The configuration of a FortiGate is stored in the FortiOS configuration database. To change the configuration, you can use the GUI or CLI to add, delete, or change configuration settings. These changes are stored in the database as you make them.
Individual settings in the configuration database can be text strings, numeric values, selections from a list of allowed options, or on/off (enable/disable) settings.
Entering text strings (names)
Text strings are used to name entities in the configuration. For example, the name of a firewall address, administrative user, and so on. You can enter any character in a FortiGate configuration text string except, to prevent Cross-Site Scripting (XSS) vulnerabilities, the following characters:
“ (double quote), & (ampersand), ' (single quote), < (less than) and > (greater than)
Most GUI text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.
|There is a different character limitation for VDOM names and hostnames. For both, the only valid characters are numbers (0-9), letters (a-z, A-Z), and special characters - and _.|
From the CLI, you can also use the
tree command to view the number of characters that are allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the GUI, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following
tree command to confirm that the firewall address
name field allows 64 characters.
config firewall address
-- [address] --*name (64)
|- fqdn (256)
|- cache-ttl (0,86400)
|- comment (64 xss)
|- associated-interface (16)
+- color (0,32)
tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully-qualified domain name (
fqdn) field can contain up to 256 characters.
Entering numeric values
Numeric values set various sizes, rates, numeric addresses, and other numeric values. For example, a static routing priority of 10, a port number of 8080, or an IP address of 10.10.10.1. Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or, as in the case of MAC or IPv6 addresses, separated by colons (for example, the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base-10 numbers, but some fields (again, such as MAC addresses) require hexadecimal numbers.
Most GUI numeric value fields make it easy to add the acceptable number of digits within the allowed range. CLI help includes information about allowed numeric value ranges. Both the GUI and the CLI prevent you from entering invalid numbers.