Fortiweb VM
Fortinet Fortiweb Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Fortiweb VM integration allows to manage WAF policies and block cookies, URLs, and host names. This integration was integrated and tested with version 1 & 2 of fortiweb_vm
#
Configure Fortiweb VM in CortexParameter | Required |
---|---|
Server URL | True |
Username. | True |
Password. | True |
API Version | True |
Use system proxy settings | False |
Trust any certificate (not secure) | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
fortiwebvm-protected-hostname-group-createCreate protected host name group.
#
Base Commandfortiwebvm-protected-hostname-group-create
#
InputArgument Name | Description | Required |
---|---|---|
name | Protected host name group name. | Required |
default_action | Whether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you add to this protected hosts group. Possible values are: Allow, Deny (no log), Deny. Default is Allow. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-protected-hostname-group-create name=example
#
Human Readable Output#
Hostname group successfully created!
Name example
#
fortiwebvm-protected-hostname-group-updateUpdate protected host name group.
#
Base Commandfortiwebvm-protected-hostname-group-update
#
InputArgument Name | Description | Required |
---|---|---|
name | Protected host name group name. | Required |
default_action | Whether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you will add to this protected hosts group. Possible values are: Allow, Deny (no log), Deny. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-protected-hostname-group-update name=example default_action=Deny
#
Human Readable Output#
Hostname group successfully updated!
Name example
#
fortiwebvm-protected-hostname-group-listList the Protected host name group.
#
Base Commandfortiwebvm-protected-hostname-group-list
#
InputArgument Name | Description | Required |
---|---|---|
name | Protected host name group name. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ProtectedHostnameGroup.id | String | Protected host name group ID. |
FortiwebVM.ProtectedHostnameGroup.default_action | Number | Protected host name group action. |
FortiwebVM.ProtectedHostnameGroup.protected_hostname_count | Number | The number of protected host name group members. |
FortiwebVM.ProtectedHostnameGroup.can_delete | Boolean | Whether the Geo IP group can be deleted. Supports API version 1 only. |
#
Command example!fortiwebvm-protected-hostname-group-list name=example
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
Protected Hostnames Groups:Showing 1 rows out of 1. |Id|Default Action|Protected Hostname Count|Can Delete| |---|---|---|---| | example | Allow | 0 | true |
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
Protected Hostnames Groups:Showing 1 rows out of 1. |Id|Default Action|Protected Hostname Count| |---|---|---| | example | Allow | 0 |
#
fortiwebvm-protected-hostname-member-createCreate protected host name member.
#
Base Commandfortiwebvm-protected-hostname-member-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Protected host name group name. | Required |
action | Whether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you add to this protected hosts group. Possible values are: Allow, Deny (no log), Deny. Default is Allow. | Optional |
host | Enter the IP address or FQDN of a virtual or real web host, as it appears in the Host field of HTTP headers, such as www.example.com. The maximum length is 256 characters. | Required |
ignore_port | Whether host names with a port number will be protected. Supports API version 2 only. Possible values are: enable, disable. Default is disable. | Optional |
include_subdomains | Whether sub-domains of the host will be protected. Supports API version 2 only. Possible values are: enable, disable. Default is disable. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ProtectedHostnameMember.id | String | Protected host name member ID |
#
Human Readable Output#
Hostname member successfully created!
Id 1
#
fortiwebvm-protected-hostname-member-updateUpdate a protected host name member.
#
Base Commandfortiwebvm-protected-hostname-member-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Protected host name group name. | Required |
member_id | Protected host name member ID. | Required |
action | Whether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you add to this protected hosts group. Required in V1. Possible values are: Allow, Deny (no log), Deny. | Optional |
host | Enter the IP address or FQDN of a virtual or real web host, as it appears in the Host field of HTTP headers, such as www.example.com. The maximum length is 256 characters. | Optional |
ignore_port | Whether host names with a port number will be protected. Supports API version 2 only. Possible values are: enable, disable. | Optional |
include_subdomains | Whether sub-domains of the host will be protected. Supports API version 2 only. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-protected-hostname-member-update group_name=example member_id=1 action=Allow
#
Human Readable Output#
Hostname member successfully updated!
Id 1
#
fortiwebvm-protected-hostname-member-listList all the protected host name members.
#
Base Commandfortiwebvm-protected-hostname-member-list
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Protected host name group name. | Required |
member_id | Protected host name member ID. | Optional |
page | The page number of the results to retrieve. Default is 25. | Optional |
page_size | A number of hostname members per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ProtectedHostnameMember.group_name | String | Protected host name group name. |
FortiwebVM.ProtectedHostnameMember.Members.id | String | Protected host name member ID. |
FortiwebVM.ProtectedHostnameMember.Members.action | String | Protected hostname member action. |
FortiwebVM.ProtectedHostnameMember.Members.host | String | Protected host name member IP address. |
FortiwebVM.ProtectedHostnameMember.Members.ignore_port | String | Protected host name member ignore port. Supports API version 2 only. |
FortiwebVM.ProtectedHostnameMember.Members.include_subdomains | String | Protected host name member include sub-domains. Supports API version 2 only. |
#
Command example!fortiwebvm-protected-hostname-member-list group_name=example member_id=1
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
Protected Hostnames Members:Showing 1 rows out of 1. |Id|Action|Host| |---|---|---| | 1 | Deny | 1.2.3.4 |
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
Protected Hostnames Members:Showing 1 rows out of 1. |Id|Action|Host|Ignore Port|Include Subdomains| |---|---|---|---|---| | 1 | Deny | 1.2.3.4 | disable | disable |
#
fortiwebvm-protected-hostname-member-deleteDelete protected host name member.
#
Base Commandfortiwebvm-protected-hostname-member-delete
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Protected host name group name. | Required |
member_id | Protected host name member ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-protected-hostname-member-delete group_name=example member_id=1
#
Human Readable Output#
Hostname member successfully deleted!
Id 1
#
fortiwebvm-protected-hostname-group-deleteDelete a protected host name.
#
Base Commandfortiwebvm-protected-hostname-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | Protected host name group name. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-protected-hostname-group-delete name=example
#
Human Readable Output#
Hostname group successfully deleted!
Name example
There is no context output for this command.
#
fortiwebvm-ip-list-group-createCreate IP List.
#
Base Commandfortiwebvm-ip-list-group-create
#
InputArgument Name | Description | Required |
---|---|---|
name | IP list group name. | Required |
action | The action FortiWeb will take when it detects a violation of the rule. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log). Default is Alert deny. | Optional |
block_period | Enter the number of seconds to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1โ3,600 seconds. Supports API version 2 only. Default is 600. | Optional |
severity | The severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 2 only. Possible values are: Low, Medium, High, Info. Default is Low. | Optional |
ignore_x_forwarded_for | Whether IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable. Default is disable. | Optional |
trigger_policy | The trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 2 only. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-ip-list-group-create name=example
#
Human Readable Output#
IP List group successfully created!
Name example
#
fortiwebvm-ip-list-group-updateUpdate an IP list.
#
Base Commandfortiwebvm-ip-list-group-update
#
InputArgument Name | Description | Required |
---|---|---|
name | IP list group name. | Required |
action | The action FortiWeb will take when it detects a violation of the rule. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log). | Optional |
block_period | The number of seconds to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1โ3,600 seconds. Supports API version 2 only. | Optional |
severity | The severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 2 only. Possible values are: Low, Medium, High, Info. | Optional |
ignore_x_forwarded_for | Whether the IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable. | Optional |
trigger_policy | The trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 2 only. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-ip-list-group-update name=example block_period=550
#
Human Readable Output#
IP List group successfully updated!
Name example
#
fortiwebvm-ip-list-group-listSupports API versions 1 & 2.
#
Base Commandfortiwebvm-ip-list-group-list
#
InputArgument Name | Description | Required |
---|---|---|
name | IP list name. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.IpListGroup.id | String | IP list ID. |
FortiwebVM.IpListGroup.ip_list_count | Number | The number of IP list members. |
FortiwebVM.IpListGroup.can_delete | Boolean | Whether the Geo IP group can be deleted. Supports API version 1 only. |
FortiwebVM.IpListGroup.q_ref | Number | The CMDB reference count. Supports API version 2 only. |
FortiwebVM.IpListGroup.q_type | Number | IP list group object type. Supports API version 2 only. |
FortiwebVM.IpListGroup.can_clone | Number | Whether the IP list group can be cloned. Supports API version 2 only. |
FortiwebVM.IpListGroup.block_period | Number | IP list group block period. Supports API version 2 only. |
FortiwebVM.IpListGroup.can_view | Number | Whether you can view the IP list group. Supports API version 2 only. |
FortiwebVM.IpListGroup.action | String | IP list group action. Supports API version 2 only. |
FortiwebVM.IpListGroup.trigger_policy | String | IP list group trigger policy name. Supports API version 2 only. |
FortiwebVM.IpListGroup.severity | String | IP list group severity. Supports API version 2 only. |
#
Command example - API Version 1!fortiwebvm-ip-list-group-list name=example
#
Context Example#
Human Readable Output - API Version 1#
IP Lists Groups:Showing 1 rows out of 1. |Id|Ip List Count| |---|---| | example | 0 |
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
IP Lists Groups:Showing 1 rows out of 1. |Id|Ip List Count|Action|Block Period|Severity|Trigger Policy| |---|---|---|---|---|---| | example | 0 | alert_deny | 550 | Low | |
#
fortiwebvm-ip-list-member-createCreate an IP list member. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-ip-list-member-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | IP list group name. | Required |
type | The type of the source IP address. Possible values are: Trust IP, Black IP, Allow Only Ip. | Required |
ip_address | IPv4/IPv6 IP range. | Required |
severity | The severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\". Possible values are: High, Medium, Low, Informative. Default is Medium. | Optional |
trigger_policy | The trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.IpListMember.id | Number | IP list policy member ID. |
#
Command example!fortiwebvm-ip-list-member-create group_name=example ip_address=1.2.3.4 type="Black IP"
#
Context Example#
Human Readable Output#
IP List member successfully created!
Id 1
#
fortiwebvm-ip-list-member-updateUpdate IP list policy member.
#
Base Commandfortiwebvm-ip-list-member-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | IP list group name. | Required |
member_id | IP list policy member ID. | Required |
type | The type of the source IP address. Possible values are: Trust IP, Black IP, Allow Only Ip. | Optional |
ip_address | IPv4/IPv6 IP range. | Optional |
severity | The severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\". Possible values are: High, Medium, Low, Informative. | Optional |
trigger_policy | The trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\". | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-ip-list-member-update group_name=example member_id=1 ip_address=1.2.3.4
#
Human Readable Output#
IP List member successfully updated!
Id 1
#
fortiwebvm-ip-list-member-listList the IP list policy members.
