application : list
 
list
Use this command to create application control lists and configure the application options.
Syntax
config application list
edit <app_list_str>
config entries
edit <id_integer>
set action {block | pass | reset}
set application [<app1_int> <app2_int> ...]
set behavior {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8}
set block-video {enable | disable}
set category [<cat1_int> <cat2_int> ...]
set comment <comment_string>
set inspect-anyport {enable | disable}
set log-packet {disable | enable}
set protocols <protocols_str>
set popularity {1 2 3 4 5}
set session-ttl <ttl_int>
set shaper <shaper_str>
set shaper-reverse <shaper_str>
set sub-category {<subcat_int> | all}
set tags <tag_str>
set technology <technology_Str>
set vendor <vendor_int>
end
end
set comment <comment_string>
set app-replacemsg {enable | disable}
set options [allow‑dns allow‑http allow‑icmp allow‑ssl]
set other-application-action {block | pass}
set other-application-log {enable | disable}
set p2p-black-list [bittorrent edonkey skype]
set unknown-application-action {block | pass}
set unknown-application-log {disable | enable}
end
 
Variable
Description
Default
<app_list_str>
The name of the application control list.
No default.
<id_integer>
Enter the unique ID of the list entry you want to edit, or enter an unused ID to create a new one.
 
action {block | pass | reset}
Enter the action the FortiGate unit will take with traffic from the application of the specified type.
block will stop traffic from the specified application.
pass will allow traffic from the specified application.
reset will reset the network connection.
block
application [<app1_int> <app2_int> ...]
Enter one or more application integers to specify applications.
Enter set application ? to list all application integers in the currently configured category.
all
app-replacemsg {enable | disable}
Enable or disable replacement message for blocked applications (HTTP based protocols).
enable
behavior {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8}
Select the application behavior filter to apply. Options include
0 — Other
1 — Reasonable
2 — Botnet
3 — Evasion
4 — Loss of productivity
5 — Excessive bandwidth
6 — Tunneling
7 — Reconnaissance
8 — Encrypted tunneling
 
block-video {enable | disable}
Enable to block MSN video chat.
This command is available only when application is set to MSN.
disable
category [<cat1_int> <cat2_int> ...]
Enter category integers to specify application categories.
Set a specific category to limit the scope of the All setting of the application command. For example, setting category to im and application to All will have the list entry include all IM applications. Similarly, the applications listed with the set application ? command will be limited to the currently configured category.
Enter set category ? to list all category integers.
All
comment <comment_string>
Optionally, enter a descriptive comment.
No default.
deep-app-inspection {enable | disable}
Enable or disable deep application inspection.
disable
inspect-anyport {enable | disable}
Enable to inspect all ports not used by any proxy for IM traffic.
This command is available only when application is set to AIM, ICQ, MSN, or Yahoo.
disable
log-packet {disable | enable}
Enable or disable packet logging for an application in the application control list.
disable
options [allow‑dns allow‑http allow‑icmp allow‑ssl]
Enable basic application signatures by default.
allow‑dns
other-application-action {block | pass}
Enter the action the FortiGate unit will take for unrecognized application traffic or supported application traffic not configured in the current application control list.
pass
other-application-log {enable | disable}
Enter the logging action the FortiGate unit will take for unrecognized application traffic or supported application traffic not configured in the current application control list.
disable
p2p-black-list [bittorrent edonkey skype]
Enter the P2P applications that are blacklisted,
null
popularity {1 2 3 4 5}
Enter the popularity levels of this application.
 
protocols <protocols_str>
Enter the protocols that these applications use. Enter one or more protocol numbers separated by spaces. For a list of protocol numbers, enter set protocols ?.
No default.
session-ttl <ttl_int>
Enter the application’s session TTL. Enter 0 to disable this option. If this option is not enabled, the TTL defaults to the setting of the config system session-ttl CLI command.
0
shaper <shaper_str>
Enter the name of a traffic shaper to enable traffic shaping for this application.
No default
shaper-reverse <shaper_str>
Enter the name of a traffic shaper to enable reverse traffic shaping for this application.
No default
sub-category {<subcat_int> | all}
Enter the sub-category integer to specify an application sub-category, or enter all to include all sub-categories.
To see a list of sub-category numbers, enter set category ?.
all
tags <tag_str>
Optionally, assign object tags.
No default.
technology <technology_Str>
Select the technologies involved in these applications. Enter one or more or the following technology numbers separated by spaces, or enter all.
0—Other
1—Web browser
2—Client
3—Server
4—Peer-to-peer
all
unknown-application-action {block | pass}
Pass or block applications that have not been added to this application list.
pass
unknown-application-log {disable | enable}
Enable or disable recording log messages when an application not added to the application list is detected.
disable
vendor <vendor_int>
Enter the vendors to include. Enter one or more vendor numbers separated by spaces, or enter all. For a list of vendor numbers, enter set vendor ?.
all