Tree-5.4.0: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
Zeile 6.854: | Zeile 6.854: | ||
|- fortiap-download -- <id> (0) | |- fortiap-download -- <id> (0) | ||
+- central-mgmt-status | +- central-mgmt-status | ||
|- extender -- atcmd -- <at-command | |- extender -- atcmd -- <at-command> -- <sn> (0) | ||
|- cmd -- <Integer> -- <sn> (0) | |- cmd -- <Integer> -- <sn> (0) | ||
+- modem-list | +- modem-list | ||
Zeile 8.188: | Zeile 8.188: | ||
+- <nstd> -- <Integer> (0) | +- <nstd> -- <Integer> (0) | ||
+- extender -- <sys-info> -- <sn> (0) | +- extender -- <sys-info> -- <sn> (0) | ||
+- <modem-status> -- <sn> | +- <modem-status> -- <sn> (0) | ||
--------------- output Tree-5.4.0 --------------- | --------------- output Tree-5.4.0 --------------- |
Version vom 29. Dezember 2015, 09:54 Uhr
--------------- output Tree-5.4.0 --------------- -- -- system -- [vdom] --*name (12) |- vcluster-id (0,4294967295) +- temporary (0,4294967295) |- <global> -- language |- gui-ipv6 |- gui-certificates |- gui-custom-language |- gui-wireless-opensecurity |- gui-display-hostname |- gui-lines-per-page (20,1000) |- admin-https-ssl-versions |- admin-https-banned-cipher |- admintimeout (1,480) |- admin-console-timeout (0,4294967295) |- admin-concurrent |- admin-lockout-threshold (1,10) |- admin-lockout-duration (1,2147483647) |- refresh (0,2147483647) |- interval (0,4294967295) |- failtime (0,4294967295) |- daily-restart |- restart-time |- radius-port (0,4294967295) |- admin-login-max (1,100) |- remoteauthtimeout (0,300) |- ldapconntimeout (0,2147483647) |- batch-cmdb |- max-dlpstat-memory (0,4294967295) |- dst |- timezone |- ntpserver (64) |- ntpsync |- syncinterval (1,1440) |- traffic-priority |- traffic-priority-level |- anti-replay |- send-pmtu-icmp |- honor-df |- revision-image-auto-backup |- revision-backup-on-logout |- management-vdom (12) |- hostname (36) |- strong-crypto |- ssh-cbc-cipher |- ssh-hmac-md5 |- snat-route-change |- cli-audit-log |- dh-params |- fds-statistics |- fds-statistics-period (1,1440) |- multicast-forward |- mc-ttl-notchange |- asymroute |- tcp-option |- phase1-rekey |- lldp-transmission |- explicit-proxy-auth-timeout (1,600) |- sys-perf-log-interval (0,4294967295) |- check-protocol-header |- vip-arp-range |- optimize |- reset-sessionless-tcp |- allow-traffic-redirect |- strict-dirty-session-check |- tcp-halfclose-timer (0,4294967295) |- tcp-halfopen-timer (0,4294967295) |- tcp-timewait-timer (0,300) |- udp-idle-timer (0,4294967295) |- block-session-timer (1,300) |- ip-src-port-range |- pre-login-banner |- post-login-banner |- tftp |- av-failopen |- av-failopen-session |- check-reset-range |- vdom-admin |- admin-port (1,65535) |- admin-sport (1,65535) |- admin-https-redirect |- admin-ssh-password |- admin-ssh-port (1,65535) |- admin-ssh-grace-time (10,3600) |- admin-ssh-v1 |- admin-telnet-port (1,65535) |- admin-maintainer |- admin-reset-button |- admin-server-cert (36) |- user-server-cert (36) |- admin-https-pki-required |- wifi-certificate (36) |- wifi-ca-certificate (36) |- auth-http-port (1,65535) |- auth-https-port (1,65535) |- auth-keepalive |- policy-auth-concurrent (0,100) |- auth-cert (36) |- clt-cert-req |- endpoint-control-portal-port (1,65535) |- endpoint-control-fds-access |- tp-mc-skip-policy |- cfg-save |- cfg-revert-timeout (10,2147483647) |- reboot-upon-config-restore |- admin-scp |- internal-switch-mode |- internal-switch-speed |- registration-notification |- service-expire-notification |- wireless-controller |- wireless-controller-port (1024,49150) |- fortiextender-data-port (1024,49150) |- fortiextender |- fortiextender-vlan-mode |- switch-controller |- switch-controller-reserved-network |- proxy-worker-count (1,1) |- scanunit-count (1,1) |- ssl-worker-count (0,4294967295) |- fgd-alert-subscription |- ipsec-hmac-offload |- ipv6-accept-dad (0,2) |- csr-ca-attribute |- wimax-4g-usb |- cert-chain-max (0,4294967295) |- sslvpn-max-worker-count (1,1) |- sslvpn-kxp-hardware-acceleration |- sslvpn-cipher-hardware-acceleration |- sslvpn-plugin-version-check |- two-factor-email-expiry (30,300) |- two-factor-sms-expiry (30,300) |- two-factor-ftm-expiry (1,168) |- virtual-server-count (1,1) |- wad-worker-count (1,1) |- login-timestamp |- miglogd-children (0,15) |- special-file-23-support |- log-uuid |- arp-max-entry (131072,2147483647) |- av-affinity (20) |- miglog-affinity (20) |- ndp-max-entry (0,4294967295) |- br-fdb-max-entry (8192,2147483647) |- ipsec-asic-offload |- device-idle-timeout (30,31536000) |- compliance-check |- compliance-check-time |- gui-device-latitude (20) |- gui-device-longitude (20) |- private-data-encryption |- auto-auth-extension-device +- gui-theme |- [accprofile] --*name (36) |- scope |- comments |- mntgrp |- admingrp |- updategrp |- authgrp |- sysgrp |- netgrp |- loggrp |- routegrp |- fwgrp |- vpngrp |- utmgrp |- wanoptgrp |- endpoint-control-grp |- wifi |- <fwgrp-permission> -- policy |- address |- service |- schedule |- packet-capture +- others |- <loggrp-permission> -- config |- data-access |- report-access +- threat-weight +- <utmgrp-permission> -- antivirus |- ips |- webfilter |- spamfilter |- data-loss-prevention |- application-control |- icap |- casi |- voip |- waf +- dnsfilter |- <npu> -- enc-offload-antireplay |- dec-offload-antireplay +- offload-ipsec-host |- [vdom-link] --*name (12) |- vcluster +- type |- [switch-interface] --*name (16) |- vdom (12) |- span-dest-port (16) |- [span-source-port] --*interface-name (65) |- [member] --*interface-name (65) |- type |- intra-switch-policy |- span +- span-direction |- [object-tag] --*name (64) |- <lte-modem> -- status |- extra-init (128 xss) |- authtype |- username (64 xss) |- passwd |- apn (128 xss) |- modem-port (0,10) |- mode |- holddown-timer (10,60) +- interface (64) |- [interface] --*name (16) |- vdom (12) |- cli-conn-status (0,4294967295) |- mode |- distance (1,255) |- priority (0,4294967295) |- dhcp-relay-service |- dhcp-relay-ip |- dhcp-relay-type |- ip |- allowaccess |- gwdetect |- ping-serv-status (0,4294967295) |- detectserver |- detectprotocol |- ha-priority (1,50) |- fail-detect |- fail-detect-option |- fail-alert-method |- fail-action-on-extender |- [fail-alert-interfaces] --*name (65) |- dhcp-client-identifier (49) |- ipunnumbered |- username (65 xss) |- pppoe-unnumbered-negotiate |- password |- idle-timeout (0,4294967295) |- detected-peer-mtu (0,4294967295) |- disc-retry-timeout (0,4294967295) |- padt-retry-timeout (0,4294967295) |- service-name (64) |- ac-name (64) |- lcp-echo-interval (0,4294967295) |- lcp-max-echo-fails (0,4294967295) |- defaultgw |- dns-server-override |- auth-type |- pptp-client |- pptp-user (65) |- pptp-password |- pptp-server-ip |- pptp-auth-type |- pptp-timeout (0,4294967295) |- arpforward |- ndiscforward |- broadcast-forward |- bfd |- bfd-desired-min-tx (0,4294967295) |- bfd-detect-mult (0,4294967295) |- bfd-required-min-rx (0,4294967295) |- l2forward |- icmp-redirect |- vlanforward |- stpforward |- stpforward-mode |- ips-sniffer-mode |- ident-accept |- ipmac |- subst |- macaddr |- substitute-dst-mac |- speed |- status |- netbios-forward |- wins-ip |- type |- dedicated-to |- trust-ip-1 |- trust-ip-2 |- trust-ip-3 |- trust-ip6-1 |- trust-ip6-2 |- trust-ip6-3 |- mtu-override |- mtu (0,4294967295) |- wccp |- nst |- netflow-sampler |- sflow-sampler |- drop-overlapped-fragment |- drop-fragment |- scan-botnet-connections |- sample-rate (10,99999) |- polling-interval (1,255) |- sample-direction |- explicit-web-proxy |- explicit-ftp-proxy |- tcp-mss (0,4294967295) |- mediatype |- if-media |- fp-anomaly |- inbandwidth (0,16776000) |- outbandwidth (0,16776000) |- spillover-threshold (0,16776000) |- ingress-spillover-threshold (0,16776000) |- weight (0,255) |- interface (16) |- external |- vlanid (0,4294967295) |- forward-domain (0,2147483647) |- remote-ip |- managed-device (36) |- devindex (0,4294967295) |- vindex (0,4294967295) |- switch (16) |- description |- alias (26) |- l2tp-client |- <l2tp-client-settings> -- user (128) |- password |- peer-host (256) |- peer-mask |- peer-port (1,65535) |- auth-type |- mtu (40,65535) |- distance (1,255) |- priority (0,4294967295) |- defaultgw +- ip |- security-mode |- security-mac-auth-bypass |- security-external-web (128) |- replacemsg-override-group (36) |- security-redirect-url (128) |- security-exempt-list (36) |- [security-groups] --*name (65) |- stp |- stp-ha-slave |- device-identification |- device-user-identification |- device-identification-active-scan |- device-access-list (36) |- device-netscan |- lldp-transmission |- listen-forticlient-connection |- broadcast-forticlient-discovery |- endpoint-compliance |- estimated-upstream-bandwidth (0,4294967295) |- estimated-downstream-bandwidth (0,4294967295) |- vrrp-virtual-mac |- [vrrp] --*vrid (1,255) |- vrgrp (1,65535) |- vrip |- priority (1,255) |- adv-interval (1,255) |- start-time (1,255) |- preempt |- vrdst +- status |- role |- snmp-index (0,4294967295) |- secondary-IP |- [secondaryip] --*id (0,4294967295) |- ip |- allowaccess |- gwdetect |- ping-serv-status (0,4294967295) |- detectserver |- detectprotocol +- ha-priority (1,50) |- auto-auth-extension-device |- ap-discover +- <ipv6> -- ip6-mode |- ip6-dns-server-override |- ip6-address |- [ip6-extra-addr] --*prefix |- ip6-allowaccess |- ip6-send-adv |- ip6-manage-flag |- ip6-other-flag |- ip6-max-interval (0,4294967295) |- ip6-min-interval (0,4294967295) |- ip6-link-mtu (0,4294967295) |- ip6-reachable-time (0,4294967295) |- ip6-retrans-time (0,4294967295) |- ip6-default-life (0,4294967295) |- ip6-hop-limit (0,4294967295) |- autoconf |- ip6-upstream-interface (16) |- ip6-subnet |- [ip6-prefix-list] --*prefix |- autonomous-flag |- onlink-flag |- valid-life-time (0,4294967295) +- preferred-life-time (0,4294967295) |- [ip6-delegated-prefix-list] --*prefix-id (0,4294967295) |- upstream-interface (16) |- autonomous-flag |- onlink-flag +- subnet |- dhcp6-relay-service |- dhcp6-relay-type |- dhcp6-relay-ip |- dhcp6-client-options +- dhcp6-prefix-delegation |- [physical-switch] --*name (16) |- age-enable |- age-val (0,4294967295) +- [port] --*name (16) |- speed +- status |- [virtual-switch] --*name (16) |- physical-switch (16) |- [port] --*name (16) |- speed |- status +- alias (26) |- span |- span-source-port (16) |- span-dest-port (16) +- span-direction |- <stp> -- region-name (32) |- status |- config-revision (0,4294967295) |- switch-priority |- hello-time (0,4294967295) |- forward-delay (0,4294967295) |- max-age (0,4294967295) +- max-hops (0,4294967295) |- <password-policy> -- status |- apply-to |- minimum-length (8,128) |- min-lower-case-letter (0,128) |- min-upper-case-letter (0,128) |- min-non-alphanumeric (0,128) |- min-number (0,128) |- change-4-characters |- expire-status |- expire-day (1,999) +- reuse-password |- <password-policy-guest-admin> -- status |- apply-to |- minimum-length (8,128) |- min-lower-case-letter (0,128) |- min-upper-case-letter (0,128) |- min-non-alphanumeric (0,128) |- min-number (0,128) |- change-4-characters |- expire-status |- expire-day (1,999) +- reuse-password |- [sms-server] --*name (36) +- mail-server (64 xss) |- [custom-language] --*name (36) |- filename (64) +- comments |- [admin] --*name (36) |- wildcard |- remote-auth |- remote-group (36) |- password |- peer-auth |- peer-group (36) |- trusthost1 |- trusthost2 |- trusthost3 |- trusthost4 |- trusthost5 |- trusthost6 |- trusthost7 |- trusthost8 |- trusthost9 |- trusthost10 |- ip6-trusthost1 |- ip6-trusthost2 |- ip6-trusthost3 |- ip6-trusthost4 |- ip6-trusthost5 |- ip6-trusthost6 |- ip6-trusthost7 |- ip6-trusthost8 |- ip6-trusthost9 |- ip6-trusthost10 |- accprofile (36) |- allow-remove-admin-session |- comments |- hidden (0,4294967295) |- [vdom] --*name (65) |- is-admin (0,4294967295) |- ssh-public-key1 |- ssh-public-key2 |- ssh-public-key3 |- ssh-certificate (36) |- schedule (36) |- accprofile-override |- radius-vdom-override |- password-expire |- force-password-change |- [dashboard] --*id (0,4294967295) |- widget-type |- name (36) |- column (1,2) |- refresh-interval (0,4294967295) |- time-period (0,4294967295) |- chart-color (0,32) |- top-n (10,100) |- sort-by |- report-by |- ip-version |- resolve-host |- resolve-service |- aggregate-hosts |- resolve-apps |- display-format |- view-type |- cpu-display-type |- interface (16) |- dst-interface (16) |- tr-history-period1 (0,4294967295) |- tr-history-period2 (0,4294967295) |- tr-history-period3 (0,4294967295) |- vdom (12) |- refresh |- status |- protocols (0,4294967295) |- show-system-restart |- show-conserve-mode |- show-firmware-change |- show-fds-update |- show-device-update |- show-fds-quota |- show-disk-failure |- show-power-supply |- show-admin-auth |- show-fgd-alert |- show-fcc-license +- show-policy-overflow |- two-factor |- fortitoken (17) |- email-to (64) |- sms-server |- sms-custom-server (36) |- sms-phone (16) |- guest-auth |- [guest-usergroups] --*name (65 xss) |- guest-lang (36) |- history0 |- history1 +- [login-time] --*usr-name (36) |- last-login +- last-failed-login |- <settings> -- comments |- opmode |- inspection-mode |- http-external-dest |- firewall-session-dirty |- manageip |- gateway |- ip |- manageip6 |- gateway6 |- ip6 |- device (36) |- bfd |- bfd-desired-min-tx (1,100000) |- bfd-required-min-rx (1,100000) |- bfd-detect-mult (1,50) |- bfd-dont-enforce-src-port |- utf8-spam-tagging |- wccp-cache-engine |- vpn-stats-log |- vpn-stats-period (60,86400) |- v4-ecmp-mode |- mac-ttl (300,8640000) |- fw-session-hairpin |- snat-hairpin-traffic |- dhcp-proxy |- dhcp-server-ip |- dhcp6-server-ip |- central-nat |- [gui-default-policy-columns] --*name (65 xss) |- lldp-transmission |- asymroute |- asymroute-icmp |- tcp-session-without-syn |- ses-denied-traffic |- strict-src-check |- asymroute6 |- asymroute6-icmp |- sip-helper |- sip-nat-trace |- status |- sip-tcp-port (0,65535) |- sip-udp-port (0,65535) |- sccp-port (0,65535) |- multicast-forward |- multicast-ttl-notchange |- multicast-skip-policy |- allow-subnet-overlap |- deny-tcp-with-icmp |- ecmp-max-paths (0,4294967295) |- discovered-device-timeout (1,365) |- email-portal-check-dns |- default-voip-alg-mode |- gui-icap |- gui-nat46-64 |- gui-implicit-policy |- gui-dns-database |- gui-load-balance |- gui-multicast-policy |- gui-dos-policy |- gui-object-colors |- gui-replacement-message-groups |- gui-voip-profile |- gui-ap-profile |- gui-dynamic-profile-display |- gui-ipsec-manual-key |- gui-local-in-policy |- gui-wanopt-cache |- gui-explicit-proxy |- gui-dynamic-routing |- gui-dlp |- gui-sslvpn-personal-bookmarks |- gui-sslvpn-realms |- gui-policy-based-ipsec |- gui-threat-weight |- gui-multiple-utm-profiles |- gui-spamfilter |- gui-application-control |- gui-casi |- gui-ips |- gui-endpoint-control |- gui-dhcp-advanced |- gui-vpn |- gui-wireless-controller |- gui-switch-controller |- gui-fortiap-split-tunneling |- gui-webfilter-advanced |- gui-traffic-shaping |- gui-wan-load-balancing |- gui-antivirus |- gui-webfilter |- gui-dnsfilter |- gui-waf-profile |- gui-fortiextender-controller |- gui-advanced-policy |- gui-allow-unnamed-policy |- gui-email-collection |- gui-domain-ip-reputation |- compliance-check |- ike-session-resume +- ike-quick-crash-detect |- [sit-tunnel] --*name (16) |- source |- destination |- ip6 +- interface (16) |- <fsso-polling> -- status |- listening-port (1,65535) |- authentication +- auth-password |- <ha> -- group-id (0,255) |- group-name (33) |- mode |- password |- key |- hbdev |- session-sync-dev |- route-ttl (5,3600) |- route-wait (0,3600) |- route-hold (0,3600) |- load-balance-all |- sync-config |- encryption |- authentication |- hb-interval (1,20) |- hb-lost-threshold (1,60) |- helo-holddown (5,300) |- gratuitous-arps |- arps (1,60) |- arps-interval (1,20) |- session-pickup |- session-pickup-connectionless |- session-pickup-expectation |- session-pickup-nat |- session-pickup-delay |- session-sync-daemon-number (1,15) |- link-failed-signal |- uninterruptible-upgrade |- standalone-mgmt-vdom |- ha-mgmt-status |- ha-mgmt-interface (16) |- ha-mgmt-interface-gateway |- ha-mgmt-interface-gateway6 |- ha-eth-type (5) |- hc-eth-type (5) |- l2ep-eth-type (5) |- ha-uptime-diff-margin (1,65535) |- standalone-config-sync |- vcluster2 |- vcluster-id (0,4294967295) |- override |- priority (0,255) |- override-wait-time (0,3600) |- schedule |- weight |- cpu-threshold |- memory-threshold |- http-proxy-threshold |- ftp-proxy-threshold |- imap-proxy-threshold |- nntp-proxy-threshold |- pop3-proxy-threshold |- smtp-proxy-threshold |- monitor |- pingserver-monitor-interface |- pingserver-failover-threshold (0,50) |- pingserver-slave-force-reset |- pingserver-flip-timeout (6,2147483647) |- vdom |- <secondary-vcluster> -- vcluster-id (0,4294967295) |- override |- priority (0,255) |- override-wait-time (0,3600) |- monitor |- pingserver-monitor-interface |- pingserver-failover-threshold (0,50) |- pingserver-slave-force-reset +- vdom +- ha-direct |- <ha-monitor> -- monitor-vlan |- vlan-hb-interval (1,30) +- vlan-hb-lost-threshold (1,60) |- [storage] --*name (36) |- partition (17) |- media-type (5) |- device (13) +- size (0,4294967295) |- <dedicated-mgmt> -- status |- interface (16) |- default-gateway |- dhcp-server |- dhcp-netmask |- dhcp-start-ip +- dhcp-end-ip |- [arp-table] --*id (0,4294967295) |- interface (16) |- ip +- mac |- [ipv6-neighbor-cache] --*id (0,4294967295) |- interface (16) |- ipv6 +- mac |- <dns> -- primary |- secondary |- domain (128) |- ip6-primary |- ip6-secondary |- dns-cache-limit (0,4294967295) |- dns-cache-ttl (60,86400) |- cache-notfound-responses +- source-ip |- [ddns] --*ddnsid (0,4294967295) |- ddns-server |- ddns-server-ip |- ddns-zone (65) |- ddns-ttl (60,86400) |- ddns-auth |- ddns-keyname (65) |- ddns-key |- ddns-domain (65) |- ddns-username (65) |- ddns-sn (65) |- ddns-password |- use-public-ip |- bound-ip +- [monitor-interface] --*interface-name (65) |- <sflow> -- collector-ip |- collector-port (0,65535) +- source-ip |- <vdom-sflow> -- vdom-sflow |- collector-ip |- collector-port (0,65535) +- source-ip |- <netflow> -- collector-ip |- collector-port (0,65535) |- source-ip |- active-flow-timeout (1,60) |- inactive-flow-timeout (10,600) |- template-tx-timeout (1,1440) +- template-tx-counter (10,6000) |- <vdom-netflow> -- vdom-netflow |- collector-ip |- collector-port (0,65535) +- source-ip |- <vdom-dns> -- vdom-dns |- primary |- secondary |- ip6-primary |- ip6-secondary +- source-ip |- [replacemsg-image] --*name (24) |- image-type +- image-base64 |- replacemsg -- [mail] --*msg-type (29) |- buffer |- header +- format |- [http] --*msg-type (29) |- buffer |- header +- format |- [webproxy] --*msg-type (29) |- buffer |- header +- format |- [ftp] --*msg-type (29) |- buffer |- header +- format |- [nntp] --*msg-type (29) |- buffer |- header +- format |- [fortiguard-wf] --*msg-type (29) |- buffer |- header +- format |- [spam] --*msg-type (29) |- buffer |- header +- format |- [alertmail] --*msg-type (29) |- buffer |- header +- format |- [admin] --*msg-type (29) |- buffer |- header +- format |- [auth] --*msg-type (29) |- buffer |- header +- format |- [sslvpn] --*msg-type (29) |- buffer |- header +- format |- [ec] --*msg-type (29) |- buffer |- header +- format |- [device-detection-portal] --*msg-type (29) |- buffer |- header +- format |- [nac-quar] --*msg-type (29) |- buffer |- header +- format |- [traffic-quota] --*msg-type (29) |- buffer |- header +- format +- [utm] --*msg-type (29) |- buffer |- header +- format |- [replacemsg-group] --*name (36) |- comment |- group-type |- [mail] --*msg-type (29) |- buffer |- header +- format |- [http] --*msg-type (29) |- buffer |- header +- format |- [webproxy] --*msg-type (29) |- buffer |- header +- format |- [ftp] --*msg-type (29) |- buffer |- header +- format |- [nntp] --*msg-type (29) |- buffer |- header +- format |- [fortiguard-wf] --*msg-type (29) |- buffer |- header +- format |- [spam] --*msg-type (29) |- buffer |- header +- format |- [alertmail] --*msg-type (29) |- buffer |- header +- format |- [admin] --*msg-type (29) |- buffer |- header +- format |- [auth] --*msg-type (29) |- buffer |- header +- format |- [sslvpn] --*msg-type (29) |- buffer |- header +- format |- [ec] --*msg-type (29) |- buffer |- header +- format |- [device-detection-portal] --*msg-type (29) |- buffer |- header +- format |- [nac-quar] --*msg-type (29) |- buffer |- header +- format |- [traffic-quota] --*msg-type (29) |- buffer |- header +- format |- [utm] --*msg-type (29) |- buffer |- header +- format +- [custom-message] --*msg-type (29) |- buffer |- header +- format |- snmp -- <sysinfo> -- status |- engine-id (25) |- description (36) |- contact-info (36) |- location (128 xss) |- trap-high-cpu-threshold (0,4294967295) |- trap-low-memory-threshold (0,4294967295) +- trap-log-full-threshold (0,4294967295) |- [community] --*id (0,4294967295) |- name (36) |- status |- [hosts] --*id (0,4294967295) |- source-ip |- ip |- interface (36) |- ha-direct +- host-type |- [hosts6] --*id (0,4294967295) |- source-ipv6 |- ipv6 |- ha-direct |- interface (36) +- host-type |- query-v1-status |- query-v1-port (0,4294967295) |- query-v2c-status |- query-v2c-port (0,4294967295) |- trap-v1-status |- trap-v1-lport (0,4294967295) |- trap-v1-rport (0,4294967295) |- trap-v2c-status |- trap-v2c-lport (0,4294967295) |- trap-v2c-rport (0,4294967295) +- events +- [user] --*name (33) |- status |- trap-status |- trap-lport (0,4294967295) |- trap-rport (0,4294967295) |- queries |- query-port (0,4294967295) |- notify-hosts |- notify-hosts6 |- source-ip |- source-ipv6 |- ha-direct |- events |- security-level |- auth-proto |- auth-pwd |- priv-proto +- priv-pwd |- autoupdate -- <push-update> -- status |- override |- address +- port (0,65535) |- <schedule> -- status |- frequency |- time +- day +- <tunneling> -- status |- address (64) |- port (0,65535) |- username (50) +- password |- <session-ttl> -- default +- [port] --*id (0,65535) |- protocol (0,255) |- start-port (0,65535) |- end-port (0,65535) +- timeout |- dhcp -- [server] --*id (0,4294967295) |- status |- lease-time (0,4294967295) |- mac-acl-default-action |- forticlient-on-net-status |- dns-service |- dns-server1 |- dns-server2 |- dns-server3 |- wifi-ac1 |- wifi-ac2 |- wifi-ac3 |- ntp-service |- ntp-server1 |- ntp-server2 |- ntp-server3 |- domain (36) |- wins-server1 |- wins-server2 |- default-gateway |- next-server |- netmask |- interface (16) |- [ip-range] --*id (0,4294967295) |- start-ip +- end-ip |- timezone-option |- timezone |- tftp-server (64) |- filename (128) |- option1 |- option2 |- option3 |- option4 |- option5 |- option6 |- server-type |- ip-mode |- conflicted-ip-timeout (0,4294967295) |- ipsec-lease-hold (0,4294967295) |- auto-configuration |- ddns-update |- ddns-server-ip |- ddns-zone (65) |- ddns-auth |- ddns-keyname (65) |- ddns-key |- ddns-ttl (60,86400) |- vci-match |- [vci-string] --*vci-string (256) |- [exclude-range] --*id (0,4294967295) |- start-ip +- end-ip +- [reserved-address] --*id (0,4294967295) |- ip |- mac |- action +- description |- dhcp6 -- [server] --*id (0,4294967295) |- status |- rapid-commit |- lease-time (0,4294967295) |- dns-service |- dns-server1 |- dns-server2 |- dns-server3 |- domain (36) |- subnet |- interface (16) |- option1 |- option2 |- option3 |- upstream-interface (16) |- ip-mode +- [ip-range] --*id (0,4294967295) |- start-ip +- end-ip |- [virtual-wire-pair] --*name (36) |- [member] --*interface-name (65) +- wildcard-vlan |- <modem> -- status |- pin-init (128 xss) |- network-init (128 xss) |- lockdown-lac (128 xss) |- mode |- auto-dial |- dial-on-demand |- idle-timer (0,4294967295) |- redial |- reset (0,10) |- holddown-timer (1,60) |- connect-timeout (30,255) |- interface (64) |- wireless-port (0,4294967295) |- dont-send-CR1 |- phone1 (64 xss) |- dial-cmd1 (64) |- username1 (64 xss) |- passwd1 |- extra-init1 (128 xss) |- peer-modem1 |- ppp-echo-request1 |- authtype1 |- dont-send-CR2 |- phone2 (64 xss) |- dial-cmd2 (64) |- username2 (64 xss) |- passwd2 |- extra-init2 (128 xss) |- peer-modem2 |- ppp-echo-request2 |- authtype2 |- dont-send-CR3 |- phone3 (64 xss) |- dial-cmd3 (64) |- username3 (64 xss) |- passwd3 |- extra-init3 (128 xss) |- peer-modem3 |- ppp-echo-request3 |- altmode |- authtype3 |- traffic-check |- action |- distance (1,255) +- priority (0,4294967295) |- 3g-modem -- [custom] --*id (0,4294967295) |- vendor (36) |- model (36) |- vendor-id |- product-id |- class-id +- init-string (128) |- <dialinsvr> -- status |- server-ip |- client-ip |- usrgrp (36) +- allowaccess |- <status> |- performance -- <status> |- <top> -- <delay> -- <lines> (0) +- firewall -- <packet-distribution> +- <statistics> |- <session> |- <cmdb> |- <fortiguard-service> |- <fortianalyzer-connectivity> |- checksum -- <status> |- <mgmt-csum> |- <ha-nonsync-csum> |- <fortiguard-log-service> |- <central-mgmt> |- [auto-script] --*name (36) |- interval (0,4294967295) |- repeat (0,4294967295) |- start +- script |- info -- admin -- <status> +- <ssh> |- <management-tunnel> -- status |- allow-config-restore |- allow-push-configuration |- allow-push-firmware |- allow-collect-statistics |- authorized-manager-only +- serial-number |- <fortimanager> -- ip |- vdom (12) |- ipsec |- central-management |- central-mgmt-auto-backup |- central-mgmt-schedule-config-restore +- central-mgmt-schedule-script-restore |- <fm> -- status |- id (36) |- ip |- vdom (12) |- auto-backup |- scheduled-config-restore +- ipsec |- <central-management> -- mode |- type |- schedule-config-restore |- schedule-script-restore |- allow-push-configuration |- allow-pushd-firmware |- allow-remote-firmware-upgrade |- allow-monitor |- serial-number |- fmg (256) |- fmg-source-ip |- fmg-source-ip6 |- vdom (12) |- [server-list] --*id (0,4294967295) |- server-type |- addr-type |- server-address +- server-address6 |- include-default-servers +- enc-algorithm |- [zone] --*name (36) |- intrazone +- [interface] --*interface-name (65) |- [geoip-country] --*id (3) +- name (64) |- [ipv6-tunnel] --*name (16) |- source |- destination +- interface (16) |- [ips-urlfilter-dns] --*address +- status |- <network-visibility> -- destination-visibility |- source-location |- destination-hostname-visibility |- hostname-ttl (60,86400) |- hostname-limit (0,50000) +- destination-location |- [gre-tunnel] --*name (16) |- interface (16) |- remote-gw |- local-gw |- keepalive-interval (0,32767) +- keepalive-failtimes (1,255) |- [ipip-tunnel] --*name (16) |- interface (16) |- remote-gw +- local-gw |- [mobile-tunnel] --*name (16) |- status |- roaming-interface (16) |- home-agent |- home-address |- renew-interval (5,60) |- lifetime (180,65535) |- reg-interval (5,300) |- reg-retry (1,30) |- n-mhae-spi (0,4294967295) |- n-mhae-key-type |- n-mhae-key |- hash-algorithm |- tunnel-mode +- [network] --*id (0,4294967295) |- interface (16) +- prefix |- [dns-database] --*name (36) |- status |- domain (256) |- allow-transfer |- type |- view |- ip-master |- primary-name (256) |- contact (256) |- ttl (0,2147483647) |- authoritative |- forwarder |- source-ip +- [dns-entry] --*id (0,4294967295) |- status |- type |- ttl (0,2147483647) |- preference (0,65535) |- ip |- ipv6 |- hostname (256) +- canonical-name (256) |- [dns-server] --*name (16) |- mode +- dnsfilter-profile (36) |- <resource-limits> -- session (0,4294967295) |- ipsec-phase1 (0,4294967295) |- ipsec-phase2 (0,4294967295) |- dialup-tunnel (0,4294967295) |- firewall-policy (0,4294967295) |- firewall-address (0,4294967295) |- firewall-addrgrp (0,4294967295) |- custom-service (0,4294967295) |- service-group (0,4294967295) |- onetime-schedule (0,4294967295) |- recurring-schedule (0,4294967295) |- user (0,4294967295) |- user-group (0,4294967295) |- sslvpn (0,4294967295) |- proxy (0,4294967295) +- log-disk-quota (0,4294967295) |- [vdom-property] --*name (12) |- description (128) |- snmp-index (0,4294967295) |- session |- ipsec-phase1 |- ipsec-phase2 |- dialup-tunnel |- firewall-policy |- firewall-address |- firewall-addrgrp |- custom-service |- service-group |- onetime-schedule |- recurring-schedule |- user |- user-group |- sslvpn |- proxy +- log-disk-quota |- <virtual-wan-link> -- status |- load-balance-mode |- fail-detect |- [fail-alert-interfaces] --*name (65) |- [members] --*seq-num (0,255) |- interface (16) |- gateway |- weight (0,255) |- priority (0,4294967295) |- spillover-threshold (0,16776000) |- ingress-spillover-threshold (0,16776000) |- volume-ratio (0,255) +- status |- [health-check] --*name (36) |- server (64) |- protocol |- port (1,65535) |- security-mode |- password |- packet-size (64,1024) |- http-get (1025) |- http-match (1025) |- interval (1,3600) |- timeout (1,255) |- failtime (1,10) |- recoverytime (1,10) |- update-cascade-interface |- update-static-route |- threshold-warning-packetloss (0,100) |- threshold-alert-packetloss (0,100) |- threshold-warning-latency (0,4294967295) |- threshold-alert-latency (0,4294967295) |- threshold-warning-jitter (0,4294967295) +- threshold-alert-jitter (0,4294967295) +- [service] --*name (36) |- mode |- quality-link (0,255) |- member (0,4294967295) |- tos |- tos-mask |- protocol (0,255) |- start-port (0,65535) |- end-port (0,65535) |- [dst] --*name (65) |- [src] --*name (65) |- [users] --*name (65) |- [groups] --*name (65) |- internet-service |- [internet-service-custom] --*name (65) |- [internet-service-id] --*id (0,4294967295) |- health-check (36) |- link-cost-factor +- [priority-members] --*seq-num (0,4294967295) |- <nst> -- status |- upstream-ip |- upstream-port (1,65535) |- listen-port (1,65535) |- group-name (36) +- group-password |- [cluster-sync] --*sync-id (0,4294967295) |- peervd (12) |- peerip |- [syncvd] --*name (65) +- <session-sync-filter> -- srcintf (16) |- dstintf (16) |- srcaddr |- dstaddr |- srcaddr6 |- dstaddr6 +- [custom-service] --*id (0,4294967295) |- src-port-range +- dst-port-range |- <fortiguard> -- port |- service-account-id (51 xss) |- load-balance-servers (1,266) |- auto-join-forticloud |- antispam-force-off |- antispam-cache |- antispam-cache-ttl (0,4294967295) |- antispam-cache-mpercent (1,15) |- antispam-license (0,4294967295) |- antispam-expiration (0,4294967295) |- antispam-timeout (1,30) |- avquery-force-off |- avquery-cache |- avquery-cache-ttl (0,4294967295) |- avquery-cache-mpercent (0,4294967295) |- avquery-license (0,4294967295) |- avquery-timeout (0,4294967295) |- webfilter-force-off |- webfilter-cache |- webfilter-cache-ttl (0,4294967295) |- webfilter-license (0,4294967295) |- webfilter-expiration (0,4294967295) |- webfilter-timeout (1,30) |- sdns-server-ip |- sdns-server-port (0,4294967295) |- source-ip |- source-ip6 |- ddns-server-ip +- ddns-server-port (0,4294967295) |- <arp> |- <email-server> -- type |- reply-to (64) |- server (64) |- port (0,4294967295) |- source-ip |- source-ip6 |- authenticate |- validate-server |- username (36) |- password +- security |- <alarm> -- status |- audible |- sequence (0,4294967295) +- [groups] --*id (0,4294967295) |- period (0,4294967295) |- admin-auth-failure-threshold (0,4294967295) |- admin-auth-lockout-threshold (0,4294967295) |- user-auth-failure-threshold (0,4294967295) |- user-auth-lockout-threshold (0,4294967295) |- replay-attempt-threshold (0,4294967295) |- self-test-failure-threshold (0,1) |- log-full-warning-threshold (0,4294967295) |- encryption-failure-threshold (0,4294967295) |- decryption-failure-threshold (0,4294967295) |- [fw-policy-violations] --*id (0,4294967295) |- threshold (0,4294967295) |- src-ip |- dst-ip |- src-port (0,65535) +- dst-port (0,65535) |- fw-policy-id (0,4294967295) +- fw-policy-id-threshold (0,4294967295) |- [mac-address-table] --*mac |- interface (36) +- reply-substitute |- [session-helper] --*id (0,4294967295) |- name |- protocol (0,255) +- port (1,65535) |- [proxy-arp] --*id (0,4294967295) |- interface (16) |- ip +- end-ip |- <fips-cc> -- status |- entropy-token |- error-flag |- error-cause |- self-test-period (1,1440) +- key-generation-self-test |- [tos-based-priority] --*id (0,4294967295) |- tos (0,15) +- priority |- [dscp-based-priority] --*id (0,4294967295) |- ds (0,63) +- priority |- <probe-response> -- port (1,65535) |- http-probe-value (1025) |- ttl-mode |- mode |- security-mode |- password +- timeout (10,3600) |- [link-monitor] --*name (36 xss) |- srcintf (16) |- [server] --*address (65) |- protocol |- port (1,65535) |- gateway-ip |- source-ip |- http-get (1025) |- http-match (1025) |- interval (1,3600) |- timeout (1,255) |- failtime (1,10) |- recoverytime (1,10) |- security-mode |- password |- packet-size (64,1024) |- ha-priority (1,50) |- update-cascade-interface |- update-static-route +- status |- <auto-install> -- auto-install-config |- auto-install-image |- default-config-file (128) +- default-image-file (128) |- <console> -- mode |- baudrate |- output |- login +- fortiexplorer |- <ntp> -- ntpsync |- type |- syncinterval (1,1440) |- [ntpserver] --*id (0,4294967295) |- server (64) |- ntpv3 |- authentication |- key +- key-id (0,4294967295) |- source-ip |- server-mode +- [interface] --*interface-name (65) |- [wccp] --*service-id (4) |- router-id |- cache-id |- group-address |- server-list |- router-list |- ports-defined |- ports |- authentication |- password |- forward-method |- cache-engine-method |- service-type |- primary-hash |- priority (0,255) |- protocol (0,255) |- assignment-weight (0,255) |- assignment-bucket-format |- return-method +- assignment-method |- <nat64> -- status |- nat64-prefix |- always-synthesize-aaaa-record +- generate-ipv6-fragment-header |- [vdom-radius-server] --*name (12) |- status +- radius-server-vdom (12) |- <startup-error-log> |- source-ip -- <status> |- auto-update -- <status> +- <versions> |- session-info -- <list> |- <expectation> |- <full-stat> |- <statistics> +- <ttl> |- session-helper-info -- <list> |- ip-conflict -- <status> |- [geoip-override] --*name (64) |- description (128) |- country-id (3) +- [ip-range] --*id (0,4294967295) |- start-ip +- end-ip +- <fortisandbox> -- status |- server |- source-ip |- enc-algorithm +- email (64) |- wireless-controller -- <global> -- name (36) |- location (36) |- max-retransmit (0,64) |- data-ethernet-II |- mesh-eth-type (0,4294967295) |- discovery-mc-addr |- max-clients (0,4294967295) |- rogue-scan-mac-adjacency (0,31) |- ap-log-server |- ap-log-server-ip +- ap-log-server-port (0,4294967295) |- [vap] --*name (16) |- vdom (12) |- fast-roaming |- external-fast-roaming |- mesh-backhaul |- max-clients (0,4294967295) |- max-clients-ap (0,4294967295) |- ssid (33 xss) |- broadcast-ssid |- security-obsolete-option |- security |- pmf |- pmf-assoc-comeback-timeout (1,20) |- pmf-sa-query-retry-timeout (1,5) |- okc |- tkip-counter-measure |- external-web (128) |- radius-mac-auth |- radius-mac-auth-server (36) |- auth |- encrypt |- keyindex (1,4) |- key |- passphrase |- radius-server (36) |- acct-interim-interval (60,86400) |- [usergroup] --*name (65) |- portal-message-override-group (36) |- <portal-message-overrides> -- auth-disclaimer-page (36) |- auth-reject-page (36) |- auth-login-page (36) +- auth-login-failed-page (36) |- portal-type |- [selected-usergroups] --*name (65) |- security-exempt-list (36) |- security-redirect-url (128) |- intra-vap-privacy |- schedule (36) |- local-standalone |- local-standalone-nat |- ip |- local-bridging |- split-tunneling |- local-authentication |- local-switching |- vlanid (0,4094) |- vlan-auto |- dynamic-vlan |- alias (26) |- multicast-rate |- multicast-enhance |- broadcast-suppression |- me-disable-thresh (2,256) |- probe-resp-suppression |- probe-resp-threshold (8) |- vlan-pooling |- [vlan-pool] --*id (0,4094) +- wtp-group (36) |- ptk-rekey |- ptk-rekey-intv (1800,864000) |- gtk-rekey |- gtk-rekey-intv (1800,864000) |- eap-reauth |- eap-reauth-intv (1800,864000) |- rates-11a |- rates-11bg |- rates-11n-ss12 |- rates-11n-ss34 |- rates-11ac-ss12 |- rates-11ac-ss34 |- mac-filter |- mac-filter-policy-other +- [mac-filter-list] --*id (0,4294967295) |- mac +- mac-filter-policy |- <timers> -- echo-interval (1,255) |- discovery-interval (2,180) |- client-idle-timeout (0,4294967295) |- rogue-ap-log (0,1440) |- fake-ap-log (1,1440) |- darrp-optimize (0,86400) |- darrp-day |- [darrp-time] --*time (6) |- sta-stats-interval (1,255) |- vap-stats-interval (1,255) |- radio-stats-interval (1,255) |- sta-capability-interval (1,255) +- sta-locate-timer (0,86400) |- <setting> -- account-id (64) +- country |- [vap-group] --*name (36) |- comment +- [vaps] --*name (36) |- [wids-profile] --*name (36) |- comment (64) |- ap-scan |- ap-bgscan-period (60,3600) |- ap-bgscan-intv (1,600) |- ap-bgscan-duration (10,1000) |- ap-bgscan-idle (0,1000) |- ap-bgscan-report-intv (15,600) |- ap-bgscan-disable-day |- ap-bgscan-disable-start |- ap-bgscan-disable-end |- ap-fgscan-report-intv (15,600) |- ap-scan-passive |- rogue-scan |- ap-auto-suppress |- wireless-bridge |- deauth-broadcast |- null-ssid-probe-resp |- long-duration-attack |- long-duration-thresh (1000,32767) |- invalid-mac-oui |- weak-wep-iv |- auth-frame-flood |- auth-flood-time (5,120) |- auth-flood-thresh (1,100) |- assoc-frame-flood |- assoc-flood-time (5,120) |- assoc-flood-thresh (1,100) |- spoofed-deauth |- asleap-attack |- eapol-start-flood |- eapol-start-thresh (2,100) |- eapol-start-intv (1,3600) |- eapol-logoff-flood |- eapol-logoff-thresh (2,100) |- eapol-logoff-intv (1,3600) |- eapol-succ-flood |- eapol-succ-thresh (2,100) |- eapol-succ-intv (1,3600) |- eapol-fail-flood |- eapol-fail-thresh (2,100) |- eapol-fail-intv (1,3600) |- eapol-pre-succ-flood |- eapol-pre-succ-thresh (2,100) |- eapol-pre-succ-intv (1,3600) |- eapol-pre-fail-flood |- eapol-pre-fail-thresh (2,100) |- eapol-pre-fail-intv (1,3600) +- deauth-unknown-src-thresh (0,65535) |- [wtp-profile] --*name (36) |- comment |- <platform> -- type |- wan-port-mode |- <lan> -- port-mode |- port-ssid (16) |- port1-mode |- port1-ssid (16) |- port2-mode |- port2-ssid (16) |- port3-mode |- port3-ssid (16) |- port4-mode |- port4-ssid (16) |- port5-mode |- port5-ssid (16) |- port6-mode |- port6-ssid (16) |- port7-mode |- port7-ssid (16) |- port8-mode +- port8-ssid (16) |- led-state |- dtls-policy |- dtls-in-kernel |- max-clients (0,4294967295) |- handoff-rssi (20,30) |- handoff-sta-thresh (5,35) |- handoff-roaming |- [deny-mac-list] --*id (0,4294967295) +- mac |- ap-country |- ip-fragment-preventing |- tun-mtu-uplink (0,4294967295) |- tun-mtu-downlink (0,4294967295) |- split-tunneling-acl-local-ap-subnet |- [split-tunneling-acl] --*id (0,4294967295) +- dest-ip |- allowaccess |- login-passwd-change |- login-passwd |- lldp |- <radio-1> -- radio-id (0,2) |- mode |- band |- protection-mode |- powersave-optimize |- amsdu |- coexistence |- short-guard-interval |- channel-bonding |- auto-power-level |- auto-power-high (0,4294967295) |- auto-power-low (0,4294967295) |- power-level (0,100) |- dtim (1,255) |- beacon-interval (0,4294967295) |- rts-threshold (256,2346) |- frag-threshold (800,2346) |- ap-sniffer-bufsize (1,32) |- ap-sniffer-chan (0,4294967295) |- ap-sniffer-addr |- ap-sniffer-mgmt-beacon |- ap-sniffer-mgmt-probe |- ap-sniffer-mgmt-other |- ap-sniffer-ctl |- ap-sniffer-data |- spectrum-analysis |- wids-profile (36) |- darrp |- max-clients (0,4294967295) |- max-distance (0,54000) |- frequency-handoff |- ap-handoff |- vap-all |- [vaps] --*name (36) +- [channel] --*chan (4) |- <radio-2> -- radio-id (0,2) |- mode |- band |- protection-mode |- powersave-optimize |- amsdu |- coexistence |- short-guard-interval |- channel-bonding |- auto-power-level |- auto-power-high (0,4294967295) |- auto-power-low (0,4294967295) |- power-level (0,100) |- dtim (1,255) |- beacon-interval (0,4294967295) |- rts-threshold (256,2346) |- frag-threshold (800,2346) |- ap-sniffer-bufsize (1,32) |- ap-sniffer-chan (0,4294967295) |- ap-sniffer-addr |- ap-sniffer-mgmt-beacon |- ap-sniffer-mgmt-probe |- ap-sniffer-mgmt-other |- ap-sniffer-ctl |- ap-sniffer-data |- spectrum-analysis |- wids-profile (36) |- darrp |- max-clients (0,4294967295) |- max-distance (0,54000) |- frequency-handoff |- ap-handoff |- vap-all |- [vaps] --*name (36) +- [channel] --*chan (4) +- <lbs> -- ekahau-blink-mode |- ekahau-tag |- erc-server-ip |- erc-server-port (1024,65535) |- aeroscout |- aeroscout-server-ip |- aeroscout-server-port (1024,65535) |- aeroscout-mu-factor (0,4294967295) |- aeroscout-mu-timeout (0,4294967295) |- fortipresence |- fortipresence-server |- fortipresence-port (300,65535) |- fortipresence-secret |- fortipresence-project (17) |- fortipresence-frequency (5,65535) |- fortipresence-rogue |- fortipresence-unassoc +- station-locate |- [wtp] --*wtp-id (36) |- index (0,4294967295) |- admin |- name (36) |- location (36) |- wtp-mode |- wtp-profile (36) |- override-led-state |- led-state |- override-wan-port-mode |- wan-port-mode |- override-ip-fragment |- ip-fragment-preventing |- tun-mtu-uplink (0,4294967295) |- tun-mtu-downlink (0,4294967295) |- override-split-tunnel |- split-tunneling-acl-local-ap-subnet |- [split-tunneling-acl] --*id (0,4294967295) +- dest-ip |- override-lan |- <lan> -- port-mode |- port-ssid (16) |- port1-mode |- port1-ssid (16) |- port2-mode |- port2-ssid (16) |- port3-mode |- port3-ssid (16) |- port4-mode |- port4-ssid (16) |- port5-mode |- port5-ssid (16) |- port6-mode |- port6-ssid (16) |- port7-mode |- port7-ssid (16) |- port8-mode +- port8-ssid (16) |- override-allowaccess |- allowaccess |- override-login-passwd-change |- login-passwd-change |- login-passwd |- <radio-1> -- radio-id (0,2) |- override-band |- band |- override-analysis |- spectrum-analysis |- override-txpower |- auto-power-level |- auto-power-high (0,4294967295) |- auto-power-low (0,4294967295) |- power-level (0,100) |- override-vaps |- vap-all |- [vaps] --*name (36) |- override-channel +- [channel] --*chan (4) |- <radio-2> -- radio-id (0,2) |- override-band |- band |- override-analysis |- spectrum-analysis |- override-txpower |- auto-power-level |- auto-power-high (0,4294967295) |- auto-power-low (0,4294967295) |- power-level (0,100) |- override-vaps |- vap-all |- [vaps] --*name (36) |- override-channel +- [channel] --*chan (4) |- image-download |- mesh-bridge-enable |- coordinate-enable |- coordinate-x (16) +- coordinate-y (16) |- [wtp-group] --*name (36) |- platform-type +- [wtp-list] --*wtp-id (36) |- <scan> |- [ap-status] --*id (0,4294967295) |- bssid |- ssid (33 xss) +- status |- <wlchanlistlic> |- <status> -- [1|2] (0) |- <wtp-status> -- <wtp-id> (0) |- <client-info> -- <vfid> -- <intf> -- <ip> (0) |- <vap-status> -- [1] (0) |- <rf-analysis> -- <wtp-id> (0) +- <spectral-info> -- [wtp-id] -- <radio-id> (0) |- extender-controller -- [extender] --*id (20) |- admin |- ifname (16) |- vdom (0,4294967295) |- role |- mode |- dial-mode |- redial |- redundant-intf (16) |- dial-status (0,4294967295) |- conn-status (0,4294967295) |- ext-name (32) |- description (32) |- quota-limit-mb (0,10485760) |- billing-start-day (1,28) |- at-dial-script (128 xss) |- modem-passwd |- initiated-update |- modem-type |- ppp-username (32) |- ppp-password |- ppp-auth-protocol |- ppp-echo-request |- wimax-carrier (32) |- wimax-realm (32) |- wimax-auth-protocol |- sim-pin |- access-point-name (32) |- multi-mode |- roaming |- cdma-nai (32) |- aaa-shared-secret |- ha-shared-secret |- primary-ha (32) |- secondary-ha (32) |- cdma-aaa-spi (32) +- cdma-ha-spi (32) |- ipsec -- <tunnel> |- firewall -- [address] --*name (64) |- uuid |- subnet |- type |- start-ip |- end-ip |- fqdn (256) |- country (3) |- wildcard-fqdn (256) |- cache-ttl (0,86400) |- wildcard |- comment |- visibility |- associated-interface (36) |- color (0,32) |- [tags] --*name (65) +- allow-routing |- [multicast-address] --*name (64) |- type |- subnet |- start-ip |- end-ip |- comment |- visibility |- associated-interface (36) |- color (0,32) +- [tags] --*name (65) |- [address6] --*name (64) |- uuid |- type |- ip6 |- start-ip |- end-ip |- visibility |- color (0,32) |- [tags] --*name (65) +- comment |- [multicast-address6] --*name (140) |- ip6 |- comment |- visibility |- color (0,32) +- [tags] --*name (65) |- [addrgrp] --*name (64) |- uuid |- [member] --*name (65) |- comment |- visibility |- color (0,32) |- [tags] --*name (65) +- allow-routing |- [addrgrp6] --*name (64) |- uuid |- visibility |- color (0,32) |- comment |- [member] --*name (65) +- [tags] --*name (65) |- service -- [category] --*name (64) +- comment |- [custom] --*name (64) |- explicit-proxy |- category (64) |- protocol |- iprange |- fqdn (256) |- protocol-number (0,4294967295) |- icmptype (0,4294967295) |- icmpcode (0,4294967295) |- tcp-portrange |- udp-portrange |- sctp-portrange |- tcp-halfclose-timer (0,86400) |- tcp-halfopen-timer (0,86400) |- tcp-timewait-timer (0,300) |- udp-idle-timer (0,86400) |- session-ttl (0,4294967295) |- check-reset-range |- comment |- color (0,32) +- visibility +- [group] --*name (36) |- [member] --*name (65) |- explicit-proxy |- comment +- color (0,32) |- shaper -- [traffic-shaper] --*name (36) |- guaranteed-bandwidth (0,16776000) |- maximum-bandwidth (0,16776000) |- bandwidth-unit |- priority |- per-policy |- diffserv +- diffservcode |- [per-ip-shaper] --*name (36) |- max-bandwidth (0,16776000) |- bandwidth-unit |- max-concurrent-session (0,2097000) |- diffserv-forward |- diffserv-reverse |- diffservcode-forward +- diffservcode-rev |- <traffic> +- <per-ip> |- schedule -- [onetime] --*name (32) |- start |- end |- color (0,32) +- expiration-days (0,100) |- [recurring] --*name (32) |- start |- end |- day +- color (0,32) +- [group] --*name (32) |- [member] --*name (65) +- color (0,32) |- [ippool] --*name (36) |- type |- startip |- endip |- source-startip |- source-endip |- block-size (64,4096) |- num-blocks-per-user (1,128) |- permit-any-host |- arp-reply |- arp-intf (16) +- comments |- [ippool6] --*name (36) |- startip |- endip +- comments |- [ldb-monitor] --*name (36) |- type |- interval (5,65535) |- timeout (1,255) |- retry (1,255) |- port (0,65535) |- http-get (256) |- http-match (256) +- http-max-redirects (0,5) |- [vip] --*name (64) |- id (0,65535) |- uuid |- comment |- type |- dns-mapping-ttl (0,604800) |- ldb-method |- [src-filter] --*range (65) |- extip |- [mappedip] --*range (65) |- mapped-addr (64) |- extintf (36) |- arp-reply |- server-type |- persistence |- nat-source-vip |- portforward |- protocol |- extport |- mappedport |- gratuitous-arp-interval (0,4294967295) |- [srcintf-filter] --*interface-name (65) |- portmapping-type |- [realservers] --*id (0,4294967295) |- ip |- port (1,65535) |- status |- weight (1,255) |- holddown-interval (0,4294967295) |- healthcheck |- http-host (64) |- max-connections (0,2147483647) |- monitor (65) +- client-ip |- http-cookie-domain-from-host |- http-cookie-domain (36) |- http-cookie-path (36) |- http-cookie-generation (0,4294967295) |- http-cookie-age (0,525600) |- http-cookie-share |- http-multiplex |- http-ip-header |- http-ip-header-name (36) |- outlook-web-access |- weblogic-server |- websphere-server |- monitor (65) |- max-embryonic-connections (0,100000) +- color (0,32) |- [vip46] --*name (64) |- id (0,65535) |- uuid |- comment |- [src-filter] --*range (80) |- extip |- mappedip |- arp-reply |- portforward |- protocol |- extport |- mappedport +- color (0,32) |- [vip6] --*name (64) |- id (0,65535) |- uuid |- comment |- type |- [src-filter] --*range (80) |- extip |- mappedip |- arp-reply |- portforward |- protocol |- extport |- mappedport +- color (0,32) |- [vip64] --*name (64) |- id (0,65535) |- uuid |- comment |- [src-filter] --*range (80) |- extip |- mappedip |- arp-reply |- portforward |- protocol |- extport |- mappedport +- color (0,32) |- [vipgrp] --*name (64) |- uuid |- interface (36) |- color (0,32) |- comments +- [member] --*name (65) |- [vipgrp46] --*name (64) |- uuid |- color (0,32) |- comments +- [member] --*name (65) |- [vipgrp6] --*name (64) |- uuid |- color (0,32) |- comments +- [member] --*name (65) |- [vipgrp64] --*name (64) |- uuid |- color (0,32) |- comments +- [member] --*name (65) |- ipmacbinding -- <setting> -- bindthroughfw |- bindtofw +- undefinedhost +- [table] --*seq-num (0,4294967295) |- ip |- mac |- name (36) +- status |- [profile-protocol-options] --*name (36) |- comment |- replacemsg-group (36) |- oversize-log |- switching-protocols-log |- <http> -- ports (1,65535) |- status |- inspect-all |- options |- comfort-interval (1,900) |- comfort-amount (1,10240) |- range-block |- post-lang |- fortinet-bar |- fortinet-bar-port (0,4294967295) |- streaming-content-bypass |- switching-protocols |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) |- scan-bzip2 |- block-page-status-code (100,599) +- retry-count (0,100) |- <ftp> -- ports (1,65535) |- status |- inspect-all |- options |- comfort-interval (1,900) |- comfort-amount (1,10240) |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) +- scan-bzip2 |- <imap> -- ports (1,65535) |- status |- inspect-all |- options |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) +- scan-bzip2 |- <mapi> -- ports (1,65535) |- status |- options |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) +- scan-bzip2 |- <pop3> -- ports (1,65535) |- status |- inspect-all |- options |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) +- scan-bzip2 |- <smtp> -- ports (1,65535) |- status |- inspect-all |- options |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) |- scan-bzip2 +- server-busy |- <nntp> -- ports (1,65535) |- status |- inspect-all |- options |- oversize-limit (1,183) |- uncompressed-oversize-limit (0,183) |- uncompressed-nest-limit (2,100) +- scan-bzip2 |- <dns> -- ports (1,65535) +- status |- <mail-signature> -- status +- signature (1024 xss) +- rpc-over-http |- [ssl-ssh-profile] --*name (36) |- comment |- <ssl> -- inspect-all |- client-cert-request |- unsupported-ssl |- allow-invalid-server-cert +- untrusted-cert |- <https> -- ports (1,65535) |- status |- client-cert-request |- unsupported-ssl |- allow-invalid-server-cert +- untrusted-cert |- <ftps> -- ports (1,65535) |- status |- client-cert-request |- unsupported-ssl |- allow-invalid-server-cert +- untrusted-cert |- <imaps> -- ports (1,65535) |- status |- client-cert-request |- unsupported-ssl |- allow-invalid-server-cert +- untrusted-cert |- <pop3s> -- ports (1,65535) |- status |- client-cert-request |- unsupported-ssl |- allow-invalid-server-cert +- untrusted-cert |- <smtps> -- ports (1,65535) |- status |- client-cert-request |- unsupported-ssl |- allow-invalid-server-cert +- untrusted-cert |- whitelist |- [ssl-exempt] --*id (0,4294967295) |- type |- fortiguard-category (0,4294967295) |- address (64) +- address6 (64) |- server-cert-mode |- use-ssl-server |- caname (36) |- untrusted-caname (36) |- certname (36) |- server-cert (36) |- [ssl-server] --*id (0,4294967295) |- ip |- https-client-cert-request |- smtps-client-cert-request |- pop3s-client-cert-request |- imaps-client-cert-request |- ftps-client-cert-request +- ssl-other-client-cert-request |- ssl-invalid-server-cert-log +- rpc-over-https |- [profile-group] --*name (36) |- av-profile (36) |- webfilter-profile (36) |- dnsfilter-profile (36) |- spamfilter-profile (36) |- dlp-sensor (36) |- ips-sensor (36) |- application-list (36) |- casi-profile (36) |- voip-profile (36) |- icap-profile (36) |- waf-profile (36) |- profile-protocol-options (36) +- ssl-ssh-profile (36) |- [ssl-server] --*name (36) |- ip |- port (1,65535) |- ssl-mode |- add-header-x-forwarded-proto |- mapped-port (1,65535) |- ssl-cert (36) |- ssl-dh-bits |- ssl-algorithm |- ssl-client-renegotiation |- ssl-min-version |- ssl-max-version |- ssl-send-empty-frags +- url-rewrite |- [identity-based-route] --*name (36) |- comments (128 xss) +- [rule] --*id (0,4294967295) |- gateway |- device (36) +- [groups] --*name (65) |- <auth-portal> -- [groups] --*name (65) |- portal-addr (64) |- portal-addr6 (64) +- identity-based-route (36) |- [policy] --*policyid (0,4294967294) |- name (36 xss) |- uuid |- [srcintf] --*name (65) |- [dstintf] --*name (65) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- rtp-nat |- [rtp-addr] --*name (65) |- action |- send-deny-packet |- firewall-session-dirty |- status |- schedule (36) |- schedule-timeout |- [service] --*name (65) |- utm-status |- profile-type |- profile-group (36) |- av-profile (36) |- webfilter-profile (36) |- dnsfilter-profile (36) |- spamfilter-profile (36) |- dlp-sensor (36) |- ips-sensor (36) |- application-list (36) |- casi-profile (36) |- voip-profile (36) |- icap-profile (36) |- waf-profile (36) |- profile-protocol-options (36) |- ssl-ssh-profile (36) |- logtraffic |- logtraffic-start |- capture-packet |- auto-asic-offload |- wanopt |- wanopt-detection |- wanopt-passive-opt |- wanopt-profile (36) |- wanopt-peer (36) |- webcache |- webcache-https |- traffic-shaper (36) |- traffic-shaper-reverse (36) |- per-ip-shaper (36) |- nat |- permit-any-host |- permit-stun-host |- fixedport |- ippool |- [poolname] --*name (65) |- session-ttl (0,4294967295) |- vlan-cos-fwd (0,4294967295) |- vlan-cos-rev (0,4294967295) |- inbound |- outbound |- natinbound |- natoutbound |- wccp |- ntlm |- ntlm-guest |- [ntlm-enabled-browsers] --*user-agent-string (65) |- fsso |- wsso |- rsso |- fsso-agent-for-ntlm (36) |- [groups] --*name (65) |- [users] --*name (65) |- [devices] --*name (36) |- auth-path |- disclaimer |- vpntunnel (36) |- natip |- match-vip |- diffserv-forward |- diffserv-reverse |- diffservcode-forward |- diffservcode-rev |- tcp-mss-sender (0,65535) |- tcp-mss-receiver (0,65535) |- comments |- label (64 xss) |- global-label (64 xss) |- auth-cert (36) |- auth-redirect-addr (64) |- redirect-url (256) |- identity-based-route (36) |- block-notification |- [custom-log-fields] --*field_id (36) |- [tags] --*name (65) |- replacemsg-override-group (36) |- srcaddr-negate |- dstaddr-negate |- service-negate |- timeout-send-rst |- captive-portal-exempt |- ssl-mirror |- [ssl-mirror-intf] --*name (65) |- scan-botnet-connections +- dsri |- [shaping-policy] --*id (0,4294967295) |- status |- ip-version |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- [srcaddr6] --*name (65) |- [dstaddr6] --*name (65) |- [service] --*name (65) |- [users] --*name (65) |- [groups] --*name (65) |- [application] --*id (0,4294967295) |- [app-category] --*id (0,4294967295) |- [url-category] --*id (0,4294967295) |- [dstintf] --*name (65) |- traffic-shaper (36) |- traffic-shaper-reverse (36) +- per-ip-shaper (36) |- [local-in-policy] --*policyid (0,4294967295) |- ha-mgmt-intf-only |- intf (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- action |- [service] --*name (65) |- schedule (36) |- auto-asic-offload +- status |- [policy6] --*policyid (0,4294967294) |- name (36 xss) |- uuid |- [srcintf] --*name (65) |- [dstintf] --*name (65) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- action |- firewall-session-dirty |- status |- vlan-cos-fwd (0,4294967295) |- vlan-cos-rev (0,4294967295) |- schedule (36) |- [service] --*name (65) |- utm-status |- profile-type |- profile-group (36) |- av-profile (36) |- webfilter-profile (36) |- spamfilter-profile (36) |- dlp-sensor (36) |- ips-sensor (36) |- application-list (36) |- casi-profile (36) |- voip-profile (36) |- icap-profile (36) |- profile-protocol-options (36) |- ssl-ssh-profile (36) |- logtraffic |- logtraffic-start |- auto-asic-offload |- traffic-shaper (36) |- traffic-shaper-reverse (36) |- per-ip-shaper (36) |- nat |- fixedport |- ippool |- [poolname] --*name (65) |- inbound |- outbound |- natinbound |- natoutbound |- send-deny-packet |- vpntunnel (36) |- diffserv-forward |- diffserv-reverse |- diffservcode-forward |- diffservcode-rev |- tcp-mss-sender (0,65535) |- tcp-mss-receiver (0,65535) |- comments |- label (64 xss) |- global-label (64 xss) |- rsso |- [tags] --*name (65) |- replacemsg-override-group (36) |- srcaddr-negate |- dstaddr-negate |- service-negate |- [groups] --*name (65) |- [users] --*name (65) |- [devices] --*name (36) |- timeout-send-rst |- ssl-mirror |- [ssl-mirror-intf] --*name (65) +- dsri |- [local-in-policy6] --*policyid (0,4294967295) |- intf (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- action |- [service] --*name (65) |- schedule (36) +- status |- [ttl-policy] --*id (0,4294967295) |- status |- action |- srcintf (36) |- [srcaddr] --*name (65) |- [service] --*name (65) |- schedule (36) +- ttl |- [policy64] --*policyid (0,4294967295) |- uuid |- srcintf (36) |- dstintf (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- action |- status |- schedule (36) |- [service] --*name (65) |- logtraffic |- permit-any-host |- traffic-shaper (36) |- traffic-shaper-reverse (36) |- per-ip-shaper (36) |- fixedport |- ippool |- [poolname] --*name (65) |- tcp-mss-sender (0,4294967295) |- tcp-mss-receiver (0,4294967295) |- comments +- [tags] --*name (65) |- [policy46] -- permit-any-host |-*policyid (0,4294967295) |- uuid |- srcintf (36) |- dstintf (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- action |- status |- schedule (36) |- [service] --*name (65) |- logtraffic |- traffic-shaper (36) |- traffic-shaper-reverse (36) |- per-ip-shaper (36) |- fixedport |- tcp-mss-sender (0,4294967295) |- tcp-mss-receiver (0,4294967295) |- comments +- [tags] --*name (65) |- [explicit-proxy-address] --*name (36) |- uuid |- type |- host (36) |- host-regex (256 xss) |- path (256 xss) |- [category] --*id (0,4294967295) |- method |- ua |- header-name (80) |- header (256 xss) |- case-sensitivity |- [header-group] --*id (0,4294967295) |- header-name (80) |- header (256 xss) +- case-sensitivity |- color (0,32) |- [tags] --*name (65) |- comment +- visibility |- [explicit-proxy-addrgrp] --*name (64) |- type |- uuid |- [member] --*name (65) |- color (0,32) |- [tags] --*name (65) |- comment +- visibility |- [explicit-proxy-policy] -- uuid |-*policyid (0,4294967295) |- proxy |- [dstintf] --*name (65) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- [service] --*name (65) |- srcaddr-negate |- dstaddr-negate |- service-negate |- action |- status |- schedule (36) |- logtraffic |- [srcaddr6] --*name (65) |- [dstaddr6] --*name (65) |- identity-based |- ip-based |- active-auth-method |- sso-auth-method |- require-tfa |- web-auth-cookie |- transaction-based |- [identity-based-policy] --*id (0,4294967295) |- schedule (36) |- logtraffic |- logtraffic-start |- scan-botnet-connections |- utm-status |- profile-type |- profile-group (36) |- av-profile (36) |- webfilter-profile (36) |- spamfilter-profile (36) |- dlp-sensor (36) |- ips-sensor (36) |- application-list (36) |- casi-profile (36) |- icap-profile (36) |- waf-profile (36) |- profile-protocol-options (36) |- ssl-ssh-profile (36) |- [groups] --*name (65) |- [users] --*name (65) |- disclaimer +- replacemsg-override-group (36) |- webproxy-forward-server (64) |- webproxy-profile (64) |- transparent |- webcache |- webcache-https |- disclaimer |- utm-status |- profile-type |- profile-group (36) |- av-profile (36) |- webfilter-profile (36) |- spamfilter-profile (36) |- dlp-sensor (36) |- ips-sensor (36) |- application-list (36) |- casi-profile (36) |- icap-profile (36) |- waf-profile (36) |- profile-protocol-options (36) |- ssl-ssh-profile (36) |- replacemsg-override-group (36) |- logtraffic-start |- [tags] --*name (65) |- label (64 xss) |- global-label (64 xss) |- scan-botnet-connections +- comments |- [dnstranslation] --*id (0,4294967295) |- src |- dst +- netmask |- [multicast-policy] --*id (0,4294967295) |- status |- logtraffic |- srcintf (36) |- dstintf (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- snat |- snat-ip |- dnat |- action |- protocol (0,4294967295) |- start-port (0,65535) |- end-port (0,65535) +- auto-asic-offload |- [multicast-policy6] --*id (0,4294967295) |- status |- logtraffic |- srcintf (36) |- dstintf (36) |- [srcaddr] --*name (80) |- [dstaddr] --*name (80) |- action |- protocol (0,4294967295) |- start-port (0,65535) |- end-port (0,65535) +- auto-asic-offload |- [interface-policy] --*policyid (0,4294967295) |- status |- logtraffic |- address-type |- interface (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- [service] --*name (65) |- application-list-status |- application-list (36) |- casi-profile-status |- casi-profile (36) |- ips-sensor-status |- ips-sensor (36) |- dsri |- av-profile-status |- av-profile (36) |- webfilter-profile-status |- webfilter-profile (36) |- spamfilter-profile-status |- spamfilter-profile (36) |- dlp-sensor-status |- dlp-sensor (36) |- scan-botnet-connections +- label (64 xss) |- [interface-policy6] --*policyid (0,4294967295) |- status |- logtraffic |- address-type |- interface (36) |- [srcaddr6] --*name (65) |- [dstaddr6] --*name (65) |- [service6] --*name (65) |- application-list-status |- application-list (36) |- casi-profile-status |- casi-profile (36) |- ips-sensor-status |- ips-sensor (36) |- dsri |- av-profile-status |- av-profile (36) |- webfilter-profile-status |- webfilter-profile (36) |- spamfilter-profile-status |- spamfilter-profile (36) |- dlp-sensor-status |- dlp-sensor (36) |- scan-botnet-connections +- label (64 xss) |- [DoS-policy] --*policyid (0,9999) |- status |- interface (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- [service] --*name (65) +- [anomaly] --*name (64) |- status |- log |- action |- quarantine |- quarantine-expiry |- quarantine-log |- threshold (1,2147483647) +- threshold(default) (0,4294967295) |- [DoS-policy6] --*policyid (0,9999) |- status |- interface (36) |- [srcaddr] --*name (65) |- [dstaddr] --*name (65) |- [service] --*name (65) +- [anomaly] --*name (64) |- status |- log |- action |- quarantine |- quarantine-expiry |- quarantine-log |- threshold (1,2147483647) +- threshold(default) (0,4294967295) |- [sniffer] --*id (0,9999) |- status |- logtraffic |- ipv6 |- non-ip |- interface (36) |- host (64 xss) |- port (64 xss) |- protocol (64 xss) |- vlan (64 xss) |- application-list-status |- application-list (36) |- casi-profile-status |- casi-profile (36) |- ips-sensor-status |- ips-sensor (36) |- dsri |- av-profile-status |- av-profile (36) |- webfilter-profile-status |- webfilter-profile (36) |- spamfilter-profile-status |- spamfilter-profile (36) |- dlp-sensor-status |- dlp-sensor (36) |- ips-dos-status |- [anomaly] --*name (64) |- status |- log |- action |- quarantine |- quarantine-expiry |- quarantine-log |- threshold (1,2147483647) +- threshold(default) (0,4294967295) |- scan-botnet-connections +- max-packet-count (1,10000) |- [central-snat-map] --*policyid (0,4294967295) |- status |- [orig-addr] --*name (65) |- [dst-addr] --*name (65) |- [nat-ippool] --*name (65) |- protocol (0,255) |- orig-port (0,65535) +- nat-port |- ssl -- <setting> -- proxy-connect-timeout (1,60) |- ssl-dh-bits |- ssl-send-empty-frags |- no-matching-cipher-action |- cert-cache-capacity (0,500) |- cert-cache-timeout (1,120) |- session-cache-capacity (0,1000) +- session-cache-timeout (1,60) |- [ip-translation] --*transid (0,4294967295) |- type |- startip |- endip +- map-startip |- <ipv6-eh-filter> -- hop-opt |- dest-opt |- hdopt-type (0,4294967295) |- routing |- routing-type (0,4294967295) |- fragment |- auth +- no-next |- iprope -- <list> -- <group_number> (0) +- appctrl -- <list> +- <status> |- <proute> -- <policy route id> (0) +- <proute6> |- webfilter -- [ftgd-local-cat] -- id (0,4294967295) +-*desc (80) |- [content] --*id (0,4294967295) |- name (36) |- comment +- [entries] --*name (128 xss) |- pattern-type |- status |- lang |- score (0,4294967295) +- action |- [content-header] --*id (0,4294967295) |- name (36) |- comment +- [entries] --*pattern (32 xss) |- action +- category |- [urlfilter] --*id (0,4294967295) |- name (36) |- comment |- one-arm-ips-urlfilter |- ip-addr-block +- [entries] --*id (0,4294967295) |- url (512 xss) |- type |- action |- status |- exempt |- web-proxy-profile (64) +- referrer-host (256) |- <ips-urlfilter-setting> -- device (36) |- distance (1,255) +- gateway |- <ips-urlfilter-cache-setting> -- dns-retry-interval (0,2147483) +- extended-ttl (0,2147483) |- [profile] --*name (36) |- comment |- replacemsg-group (36) |- inspection-mode |- options |- https-replacemsg |- ovrd-perm |- post-action |- <override> -- ovrd-cookie |- ovrd-scope |- profile-type |- ovrd-dur-mode |- ovrd-dur |- profile-attribute |- [ovrd-user-group] --*name (65) +- [profile] --*name (65) |- <web> -- bword-threshold (0,2147483647) |- bword-table (0,4294967295) |- urlfilter-table (0,4294967295) |- content-header-list (0,4294967295) |- blacklist |- whitelist |- safe-search |- youtube-edu-filter-id (45) |- log-search +- [keyword-match] --*pattern (65) |- <ftgd-wf> -- options |- category-override |- exempt-quota |- ovrd |- [filters] --*id (0,4294967295) |- category (0,4294967295) |- action |- warn-duration |- [auth-usr-grp] --*name (65) |- log |- override-replacemsg (29) |- warning-prompt +- warning-duration-type |- [quota] --*id (0,4294967295) |- category |- type |- unit |- value (0,4294967295) |- duration +- override-replacemsg (29) |- max-quota-timeout (1,86400) |- rate-image-urls |- rate-javascript-urls |- rate-css-urls +- rate-crl-urls |- wisp |- log-all-url |- web-content-log |- web-filter-activex-log |- web-filter-command-block-log |- web-filter-cookie-log |- web-filter-applet-log |- web-filter-jscript-log |- web-filter-js-log |- web-filter-vbs-log |- web-filter-unknown-log |- web-filter-referer-log |- web-filter-cookie-removal-log |- web-url-log |- web-invalid-domain-log |- web-ftgd-err-log +- web-ftgd-quota-usage |- <fortiguard> -- cache-mode |- cache-prefix-match |- cache-mem-percent (1,15) |- ovrd-auth-port-http (0,4294967295) |- ovrd-auth-port-https (0,4294967295) |- ovrd-auth-port-warning (0,4294967295) |- ovrd-auth-https |- warn-auth-https |- close-ports |- request-packet-size-limit (0,4294967295) +- ovrd-auth-port (0,4294967295) |- <categories> |- [override] --*id (0,4294967295) |- status |- scope |- ip |- user (65) |- user-group (64) |- old-profile (36) |- new-profile (36) |- ip6 |- expires +- initiator (65) |- [override-user] --*id (0,4294967295) |- status |- scope |- ip |- user (65) |- user-group (64) |- old-profile (36) |- new-profile (36) |- ip6 |- expires +- initiator (65) |- [ftgd-warning] --*id (0,4294967295) |- status |- scope |- ip |- user (65) |- user-group (64) |- old-profile (36) |- expires +- rating (0,4294967295) |- [ftgd-local-rating] --*url (512 xss) |- status +- rating |- [search-engine] --*name (36) |- hostname (128 xss) |- url (128 xss) |- query (16 xss) |- safesearch |- charset +- safesearch-str (80 xss) |- <cookie-ovrd> -- redir-host (256) +- redir-port (0,4294967295) |- <ftgd-statistics> +- <status> -- <refresh-rate> (0) |- ips -- [sensor] --*name (36) |- comment |- replacemsg-group (36) |- block-malicious-url |- [entries] --*id (0,4294967295) |- [rule] --*id (0,4294967295) |- location |- severity |- protocol |- os |- application |- [tags] --*name (65) |- status |- log |- log-packet |- log-attack-context |- action |- rate-count (0,65535) |- rate-duration (1,65535) |- rate-mode |- rate-track |- [exempt-ip] --*id (0,4294967295) |- src-ip +- dst-ip |- quarantine |- quarantine-expiry +- quarantine-log |- [filter] --*name (32) |- location |- severity |- protocol |- os |- application |- status |- log |- log-packet |- action |- quarantine |- quarantine-expiry (1,2147483647) +- quarantine-log +- [override] --*rule-id (0,4294967295) |- status |- log |- log-packet |- action |- quarantine |- quarantine-expiry (1,2147483647) |- quarantine-log +- [exempt-ip] --*id (0,4294967295) |- src-ip +- dst-ip |- [attr-map] --*id (0,4294967295) |- name (32) +- [children] --*map-id (0,4294967295) |- [metadata-map] --*id (0,4294967295) |- type (0,4294967295) |- name (32) +- [values] --*subid (0,4294967295) +- subname (32) |- [view-map] --*id (0,4294967295) |- vdom-id (0,4294967295) |- policy-id (0,4294967295) |- id-policy-id (0,4294967295) +- which |- [decoder] --*name (64) +- [parameter] --*name (32) +- value (200) |- [rule] --*name (64) |- status |- log |- log-packet |- action |- group (64) |- severity |- location |- os |- application |- service |- rule-id (0,4294967295) |- rev (0,4294967295) |- date (0,4294967295) +- [metadata] --*id (0,4294967295) |- metaid (0,4294967295) +- valueid (0,4294967295) |- [rule-settings] --*id (0,4294967295) +- [tags] --*name (65) |- [custom] --*tag (64) |- signature (1024 xss) |- sig-name (64) |- rule-id (0,4294967295) |- severity |- location |- os |- application |- protocol |- status |- log |- log-packet |- action +- comment (64 xss) |- <global> -- fail-open |- database |- traffic-submit |- anomaly-mode |- session-limit-mode |- intelligent-mode |- socket-size (0,4294967295) |- engine-count (0,4294967295) |- algorithm |- sync-session-ttl |- cp-accel-mode |- skype-client-public-ipaddr |- default-app-cat-mask |- deep-app-insp-timeout (0,4294967295) |- deep-app-insp-db-limit (0,4294967295) +- exclude-signatures |- <settings> -- packet-log-history (1,255) |- packet-log-post-attack (0,255) |- packet-log-memory (0,4294967295) +- ips-packet-quota (0,4294967295) |- <dbinfo> -- version (0,4294967295) +- <session> |- web-proxy -- [profile] --*name (64) |- header-client-ip |- header-via-request |- header-via-response |- header-x-forwarded-for |- header-front-end-https +- [headers] --*id (0,4294967295) |- name (80) |- action +- content (256) |- <global> -- proxy-fqdn (256) |- max-request-length (2,64) |- max-message-length (16,256) |- strict-web-check |- forward-proxy-auth |- tunnel-non-http |- unknown-http-version |- forward-server-affinity-timeout (6,60) |- max-waf-body-cache-length (10,1024) +- webproxy-profile (64) |- <explicit> -- status |- ftp-over-http |- socks |- http-incoming-port (1,65535) |- https-incoming-port (0,65535) |- ftp-incoming-port (0,65535) |- socks-incoming-port (0,65535) |- incoming-ip |- outgoing-ip |- ipv6-status |- incoming-ip6 |- outgoing-ip6 |- strict-guest |- pref-dns-result |- unknown-http-version |- realm (64) |- sec-default-action |- https-replacement-message |- message-upon-server-error |- pac-file-server-status |- pac-file-server-port (0,65535) |- pac-file-name (64) |- pac-file-data |- pac-file-url +- ssl-algorithm |- [forward-server] --*name (64) |- ip |- fqdn (256) |- addr-type |- port (1,65535) |- healthcheck |- monitor (256) |- server-down-option +- comment (64 xss) |- [forward-server-group] --*name (64) |- affinity |- ldb-method |- group-down-option +- [server-list] --*name (64) +- weight (1,100) |- [debug-url] --*name (64) |- url-pattern (512) |- status +- exact |- <wisp> -- status |- server-ip |- server-port (1,65535) +- max-connections (4,4096) +- [url-match] --*name (64) |- status |- url-pattern (512) |- forward-server (36) |- cache-exemption +- comment |- wanopt -- <webcache> -- max-object-size (1,2147483) |- neg-resp-time (0,4294967295) |- fresh-factor (1,100) |- max-ttl (1,5256000) |- min-ttl (1,5256000) |- default-ttl (1,5256000) |- ignore-ims |- ignore-conditional |- ignore-pnc |- ignore-ie-reload |- cache-expired |- cache-cookie |- reval-pnc |- always-revalidate |- cache-by-default |- host-validate +- external |- <settings> -- host-id (36) |- tunnel-ssl-algorithm +- auto-detect-algorithm |- [storage] --*name (36) |- size (0,4294967295) |- webcache-storage-percentage (0,100) |- webcache-storage-size +- wan-optimization-cache-storage-size |- [peer] --*peer-host-id (36) +- ip |- [auth-group] --*name (36) |- auth-method |- psk |- cert (36) |- peer-accept +- peer (36) +- [profile] --*name (36) |- transparent |- comments |- auth-group (36) |- <http> -- status |- secure-tunnel |- byte-caching |- prefer-chunking |- tunnel-sharing |- log-traffic |- port (1,65535) |- ssl |- ssl-port (1,65535) |- unknown-http-version +- tunnel-non-http |- <cifs> -- status |- secure-tunnel |- byte-caching |- prefer-chunking |- tunnel-sharing |- log-traffic +- port (1,65535) |- <mapi> -- status |- secure-tunnel |- byte-caching |- tunnel-sharing |- log-traffic +- port (1,65535) |- <ftp> -- status |- secure-tunnel |- byte-caching |- prefer-chunking |- tunnel-sharing |- log-traffic +- port (1,65535) +- <tcp> -- status |- secure-tunnel |- byte-caching |- byte-caching-opt |- tunnel-sharing |- log-traffic |- port |- ssl +- ssl-port (1,65535) |- ftp-proxy -- <explicit> -- status |- incoming-port (1,65535) |- incoming-ip |- outgoing-ip +- sec-default-action |- application -- [internet-service] --*id (0,4294967295) |- name (64 xss) |- offset (0,4294967295) +- [entry] --*id (0,4294967295) |- protocol (0,255) |- port (0,65535) |- ip-range-number (0,4294967295) +- ip-number (0,4294967295) |- [internet-service-custom] --*name (64 xss) |- master-service-id (0,4294967295) |- comment (64 xss) |- [entry] --*id (0,255) |- protocol (0,255) |- [port-range] --*id (0,4294967295) |- start-port (1,65535) +- end-port (1,65535) +- [dst] --*name (65) +- [disable-entry] --*id (0,4294967295) |- protocol (0,255) |- port (0,65535) +- [ip-range] --*id (0,4294967295) |- start-ip +- end-ip |- <internet-service-summary> |- [name] --*name (64) |- id (0,4294967295) |- category (0,4294967295) |- sub-category (0,4294967295) |- popularity (0,4294967295) |- risk (0,4294967295) |- protocol |- technology |- behavior |- vendor |- parameter (36) +- [metadata] --*id (0,4294967295) |- metaid (0,4294967295) +- valueid (0,4294967295) |- [custom] --*tag (64) |- name (64) |- id (0,4294967295) |- comment (64 xss) |- signature (1024 xss) |- category (0,4294967295) |- protocol |- technology |- behavior +- vendor |- [rule-settings] --*id (0,4294967295) +- [tags] --*name (65) |- [list] --*name (36) |- comment |- replacemsg-group (36) |- other-application-action |- app-replacemsg |- other-application-log |- unknown-application-action |- unknown-application-log |- p2p-black-list |- deep-app-inspection |- options +- [entries] --*id (0,4294967295) |- [risk] --*level (0,4294967295) |- [category] --*id (0,4294967295) |- [sub-category] --*id (0,4294967295) |- [application] --*id (0,4294967295) |- protocols |- vendor |- technology |- behavior |- popularity |- [tags] --*name (65) |- [parameters] --*id (0,4294967295) +- value (64 xss) |- action |- log |- log-packet |- rate-count (0,65535) |- rate-duration (1,65535) |- rate-mode |- rate-track |- session-ttl (0,4294967295) |- shaper (36) |- shaper-reverse (36) |- per-ip-shaper (36) |- quarantine |- quarantine-expiry +- quarantine-log +- casi -- <application> +- [profile] --*name (36) |- comment |- replacemsg-group (36) |- app-replacemsg +- [entries] --*id (0,4294967295) |- [application] --*id (0,4294967295) |- action +- log |- dlp -- [filepattern] --*id (0,4294967295) |- name (36) |- comment +- [entries] -- filter-type |-*pattern (80 xss) +- file-type |- [fp-sensitivity] --*name (36) |- [fp-doc-source] --*name (36) |- server-type |- server (36) |- period |- vdom |- scan-subdirectories |- scan-on-creation |- remove-deleted |- keep-modified |- username (36) |- password |- file-path (120) |- file-pattern (36) |- sensitivity (36) |- tod-hour (0,23) |- tod-min (0,59) |- weekday +- date (1,31) |- [sensor] --*name (36) |- comment |- replacemsg-group (36) |- [filter] --*id (0,4294967295) |- name (36) |- severity |- type |- proto |- filter-by |- file-size (0,4294967295) |- company-identifier (36) |- [fp-sensitivity] --*name (36) |- match-percentage (0,100) |- file-type (0,4294967295) |- regexp (256 xss) |- archive |- action +- expiry |- dlp-log |- nac-quar-log |- flow-based |- options |- full-archive-proto +- summary-proto +- <settings> -- storage-device (36) |- size (0,4294967295) |- db-mode |- cache-mem-percent (1,15) +- chunk-size (100,100000) |- spamfilter -- [bword] --*id (0,4294967295) |- name (36) |- comment +- [entries] -- status |-*id (0,4294967295) |- pattern (128 xss) |- pattern-type |- action |- where |- language +- score (1,99999) |- [bwl] --*id (0,4294967295) |- name (36) |- comment +- [entries] -- status |-*id (0,4294967295) |- type |- action |- addr-type |- ip4-subnet |- ip6-subnet |- pattern-type +- email-pattern (128 xss) |- [mheader] --*id (0,4294967295) |- name (36) |- comment +- [entries] -- status |-*id (0,4294967295) |- fieldname (64 xss) |- fieldbody (128 xss) |- pattern-type +- action |- [dnsbl] --*id (0,4294967295) |- name (36) |- comment +- [entries] -- status |-*id (0,4294967295) |- server (128) +- action |- [iptrust] --*id (0,4294967295) |- name (36) |- comment +- [entries] -- status |-*id (0,4294967295) |- addr-type |- ip4-subnet +- ip6-subnet |- [profile] --*name (36) |- comment |- flow-based |- replacemsg-group (36) |- spam-log |- spam-filtering |- external |- options |- <imap> -- log |- action |- tag-type +- tag-msg (64) |- <pop3> -- log |- action |- tag-type +- tag-msg (64) |- <smtp> -- log |- action |- tag-type |- tag-msg (64) |- hdrip +- local-override |- <mapi> -- log +- action |- <msn-hotmail> -- log |- <yahoo-mail> -- log |- <gmail> -- log |- spam-bword-threshold (0,2147483647) |- spam-bword-table (0,4294967295) |- spam-bwl-table (0,4294967295) |- spam-mheader-table (0,4294967295) |- spam-rbl-table (0,4294967295) +- spam-iptrust-table (0,4294967295) |- <fortishield> -- spam-submit-srv (64) |- spam-submit-force +- spam-submit-txt2htm +- <options> -- dns-timeout (1,30) |- log -- <threat-weight> -- status |- <level> -- low (1,100) |- medium (1,100) |- high (1,100) +- critical (1,100) |- blocked-connection |- failed-connection |- malware-detected |- url-block-detected |- botnet-connection-detected |- <ips> -- info-severity |- low-severity |- medium-severity |- high-severity +- critical-severity |- [web] --*id (0,4294967295) |- category (0,4294967295) +- level |- [geolocation] --*id (0,4294967295) |- country (3) +- level +- [application] --*id (0,4294967295) |- category (0,4294967295) +- level |- [custom-field] --*id (36) |- name (16) +- value (16) |- syslogd -- <setting> -- status |- server (64) |- reliable |- port (0,4294967295) |- csv |- facility +- source-ip (64) |- <override-setting> -- override |- status |- server (64) |- reliable |- port (0,4294967295) |- csv |- facility +- source-ip (64) |- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type +- <override-filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- syslogd2 -- <setting> -- status |- server (64) |- reliable |- port (0,4294967295) |- csv |- facility +- source-ip (64) +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- syslogd3 -- <setting> -- status |- server (64) |- reliable |- port (0,4294967295) |- csv |- facility +- source-ip (64) +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- syslogd4 -- <setting> -- status |- server (64) |- reliable |- port (0,4294967295) |- csv |- facility +- source-ip (64) +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- webtrends -- <setting> -- status +- server (64) +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- memory -- <global-setting> -- max-size (0,4294967295) |- full-first-warning-threshold (1,98) |- full-second-warning-threshold (2,99) +- full-final-warning-threshold (3,100) |- <setting> -- status +- diskfull +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- event |- system |- radius |- ipsec |- dhcp |- ppp |- admin |- ha |- auth |- pattern |- sslvpn-log-auth |- sslvpn-log-adm |- sslvpn-log-session |- ldb-monitor |- wan-opt |- wireless-activity |- cpu-memory-usage |- filter (512 xss) +- filter-type |- disk -- <setting> -- status |- ips-archive |- max-log-file-size (0,4294967295) |- max-policy-packet-capture-size (0,4294967295) |- roll-schedule |- roll-day |- roll-time |- diskfull |- log-quota (0,4294967295) |- dlp-archive-quota (0,4294967295) |- maximum-log-age (0,4294967295) |- upload |- upload-destination |- uploadip |- uploadport (0,4294967295) |- source-ip |- uploaduser (36) |- uploadpass |- uploaddir (64) |- uploadtype |- uploadzip |- uploadsched |- uploadtime (0,4294967295) |- upload-delete-files |- upload-ssl-conn |- full-first-warning-threshold (1,98) |- full-second-warning-threshold (2,99) +- full-final-warning-threshold (3,100) +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- event |- system |- radius |- ipsec |- dhcp |- ppp |- admin |- ha |- auth |- pattern |- sslvpn-log-auth |- sslvpn-log-adm |- sslvpn-log-session |- ldb-monitor |- wan-opt |- wireless-activity |- cpu-memory-usage |- filter (512 xss) +- filter-type |- <eventfilter> -- event |- system |- vpn |- user |- router |- wireless-activity |- wan-opt |- endpoint |- ha +- compliance-check |- fortiguard -- <setting> -- status |- upload-option |- upload-interval |- upload-day |- upload-time |- enc-algorithm +- source-ip |- <override-setting> -- override |- status |- upload-option |- upload-interval |- upload-day +- upload-time |- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- dlp-archive |- filter (512 xss) +- filter-type +- <override-filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- dlp-archive |- filter (512 xss) +- filter-type |- null-device -- <setting> -- status +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- <setting> -- resolve-ip |- resolve-port |- log-user-in-upper |- fwpolicy-implicit-log |- fwpolicy6-implicit-log |- log-invalid-packet |- local-in-allow |- local-in-deny-unicast |- local-in-deny-broadcast |- local-out |- daemon-log |- neighbor-event |- brief-traffic-format +- user-anonymize |- <gui-display> -- resolve-hosts |- resolve-apps |- fortiview-unscanned-apps |- fortiview-local-traffic +- location |- fortianalyzer -- <setting> -- status |- ips-archive |- server (64) |- hmac-algorithm |- enc-algorithm |- conn-timeout (1,3600) |- monitor-keepalive-period (1,120) |- monitor-failure-retry-period (1,86400) |- mgmt-name (36) |- faz-type (0,4294967295) |- source-ip (64) |- __change_ip (0,4294967295) |- upload-option |- upload-interval |- upload-day |- upload-time +- reliable |- <override-setting> -- override |- use-management-vdom |- status |- ips-archive |- server (64) |- hmac-algorithm |- enc-algorithm |- conn-timeout (1,3600) |- monitor-keepalive-period (1,120) |- monitor-failure-retry-period (1,86400) |- mgmt-name (36) |- faz-type (0,4294967295) |- source-ip (64) |- __change_ip (0,4294967295) |- upload-option |- upload-interval |- upload-day |- upload-time +- reliable |- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- dlp-archive |- filter (512 xss) +- filter-type +- <override-filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- dlp-archive |- filter (512 xss) +- filter-type |- fortianalyzer2 -- <setting> -- status |- ips-archive |- server (64) |- hmac-algorithm |- enc-algorithm |- conn-timeout (1,3600) |- monitor-keepalive-period (1,120) |- monitor-failure-retry-period (1,86400) |- mgmt-name (36) |- faz-type (0,4294967295) |- source-ip (64) |- __change_ip (0,4294967295) |- upload-option |- upload-interval |- upload-day |- upload-time +- reliable +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- dlp-archive |- filter (512 xss) +- filter-type +- fortianalyzer3 -- <setting> -- status |- ips-archive |- server (64) |- hmac-algorithm |- enc-algorithm |- conn-timeout (1,3600) |- monitor-keepalive-period (1,120) |- monitor-failure-retry-period (1,86400) |- mgmt-name (36) |- faz-type (0,4294967295) |- source-ip (64) |- __change_ip (0,4294967295) |- upload-option |- upload-interval |- upload-day |- upload-time +- reliable +- <filter> -- severity |- forward-traffic |- local-traffic |- multicast-traffic |- sniffer-traffic |- anomaly |- netscan-discovery |- netscan-vulnerability |- voip |- filter (512 xss) +- filter-type |- netscan -- [assets] --*asset-id (0,4294967295) |- name (64) |- scheduled |- addr-type |- start-ip |- end-ip |- auth-windows |- auth-unix |- win-username (128 xss) |- win-password |- unix-username (128 xss) +- unix-password +- <settings> -- scan-mode |- scheduled-pause |- time |- pause-from |- pause-to |- recurrence |- day-of-week |- day-of-month (1,31) |- tcp-ports |- udp-ports |- tcp-scan |- udp-scan |- service-detection +- os-detection |- icap -- [server] --*name (36) |- ip-version |- ip-address |- ip6-address |- port (1,65535) +- max-connections (1,65535) +- [profile] -- replacemsg-group (36) |-*name (36) |- request |- response |- streaming-content-bypass |- request-server (36) |- response-server (36) |- request-failure |- response-failure |- request-path (128) |- response-path (128) +- methods |- vpn -- certificate -- [ca] --*name (80) |- ca |- range |- source |- trusted |- scep-url (256 xss) |- auto-update-days (0,4294967295) |- auto-update-days-warning (0,4294967295) +- source-ip |- [local] --*name (36) |- password |- comments (512 xss) |- private-key |- certificate |- csr |- state |- scep-url (256 xss) |- range |- source |- auto-regenerate-days (0,4294967295) |- auto-regenerate-days-warning (0,4294967295) |- scep-password |- ca-identifier (256) |- name-encoding |- source-ip |- ike-localid (64) +- ike-localid-type |- [crl] --*name (36) |- crl |- range |- source |- update-vdom (12) |- ldap-server (36) |- ldap-username (64) |- ldap-password |- http-url (256 xss) |- scep-url (256 xss) |- scep-cert (36) |- update-interval (0,4294967295) +- source-ip |- [remote] --*name (36) |- remote |- range +- source |- [ocsp-server] --*name (36) |- url (128) |- cert (36) |- secondary-url (128) |- secondary-cert (36) |- unavail-action +- source-ip +- <setting> -- ocsp-status |- ocsp-default-server (36) |- check-ca-cert |- strict-crl-check +- strict-ocsp-check |- ssl -- web -- [realm] --*url-path (36) |- max-concurrent-user (0,65535) |- login-page +- virtual-host |- [virtual-desktop-app-list] --*name (36) |- action +- [apps] --*name (36) +- [md5s] --*id (33) |- [host-check-software] --*name (64) |- type |- version (36) |- guid +- [check-item-list] --*id (0,4294967295) |- action |- type |- target (256 xss) |- version (36) +- [md5s] --*id (33) |- [portal] --*name (36) |- tunnel-mode |- ip-mode |- auto-connect |- keep-alive |- save-password |- [ip-pools] --*name (65) |- exclusive-routing |- service-restriction |- split-tunneling |- [split-tunneling-routing-address] --*name (65) |- dns-server1 |- dns-server2 |- wins-server1 |- wins-server2 |- ipv6-tunnel-mode |- [ipv6-pools] --*name (65) |- ipv6-exclusive-routing |- ipv6-service-restriction |- ipv6-split-tunneling |- [ipv6-split-tunneling-routing-address] --*name (65) |- ipv6-dns-server1 |- ipv6-dns-server2 |- ipv6-wins-server1 |- ipv6-wins-server2 |- web-mode |- display-bookmark |- user-bookmark |- user-group-bookmark |- [bookmark-group] --*name (36) +- [bookmarks] --*name (36) |- apptype |- url |- host |- folder |- additional-params |- listening-port (0,65535) |- remote-port (0,65535) |- show-status-window |- description |- server-layout |- port (0,65535) |- logon-user |- logon-password |- sso |- [form-data] --*name (36) +- value |- sso-credential |- sso-username +- sso-password |- display-connection-tools |- display-history |- display-status |- heading (32) |- redir-url |- theme |- custom-lang (36) |- host-check |- host-check-interval (0,4294967295) |- [host-check-policy] --*name (65) |- limit-user-logins |- mac-addr-check |- mac-addr-action |- [mac-addr-check-rule] --*name (36) |- mac-addr-mask (1,48) +- [mac-addr-list] --*addr |- os-check |- [os-check-list] --*name (16) |- action |- tolerance (0,255) +- latest-patch-level |- virtual-desktop |- virtual-desktop-app-list (36) |- virtual-desktop-clipboard-share |- virtual-desktop-desktop-switch |- virtual-desktop-logout-when-browser-close |- virtual-desktop-network-share-access |- virtual-desktop-printing |- virtual-desktop-removable-media-access |- skip-check-for-unsupported-os +- skip-check-for-unsupported-browser |- [user-group-bookmark] --*name (65 xss) +- [bookmarks] --*name (36) |- apptype |- url |- host |- folder |- additional-params |- listening-port (0,65535) |- remote-port (0,65535) |- show-status-window |- description |- server-layout |- port (0,65535) |- logon-user |- logon-password |- sso |- [form-data] --*name (36) +- value |- sso-credential |- sso-username +- sso-password +- [user-bookmark] --*name (102 xss) |- custom-lang (36) +- [bookmarks] --*name (36) |- apptype |- url |- host |- folder |- additional-params |- listening-port (0,65535) |- remote-port (0,65535) |- show-status-window |- description |- server-layout |- port (0,65535) |- logon-user |- logon-password |- sso |- [form-data] --*name (36) +- value |- sso-credential |- sso-username +- sso-password |- <settings> -- reqclientcert |- sslv2 |- sslv3 |- tlsv1-0 |- tlsv1-1 |- tlsv1-2 |- ssl-big-buffer |- ssl-insert-empty-fragment |- https-redirect |- ssl-client-renegotiation |- force-two-factor-auth |- unsafe-legacy-renegotiation |- servercert (36) |- algorithm |- idle-timeout (0,4294967295) |- auth-timeout (0,4294967295) |- [tunnel-ip-pools] --*name (65) |- [tunnel-ipv6-pools] --*name (65) |- dns-suffix |- dns-server1 |- dns-server2 |- wins-server1 |- wins-server2 |- ipv6-dns-server1 |- ipv6-dns-server2 |- ipv6-wins-server1 |- ipv6-wins-server2 |- route-source-interface |- url-obscuration |- http-compression |- http-only-cookie |- deflate-compression-level (0,9) |- deflate-min-data-size (200,65535) |- port (1,65535) |- port-precedence |- auto-tunnel-static-route |- header-x-forwarded-for |- [source-interface] --*name (36) |- [source-address] --*name (65) |- source-address-negate |- [source-address6] --*name (65) |- source-address6-negate |- default-portal (36) |- [authentication-rule] --*id (0,4294967295) |- [source-interface] --*name (36) |- [source-address] --*name (65) |- source-address-negate |- [source-address6] --*name (65) |- source-address6-negate |- [users] --*name (65) |- [groups] --*name (65) |- portal (36) |- realm (36) |- client-cert |- cipher +- auth |- dtls-tunnel +- check-referer +- <monitor> |- ipsec -- [phase1] --*name (36) |- type |- interface (36) |- ike-version |- remote-gw |- local-gw |- remotegw-ddns (64) |- keylife (120,172800) |- [certificate] --*name (65) |- authmethod |- mode |- peertype |- peerid (256) |- usrgrp (36) |- peer (36) |- peergrp (36) |- autoconfig |- mode-cfg |- assign-ip |- mode-cfg-ip-version |- assign-ip-from |- ipv4-start-ip |- ipv4-end-ip |- ipv4-netmask |- dns-mode |- ipv4-dns-server1 |- ipv4-dns-server2 |- ipv4-dns-server3 |- ipv4-wins-server1 |- ipv4-wins-server2 |- [ipv4-exclude-range] --*id (0,4294967295) |- start-ip +- end-ip |- ipv4-split-include (64) |- split-include-service (64) |- ipv6-start-ip |- ipv6-end-ip |- ipv6-prefix (1,128) |- ipv6-dns-server1 |- ipv6-dns-server2 |- ipv6-dns-server3 |- [ipv6-exclude-range] --*id (0,4294967295) |- start-ip +- end-ip |- ipv6-split-include (64) |- unity-support |- domain (64) |- banner |- include-local-lan |- save-password |- client-auto-negotiate |- client-keep-alive |- [backup-gateway] --*address (65) |- proposal |- add-route |- exchange-interface-ip |- add-gw-route |- psksecret |- keepalive (10,900) |- distance (1,255) |- priority (0,4294967295) |- localid (64) |- localid-type |- auto-negotiate |- negotiate-timeout (1,300) |- fragmentation |- dpd |- dpd-retrycount (0,10) |- dpd-retryinterval |- forticlient-enforcement |- comments |- npu-offload |- send-cert-chain |- dhgrp |- suite-b |- eap |- eap-identity |- acct-verify |- wizard-type |- xauthtype |- reauth |- authusr (65) |- authpasswd |- authusrgrp (36) |- mesh-selector-type |- idle-timeout |- idle-timeoutinterval (10,43200) |- ha-sync-esp-seqno +- nattraversal |- [phase2] --*name (36) |- phase1name (36) |- dhcp-ipsec |- use-natip |- selector-match |- proposal |- pfs |- dhgrp |- replay |- keepalive |- auto-negotiate |- add-route |- keylifeseconds (120,172800) |- keylifekbs (5120,4294967295) |- keylife-type |- single-source |- route-overlap |- encapsulation |- l2tp |- comments |- protocol (0,255) |- src-name (64) |- src-name6 (64) |- src-addr-type |- src-start-ip |- src-start-ip6 |- src-end-ip |- src-end-ip6 |- src-subnet |- src-subnet6 |- src-port (0,65535) |- dst-name (64) |- dst-name6 (64) |- dst-addr-type |- dst-start-ip |- dst-start-ip6 |- dst-end-ip |- dst-end-ip6 |- dst-subnet |- dst-subnet6 +- dst-port (0,65535) |- [manualkey] --*name (36) |- interface (16) |- remote-gw |- local-gw |- authentication |- encryption |- authkey |- enckey |- localspi |- remotespi +- npu-offload |- [concentrator] --*name (36) |- src-check +- [member] --*name (65) |- [phase1-interface] --*name (16) |- type |- interface (36) |- ip-version |- ike-version |- local-gw |- local-gw6 |- remote-gw |- remote-gw6 |- remotegw-ddns (64) |- keylife (120,172800) |- [certificate] --*name (65) |- authmethod |- mode |- peertype |- peerid (256) |- default-gw |- default-gw-priority (0,4294967295) |- usrgrp (36) |- peer (36) |- peergrp (36) |- monitor (36) |- monitor-hold-down-type |- monitor-hold-down-delay (0,31536000) |- monitor-hold-down-weekday |- monitor-hold-down-time |- mode-cfg |- assign-ip |- mode-cfg-ip-version |- assign-ip-from |- ipv4-start-ip |- ipv4-end-ip |- ipv4-netmask |- dns-mode |- ipv4-dns-server1 |- ipv4-dns-server2 |- ipv4-dns-server3 |- ipv4-wins-server1 |- ipv4-wins-server2 |- [ipv4-exclude-range] --*id (0,4294967295) |- start-ip +- end-ip |- ipv4-split-include (64) |- split-include-service (64) |- ipv6-start-ip |- ipv6-end-ip |- ipv6-prefix (1,128) |- ipv6-dns-server1 |- ipv6-dns-server2 |- ipv6-dns-server3 |- [ipv6-exclude-range] --*id (0,4294967295) |- start-ip +- end-ip |- ipv6-split-include (64) |- unity-support |- domain (64) |- banner |- include-local-lan |- save-password |- client-auto-negotiate |- client-keep-alive |- [backup-gateway] --*address (65) |- proposal |- add-route |- exchange-interface-ip |- add-gw-route |- psksecret |- keepalive (10,900) |- distance (1,255) |- priority (0,4294967295) |- localid (64) |- localid-type |- auto-negotiate |- negotiate-timeout (1,300) |- fragmentation |- dpd |- dpd-retrycount (0,10) |- dpd-retryinterval |- forticlient-enforcement |- comments |- npu-offload |- send-cert-chain |- dhgrp |- suite-b |- eap |- eap-identity |- acct-verify |- wizard-type |- xauthtype |- reauth |- authusr (65) |- authpasswd |- authusrgrp (36) |- mesh-selector-type |- idle-timeout |- idle-timeoutinterval (10,43200) |- ha-sync-esp-seqno |- auto-discovery-sender |- auto-discovery-receiver |- auto-discovery-forwarder |- auto-discovery-psk |- encapsulation |- encapsulation-address |- encap-local-gw4 |- encap-local-gw6 |- encap-remote-gw4 |- encap-remote-gw6 +- nattraversal |- [phase2-interface] --*name (36) |- phase1name (16) |- dhcp-ipsec |- proposal |- pfs |- dhgrp |- replay |- keepalive |- auto-negotiate |- add-route |- auto-discovery-sender |- auto-discovery-forwarder |- keylifeseconds (120,172800) |- keylifekbs (5120,4294967295) |- keylife-type |- single-source |- route-overlap |- encapsulation |- l2tp |- comments |- protocol (0,255) |- src-name (64) |- src-name6 (64) |- src-addr-type |- src-start-ip |- src-start-ip6 |- src-end-ip |- src-end-ip6 |- src-subnet |- src-subnet6 |- src-port (0,65535) |- dst-name (64) |- dst-name6 (64) |- dst-addr-type |- dst-start-ip |- dst-start-ip6 |- dst-end-ip |- dst-end-ip6 |- dst-subnet |- dst-subnet6 +- dst-port (0,65535) |- [manualkey-interface] --*name (16) |- interface (16) |- ip-version |- addr-type |- remote-gw |- remote-gw6 |- local-gw |- local-gw6 |- auth-alg |- enc-alg |- auth-key |- enc-key |- local-spi |- remote-spi +- npu-offload |- [forticlient] --*realm (36) |- usergroupname (36) |- phase2name (36) +- status |- stats -- <crypto> +- <tunnel> +- tunnel -- <details> |- <summary> +- <name> |- <pptp> -- status |- ip-mode |- eip |- sip |- local-ip +- usrgrp (36) |- <l2tp> -- eip |- sip |- status +- usrgrp (36) |- ike -- <gateway> -- <name> (0) +- status -- <l2tp> |- <pptp> +- ssl -- <list> +- <hw-acceleration-status> |- certificate -- [ca] --*name (80) |- ca |- range |- source |- trusted |- scep-url (256 xss) |- auto-update-days (0,4294967295) |- auto-update-days-warning (0,4294967295) +- source-ip |- [local] --*name (36) |- password |- comments (512 xss) |- private-key |- certificate |- csr |- state |- scep-url (256 xss) |- range |- source |- auto-regenerate-days (0,4294967295) |- auto-regenerate-days-warning (0,4294967295) |- scep-password |- ca-identifier (256) |- name-encoding |- source-ip |- ike-localid (64) +- ike-localid-type +- [crl] --*name (36) |- crl |- range |- source |- update-vdom (12) |- ldap-server (36) |- ldap-username (64) |- ldap-password |- http-url (256 xss) |- scep-url (256 xss) |- scep-cert (36) |- update-interval (0,4294967295) +- source-ip |- user -- [radius] --*name (36) |- server (64) |- secret |- secondary-server (64) |- secondary-secret |- tertiary-server (64) |- tertiary-secret |- timeout (0,300) |- all-usergroup |- use-management-vdom |- nas-ip |- acct-interim-interval (600,86400) |- radius-coa |- radius-port (0,4294967295) |- h3c-compatibility |- auth-type |- source-ip |- username-case-sensitive |- password-renewal |- rsso |- rsso-radius-server-port (0,4294967295) |- rsso-radius-response |- rsso-validate-request-secret |- rsso-secret |- rsso-endpoint-attribute |- rsso-endpoint-block-attribute |- sso-attribute |- sso-attribute-key (36) |- sso-attribute-value-override |- rsso-context-timeout (0,4294967295) |- rsso-log-period (0,4294967295) |- rsso-log-flags |- rsso-flush-ip-session +- [accounting-server] --*id (0,4294967295) |- status |- server (64) |- secret |- port (0,4294967295) +- source-ip |- [tacacs+] --*name (36) |- server (64) |- secondary-server (64) |- tertiary-server (64) |- port (1,65535) |- key |- secondary-key |- tertiary-key |- authen-type |- authorization +- source-ip |- [ldap] --*name (36) |- server (64) |- secondary-server (64) |- tertiary-server (64) |- source-ip |- cnid (21) |- dn (512) |- type |- username (512) |- password |- group-member-check |- group-object-filter (512 xss) |- secure |- ca-cert (64) |- port (1,65535) |- password-expiry-warning |- password-renewal |- member-attr (64) +- search-type |- [pop3] --*name (36) |- server (64) |- port (0,65535) +- secure |- [fsso] --*name (36) |- server (64) |- port (0,4294967295) |- password |- server2 (64) |- port2 (0,4294967295) |- password2 |- server3 (64) |- port3 (0,4294967295) |- password3 |- server4 (64) |- port4 (0,4294967295) |- password4 |- server5 (64) |- port5 (0,4294967295) |- password5 |- ldap-server (36) +- source-ip |- [adgrp] --*name (512 xss) |- server-name (36) +- polling-id (0,4294967295) |- [fsso-polling] --*id (0,4294967295) |- status |- server (64) |- default-domain (36) |- port (0,65535) |- user (36) |- password |- ldap-server (36) |- logon-history (0,48) |- polling-frequency (1,30) +- [adgrp] --*name (512 xss) |- [fortitoken] --*serial-number (17) |- status |- seed (201 xss) |- comments |- license (32) |- activation-code (33) +- activation-expire (0,4294967295) |- [password-policy] --*name (36) |- expire-days (0,999) +- warn-days (0,30) |- [local] --*name (65) |- status |- type |- passwd |- ldap-server (36) |- radius-server (36) |- tacacs+-server (36) |- two-factor |- fortitoken (17) |- email-to (64) |- sms-server |- sms-custom-server (36) |- sms-phone (16) |- passwd-policy (36) |- passwd-time |- authtimeout (0,1440) |- workstation (36) |- auth-concurrent-override +- auth-concurrent-value (0,100) |- <setting> -- auth-type |- auth-cert (36) |- auth-ca-cert (36) |- auth-secure-http |- auth-http-basic |- auth-multi-group |- auth-timeout (1,1440) |- auth-timeout-type |- auth-portal-timeout (1,30) |- radius-ses-timeout-act |- auth-blackout-time (0,3600) |- auth-invalid-max (1,100) |- auth-lockout-threshold (1,10) |- auth-lockout-duration (0,4294967295) +- [auth-ports] --*id (0,4294967295) |- type +- port (1,65535) |- [peer] --*name (36) |- mandatory-ca-verify |- ca (128) |- subject (128 xss) |- cn (256) |- cn-type |- ldap-server (36) |- ldap-username (36) |- ldap-password |- ldap-mode |- ocsp-override-server (36) |- two-factor +- passwd |- [peergrp] --*name (36) +- [member] --*name (36) |- [group] --*name (36) |- group-type |- authtimeout (0,1440) |- auth-concurrent-override |- auth-concurrent-value (0,100) |- http-digest-realm (36) |- sso-attribute-value (512) |- [member] --*name (512 xss) |- [match] --*id (0,4294967295) |- server-name (36) +- group-name (512 xss) |- user-id |- password |- user-name |- sponsor |- company |- email |- mobile-phone |- sms-server |- sms-custom-server (36) |- expire-type |- expire (1,31536000) |- max-accounts (0,500) |- multiple-guest-add +- [guest] --*user-id (65) |- name (65) |- group (65) |- password |- mobile-phone (36) |- sponsor (36) |- company (36) |- email (65) |- expiration +- comment |- [device-category] --*name (36) |- desc +- comment |- [device] --*alias (36) |- mac |- user (65) |- master-device (36) |- comment |- avatar +- type |- [device-group] --*name (36) |- [member] --*name (36) +- comment |- [device-access-list] --*name (36) |- default-action +- [device-list] --*id (0,4294967295) |- device (36) +- action +- [security-exempt-list] --*name (36) |- description (128) +- [rule] --*id (0,4294967295) |- [srcaddr] --*name (65) |- [devices] --*name (36) |- [dstaddr] --*name (65) +- [service] --*name (65) |- voip -- [profile] --*name (36) |- comment |- <sip> -- status |- rtp |- open-register-pinhole |- open-contact-pinhole |- strict-register |- register-rate (0,4294967295) |- invite-rate (0,4294967295) |- max-dialogs (0,4294967295) |- max-line-length (78,4096) |- block-long-lines |- block-unknown |- call-keepalive (0,10080) |- block-ack |- block-bye |- block-cancel |- block-info |- block-invite |- block-message |- block-notify |- block-options |- block-prack |- block-publish |- block-refer |- block-register |- block-subscribe |- block-update |- register-contact-trace |- open-via-pinhole |- open-record-route-pinhole |- rfc2543-branch |- log-violations |- log-call-summary |- nat-trace |- subscribe-rate (0,4294967295) |- message-rate (0,4294967295) |- notify-rate (0,4294967295) |- refer-rate (0,4294967295) |- update-rate (0,4294967295) |- options-rate (0,4294967295) |- ack-rate (0,4294967295) |- prack-rate (0,4294967295) |- info-rate (0,4294967295) |- publish-rate (0,4294967295) |- bye-rate (0,4294967295) |- cancel-rate (0,4294967295) |- preserve-override |- no-sdp-fixup |- contact-fixup |- max-idle-dialogs (0,4294967295) |- block-geo-red-options |- hosted-nat-traversal |- hnt-restrict-source-ip |- max-body-length (0,4294967295) |- unknown-header |- malformed-request-line |- malformed-header-via |- malformed-header-from |- malformed-header-to |- malformed-header-call-id |- malformed-header-cseq |- malformed-header-rack |- malformed-header-rseq |- malformed-header-contact |- malformed-header-record-route |- malformed-header-route |- malformed-header-expires |- malformed-header-content-type |- malformed-header-content-length |- malformed-header-max-forwards |- malformed-header-allow |- malformed-header-p-asserted-identity |- malformed-header-sdp-v |- malformed-header-sdp-o |- malformed-header-sdp-s |- malformed-header-sdp-i |- malformed-header-sdp-c |- malformed-header-sdp-b |- malformed-header-sdp-z |- malformed-header-sdp-k |- malformed-header-sdp-a |- malformed-header-sdp-t |- malformed-header-sdp-r |- malformed-header-sdp-m |- provisional-invite-expiry-time (10,3600) +- ips-rtp +- <sccp> -- status |- block-mcast |- verify-header |- log-call-summary |- log-violations +- max-calls (0,65535) |- dnsfilter -- [urlfilter] --*id (0,4294967295) |- name (36) |- comment +- [entries] --*id (0,4294967295) |- url (512 xss) |- type |- action +- status +- [profile] --*name (36) |- comment |- <urlfilter> -- urlfilter-table (0,4294967295) |- <ftgd-dns> -- options +- [filters] --*id (0,4294967295) |- category (0,4294967295) |- action +- log |- log-all-url |- block-action |- redirect-portal +- block-botnet |- antivirus -- <settings> -- default-db +- grayware |- <heuristic> -- mode |- <quarantine> -- agelimit (0,479) |- maxfilesize (0,500) |- quarantine-quota (0,4294967295) |- drop-infected |- store-infected |- drop-blocked |- store-blocked |- drop-heuristic |- store-heuristic |- lowspace +- destination +- [profile] --*name (36) |- comment |- replacemsg-group (36) |- inspection-mode |- ftgd-analytics |- analytics-max-upload (1,183) |- analytics-wl-filetype (0,4294967295) |- analytics-bl-filetype (0,4294967295) |- analytics-db |- mobile-malware-db |- <http> -- options |- archive-block |- archive-log +- emulator |- <ftp> -- options |- archive-block |- archive-log +- emulator |- <imap> -- options |- archive-block |- archive-log |- emulator +- executables |- <pop3> -- options |- archive-block |- archive-log |- emulator +- executables |- <smtp> -- options |- archive-block |- archive-log |- emulator +- executables |- <mapi> -- options |- archive-block |- archive-log |- emulator +- executables |- <nntp> -- options |- archive-block |- archive-log +- emulator |- <smb> -- options |- archive-block |- archive-log +- emulator |- <nac-quar> -- infected |- expiry +- log |- av-virus-log |- av-block-log +- scan-mode |- waf -- [main-class] -- name (128) +-*id (0,4294967295) |- [sub-class] -- name (128) +-*id (0,4294967295) |- [signature] -- desc (512) +-*id (0,4294967295) +- [profile] --*name (36) |- external |- <signature> -- [main-class] --*id (0,4294967295) |- status |- action |- log +- severity |- [disabled-sub-class] --*id (0,4294967295) |- [disabled-signature] --*id (0,4294967295) |- credit-card-detection-threshold (0,128) +- [custom-signature] --*name (36) |- status |- action |- log |- severity |- direction |- case-sensitivity |- pattern (512 xss) +- target |- <constraint> -- <header-length> -- status |- length (0,2147483647) |- action |- log +- severity |- <content-length> -- status |- length (0,2147483647) |- action |- log +- severity |- <param-length> -- status |- length (0,2147483647) |- action |- log +- severity |- <line-length> -- status |- length (0,2147483647) |- action |- log +- severity |- <url-param-length> -- status |- length (0,2147483647) |- action |- log +- severity |- <version> -- status |- action |- log +- severity |- <method> -- status |- action |- log +- severity |- <hostname> -- status |- action |- log +- severity |- <malformed> -- status |- action |- log +- severity |- <max-cookie> -- status |- max-cookie (0,2147483647) |- action |- log +- severity |- <max-header-line> -- status |- max-header-line (0,2147483647) |- action |- log +- severity |- <max-url-param> -- status |- max-url-param (0,2147483647) |- action |- log +- severity |- <max-range-segment> -- status |- max-range-segment (0,2147483647) |- action |- log +- severity +- [exception] --*id (0,4294967295) |- pattern (512 xss) |- regex |- address (64) |- header-length |- content-length |- param-length |- line-length |- url-param-length |- version |- method |- hostname |- malformed |- max-cookie |- max-header-line |- max-url-param +- max-range-segment |- <method> -- status |- log |- severity |- default-allowed-methods +- [method-policy] --*id (0,4294967295) |- pattern (512 xss) |- regex |- address (64) +- allowed-methods |- <address-list> -- status |- blocked-log |- severity |- [trusted-address] --*name (65) +- [blocked-address] --*name (65) |- [url-access] --*id (0,4294967295) |- address (64) |- action |- log |- severity +- [access-pattern] --*id (0,4294967295) |- srcaddr (64) |- pattern (512) |- regex +- negate +- comment |- diagnose__tree__ -- waf -- info +- dump |- netlink -- backlog -- get +- set -- backlog (0) |- device -- list |- interface -- list +- clear |- qlen -- get -- intf-name (0) +- set -- intf-name -- <len_integer> (0) |- switch -- list |- brctl -- domain -- <name> -- <id> (0) |- list +- name -- <type> -- <name> (0) +- dstmac -- flush +- list -- [name] (0) |- ips -- anomaly -- config |- status |- list |- clear +- filter -- clear |- id -- <xx> (0) |- ip -- xxx.xxx.xxx.xxx -- xxx.xxx.xxx.xxx (0) |- pps -- <xx> -- <xx> (0) +- freq -- <xx> -- <xx> (0) |- raw -- status +- clear |- anomaly6 -- config |- status |- list |- clear +- filter -- clear |- id -- <xx> (0) |- ip -- xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx (0) |- pps -- <xx> -- <xx> (0) +- freq -- <xx> -- <xx> (0) |- global -- rule -- reload |- memory -- status |- compact |- profiling -- <enable/disable/dump> (0) |- track -- enable/disable/clear (0) |- track-size -- <min size> -- <max size> (0) +- track-print -- <record count> (0) |- session -- status |- list |- clear |- performance +- content |- packet -- status +- clear |- dissector -- status +- dump |- signature -- status -- <severity mask> (0) |- hit -- <top N> (0) +- cycle -- <top N> (0) |- filter -- status |- clear |- ip -- <ip> -- <mask> (0) |- ipv6 -- <ip> -- <prefix size> (0) |- port -- <port> (0) |- protocol -- <protocol number> (0) |- session -- <session id> (0) |- asm -- <assembled packets> (0) |- length -- <session length> (0) +- l7 -- <0:all 1:l7 2:non-l7> (0) |- config -- enable -- log-verbose +- disable -- log-verbose |- debug -- enable -- init |- packet |- packet_detail |- error |- warn |- parse |- detect |- session |- log |- timeout |- dissector |- tcp |- http |- mail |- rpc |- dns |- im |- p2p |- ssh |- ssl |- voip |- smb |- content |- urlfilter |- av |- mime |- content_detail |- ipsa |- proxy |- packet_dump |- state |- dac +- all +- disable -- init |- packet |- packet_detail |- error |- warn |- parse |- detect |- session |- log |- timeout |- dissector |- tcp |- http |- mail |- dns |- rpc |- im |- p2p |- ssh |- ssl |- voip |- smb |- content |- urlfilter |- av |- mime |- content_detail |- ipsa |- proxy |- packet_dump |- state |- dac +- all |- share -- pool |- list -- <pool> (0) +- clear -- <pool> (0) |- urlfilter -- status +- clear |- ssl -- status |- bypass -- enable | disable (0) |- noscan -- enable | disable (0) |- debug -- none|err|warn|info|dbg|noise (0) +- clear |- av -- cache -- list |- status |- clear |- delete -- <ID> (0) +- set-age -- <ID> -- <age> (0) +- dac -- info +- clear -- <age> (0) |- test -- application -- http -- <Integer> (0) |- smtp -- <Integer> (0) |- ftpd -- <Integer> (0) |- pop3 -- <Integer> (0) |- imap -- <Integer> (0) |- nntp -- <Integer> (0) |- proxystats -- <Integer> (0) |- proxy -- <Integer> (0) |- scanunit -- <Integer> (0) |- harelay -- <Integer> (0) |- hasync -- <Integer> (0) |- hatalk -- <Integer> (0) |- sessionsync -- <Integer> (0) |- forticldd -- <Integer> (0) |- miglogd -- <Integer> -- <Integer> (0) |- urlfilter -- <Integer> (0) |- ovrd -- <Integer> (0) |- ipsmonitor -- <Integer> (0) |- ipsengine -- <Integer> (0) |- ipldbd -- <Integer> (0) |- ddnscd -- <Integer> (0) |- snmpd -- <Integer> (0) |- dnsproxy -- <Integer> (0) |- sflowd -- <Integer> (0) |- init -- <Integer> (0) |- l2tpcd -- <Integer> (0) |- dhcprelay -- <Integer> (0) |- pptpcd -- <Integer> (0) |- wccpd -- <Integer> (0) |- wad -- <Integer> (0) |- radiusd -- <Integer> (0) |- dlpfingerprint -- <Integer> (0) |- dlpfpcache -- <Integer> (0) |- wpad -- <Integer> (0) |- fsd -- <Integer> (0) |- ipsufd -- <Integer> (0) |- lted |- swctrl_authd -- <Integer> (0) |- forticron -- <Integer> (0) |- uploadd -- <Integer> (0) |- quarantined -- <Integer> (0) |- dhcp6c -- <Integer> (0) |- info-sslvpnd -- <Integer> (0) |- dsd -- <Integer> (0) |- lnkmtd -- <Integer> (0) |- dhcp6r -- <Integer> (0) |- fnbamd -- <Integer> (0) |- mrd -- <Integer> (0) |- zebos_launcher -- <Integer> (0) |- radius-das -- <Integer> (0) +- nstd -- <Integer> (0) |- authserver -- radius |- tacacs+ |- radius-direct |- ldap-direct |- tacacs+-direct |- ldap |- ldap-digest |- ldap-search |- ldap-group |- cert |- pop3 |- local +- user |- guest -- list |- del +- add +- update -- info +- term |- vpn -- ike -- gateway -- list -- name -- <name> (0) |- clear -- name -- <name> (0) +- flush -- name -- <name> (0) |- status -- detailed +- summary |- log -- terminal -- clear |- reset +- stats +- filter -- list |- clear |- name -- <name> (0) |- src-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- dst-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- src-addr6 -- <ipv6-address> -- <ipv4-address> (0) |- dst-addr6 -- <ipv6-address> -- <ipv6-address> (0) |- src-port -- <port> -- <port> (0) |- dst-port -- <port> (0) |- vd -- <index> (0) |- interface -- <index> (0) +- negate -- vd |- src-addr4 |- dst-addr4 |- src-addr6 |- dst-addr6 |- src-port |- dst-port |- name +- interface |- log-filter -- list |- clear |- name -- <name> (0) |- src-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- dst-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- src-addr6 -- <ipv6-address> -- <ipv4-address> (0) |- dst-addr6 -- <ipv6-address> -- <ipv6-address> (0) |- src-port -- <port> -- <port> (0) |- dst-port -- <port> (0) |- vd -- <index> (0) |- interface -- <index> (0) +- negate -- vd |- src-addr4 |- dst-addr4 |- src-addr6 |- dst-addr6 |- src-port |- dst-port |- name +- interface |- routes -- list |- config -- list -- summary +- details |- restart |- errors |- stats |- counts |- crypto -- stats +- filter -- list |- clear |- name -- <name> (0) |- src-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- dst-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- src-addr6 -- <ipv6-address> -- <ipv4-address> (0) |- dst-addr6 -- <ipv6-address> -- <ipv6-address> (0) |- src-port -- <port> -- <port> (0) |- dst-port -- <port> (0) |- vd -- <index> (0) |- interface -- <index> (0) +- negate -- vd |- src-addr4 |- dst-addr4 |- src-addr6 |- dst-addr6 |- src-port |- dst-port |- name +- interface |- ipsec -- status +- debug -- debug (0) |- tunnel -- down -- phase2 -- phase1 -- serial (0) |- up -- phase2 -- phase1 -- serial (0) |- list -- name +- number -- <begin-index> -- <end-index> (0) |- dialup-list |- reset |- flush |- delinbsa -- <name> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> (0) |- deloutbsa -- <name> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> -- <spi> (0) |- dumpsa +- stat -- flush |- concentrator -- list |- l2tp -- status |- pptp -- status +- ssl -- list |- mux |- statistics -- <all|vdom-name|vfid> (0) |- hw-acceleration-status |- tunnel-test -- tunnel-test (0) +- debug-filter -- clear |- list |- src-addr4 -- <ipv4-address> -- <ipv4-address> (0) |- src-addr6 -- <ipv6-address> -- <ipv6-address> (0) |- vd -- <vdom name> (0) +- negate -- vd |- src-addr4 +- src-addr6 |- sys -- vdom-property |- last-modified-files -- [path] -- [number] (0) |- top -- <value> -- <value> (0) |- nmi-watchdog -- enable +- disable |- modem -- detect |- history |- com |- cmd -- <at> (0) |- external-modem |- query -- <[0|1]> (0) +- reset |- lte-modem -- info |- heap |- kill -- <signal> -- <pid> (0) |- csum -- <file> (0) |- dayst-info -- timezone-index -- [year] (0) |- ntp -- status |- process -- dump -- <pid> (0) |- trace +- daemon-auto-restart -- <action> -- <daemon> (0) |- top-summary -- <options> (0) |- vd -- list |- stats |- add -- vdname (0) |- delete -- vdname (0) +- set -- vdname (0) |- device -- add -- vdname -- devname (0) |- delete -- vdname -- devname (0) +- list -- vdname (0) |- ha -- stats |- status |- mac |- checksum -- show -- <Enter> or <global/vdom-name> -- <Enter> or <object-fullpath> -- <Enter> or <entry-name> (0) |- recalculate -- <Enter> or <global/vdom-name> (0) |- cached -- <global/vdom-name> (0) |- cluster |- log -- enable +- disable +- test |- checksync |- dump-by -- xdb |- group |- vcluster |- rcache |- memory |- debug-zone |- vdom |- kernel |- device |- stat |- sesync +- frup |- vcinfo |- syncinfo |- fib |- hadiff -- status |- log -- enable |- disable +- clear |- max-sync-turns -- <integer> (0) +- max-unsync-wait -- <integer> (0) |- reset-uptime |- session-sync-dev -- clear +- set |- recalculate-extfile-signature |- sync-stats |- extfile-sig |- set-as-master -- enable |- disable -- <date> --