#
Base Commandfortiwebvm-ip-list-member-list
#
InputArgument Name | Description | Required |
---|---|---|
group_name | IP list group name. | Required |
member_id | IP list member ID. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.IpListMember.group_name | String | IP list group name. |
FortiwebVM.IpListMember.Members.id | String | IP list member ID. |
FortiwebVM.IpListMember.Members.type | String | IP list member type. |
FortiwebVM.IpListMember.Members.severity | String | IP list member severity. Supports API version 1 only. |
FortiwebVM.IpListMember.Members.trigger_policy | String | IP list member trigger policy. Supports API version 1 only. |
FortiwebVM.IpListMember.Members.ip | String | IP list member IP address. |
#
Command example!fortiwebvm-ip-list-member-list group_name=example
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
IP Lists Members:Showing 1 rows out of 1. |Id|Type|Ip|Severity|Trigger Policy| |---|---|---|---|---| | 1 | Black IP | 1.2.3.4 | Medium | |
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
IP Lists Members:Showing 1 rows out of 1. |Id|Type|Ip| |---|---|---| | 1 | Black IP | 1.2.3.4 |
#
fortiwebvm-ip-list-member-deleteDelete an IP list policy member.
#
Base Commandfortiwebvm-ip-list-member-delete
#
InputArgument Name | Description | Required |
---|---|---|
group_name | IP list group name. | Required |
member_id | IP list policy member ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-ip-list-member-delete group_name=example member_id=1
#
Human Readable Output#
IP List member successfully deleted!
Id 1
#
fortiwebvm-ip-list-group-deleteSupports API versions 1 & 2.
#
Base Commandfortiwebvm-ip-list-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | IP list group name. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-ip-list-group-delete name=example
#
Human Readable Output#
IP List group successfully deleted!
Id example
#
fortiwebvm-custom-predefined-whitelist-updateUpdate the custom predefined global whitelist.
#
Base Commandfortiwebvm-custom-predefined-whitelist-update
#
InputArgument Name | Description | Required |
---|---|---|
id | Predefined global whitelist ID. | Required |
status | Status. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-custom-predefined-whitelist-update id=10002 status=disable
#
Human Readable Output#
Custom predifined whitelist member successfully updated!
Id 10002
#
fortiwebvm-custom-predefined-whitelist-listGet custom predefined global whitelist.
#
Base Commandfortiwebvm-custom-predefined-whitelist-list
#
InputArgument Name | Description | Required |
---|---|---|
id | Custom predefined whitelist ID. | Optional |
type | Type of the custom predefined whitelist. Possible values are: URL, Parameter, Cookie, Header Field. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CustomPredefinedGlobalWhitelist.id | Number | Predefined global whitelist member ID. |
FortiwebVM.CustomPredefinedGlobalWhitelist.name | String | Predefined global whitelist member name. |
FortiwebVM.CustomPredefinedGlobalWhitelist.path | String | Predefined global whitelist member path. |
FortiwebVM.CustomPredefinedGlobalWhitelist.domain | String | Predefined global whitelist member domain. |
FortiwebVM.CustomPredefinedGlobalWhitelist.status | Boolean | Predefined global whitelist member status. |
#
Command example!fortiwebvm-custom-predefined-whitelist-list limit=1
#
Context Example#
Human Readable Output#
Custom whitelist members:Showing 1 rows out of 36. |Id|Name|Path|Domain|Status| |---|---|---|---|---| | 100002 | | test | | true |
#
fortiwebvm-custom-whitelist-url-createCreate a custom global whitelist URL object.
#
Base Commandfortiwebvm-custom-whitelist-url-create
#
InputArgument Name | Description | Required |
---|---|---|
request_type | Indicate whether the request-file \"<url_str>\" field contains a literal URL (Simple String), or a regular expression designed to match multiple URLs (Regular Expression). Possible values are: Simple String, Regular Expression. Default is Simple String. | Optional |
request_url | Depending on your selection in the request-type {plain | regular} field, enter either: - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CustomGlobalWhitelist.id | Number | Custom global whitelist ID |
#
Command example!fortiwebvm-custom-whitelist-url-create request_url=/123
#
Context Example#
Human Readable Output#
Custom whitelist URL member succesfuly created!
Id 1
#
fortiwebvm-custom-whitelist-parameter-createCreate a custom global whitelist parameter object.
#
Base Commandfortiwebvm-custom-whitelist-parameter-create
#
InputArgument Name | Description | Required |
---|---|---|
request_type | Indicate whether the request-file \"<url_str>\" field contains a literal URL (plain), or a regular expression designed to match multiple URLs (regular). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. Default is Simple String. | Optional |
request_url | Depending on your selection in the request-type {plain | regular} field, enter either: - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html. Supports API version 2 only. Required when request_url_status= True. | Optional |
name | Enter the name of the parameter as it appears in the HTTP URL or body, such as rememberme. | Required |
name_type | Indicate whether the name \"<name_str>\" field will contain a literal parameter name (Simple String), or a regular expression designed to match all parameter names (Regular Expression). Supports API version 2 only. Possible values are: Simple String, Regular Expression. Default is Simple String. | Optional |
request_url_status | Enable to apply this rule only to HTTP requests for specific URLs. Supports API version 2 only. Possible values are: enable, disable. Default is disable. | Optional |
domain_status | Enable to apply this rule only to HTTP requests for specific domains. Supports API version 2 only. Possible values are: enable, disable. Default is disable. | Optional |
domain_type | Indicate whether the domain \"<cookie_str>\" field will contain a literal domain/IP address (Simple String), or a regular expression designed to match multiple domains/IP addresses (Regular Expression). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. Default is Simple String. | Optional |
domain | The partial or complete domain name or IP address as it appears in the cookie. Supports API version 2 only. Required when request_url_status= True. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CustomGlobalWhitelist.id | Number | Custom global whitelist ID. |
#
Command example!fortiwebvm-custom-whitelist-parameter-create name=example
#
Context Example#
Human Readable Output#
Custom whitelist Parameter member succesfuly created!
Id 2
#
fortiwebvm-custom-whitelist-cookie-createCreate a custom global whitelist cookie object.
#
Base Commandfortiwebvm-custom-whitelist-cookie-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the cookie as it appears in the HTTP request, such as NID. | Required |
domain | The partial or complete domain name or IP address as it appears in the cookie. | Optional |
path | The path as it appears in the cookie. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CustomGlobalWhitelist.id | Number | Custom global whitelist ID |
#
Command example!fortiwebvm-custom-whitelist-cookie-create name=example domain=abc path=/abc
#
Context Example#
Human Readable Output#
Custom whitelist Cookie member succesfuly created!
Id 2
#
fortiwebvm-custom-whitelist-header-field-createCreate a custom global whitelist header field object. Supports API version 2 only.
#
Base Commandfortiwebvm-custom-whitelist-header-field-create
#
InputArgument Name | Description | Required |
---|---|---|
name | Enter the name of the cookie as it appears in the HTTP header. | Required |
header_name_type | Indicate whether the type field will contain a literal name (Simple String), or a regular expression designed to match multiple names (Regular Expression). Possible values are: Simple String, Regular Expression. Default is Simple String. | Optional |
value_status | Enable to also check the value of the HTTP header. Only the HTTP headers that match both the name and the value will be allowlisted. Possible values are: enable, disable. Default is disable. | Optional |
header_value_type | Indicate whether the header name will contain a literal name (plain), or a regular expression designed to match multiple names (regular). Possible values are: Simple String, Regular Expression. Default is Simple String. | Optional |
value | The value of the HTTP header. Required when value_status is enabled. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CustomGlobalWhitelist.id | Number | Custom global whitelist ID. |
#
fortiwebvm-custom-whitelist-url-updateUpdate a custom global whitelist URL object.
#
Base Commandfortiwebvm-custom-whitelist-url-update
#
InputArgument Name | Description | Required |
---|---|---|
id | Custom global whitelist object ID. | Required |
status | Enable to exempt this object from all scans. Possible values are: enable, disable. Default is enable. | Optional |
request_type | Indicate whether the request-file \"<url_str>\" field contains a literal URL (plain), or a regular expression designed to match multiple URLs (regular). Possible values are: Simple String, Regular Expression. | Optional |
request_url | Depending on your selection in the request-type {plain | regular} field, enter either - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-custom-whitelist-url-update id=1 status=disable
#
Human Readable Output#
Custom whitelist URL member succesfuly updated!
Id 1
#
fortiwebvm-custom-whitelist-parameter-updateUpdate custom global whitelist parameter object.
#
Base Commandfortiwebvm-custom-whitelist-parameter-update
#
InputArgument Name | Description | Required |
---|---|---|
id | Custom global whitelist object ID. | Required |
status | Enable to exempt this object from all scans. Possible values are: enable, disable. Default is enable. | Optional |
request_type | Indicate whether the request-file \"<url_str>\" field contains a literal URL (plain), or a regular expression designed to match multiple URLs (regular). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. Default is enable. | Optional |
request_url | Depending on your selection in the request-type {plain | regular} field, enter either: - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html. Supports API version 2 only. Required when request_url_status= True. | Optional |
name | Name. | Optional |
name_type | Indicate whether the name \"<name_str>\" field will contain a literal parameter name (Simple String), or a regular expression designed to match all parameter names (Regular Expression). Supports API version 2 only. Possible values are: Simple String, Regular Expression. | Optional |
request_url_status | Enable to apply this rule only to HTTP requests for specific URLs. Supports. Possible values are: enable, disable. | Optional |
domain_status | Enable to apply this rule only to HTTP requests for specific domains. Supports. Possible values are: enable, disable. | Optional |
domain_type | Indicate whether the domain \"<cookie_str>\" field will contain a literal domain/IP address (Simple String), or a regular expression designed to match multiple domains/IP addresses (Regular Expression). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. | Optional |
domain | Enter the partial or complete domain name or IP address as it appears in the cookie. Supports API version 2 only. Required when request_url_status= True. | Optional |
#
Context OutputThere is no context output for this command.
#
fortiwebvm-custom-whitelist-cookie-updateUpdate a custom global whitelist cookie object.
#
Base Commandfortiwebvm-custom-whitelist-cookie-update
#
InputArgument Name | Description | Required |
---|---|---|
id | Custom global whitelist object ID. | Required |
status | Enable to exempt this object from all scans. Possible values are: enable, disable. Default is enable. | Optional |
name | Enter the name of the cookie as it appears in the HTTP request, such as NID. | Optional |
domain | Enter the partial or complete domain name or IP address as it appears in the cookie. | Optional |
path | Enter the path as it appears in the cookie. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-custom-whitelist-cookie-update id=3 status=disable
#
Human Readable Output#
Custom whitelist Cookie member succesfuly updated!
Id 3
#
fortiwebvm-custom-whitelist-header-field-updateUpdate a custom global whitelist header field object. Supports API version 2 only.
