for a policy.
• Enter
splice
to enable the
FortiGate unit to simultaneously
buffer a file for scanning and upload
the file to an FTP server. If a virus is
detected, the FortiGate unit stops the
upload and attempts to delete the
partially uploaded file from the FTP
server. To delete the file successfully,
the server permissions must be set
to allow deletes. When downloading
files from an FTP server the
FortiGate unit sends 1 byte every 30
seconds to prevent the client from
timing out during scanning and
download. If a virus is detected, the
FortiGate unit stops the download.
The user must then delete the
partially downloaded file. There
should not be enough content in the
file to cause any harm. Enabling
splice reduces timeouts when
uploading and downloading large
files. When splice is disabled for ftp,
the FortiGate unit buffers the file for
scanning before uploading it to the
FTP server. If the file is clean, the
FortiGate unit will allow the upload to
continue.
Enter all the actions you want this
profile to use. Use a space to separate
the options you enter. If you want to
remove an option from the list or add
an option to the list, you must retype
the list with the option removed or
added.
splice
All models.
http
{bannedword block
catblock
chunkedbypass
content-archive
no-content-summary
oversize
quarantine
rangeblock scan
scriptfilter
urlblock
urlexempt}
Select the actions that this profile will
use for filtering HTTP traffic for a
policy.
• Enter
chunkedbypass
to allow web
sites that use chunked encoding for
HTTP to bypass the firewall.
Chunked encoding means the HTTP
message body is altered to allow it to
be transferred in a series of chunks.
Use this feature at your own risk.
Malicious content could enter your
network if you allow web content to
bypass the firewall.
Enter all the actions you want this
profile to use. Use a space to separate
the options you enter. If you want to
remove an option from the list or add
an option to the list, you must retype
the list with the option removed or
added.
No default. All models.
Summary of Contents for FortiGate FortiGate-5020
Page 86: ...86 01 28008 0013 20050204 Fortinet Inc Dynamic IP System DHCP ...
Page 118: ...118 01 28008 0013 20050204 Fortinet Inc FortiManager System Config ...
Page 254: ...254 01 28008 0013 20050204 Fortinet Inc CLI configuration User ...
Page 318: ...318 01 28008 0013 20050204 Fortinet Inc CLI configuration Antivirus ...
Page 350: ...350 01 28008 0013 20050204 Fortinet Inc Using Perl regular expressions Spam filter ...
Page 370: ...370 01 28008 0013 20050204 Fortinet Inc CLI configuration Log Report ...
Page 382: ...382 01 28008 0013 20050204 Fortinet Inc Glossary ...
Page 402: ...402 01 28008 0013 20050204 Fortinet Inc Index ...