firewall : profile-group
 
profile-group
Use this command to create profile groups. A profile group can contain an antivirus profile, IPS sensor, web filter profile, email filter profile, DLP sensor, application control list, a VoIP profile, an MMS profile and a replacement message group. You can use a profile group in a firewall policy if you set the firewall policy profile-type field to group.
Syntax
config firewall profile-group
edit <name_str>
set profile-protocol-options <name_str>
set ssl-ssh-profile <profile_name>
set av-profile <name_str>
set icap-profile <name_str>
set webfilter-profile <name_str>
set spamfilter-profile <name_str>
set ips-sensor <name_str>
set dlp-sensor <name_str>
set application-chart {top10‑app | top10‑media‑user | top10-p2p-user}
set application-list <name_str>
set voip-profile <name_str>
set mms-profile <name_str>
set replacemsg-group <name_str>
end
Variable
Description
Default
<name_str>
Enter the name of the profile group.
 
profile-protocol-options <name_str>
Enter the name of the protocol options profile to add to the profile group.
(null)
ssl-ssh-profile <profile_name>
Enter the name of the deep inspection options profile to apply. See firewall ssl-ssh-profile. Mandatory when UTM profiles are enabled.
No default.
av-profile <name_str>
Enter the name of the antivirus profile to add to the profile group. To add an av-profile, you must obtain an adequate profile name in profile-protection-options.
(null)
icap-profile <name_str>
Enter the name of the Internet Content Adaptation Protocol (ICAP) profile to add to the profile group. To add an icap-profile, you must obtain an adequate profile name in profile-protection-options.
(null)
webfilter-profile <name_str>
Enter the name of the web filtering profile to add to the profile group. To add a webfilter-profile, you must obtain an adequate profile name in profile-protection-options.
(null)
spamfilter-profile <name_str>
Enter the name of the email filter profile to add to the profile group. To add a spamfilter-profile, you must obtain an adequate profile name in profile-protection-options.
(null)
ips-sensor <name_str>
Enter the name of the IPS sensor to add to the profile group.
(null)
dlp-sensor <name_str>
Enter the name of the DLP sensor to add to the profile group.To add an dlp-sensor, you must obtain an adequate profile name in profile-protection-options.
(null)
application-chart {top10‑app | top10‑media‑user | top10-p2p-user}
Enter the application chart type.
top10-app: Top 10 applications chart
top10-media-user: Top 10 media users chart
top10-p2p-user: Top 10 P2P users chart
(null)
application-list <name_str>
Enter the name of the application list to add to the profile group.
(null)
voip-profile <name_str>
Enter the name of the VoIP profile to add to the profile group.
(null)
mms-profile <name_str>
For FortiOS Carrier, enter the name of the MMS profile to add to the profile group.
(null)
replacemsg-group <name_str>
For FortiOS Carrier, enter the name of the replacement message group to add to the profile group.
default