#
Base Commandfortiwebvm-custom-whitelist-header-field-update
#
InputArgument Name | Description | Required |
---|---|---|
id | Custom global whitelist object ID. | Required |
status | Enable to exempt this object from all scans. Possible values are: enable, disable. Default is enable. | Optional |
header_name_type | Indicate whether the type field will contain a literal name (Simple String), or a regular expression designed to match multiple names (Regular Expression). Possible values are: Simple String, Regular Expression. | Optional |
name | The name of the cookie as it appears in the HTTP header. | Optional |
header_value_type | Indicate whether the header name will contain a literal name (Simple String), or a regular expression designed to match multiple names (Regular Expression). Possible values are: Simple String, Regular Expression. | Optional |
value_status | Enable to also check the value of the HTTP header. Only the HTTP headers that match both the name and the value will be allowlisted. Possible values are: enable, disable. | Optional |
value | The value of the HTTP header. Required when value_status is enabled. | Optional |
#
Context OutputThere is no context output for this command.
#
fortiwebvm-custom-whitelist-deleteDelete a custom global whitelist object from the custom global whitelist.
#
Base Commandfortiwebvm-custom-whitelist-delete
#
InputArgument Name | Description | Required |
---|---|---|
id | Object ID number. | Required |
#
Context OutputThere is no context output for this command.
#
fortiwebvm-custom-whitelist-listList the custom global whitelist objects.
#
Base Commandfortiwebvm-custom-whitelist-list
#
InputArgument Name | Description | Required |
---|---|---|
id | Custom global whitelist object ID. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CustomGlobalWhitelist.id | Number | Custom global whitelist object ID. |
FortiwebVM.CustomGlobalWhitelist.name | Number | Custom global whitelist object name. |
FortiwebVM.CustomGlobalWhitelist.type | Number | Custom global whitelist object type. |
FortiwebVM.CustomGlobalWhitelist.status | Boolean | Custom global whitelist object status. |
FortiwebVM.CustomGlobalWhitelist.request_type | Number | Custom global whitelist object request type. |
FortiwebVM.CustomGlobalWhitelist.request_url | String | Custom global whitelist object request URL. |
FortiwebVM.CustomGlobalWhitelist.header_name_type | String | Custom global whitelist object header type. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.domain_type | String | Custom global whitelist object domain type. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.name_type | String | Custom global whitelist object name type. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.request_url_status | String | Custom global whitelist object request file status. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.domain_status | String | Custom global whitelist object domain status. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.domain | String | Custom global whitelist object domain. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.path | String | Custom global whitelist object path. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.header_value_type | String | Custom global whitelist object value type. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.value | String | Custom global whitelist object value. Supports API version 2 only. |
FortiwebVM.CustomGlobalWhitelist.value_status | String | Custom global whitelist object value status. Supports API version 2 only. |
#
Command example!fortiwebvm-custom-whitelist-list limit=1
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
Custom whitelist members:Showing 1 rows out of 3. |Id|Name|Request Url|Path|Domain|Status| |---|---|---|---|---|---| | 1 | | /123 | | | false |
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
Custom whitelist members:Showing 1 rows out of 3. |Id|Name|Request Url|Path|Domain|Status| |---|---|---|---|---|---| | 1 | | /123 | | | disable |
#
fortiwebvm-geo-ip-member-addCreate Geo IP member.
#
Base Commandfortiwebvm-geo-ip-member-add
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Geo IP group name. | Required |
countries | Comma-separated list of country names to add to the GEO IP list name. Possible values are: Afghanistan, Aland Islands, Albania, Algeria, American Samoa, Andorra, Angola, Anguilla, Antarctica, Antigua And Barbuda, Argentina, Armenia, Aruba, Australia, Austria, Azerbaijan, Bahamas, Bahrain, Bangladesh, Barbados, Belarus, Belgium, Belize, Benin, Bermuda, Bhutan, Bolivia, Bonaire Saint Eustatius And Saba, Bosnia And Herzegovina, Botswana, Brazil, British Indian Ocean Territory, British Virgin Islands, Brunei Darussalam, Bulgaria, Burkina Faso, Burundi, Cambodia, Cameroon, Canada, Cape Verde, Cayman Islands, Central African Republic, Chad, Chile, China, Colombia, Comoros, Congo, Cook Islands, Costa Rica, Cote D Ivoire, Croatia, Cuba, Curacao, Cyprus, Czech Republic, Democratic People S Republic Of Korea, Democratic Republic Of The Congo, Denmark, Djibouti, Dominica, Dominican Republic, Ecuador, Egypt, El Salvador, Equatorial Guinea, Eritrea, Estonia, Ethiopia, Falkland Islands Malvinas, Faroe Islands, Federated States Of Micronesia, Fiji, Finland, France, French Guiana, French Polynesia, Gabon, Gambia, Georgia, Germany, Ghana, Gibraltar, Greece, Greenland, Grenada, Guadeloupe, Guam, Guatemala, Guernsey, Guinea, Guinea-Bissau, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Isle Of Man, Israel, Italy, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Kiribati, Kosovo, Kuwait, Kyrgyzstan, Lao People S Democratic Republic, Latvia, Lebanon, Lesotho, Liberia, Libya, Liechtenstein, Lithuania, Luxembourg, Macao, Macedonia, Madagascar, Malawi, Malaysia, Maldives, Mali, Malta, Marshall Islands, Martinique, Mauritania, Mauritius, Mayotte, Mexico, Moldova, Monaco, Mongolia, Montenegro, Montserrat, Morocco, Mozambique, Myanmar, Namibia, Nauru, Nepal, Netherlands, New Caledonia, New Zealand, Nicaragua, Niger, Nigeria, Niue, Norfolk Island, Northern Mariana Islands, Norway, Oman, Pakistan, Palau, Palestine, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Republic Of Korea, Reunion, Romania, Russian Federation, Rwanda, Saint Bartelemey, Saint Kitts And Nevis, Saint Lucia, Saint Martin, Saint Pierre And Miquelon, Saint Vincent And The Grenadines, Samoa, San Marino, Sao Tome And Principe, Saudi Arabia, Senegal, Serbia, Seychelles, Sierra Leone, Singapore, Sint Maarten, Slovakia, Slovenia, Solomon Islands, Somalia, South Africa, South Georgia And The South Sandwich Islands, South Sudan, Spain, Sri Lanka, Sudan, Suriname, Swaziland, Sweden, Switzerland, Syria, Taiwan, Tajikistan, Tanzania, Thailand, Timor-Leste, Togo, Tokelau, Tonga, Trinidad And Tobago, Tunisia, Turkey, Turkmenistan, Turks And Caicos Islands, Tuvalu, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, Uruguay, U S Virgin Islands, Uzbekistan, Vanuatu, Vatican, Venezuela, Vietnam, Wallis And Futuna, Yemen, Zambia, Zimbabwe. Default is Low. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-geo-ip-member-add group_name=example countries=Algeria
#
Context Example#
Human Readable Output#
Geo IP member successfully added!
Id Country 1 Algeria
#
fortiwebvm-geo-ip-member-deleteDelete Geo IP member .
#
Base Commandfortiwebvm-geo-ip-member-delete
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Geo IP group name. | Required |
member_id | Geo IP member ID number. (The ID of the Geo IP member is the ID of the country in the Geo IP list.). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-geo-ip-member-delete group_name=example member_id=1
#
Human Readable Output#
Geo IP member succesfuly deleted!
Member Id 1
#
fortiwebvm-geo-ip-member-listGet Geo IP member.
#
Base Commandfortiwebvm-geo-ip-member-list
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Geo IP Name. | Required |
member_id | Geo IP member ID number. (The ID of the Geo IP Member is the ID of the country in the Geo IP list.). | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.GeoIpMember.group_name | String | Geo IP member group name. |
FortiwebVM.GeoIpMember.countries.id | String | Geo IP member ID. |
FortiwebVM.GeoIpMember.countries.country | Number | Geo IP member country name. |
#
Command example!fortiwebvm-geo-ip-member-list group_name=example member_id=1
#
Context Example#
Human Readable Output#
Geo IP member:Showing 1 rows out of 1. |Id|Country| |---|---| | 1 | Algeria |
#
fortiwebvm-geo-ip-group-createCreate Geo IP.
#
Base Commandfortiwebvm-geo-ip-group-create
#
InputArgument Name | Description | Required |
---|---|---|
name | Geo IP group name. | Required |
trigger_policy | Enter the name of the trigger to apply when this rule is violated. | Optional |
severity | The severity level to use in logs and reports generated when a violation of the rule occurs. Possible values are: High, Medium, Low, Info. Default is Low. | Optional |
exception_rule | Geo IP exception groups. | Optional |
action | Select which action FortiWeb will take when it detects a violation of the rule: alert_deny โ Block the request (or reset the connection) and generate an alert and/or log message. deny_no_log โ Block the request (or reset the connection). block-period โ Block subsequent requests from the client for a number of seconds. Also configure block-period. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log). Default is Block period. | Optional |
block_period | The number of seconds to block subsequent requests. The valid range is 1โ3,600 seconds. Relevant when action=Block period True. Supports API version 2 only. Default is 600. | Optional |
ignore_x_forwarded_for | Whether to enable so that IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-geo-ip-group-create name=example
#
Human Readable Output#
Geo IP group successfully created!
Name example
#
fortiwebvm-geo-ip-group-updateUpdate Geo IP.
#
Base Commandfortiwebvm-geo-ip-group-update
#
InputArgument Name | Description | Required |
---|---|---|
name | Geo IP group name. | Required |
trigger_policy | Enter the name of the trigger to apply when this rule is violated. | Optional |
severity | The severity level to use in logs and reports generated when a violation of the rule occurs. Possible values are: High, Medium, Low, Info. | Optional |
exception_rule | Geo IP exception groups. | Optional |
action | The action FortiWeb will take when it detects a violation of the rule: alert_deny โ Block the request (or reset the connection) and generate an alert and/or log message.deny_no_log โ Block the request (or reset the connection). block-period โ Block subsequent requests from the client for a number of seconds. Also configure block-period. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log). | Optional |
block_period | The number of seconds to block subsequent requests. The valid range is 1โ3,600 seconds. Supports API version 2 only. | Optional |
ignore_x_forwarded_for | Whether to enable so that the IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-geo-ip-group-update name=example
#
Human Readable Output#
Geo IP group successfully updated!
Name example
#
fortiwebvm-geo-ip-group-deleteDelete Geo IP.
#
Base Commandfortiwebvm-geo-ip-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | Geo IP group name. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-geo-ip-group-delete name=example
#
Human Readable Output#
Geo IP group successfully deleted!
Id example
#
fortiwebvm-geo-ip-group-listGet Geo IP list.
