Specialized CLI settings
config system interface
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
13
Specialized CLI settings
Installing a FortiGate-ASM-FB4 module causes its network interfaces to appear in
the web-based manager. Using the web-based manager, you can configure each
FortiGate-ASM-FB4 module network interface as you would configure other
network interfaces.
Installation also causes some specialized network configuration and NPU
(network processing unit) settings to appear in the CLI. This section explains the
specialized CLI settings.
This section includes the following topics:
•
config system interface
•
config system npu
config system interface
When editing a network interface associated with one of the FortiGate-ASM-FB4
module’s SFP transceivers, additional settings appear. The following settings
configure the SFP media type, and whether or not the SFP network interfaces will
use hardware acceleration to drop or allow certain anomaly types, separately from
and in advance of any anomaly checks specified by Intrusion Prevention (IPS).
Syntax
config system interface
edit AMC-SW1/1
set
mediatype {serdes | sgmii}
set
fp-anomaly {drop_icmpland | pass_icmpland}
{drop_ipland | pass_ipland} {drop_iplsrr | pass_iplsrr}
{drop_iprr | pass_iprr} {drop_ipsecurity |
pass_ipsecurity} {drop_ipssrr | pass_ipssrr}
{drop_ipstream | pass_ipstream} {drop_iptimestamp |
pass_iptimestamp} {drop_ipunknown_option |
pass_ipunknown_option} {drop_unknown_prot |
pass_ipunknown_prot} {drop_tcpland | pass_tcpland}
{drop_udpland | pass_udpland} {drop_winnuke |
pass_winnuke}
end