firewall : profile-protocol-options
 
profile-protocol-options
Use this command to configure UTM protocol options profiles for firewall policies. Protocol options configure how UTM functionality identifies content protocols such as HTTP, FTP, and SMTP. Every firewall policy that includes UTM profiles must include a protcol options profile.
SSL-related options for secure protocols are set in firewall ssl-ssh-profile.
Syntax
config firewall profile-protocol-options
edit <name_str>
set comment <comment_str>
set intercept-log {enable | disable}
set oversize-log {disable | enable}
set replacemsg-group <group_name>
set switching-protocols-log {enable | disable}
config http
set ports <port_number_list>
set inspect-all {enable | disable}
set options {chunkedbypass | clientcomfort | no‑content‑summary | oversize | servercomfort}
set block-page-status-code <integer>
set comfort-interval <interval_int>
set comfort-amount <amount_int>
set fortinet-bar {enable | disable}
set fortinet-bar-port <port_int>
set oversize-limit <size_int>
set post-lang <charset1> [<charset2>... <charset5>]
set retry-count <retry_int>
set scan-bzip2 {enable | disable}
set status {enable | disable}
set streaming-content-bypass {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config ftp
set ports <port_number_list>
set inspect-all {disable | enable}
set options {bypass‑mode‑command | bypass‑rest‑command | clientcomfort | no‑content‑summary | oversize | splice}
set comfort-interval <interval_int>
set comfort-amount <amount_int>
set oversize-limit <size_int>
set scan-bzip2 {enable | disable}
set status {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config dns
set ports <dns_port_list>
set status {enable | disable}
end
config imap
set ports <port_number_list>
set inspect-all {enable | disable}
set options {fragmail | no‑content‑summary | oversize}
set oversize-limit <size_int>
set scan-bzip2 {enable | disable}
set status {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config mapi
set ports <port_number_list>
set options {fragmail | no‑content‑summary | oversize}
set oversize-limit <size_int>
set scan-bzip2 {enable | disable}
set status {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config pop3
set ports <port_number_list>
set inspect-all {enable | disable}
set options {fragmail | no‑content‑summary | oversize}
set oversize-limit <size_int>
set scan-bzip2 {enable | disable}
set status {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config smtp
set ports <port_number_list>
set inspect-all {enable | disable}
set options {fragmail | no‑content‑summary | oversize | splice}
set oversize-limit <size_int>
set scan-bzip2 {enable | disable}
set server_busy {enable | disable}
set status {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config nntp
set ports <port_number_list>
set inspect-all {disable | enable}
set options { no‑content‑summary | oversize | splice}
set oversize-limit <size_int>
set scan-bzip2 {enable | disable}
set status {enable | disable}
set uncompnestlimit <depth_int>
set uncompsizelimit <MB_int>
end
config mail-signature
set status {enable | disable}
set signature <text>
end
end
Variable
Description
Default
<name_str>
Enter the name of the protocol options profile.
 
comment <comment_str>
Optionally enter a description of up to 63 characters of the protocol options profile.
 
intercept-log {enable | disable}
Enable or disable logging for FortiOS Carrier antivirus file filter is set to intercept.
 
oversize-log {disable | enable}
Enable or disable logging for antivirus oversize file blocking.
disable
replacemsg-group <group_name>
Enter the replacement message group to use.
No default.
switching-protocols-log {enable | disable}
Enable or disable logging of HTTP/HTTPS switching protocols.
disable