#
Base Commandfortiwebvm-geo-ip-group-list
#
InputArgument Name | Description | Required |
---|---|---|
name | Geo IP group name. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.GeoIpGroup.id | Number | Geo IP group ID. |
FortiwebVM.GeoIpGroup.count | Number | The number of Geo IP group members. |
FortiwebVM.GeoIpGroup.trigger_policy | String | Geo IP group trigger policy name. |
FortiwebVM.GeoIpGroup.severity | String | Geo IP group severity number. |
FortiwebVM.GeoIpGroup.except | String | Geo IP group exception groups. |
FortiwebVM.GeoIpGroup.can_delete | Boolean | Whether the Geo IP group can be deleted. Supports API version 1 only. |
FortiwebVM.GeoIpGroup.action | String | Geo IP group action. Supports API version 2 only. |
FortiwebVM.GeoIpGroup.block_period | Number | Geo IP group block period. Supports API version 2 only. |
FortiwebVM.GeoIpGroup.ignore_x_forwarded_for | String | Whether IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. |
#
fortiwebvm-system-operation-status-getGet operation status.
#
Base Commandfortiwebvm-system-operation-status-get
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-system-operation-status-get
#
Context Example#
Human Readable Output#
Operation networks:
Id Name Label Alias Ip Netmask Speed Duplex Tx Rx Link port1 port1 1 1.2.3.4/24 10000 Mbps/Full Duplex 18115 582306 Up port2 port2 2 1.2.3.4/0 10000 Mbps/Full Duplex 141 571254 Up port3 port3 3 1.2.3.4/0 10000 Mbps/Full Duplex 141 571338 Up port4 port4 4 1.2.3.4/0 10000 Mbps/Full Duplex 141 571252 Up port5 port5 5 1.2.3.4/0 10000 Mbps/Full Duplex 141 571246 Up port6 port6 6 1.2.3.4/0 10000 Mbps/Full Duplex 141 571245 Up port7 port7 7 1.2.3.4/0 10000 Mbps/Full Duplex 141 571239 Up port8 port8 8 1.2.3.4/0 10000 Mbps/Full Duplex 141 571283 Up port9 port9 9 1.2.3.4/0 10000 Mbps/Full Duplex 141 572431 Up port10 port10 10 1.2.3.4/0 10000 Mbps/Full Duplex 141 572083 Up
#
fortiwebvm-system-policy-status-getGet policy status.
#
Base Commandfortiwebvm-system-policy-status-get
#
InputThere are no input arguments for this command.
#
Command example!fortiwebvm-system-policy-status-get
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
Policy status:
Id Name Status Vserver Http Port Https Port Mode Session Count Connction Per Second example example enable 1.2.3.4/32/ 80 Single Server/Server Pool 0 0
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
Policy status:
Id Name Status Vserver Http Port Https Port Mode Session Count Connction Per Second Policy Client Rtt Server Rtt App Response Time example example enable 80 Single Server/Server Pool 0 0 1099 0 0 0
#
fortiwebvm-system-status-getGet system status.
#
Base Commandfortiwebvm-system-status-get
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-system-status-get
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
System Status:
High Ability Status Host Name Serial Number Operation Mode System Time Firmware Version Administrative Domain System Uptime Fips And Cc Mode Log Disk Standalone FortiWeb FVVM00UNLICENSED Reverse Proxy Sun Dec 25 01:01:32 2022 FortiWeb-VM 6.12,build0421(GA),191218 Disabled 2 day(s) 20 hour(s) 7 min(s) Disabled Available
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
System Status:
High Ability Status Host Name Serial Number Operation Mode System Time Firmware Version Administrative Domain Manager Status Sysyem Up Days Sysyem Up Hrs Sysyem Up Mins Standalone FortiWeb FVBAWS0001be9eec Reverse Proxy Sun Dec 25 02:06:38 2022 test 7.03,build0111(GA),220912 Disabled Standalone 34 20 45
#
fortiwebvm-virtual-server-listList the virtual servers.
#
Base Commandfortiwebvm-virtual-server-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.VirtualServer.id | String | Virtual Server name. |
#
Command example!fortiwebvm-virtual-server-list limit=1
#
Context Example#
Human Readable Output#
Virtual Servers:Showing 1 rows out of 1. |Id| |---| | virtual1 |
#
fortiwebvm-geo-exception-listList the Geo exception groups.
#
Base Commandfortiwebvm-geo-exception-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.GeoExceptionGroup.id | String | Geo Exception Group Name. |
#
Command example!fortiwebvm-geo-exception-list limit=1
#
Context Example#
Human Readable Output#
Geo exception:Showing 1 rows out of 1. |Id| |---| | exception1 |
#
fortiwebvm-trigger-policy-listList the trigger policy rules.
#
Base Commandfortiwebvm-trigger-policy-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.TriggerPolicy.id | String | Trigger policy name. |
#
Command example!fortiwebvm-trigger-policy-list limit=1
#
Context Example#
Human Readable Output#
Content Routing Policy:Showing 1 rows out of 1. |Id| |---| | trigger1 |
#
fortiwebvm-certificate-intermediate-group-listList the certificate intermediate groups.
#
Base Commandfortiwebvm-certificate-intermediate-group-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.CertificateIntermediateGroup.id | String | Certificate intermediate group name. |
#
Command example!fortiwebvm-certificate-intermediate-group-list limit=1
#
Context Example#
Human Readable Output#
Content Routing Policy:Showing 1 rows out of 3. |Id| |---| | group |
#
fortiwebvm-server-pool-listList the server pools.
#
Base Commandfortiwebvm-server-pool-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPool.id | String | Server pool name. |
#
Command example!fortiwebvm-server-pool-list limit=1
#
Context Example#
Human Readable Output#
Server pool:Showing 1 rows out of 2. |Id| |---| | Strong Dev |
#
fortiwebvm-http-service-listList the HTTP services.
#
Base Commandfortiwebvm-http-service-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.HttpServiceList.id | String | HTTP service name. |
#
Command example!fortiwebvm-http-service-list limit=1
#
Context Example#
Human Readable Output#
HTTP services:Showing 1 rows out of 5. |Id| |---| | HTTP |
#
fortiwebvm-inline-protection-profile-listList the inline protection profiles.
#
Base Commandfortiwebvm-inline-protection-profile-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.InlineProtectionProfile.id | String | Inline protection profile name. |
#
Command example!fortiwebvm-inline-protection-profile-list limit=1
#
Context Example#
Human Readable Output#
Inline Protection Profile:Showing 1 rows out of 10. |Id| |---| | Inline High Level Security |
#
fortiwebvm-server-policy-createCreate a server policy.
#
Base Commandfortiwebvm-server-policy-create
#
InputArgument Name | Description | Required |
---|---|---|
name | Policy Name. | Required |
json_template_id | Allows the use of the server policy JSON template. All of the arguments listed below will be overridden. | Optional |
deployment_mode | The distribution method that FortiWeb uses when it forwards connections accepted by this policy. Possible values are: HTTP Content Routing, Single Server/Server Balance. | Optional |
virtual_server | The name of a virtual server that provides the IP address and network interface of incoming traffic that FortiWeb routes and to which the policy applies a protection profile. The maximum length is 63 characters. | Optional |
match_once | Enable to forward subsequent requests from an identified client connection to the same server pool as the initial connection from the client. Required when: deployment_mode = "HTTP Content Routing". Possible values are: enable, disable. Default is disable. | Optional |
server_pool | The name of the server pool whose members receive the connections. Required when: deployment_mode = "Single Server/Server Balance". | Optional |
protected_hostnames | The name of a protected hosts group to allow or reject connections based upon their host. | Optional |
client_real_ip | Enable to configure FortiWeb to use the source IP address of the client that originated the request when it connects to a back-end server on behalf of that client. Possible values are: enable, disable. Default is disable. | Optional |
ip_range | An IP address or address range to directly connect to the back-end server. Required when: client_real_ip = "enable". Supports API version 2 only. | Optional |
syn_cookie | Enable to detect TCP SYN flood attacks. Possible values are: enable, disable. Default is disable. | Optional |
half_open_thresh | The maximum number of TCP SYN packets, including retransmissions, that FortiWeb allows to be sent per second to a destination address. If this threshold is exceeded, the FortiWeb appliance treats the traffic as a DoS attack and ignores additional traffic from that source address. The valid range is 10โ10,000. Default is 8192. | Optional |
http_service | Custom or predefined service that defines the port number on which the virtual server receives HTTP traffic. | Optional |
https_service | Custom or predefined service that defines the port number on which the virtual server receives HTTPS traffic. | Optional |
multi_certificate | Enable to allow FortiWeb to use multiple local certificates. | Optional |
certificate_group | The multi-certificate file you created. Required when: multi_certificate is enabled. | Optional |
proxy | Certificate group name. | Optional |
redirect_to_https | Enable to automatically redirect all HTTP requests to the HTTPS service with the same URL and parameters. Possible values are: enable, disable. Default is disable. | Optional |
inline_protection_profile | Inline web protection profile name. | Optional |
monitor_mode | Enable to override deny and redirect actions defined in the server protection rules for the selected policy. This setting enables FortiWeb to log attacks without performing the deny or redirect action. Disable to allow FortiWeb to perform attack deny/redirect actions as defined by the server protection rules. Possible values are: enable, disable. Default is disable. | Optional |
url_case_sensitivity | Enable to differentiate uniform resource locators (URLs) according to upper case and lower case letters for features that act upon the URLs in the headers of HTTP requests, such as block list rules, and allow list rules. Possible values are: enable, disable. Default is disable. | Optional |
comments | A description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 999 characters. | Optional |
certificate_type | Certificate type. Supports API version 2 only. Possible values are: Local, Multi Certificate, Letsencrypt. Default is Local. | Optional |
lets_certificate | Select the Letsencrypt certificate you created. Supports API version 2 only. Required when: certificate_type is 'Letsencrypt'. | Optional |
retry_on | Enable to configure whether to retry a failed TCP connection or HTTP request in Reverse Proxy mode. Supports API version 2 only. Possible values are: enable, disable. Default is disable. | Optional |
retry_on_cache_size | A cache size limit for the HTTP request packet. Supports API version 2 only. Required when: retry_on is enabled. Default is 512. | Optional |
retry_on_connect_failure | Enable to configure the retry times in case of any TCP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable. Default is disable. | Optional |
retry_times_on_connect_failure | The number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on_connect_failure and retry_on are enabled. Possible values are: 1, 2, 3, 4, 5. Default is 3. | Optional |
retry_on_http_layer | Enable to configure the retry times and failure response code in case of any HTTP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable. Default is disable. | Optional |
retry_times_on_http_layer | The number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 1, 2, 3, 4, 5. Default is 3. | Optional |
retry_on_http_response_codes | The failure return code when the pserver can be connected to determine enabling HTTP failure retry. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 404, 408, 500, 501, 502, 503, 504. | Optional |
scripting | Enable to perform actions that are not currently supported by the built-in feature set. Supports API version 2 only. Possible values are: enable, disable. | Optional |
scripting_list | Scripting list to perform actions that are not currently supported by the built-in feature set. Required when: scripting is enabled. Supports API version 2 only. | Optional |
allow_list | The Policy Based Allow list to use instead of the Global Allow List. Supports API version 2 only. | Optional |
replace_msg | The replacement message to apply to the policy. Supports API version 2 only. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-policy-create name=example virtual_server=virtual1 http_service=HTTP deployment_mode="HTTP Content Routing"
#
Human Readable Output#
Server Policy succesfuly created!
