firewall : profile-protocol-options : config ftp
 
config ftp
Configure FTP protocol options.
Variable
Description
Default
ports <port_number_list>
Enter a space-separated list of port numbers to scan for FTP content.
21
inspect-all {disable | enable}
Enable to monitor all ports for the FTP protocol. If you enable this option you can’t select a port.
disable
comfort-interval <interval_int>
Enter the time in seconds to wait before client comforting starts after a download has begun. It is also the interval between subsequent client comforting sends. The range is 1 to 900 seconds.
10
comfort-amount <amount_int>
Enter the number of bytes client comforting sends each interval to show that an FTP download is progressing. The range is 1 to 10240 bytes.
1
options {bypass‑mode‑command | bypass‑rest‑command | clientcomfort | no‑content‑summary | oversize | splice}
Select one or more options apply to FTP sessions. To select more than one, enter the option names separated by a space.
bypass‑mode‑command — if the MODE command is issued with 'block' or 'compressed', disable content scanning until the setting changes or a new command is issued.
bypass‑rest‑command — if the REST command is issued with a value other than 0, disable content scanning until the setting changes or a new command is issued.
clientcomfort — apply client comforting and prevent client timeout.
no-content-summary — do not add content information from the dashboard.
oversize — block files that are over the file size limit.
splice — simultaneously scan a file and send it to the recipient. If the FortiGate unit detects a virus, it prematurely terminates the connection.
no-content-summary splice
oversize-limit <size_int>
Enter the maximum in-memory file size that will be scanned, in megabytes. If the file is larger than the oversize-limit, the file is passed or blocked depending on whether oversize is a selected FTP option. The maximum file size for scanning in memory is 10% of the FortiGate unit’s RAM.
10
scan-bzip2 {enable | disable}
Enable to allow the antivirus engine to scan the contents of bzip2 compressed files. Requires antivirus engine 1.90 for full functionality. Bzip2 scanning is extemely CPU intensive. Unless this feature is required, leave scan-bzip2 disabled.
disable
status {enable | disable}
Enable or disable FTP protocol inspection.
enable
uncompnestlimit <depth_int>
Set the maximum number of archives in depth the AV engine will scan with nested archives. The limit is from 2 to 100. The supported compression formats are arj, bzip2, cab, gzip, lha, lzh, msc, rar, tar, and zip. Bzip2 support is disabled by default.
12
uncompsizelimit <MB_int>
Set the maximum uncompressed file size that can be buffered to memory for virus scanning. Enter a value in megabytes between 1 and the maximum oversize threshold. Enter “?” to display the range for your FortiGate unit. Enter 0 for no limit (not recommended).
10