webfilter : fortiguard
 
fortiguard
Use this command to enable Web filtering by specific categories using FortiGuard-Web URL filtering.
Syntax
config webfilter fortiguard
set cache-mem-percent <percent_int>
set cache-mode {ttl | db‑ver}
set cache-prefix-match {enable | disable}
set close-ports {enable | disable}
set ovrd-auth-cert <str>
set ovrd-auth-hostname <str>
set ovrd-auth-https {enable | disable}
set ovrd-auth-port-http <port_int>
set ovrd-auth-port-https <port_int>
set reports-status {enable | disable}
set request-packet-size-limit <bytes_int>
end
Variable
Description
Default
cache-mem-percent <percent_int>
Change the maximum percentage of memory the cache will use in db-ver mode. Enter a value from 1 to 15 percent.
2
cache-mode {ttl | db‑ver}
Change the cache entry expiration mode. Choices are ttl or db-ver.
Using ttl, cache entries are deleted after a number of seconds determined by the cache‑ttl setting, or until newer cache entries force the removal of older ones.
When set to db-ver, cache entries are kept until the FortiGuard database changes, or until newer cache entries force the removal of older ones.
ttl
 
cache-prefix-match {enable | disable}
Enable and disable prefix matching.
If enabled the FortiGate unit attempts to match a packet against the rules in a prefix list starting at the top of the list.
For information on prefix lists see “prefix-list, prefix-list6”.
enable
close-ports {enable | disable}
Enable to close ports used for HTTP/HTTPS authentication and disable user overrides.
disable
ovrd-auth-cert <str>
Enter a certificate name to use for FortiGuard Web Filter HTTPS override authentication.
Fortinet_Firmware
ovrd-auth-hostname <str>
Enter a host name to use for FortiGuard Web Filter HTTPS override authentication.
No default.
ovrd-auth-https {enable | disable}
Enable to use HTTPS for override authentication.
enable
ovrd-auth-port-http <port_int>
The port to use for FortiGuard Web Filter HTTP override authentication.
8008
ovrd-auth-port-https
<port_int>
The port to use for FortiGuard Web filtering HTTPS override authentication.
8010
reports-status {enable | disable}
Enable or disable FortiGuard Web Filter reports.
This feature is available only on FortiGate units with an internal hard disk.
disable
request-packet-size-limit <bytes_int>
In some cases, FortiGuard request packets may be dropped due to IP fragmentation. You can set the maximum packet size. Range 576 to 10 000 bytes. Use 0 for the default size, 1100 bytes.
0