Name example
#
fortiwebvm-server-policy-updateUpdate the server policy.
#
Base Commandfortiwebvm-server-policy-update
#
InputArgument Name | Description | Required |
---|---|---|
name | Policy name. | Required |
deployment_mode | Deployment mode. Possible values are: HTTP Content Routing, Single Server/Server Balance. | Optional |
virtual_server | The name of a virtual server that provides the IP address and network interface of incoming traffic that FortiWeb routes and to which the policy applies a protection profile. The maximum length is 63 characters. | Optional |
match_once | Enable to forward subsequent requests from an identified client connection to the same server pool as the initial connection from the client. Required when: deployment_mode = "HTTP Content Routing". Possible values are: enable, disable. Default is disable. | Optional |
server_pool | Enter the name of the server pool whose members receive the connections. Required when: deployment_mode = "Single Server/Server Balance". | Optional |
protected_hostnames | Protected hostnames group name. Enter the name of a protected hosts group to allow or reject connections based upon their host. | Optional |
client_real_ip | Enable to configure FortiWeb to use the source IP address of the client that originated the request when it connects to a back-end server on behalf of that client. | Optional |
ip_range | Specify an IP address or address range to directly connect to the back-end server. Required when: client_real_ip = "enable". Supports API version 2 only. | Optional |
syn_cookie | Enable to detect TCP SYN flood attacks. Possible values are: enable, disable. Default is disable. | Optional |
half_open_thresh | The maximum number of TCP SYN packets, including retransmissions, that FortiWeb allows to be sent per second to a destination address. If this threshold is exceeded, the FortiWeb appliance treats the traffic as a DoS attack and ignores additional traffic from that source address. The valid range is 10โ10,000. | Optional |
http_service | Custom or predefined service that defines the port number on which the virtual server receives HTTP traffic. | Optional |
https_service | HTTPS service name. Custom or predefined service that defines the port number on which the virtual server receives HTTPS traffic. | Optional |
http2 | Enable HTTP/2. Required when: HTTPSService is not null. Possible values are: enable, disable. Default is disable. | Optional |
multi_certificate | Enable to allow FortiWeb to use multiple local certificates. | Optional |
certificate_group | Required when: multi-certificate is enabled. Select the multi-certificate file you created. | Optional |
certificate | Certificate group name. Required when: multi-certificate is disabled. | Optional |
intergroup | Certificate intermediate group. Required when: HTTPSService is not null. | Optional |
proxy | Enable this option when proxy servers or load balancers are installed before FortiWeb. Possible values are: enable, disable. Default is disable. | Optional |
redirect_to_https | Enable to automatically redirect all HTTP requests to the HTTPS service with the same URL and parameters. | Optional |
inline_protection_profile | Inline web protection profile name. | Optional |
monitor_mode | Enable to override deny and redirect actions defined in the server protection rules for the selected policy. This setting enables FortiWeb to log attacks without performing the deny or redirect action. Disable to allow FortiWeb to perform attack deny/redirect actions as defined by the server protection rules. Possible values are: enable, disable. Default is disable. | Optional |
url_case_sensitivity | Enable to differentiate uniform resource locators (URLs) according to upper case and lower case letters for features that act upon the URLs in the headers of HTTP requests, such as block list rules, and allow list rules. | Optional |
comments | A description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 999 characters. | Optional |
certificate_type | Certificate type. Supports API version 2 only. Possible values are: Local, Multi Certificate, Letsencrypt. Default is Local. | Optional |
lets_certificate | Select the Letsencrypt certificate you created. Supports API version 2 only. Required when: certificate-type is enabled. | Optional |
retry_on | Enable to configure whether to retry a failed TCP connection or HTTP request in Reverse Proxy mode. Supports API version 2 only. Possible values are: enable, disable. | Optional |
retry_on_cache_size | The cache size limit for the HTTP request packet. Supports API version 2 only. Required when: retry_on is enabled. | Optional |
retry_on_connect_failure | Enable to configure the retry times in case of any TCP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable. | Optional |
retry_times_on_connect_failure | The number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on_connect_failure and retry_on are enabled. Possible values are: 1, 2, 3, 4, 5. | Optional |
retry_on_http_layer | Enable to configure the retry times and failure response code in case of any HTTP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable. | Optional |
retry_times_on_http_layer | The number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 1, 2, 3, 4, 5. | Optional |
retry_on_http_response_codes | The failure return code when the pserver can be connected to determine enabling HTTP failure retry. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 404, 408, 500, 501, 502, 503, 504. | Optional |
scripting | Enable to perform actions that are not currently supported by the built-in feature set. Supports API version 2 only. | Optional |
scripting_list | Scripting list to perform actions that are not currently supported by the built-in feature set. Required when: scripting is enabled. Supports API version 2 only. | Optional |
allow_list | The Policy Based Allow list to use instead of the Global Allow List. Supports API version 2 only. | Optional |
replacemsg | The replacement message to apply to the policy. Supports API version 2 only. | Optional |
json_template_id | Allows the use of the server policy JSON template. All of the arguments listed below will be overridden. For an example, see the integration. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-policy-update name=example
#
Human Readable Output#
Server Policy succesfuly updated!
Name example
#
fortiwebvm-server-policy-deleteDelete the server policy.
#
Base Commandfortiwebvm-server-policy-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | Policy name. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-policy-delete name=example
#
Human Readable Output#
Server Policy succesfuly deleted!
Id example
#
fortiwebvm-server-policy-listList the server policies.
#
Base Commandfortiwebvm-server-policy-list
#
InputArgument Name | Description | Required |
---|---|---|
name | Server policy name. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPolicy.name | String | Server policy name. |
FortiwebVM.ServerPolicy.deployment_mode | String | Server policy deployment mode. |
FortiwebVM.ServerPolicy.protocol | String | Server policy protocol. |
FortiwebVM.ServerPolicy.web_protection_profile | String | Server policy inherit web protection profile flag. |
FortiwebVM.ServerPolicy.monitor_mode | String | This setting enables FortiWeb to log attacks without performing the deny or redirect action. Disable to allow FortiWeb to perform attack deny/redirect actions as defined by the server protection rules. |
FortiwebVM.ServerPolicy.http_service | String | Custom or predefined service that defines the port number on which the virtual server receives HTTPS traffic. |
FortiwebVM.ServerPolicy.https_service | String | Custom or predefined service that defines the port number on which the virtual server receives HTTPS traffic. |
FortiwebVM.ServerPolicy.certificate | String | Server policy certificate. |
FortiwebVM.ServerPolicy.certificate_intermediate_group | String | Server policy certificate intermediate group. |
FortiwebVM.ServerPolicy.server_pool | String | Server policy server pool name. |
FortiwebVM.ServerPolicy.protected_hostnames | String | Server policy protected hostname name. |
FortiwebVM.ServerPolicy.client_real_ip | String | Enable to configure FortiWeb to use the source IP address of the client that originated the request when it connects to a back-end server on behalf of that client. |
FortiwebVM.ServerPolicy.syn_cookie | String | Whether to detect TCP SYN flood attacks. |
FortiwebVM.ServerPolicy.redirect_to_https | String | Whether to automatically redirect all HTTP requests to the HTTPS service with the same URL and parameters. |
FortiwebVM.ServerPolicy.http2 | String | Whether to enable HTTP/2. Required when: HTTPSService is not null. |
FortiwebVM.ServerPolicy.url_case_sensitivity | String | Whether to differentiate uniform resource locators (URLs) according to upper case and lower case letters for features that act upon the URLs in the headers of HTTP requests, such as block list rules, and allow list rules. |
FortiwebVM.ServerPolicy.comments | String | A description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 999 characters. |
FortiwebVM.ServerPolicy.retry_on | String | Whether to configure whether to retry a failed TCP connection or HTTP request in Reverse Proxy mode. Supports API version 2 only. |
FortiwebVM.ServerPolicy.retry_on_cache_size | String | A cache size limit for the HTTP request packet. Supports API version 2 only. Required when: retry_on is enabled. |
FortiwebVM.ServerPolicy.retry_times_on_connect_failure | String | The number of retry times in case of any TCP connection failure. Supports API version 2 only. Required when: retry_on is enabled. |
FortiwebVM.ServerPolicy.retry_on_http_layer | String | The number of retry times and failure response code in case of any HTTP connection failure. Supports API version 2 only. Required when: retry_on is enabled. |
FortiwebVM.ServerPolicy.retry_times_on_http_layer | String | The number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. |
FortiwebVM.ServerPolicy.retry_on_http_response_codes | String | The failure return code when the pserver can be connected to determine enabling HTTP failure retry. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. |
FortiwebVM.ServerPolicy.scripting | String | Whether to perform actions that are not currently supported by the built-in feature set. Supports API version 2 only. |
FortiwebVM.ServerPolicy.scripting_list | String | Server policy scripting list. Required when: scripting is enabled. Supports API version 2 only. |
FortiwebVM.ServerPolicy.allow_list | String | Server policy allow list. Supports API version 2 only. |
FortiwebVM.ServerPolicy.replace_msg | String | Server policy replacement message. Supports API version 2 only. API version 2 only. |
#
Command example!fortiwebvm-server-policy-list name=example
#
Context Example - API Version 1#
Human Readable Output - API Version 1#
Server Policies:Showing 1 rows out of 1. |Name|Deployment Mode|Virtual Server|Protocol|Web Protection Profile|Monitor Mode| |---|---|---|---|---|---| | example | HTTP Content Routing | virtual1 | HTTP | | false |
#
Context Example - API Version 2#
Human Readable Output - API Version 2#
Server Policies:Showing 1 rows out of 1. |Name|Deployment Mode|Virtual Server|Protocol|Web Protection Profile|Monitor Mode| |---|---|---|---|---|---| | example | HTTP Content Routing | virtual1 | HTTP | | disable |
#
fortiwebvm-content-routing-policy-listList the HTTP content routing policies.
#
Base Commandfortiwebvm-content-routing-policy-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.HttpContentRoutingPolicy.id | String | Policy name. |
#
Command example!fortiwebvm-content-routing-policy-list limit=1
#
Context Example#
Human Readable Output#
Content Routing Policy:Showing 1 rows out of 1. |Id| |---| | content1 |
#
fortiwebvm-http-content-routing-member-addCreate the server policy HTTP content routing member.
#
Base Commandfortiwebvm-http-content-routing-member-add
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | Policy name. | Required |
is_default | Whether FortiWeb applies the protection profile to any traffic that does not match conditions specified in the HTTP content routing policies. Possible values are: yes, no. Default is no. | Optional |
http_content_routing_policy | HTTP content routing policy name. | Required |
inherit_web_protection_profile | Whether to enable the inherit web protection profile. Possible values are: enable, disable. Default is disable. | Optional |
profile | Web protection profile. This is required when inherit web protection profile is disabled. | Optional |
status | HTTP content routing member status. Supports API version 2 only. Possible values are: enable, disable. Default is enable. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.HttpContentRoutingMember.id | Number | HTTP content routing member ID. |
#
Command example!fortiwebvm-http-content-routing-member-add policy_name=example http_content_routing_policy=content1
#
Context Example#
Human Readable Output#
HTTP content routing member succesfuly created!
Id 1
#
fortiwebvm-http-content-routing-member-updateUpdate the server policy HTTP content routing member.
#
Base Commandfortiwebvm-http-content-routing-member-update
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | Policy name. | Required |
http_content_routing_policy | HTTP content routing policy name. | Optional |
id | Server policy HTTP content routing member ID. | Required |
is_default | Whether FortiWeb applies the protection profile to any traffic that does not match conditions specified in the HTTP content routing policies. Possible values are: yes, no. | Optional |
inherit_web_protection_profile | Whether to enable inherit web protection profile. Possible values are: enable, disable. | Optional |
profile | Web protection profile. This is required when inherit web protection profile is disabled. Supports API version 1 only. | Optional |
status | HTTP content routing member status. Supports API version 2 only. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-http-content-routing-member-update policy_name=example id=1
#
Human Readable Output#
HTTP content routing member succesfuly updated!
Id 1
#
fortiwebvm-http-content-routing-member-deleteDelete the server policy HTTP content routing member.
#
Base Commandfortiwebvm-http-content-routing-member-delete
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | Policy name. | Required |
id | Server policy HTTP content routing member ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-http-content-routing-member-delete policy_name=example id=1
#
Human Readable Output#
HTTP content routing member succesfuly deleted!
Id 1
#
fortiwebvm-http-content-routing-member-listList the Server policy HTTP content routing members.
#
Base Commandfortiwebvm-http-content-routing-member-list
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | Policy name. | Required |
id | Server policy HTTP content routing member ID. | Optional |
page | The page number of the results to retrieve. | Optional |
page_size | The maximum number of records to retrieve per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.HttpContentRoutingMember.policy_name | String | HTTP content routing policy name. |
FortiwebVM.HttpContentRoutingMember.Members.id | String | HTTP content routing ID. |
FortiwebVM.HttpContentRoutingMember.Members.default | String | Whether the HTTP content routing is the default. |
FortiwebVM.HttpContentRoutingMember.Members.http_content_routing_policy | String | HTTP content routing policy name. |
FortiwebVM.HttpContentRoutingMember.Members.inherit_web_protection_profile | Boolean | HTTP content routing inherit web protection profile flag. |
FortiwebVM.HttpContentRoutingMember.Members.profile | String | HTTP content routing profile. |
FortiwebVM.HttpContentRoutingMember.Members.status | String | HTTP content routing status. Supports API version 2 only. |
#
fortiwebvm-persistence-policy-listList all the persistence policies. The persistence policy applies to all members of the server pool. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-persistence-policy-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.PersistencePolicy.id | String | Persistence policy name. |
FortiwebVM.PersistencePolicy.type | String | The persistence policy type. |
#
Command example!fortiwebvm-persistence-policy-list limit=1
#
Context Example#
Human Readable Output#
Persistence policy:Showing page 1. Current page size: 50 |Id|Type| |---|---| | test | Source IP |
#
fortiwebvm-server-health-check-listList all the server health check policies. Tests for server responsiveness (called โserver health checksโ in the web UI) and polls web servers that are members of a server pool to determine their availability before forwarding traffic. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-health-check-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerHealthCheck.id | String | Server health check name. |
#
Command example!fortiwebvm-server-health-check-list limit=1
#
Context Example#
Human Readable Output#
Server health check:Showing page 1. Current page size: 50 |Id| |---| | HLTHCK_ICMP |
#
fortiwebvm-local-certificate-listList the Server certificate that is stored locally on the FortiWeb appliance. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-local-certificate-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.LocalCertificate.id | String | The local certificate name. |
FortiwebVM.LocalCertificate.valid_to | String | The local certificate expiration date. |
#
Command example!fortiwebvm-local-certificate-list limit=1
#
Context Example#
Human Readable Output#
Local certificate:Showing page 1. Current page size: 50 |Id|Valid To|Subject|Status| |---|---|---|---| | certificate | 2024-04-22 08:47:47 GMT | C = us, ST = nnew york, O = Internet Widgits Pty Ltd | OK |
#
fortiwebvm-network-interface-listList the network interfaces. A network interface is a connection point that enables communication between the FortiWeb device and the network, allowing traffic to flow through for inspection and protection. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-network-interface-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.NetworkInterface.name | String | Network interface name. |
FortiwebVM.NetworkInterface.ipv4_netmask | String | IPv4 network mask. |
FortiwebVM.NetworkInterface.ipv4_access | String | IPv4 allowed access list. |
FortiwebVM.NetworkInterface.ipv6_netmask | String | IPv6 network mask. |
FortiwebVM.NetworkInterface.ipv6_access | String | IPv6 allowed access list. |
FortiwebVM.NetworkInterface.status | String | The network interface status. |
FortiwebVM.NetworkInterface.type | String | The network interface type. |
#
Command example!fortiwebvm-network-interface-list limit=1
#
Context Example#
Human Readable Output#
Network interface:Showing page 1. Current page size: 50 |Name|Ipv4 Netmask|Ipv4 Access|Ipv6 Netmask|Ipv6 Access|Status|Type| |---|---|---|---|---|---|---| | port1 | 1.2.3.4/24 | HTTPS,PING,SSH,HTTP,FortiWeb Manager | ::/0 | | up | Physical |
#
fortiwebvm-multi-certificate-listList the multi certificates. Multi certificates configure RSA, DSA, and ECDSA certificates and reference them in server policy in Reverse Proxy mode and pserver in True Transparent Proxy mode. Supports API version 2 only.
#
Base Commandfortiwebvm-multi-certificate-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.MultiCertificate.id | String | The multi certificate name. |
#
Command example!fortiwebvm-multi-certificate-list limit=1
#
Context Example#
Human Readable Output#
Multi certificate:Showing page 1. Current page size: 50 |Id| |---| | test |
#
fortiwebvm-sni-certificate-listList the SNI certificates. Server Name Indication (SNI) configuration identifies the certificate to use by domain. Supports API version 2 only.
#
Base Commandfortiwebvm-sni-certificate-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.SNICertificate.id | String | SNI certificate name. |
#
Command example!fortiwebvm-sni-certificate-list limit=1
#
Context Example#
Human Readable Output#
SNI certificate:Showing page 1. Current page size: 50 |Id| |---| | test |
#
fortiwebvm-virtual-ip-listList the system virtual IPs. The virtual IP addresses are the IP addresses that paired with the domain name of your application. When users visit your application, the destination of their requests are these IP addresses. Supports API version 2 only.
#
Base Commandfortiwebvm-virtual-ip-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.VirtualIP.id | String | Virtual IP name. |
#
Command example!fortiwebvm-virtual-ip-list limit=1
#
Context Example#
Human Readable Output#
Virtaul IP:Showing page 1. Current page size: 50 |Id| |---| | test |
#
fortiwebvm-letsencrypt-certificate-listList the Letsencrypt certificates. Supports API version 2 only.
#
Base Commandfortiwebvm-letsencrypt-certificate-list
#
InputArgument Name | Description | Required |
---|---|---|
search | Return all objects that include the specified string. For example: search=test will return objects like 'test1', 'test2', '5test', and any other objects containing the test string. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.Letsencrypt.id | String | Letsencrypt certificate name. |
#
Command example!fortiwebvm-letsencrypt-certificate-list limit=1
#
Context Example#
Human Readable Output#
Letsencrypt certificate:Showing page 1. Current page size: 50 |Id| |---| | test |
#
fortiwebvm-url-access-rule-group-createCreate a URL access rule group. URL access rule group is a container that contains URL access rules (use fortiwebvm-url-access-rule-create/update/delete/list to manage the URL access rules). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-group-create
#
InputArgument Name | Description | Required |
---|---|---|
name | URL access rule group name. | Required |
action | The action the FortiWeb appliance will take when a request matches the URL access rule. Possible values are: Pass, Alert & Deny, Continue, Deny (no log). Default is Pass. | Optional |
trigger_policy | Trigger policy name (dependencies - use fortiwebvm-trigger-policy-list to get the trigger policies). Relevant when: action=Alert & Deny or Deny (no log). | Optional |
severity | Severity level that FortiWeb appliance will use when a blocklisted IP address attempts to connect to your web servers. Relevant when: action=Alert & Deny or Deny (no log). The default value is Low. Possible values are: High, Medium, Low, Informative. | Optional |
host_status | Whether to require a host name. Possible values are: enable, disable. Default is disable. | Optional |
host | The name of the protected host that the HTTP request must be in order to match the rule (dependencies - use fortiwebvm-protected-hostname-member-list to get hosts). Required when: host_status=enable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-url-access-rule-group-create name=test
#
Human Readable OutputURL access rule group test was successfully created!
#
fortiwebvm-url-access-rule-group-updateUpdate a URL access rule group. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-group-update
#
InputArgument Name | Description | Required |
---|---|---|
name | URL access rule group name (dependencies - use fortiwebvm-url-access-rule-group-list command to get all URL access rule groups). | Required |
action | The action the FortiWeb appliance will take when a request matches the URL access rule. Possible values are: Pass, Alert & Deny, Continue, Deny (no log). | Optional |
trigger_policy | Trigger policy name (dependencies - use fortiwebvm-trigger-policy-list to get the trigger policies). Relevant when: action=Alert & Deny or Deny (no log). | Optional |
severity | Severity level. Required when: action=Alert & Deny or Deny (no log). Possible values are: High, Medium, Low, Informative. | Optional |
host_status | Whether to require a host name. Possible values are: enable, disable. | Optional |
host | The name of the protected host that the HTTP request must be in order to match the rule (dependencies - use fortiwebvm-protected-hostname-member-list to get hosts). Required when: host_status=enable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-url-access-rule-group-update name=test action="Alert & Deny"
#
Human Readable OutputURL access rule group test was successfully updated!
#
fortiwebvm-url-access-rule-group-deleteDelete a URL access rule group. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | URL access rule group name (dependencies - use fortiwebvm-url-access-rule-group-list command to get all URL access rule groups). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-url-access-rule-group-delete name=test
#
Human Readable OutputURL access rule group test was successfully deleted!
#
fortiwebvm-url-access-rule-group-listList URL access rule groups. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-group-list
#
InputArgument Name | Description | Required |
---|---|---|
name | URL access rule group name. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.URLAccessRuleGroup.id | String | URL access rule group name. |
FortiwebVM.URLAccessRuleGroup.action | String | The action of the URL access rule group. |
FortiwebVM.URLAccessRuleGroup.host_status | String | Whether to enable the host. |
FortiwebVM.URLAccessRuleGroup.host | String | The host of the URL access rule group. |
FortiwebVM.URLAccessRuleGroup.severity | String | The severity of the URL access rule group. |
FortiwebVM.URLAccessRuleGroup.trigger_policy | String | The trigger policy of the URL access rule group. |
FortiwebVM.URLAccessRuleGroup.count | Number | The count of the conditions that are related to the current URL access rule group. |
#
Command example!fortiwebvm-url-access-rule-group-list name=test
#
Context Example#
Human Readable Output#
URL access rule groupShowing page 1. Current page size: 50 |Id|Action|Host|Severity|Count| |---|---|---|---|---| | test | alert_deny | | Low | 0 |
#
fortiwebvm-url-access-rule-condition-createCreate a URL access rule condition (URL access rule condition is a member of URL access rule group). URL access rules define the HTTP requests that are allowed or denied based on their hostname and URL. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-condition-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | URL access rule group name (dependencies - use fortiwebvm-url-access-rule-group-list command to get all URL access rule groups). | Required |
url_type | URL type. Select how to use the text in url_pattern to determine whether or not a request URL meets the conditions for this rule. Possible values are: Simple String, Regular Expression. | Required |
url_pattern | Depending on your selection in url_type and meet_this_condition_if, type a regular expression that defines either all matching or all non-matching URLs. Must start with '/' when url_type=Simple String. | Required |
meet_this_condition_if | Indicate how to use url_pattern when determining whether or not this ruleโs condition has been met. Possible values are: Object matches the URL Pattern, Object does not match the URL Pattern. Default is Object matches the URL Pattern. | Optional |
source_address | Whether to enable source address. Possible values are: enable, disable. Default is disable. | Optional |
source_address_type | The source address type. Relevant when source_address=enable. . Possible values are: IP, IP Resolved by Specified Domain, Source Domain. | Optional |
ip_range | IPv4/IPv6 IP range. For exampe: 1.2.3.4-1.2.3.4 or 2001::1-2001::100. Relevant when source_address_type=IP. . | Optional |
ip_type | IP type. Relevant when source_address_type=IP Resolved by Specified Domain. . Possible values are: IPv4, IPv6. | Optional |
ip | IP resolved by specified domain. Relevant when source_address_type=IP Resolved by Specified Domain. . | Optional |
source_domain_type | Source domain type. Relevant when source_address_type=Source Domain. . Possible values are: Simple String, Regular Expression. | Optional |
source_domain | Source domain. For example: test.com. Relevant when source_address_type=Source Domain. . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.URLAccessRuleGroup.Condition.id | String | The URL access rule condition ID. |
#
Command example!fortiwebvm-url-access-rule-condition-create group_name=test url_pattern=test url_type="Regular Expression"
#
Context Example#
Human Readable Output#
URL access rule condition 1 was successfully added to URL access rule group test.
Id 1
#
fortiwebvm-url-access-rule-condition-updateUpdate a URL access rule condition (URL access rule condition is a member of URL access rule group). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-condition-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | URL access rule group name (dependencies - use fortiwebvm-url-access-rule-group-list command to get all URL access rule groups). | Required |
condition_id | URL access rule condition ID (dependencies - use fortiwebvm-url-access-rule-condition-list command to get all URL access condition IDs). | Required |
url_type | URL type. Select how to use the text in url_pattern to determine whether or not a request URL meets the conditions for this rule. Possible values are: Simple String, Regular Expression. | Optional |
url_pattern | Depending on your selection in url_type and meet_this_condition_if, type a regular expression that defines either all matching or all non-matching URLs. Must start with '/' when url_type=Simple String. | Optional |
meet_this_condition_if | Indicate how to use url_pattern when determining whether or not this ruleโs condition has been met. Possible values are: Object matches the URL Pattern, Object does not match the URL Pattern. | Optional |
source_address | Whether to enable source address. Possible values are: enable, disable. | Optional |
source_address_type | The source address type. Possible values are: IP, IP Resolved by Specified Domain, Source Domain. | Optional |
ip_range | IPv4/IPv6 IP range. For exampe: 1.2.3.4-1.2.3.4 or 2001::1-2001::100. Relevant when source_address_type=IP. . | Optional |
ip_type | IP Type. Relevant when source_address_type=IP Resolved by Specified Domain. . Possible values are: IPv4, IPv6. | Optional |
ip | IP resolved by specified domain. Relevant when source_address_type=IP Resolved by Specified Domain. . | Optional |
source_domain_type | Source domain type. Relevant when source_address_type=Source Domain. . Possible values are: Simple String, Regular Expression. | Optional |
source_domain | Source domain. For example: test.com. Relevant when source_address_type=Source Domain. . | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-url-access-rule-condition-update group_name=test condition_id=1 url_type="Regular Expression" url_pattern=test2
#
Human Readable OutputURL access rule condition 1 was successfully updated!
#
fortiwebvm-url-access-rule-condition-deleteDelete a URL access rule condition (URL access rule condition is a member of URL access rule group). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-condition-delete
#
InputArgument Name | Description | Required |
---|---|---|
group_name | URL access rule group name (dependencies - use fortiwebvm-url-access-rule-group-list command to get all URL access rule groups). | Required |
condition_id | URL access rule condition member ID (dependencies - use fortiwebvm-url-access-rule-condition-list command to get all URL access rule condition IDs). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-url-access-rule-condition-delete group_name=test condition_id=1
#
Human Readable OutputURL access rule condition 1 was successfully deleted!
#
fortiwebvm-url-access-rule-condition-listList URL access rule conditions (URL access rule condition is a member of URL access rule group). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-url-access-rule-condition-list
#
InputArgument Name | Description | Required |
---|---|---|
group_name | URL access rule group name (dependencies - use fortiwebvm-url-access-rule-group-list command to get all URL access rule groups). | Required |
condition_id | URL access rule condition member ID (dependencies - use fortiwebvm-url-access-rule-condition-list command to get all URL access rule condition IDs). | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.URLAccessRuleGroup.Condition.id | String | URL access rule condition name. |
FortiwebVM.URLAccessRuleGroup.Condition.url_type | String | URL access rule condition URL type. |
FortiwebVM.URLAccessRuleGroup.Condition.url_pattern | String | URL access rule condition URL pattern. |
FortiwebVM.URLAccessRuleGroup.Condition.meet_this_condition_if | String | Indicate how to use url_pattern when determining whether or not this ruleโs condition has been met. |
FortiwebVM.URLAccessRuleGroup.Condition.source_address | String | URL access rule condition source address. |
FortiwebVM.URLAccessRuleGroup.Condition.source_address_type | String | URL access rule condition source address type. |
FortiwebVM.URLAccessRuleGroup.Condition.ip_range | String | IPv4/IPv6 IP range. |
FortiwebVM.URLAccessRuleGroup.Condition.domain | String | URL access rule condition domain. |
FortiwebVM.URLAccessRuleGroup.Condition.source_domain_type | String | URL access rule condition source domain type. |
FortiwebVM.URLAccessRuleGroup.Condition.source_domain | String | URL access rule condition domain type. |
FortiwebVM.URLAccessRuleGroup.Condition.only_method_check | String | Whether use HTTP method check is enable or not. Supports API version 2 only. |
FortiwebVM.URLAccessRuleGroup.Condition.only_protocol_check | String | Whether use HTTP protocol check is enable or not. Supports API version 2 only. |
FortiwebVM.URLAccessRuleGroup.Condition.only_method | String | Methods that were checked. Supports API version 2 only. |
FortiwebVM.URLAccessRuleGroup.Condition.only_protocol | String | Protocols that were checked. Supports API version 2 only. |
#
Command example!fortiwebvm-url-access-rule-condition-list group_name=test condition_id=1
#
Context Example#
Human Readable Output#
URL access rule conditionShowing page 1. Current page size: 50 |Id|Url Type|Url Pattern|Meet This Condition If|Source Address Type|Ip Range|Domian Type|Domain|Source Domain Type|Source Domain| |---|---|---|---|---|---|---|---|---|---| | 1 | Regular Expression | test2 | Object matches the URL Pattern | IP | | | | Simple String | |
#
fortiwebvm-virtual-server-group-createCreate a virtual server group. In API version 1, virtual server group defines the network interface, bridge, and IP address on which traffic destined for an individual physical server or server farm will arrive. In API version 2, virtual server group is a container that contains the virtual server items (use fortiwebvm-virtual-server-item-create/update/delete/list to manage the virtual server groupโs items). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-virtual-server-group-create
#
InputArgument Name | Description | Required |
---|---|---|
name | Virtual server group name. | Required |
interface | The name of the network interface or bridge. (dependencies - use fortiwebvm-network-interface-list command to get all the network interfaces). For example: port1. Required in API version 1. Supports API version 1 only. | Optional |
ipv4_address | The IPv4 address and subnet of the virtual server. For example: 1.2.3.4/254.0.0.0. At least one of ipv4_address and ipv6_address is required. Supports API version 1 only. | Optional |
ipv6_address | The IPv6 address and subnet of the virtual server. At least one of ipv4_address and ipv6_address is required. Supports API version 1 only. Default is ::/0. | Optional |
status | Whether to enable the virtual server group. Supports API version 1 only. Possible values are: enable, disable. Default is enable. | Optional |
use_interface_ip | Whether to use interface IP. enable - use interface IP. disable - use ipv4_address and ipv6_address. Supports API version 1 only. Possible values are: enable, disable. Default is disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example - API Version 1!fortiwebvm-virtual-server-group-create name=test use_interface_ip=enable interface=port1
#
Command example - API Version 2!fortiwebvm-virtual-server-group-create name=test
#
Human Readable OutputVirtual server group test was successfully created!
#
fortiwebvm-virtual-server-group-updateUpdate a virtual server group. Supports API version 1 only.
#
Base Commandfortiwebvm-virtual-server-group-update
#
InputArgument Name | Description | Required |
---|---|---|
name | Virtual server group name (dependencies - use fortiwebvm-virtual-server-group-list command to get all virtual server groups). | Required |
interface | The name of the network interface or bridge. (dependencies - use fortiwebvm-network-interface-list command to get all the network interfaces). For example: port1. Supports API version 1 only. | Optional |
ipv4_address | The IPv4 address and subnet of the virtual server. For exampl: 1.2.3.4/254.0.0.0. At leaset one of ipv4_address and ipv6_address required. Supports API version 1 only. | Optional |
ipv6_address | The IPv4 address and subnet of the virtual server. At least one of ipv4_address and ipv6_address is required. Supports API version 1 only. | Optional |
status | Whether to enable the virtual server group. Supports API version 1 only. Possible values are: enable, disable. | Optional |
use_interface_ip | Whether to use interface IP. enable - use interface IP. disable - use ipv4_address and ipv6_address. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-virtual-server-group-update name=test status=disable use_interface_ip=enable
#
Human Readable OutputVirtual server group test was successfully updated!
#
fortiwebvm-virtual-server-group-deleteDelete virtual server group. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-virtual-server-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | Virtual server group name (dependencies - use fortiwebvm-virtual-server-group-list command to get all virtual server groups). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-virtual-server-group-delete name=test
#
Human Readable OutputVirtual server group test was successfully deleted!
#
fortiwebvm-virtual-server-group-listList the virtual server groups. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-virtual-server-group-list
#
InputArgument Name | Description | Required |
---|---|---|
name | The virtual server group name. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.VirtualServerGroup.id | String | The virtual server group name. |
FortiwebVM.VirtualServerGroup.ipv4_address | String | IP V4 address. Supports API version 1 only. |
FortiwebVM.VirtualServerGroup.ipv6_address | String | IP V6 address. Supports API version 1 only. |
FortiwebVM.VirtualServerGroup.interface | String | The interface name. Supports API version 1 only. |
FortiwebVM.VirtualServerGroup.use_interface_ip | String | Whether to use interface IP. Supports API version 1 only. |
FortiwebVM.VirtualServerGroup.enable | String | Whether the Virtual Server is enabled. Supports API version 1 only. |
FortiwebVM.VirtualServerGroup.items_count | String | The number of items related to the Virtual Server. Supports API version 2 only. |
#
Command example!fortiwebvm-virtual-server-group-list limit=1
#
Context Example - API Version 1#
Context Example - API Version 2#
Human Readable Output#
Virtual server groupShowing page 1. Current page size: 50 |Id|Items Count| |---|---| | test | |
#
fortiwebvm-virtual-server-item-createCreate a virtual server item (virtual server Item is a member of virtual server group in API version 2). A virtual server defines the network interface, bridge, and IP address on which traffic destined for an individual physical server or server farm will arrive in API version 2. Supports API version 2 only.
#
Base Commandfortiwebvm-virtual-server-item-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Virtual server group name (dependencies - use fortiwebvm-virtual-server-group-list command to get all the virtual server groups). . | Required |
interface | The name of the network interface or bridge. (dependencies - use fortiwebvm-network-interface-list command to get all the network interfaces). Required when use_interface_ip=enable. | Optional |
use_interface_ip | Whether to use interface IP. enable - use interface IP. disable - use virtual IP. Possible values are: enable, disable. Default is disable. | Optional |
status | Whether to enable the virtual server item. . Possible values are: enable, disable. Default is enable. | Optional |
virtual_ip | The virtual IP name of the virtual server item (dependencies - use fortiwebvm-virtual-ip-list command to get all the virtual IP names). Required when use_interface_ip=disable. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.VirtualServerGroup.Item.id | String | The Virtual server item ID. |
#
Command example!fortiwebvm-virtual-server-item-create group_name=test use_interface_ip=enable interface=port1
#
Context Example#
Human Readable Output#
Virtual server item 1 was successfully added to virtual server group test.
Id 1
#
fortiwebvm-virtual-server-item-updateUpdate a virtual server item (virtual server Item is a member of virtual server group in API version 2). Supports API version 2 only.
#
Base Commandfortiwebvm-virtual-server-item-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Virtual server group name (dependencies - use fortiwebvm-virtual-server-group-list command to get all the virtual server groups). . | Required |
item_id | Virtual server item ID (dependencies - use fortiwebvm-virtual-server-item-list command to get all the virtual server items). . | Required |
interface | The name of the network interface or bridge. (dependencies - use fortiwebvm-network-interface-list command to get all the network interfaces). Required when use_interface_ip=enable. | Optional |
use_interface_ip | Whether to use interface IP. enable - use interface IP. disable - use virtual IP. Possible values are: enable, disable. | Optional |
status | Whether to enable the virtual server item. . Possible values are: enable, disable. | Optional |
virtual_ip | The virtual IP name of the virtual server item (dependencies - use fortiwebvm-virtual-ip-list command to get all the virtual IP names). Required when use_interface_ip=disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-virtual-server-item-update group_name=test item_id=1 status=disable
#
Human Readable OutputVirtual server item 1 was successfully updated!
#
fortiwebvm-virtual-server-item-deleteDelete a virtual server item (virtual server Item is a member of virtual server group in API version 2). Supports API versions 2 only.
#
Base Commandfortiwebvm-virtual-server-item-delete
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Virtual server group name (dependencies - use fortiwebvm-virtual-server-group-list command to get all virtual server groups). | Required |
item_id | Virtual server item ID. (dependencies - use fortiwebvm-virtual-server-item-list command to get all virtual server items). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-virtual-server-item-delete group_name=test item_id=1
#
Human Readable OutputVirtual server item 1 was successfully deleted!
#
fortiwebvm-virtual-server-item-listList virtual server items (virtual server item is a member of virtual server group in API version 2). Supports API version 2 only.
#
Base Commandfortiwebvm-virtual-server-item-list
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Virtual server group name (dependencies - use fortiwebvm-virtual-server-group-list command to get all virtual server groups). | Required |
item_id | Virtual server item ID. (dependencies - use fortiwebvm-virtual-server-item-list command to get all virtual server items). | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.VirtualServerGroup.Item.id | String | Virtual server item ID. |
FortiwebVM.VirtualServerGroup.Item.interface | String | The name of the network interface or bridge. |
FortiwebVM.VirtualServerGroup.Item.status | String | Wheter the item is enabled or disabled. |
FortiwebVM.VirtualServerGroup.Item.use_interface_ip | String | Whether virtual server uses interface IP. |
FortiwebVM.VirtualServerGroup.Item.virtual_ip | String | The virtual IP of the virtual server. |
#
Command example!fortiwebvm-virtual-server-item-list group_name=test limit=1
#
Context Example#
Human Readable Output#
Virtual server itemShowing page 1. Current page size: 50 |Id|Interface|Status|Use Interface Ip|Virtual Ip| |---|---|---|---|---| | 1 | port1 | disable | enable | |
#
fortiwebvm-server-pool-group-createCreate a server pool group. Server pools define a group of one or more physical or domain servers (web servers) that FortiWeb distributes connections among, or where the connections pass through to, depending on the operation mode. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-group-create
#
InputArgument Name | Description | Required |
---|---|---|
name | Server pool group name. | Required |
type | The operation mode of the appliance to display the corresponding pool options. Possible values are: Reverse Proxy, Offline Protection, True Transparent Proxy, Transparent Inspection, WCCP. Default is Reverse Proxy. | Optional |
comments | Description or other comment. | Optional |
server_balance | Specifies whether the pool contains a single server or multiple members. Relevant when type=Reverse Proxy. Possible values are: Single Server, Server Balance. Default is Single Server. | Optional |
health_check | The name of the server health check FortiWeb uses to determine the responsiveness of server pool members (dependencies - use fortiwebvm-server-health-check-list command to get all health check policies). Relevant when server_balance=Server Balance. | Optional |
lb_algo | The load-balancing algorithms that FortiWeb uses when it distributes new connections among server pool members. Relevant when server_balance=Server Balance. Possible values are: Round Robin, Weighted Round Robin, Least Connection, URI Hash, Full URI Hash, Host Hash, Host Domain Hash, Source IP Hash. Default is Round Robin. | Optional |
persistence | The name of the persistence policy that specifies a session persistence method and timeout to apply to the pool (dependencies - use fortiwebvm-persistence-policy-list command to get all persistence policies). Relevant when server_balance=Server Balance. | Optional |
http_reuse | Configure multiplexing so that FortiWeb uses a single connection to a server for requests from multiple clients. Enter one of these options: Aggressive - The first request from a client can use a cached server connection only when the cached server connection has been used by more than one client. Always - Client requests will use an available connection cached server connection. Never - Disable multiplexing. Safe - A client will establish a new connection for the first request, but will use an available cached server connection for subsequent requests. Relevant when protocol=HTTP. Supports API version 2 only. Possible values are: Aggressive, Always, Never, Safe. | Optional |
protocol | The server pool protocol. HTTP - Specifies that the server pool governs HTTP traffic. Specific options for configuring an HTTP server pool become available. FTP - Specifies that the server pool governs FTP traffic. Specific options for configuring an FTP server pool become available. ADFSPIP - Specifies that the server pool governs ADFSPIP traffic. Specific options for configuring an ADFSPIP server pool become available. In case you use FTP/ADFSPIP make sure it enabled in the โFeature Visibilityโ (under system->config). Supports API version 2 only. Relevant when type=Reverse Proxy. Possible values are: HTTP, FTP, ADFSPIP. | Optional |
reuse_conn_idle_time | Idle time limit for a cached server connection. If a cached server connection remains idle for the set duration, it will be closed. The valid range is 1โ1000. Supports API version 2 only. Default is 10. | Optional |
reuse_conn_max_count | The maximum number of allowed cached server connections. If FortiWeb meets the set number, no more cached server connections will be established. The valid range is 1โ1000 for each server. Supports API version 2 only. Default is 100. | Optional |
reuse_conn_max_request | The maximum number of HTTP responses that the cached server connection may handle. If a cached server connection meets the set number, it will be closed. The valid range is 1โ1000. Supports API version 2 only. Default is 100. | Optional |
reuse_conn_total_time | The maximum time limit in which a cached server connection may be reused. If a cached server connection exists for longer than the set limit, it will be closed. The valid range is 1โ1000. Supports API version 2 only. Default is 100. | Optional |
server_pool_id | A 64-bit random integer assigned to each server policy. The policy-id is a unique identification number for each server policy. Supports API version 2 only. | Optional |
proxy_protocol | If the back-end server enables proxy protocol, you need to enable the Proxy Protocol option on FortiWeb so that the TCP SSL and HTTP traffic can successfully go through. The real IP address of the client will be included in the proxy protocol header. Relevant when type=Reverse Proxy or True Transparent Proxy or Offline Protection or Transparent Inspection. Supports API version 2 only. Possible values are: enable, disable. | Optional |
proxy_protocol_version | The proxy protocol version for the back-end server. Relevant when type=Reverse Proxy or True Transparent Proxy. Supports API version 2 only. Possible values are: V1, V2. Default is V1. | Optional |
adfs_server_name | Enter a name for the AD FS Server. It should be the federation service name. This option is mandatory if the AD FS Server needs to verify the server name in the SSL handshake. Relevant when protocol=ADFSPIP. Supports API version 2 only. | Optional |
health_check_source_ip | Health check source IP. Supports API version 2 only. Required when the system operation type is True Transparent Proxy and health_check is not empty. | Optional |
health_check_source_ip_v6 | Health check source v6 IP. Supports API version 2 only. Required when the system operation type is True Transparent Proxy and health_check is not empty. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-group-create name=test server_balance=ServerBalance
#
Human Readable OutputServer pool group test was successfully created!
#
fortiwebvm-server-pool-group-updateUpdate a server pool group. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-group-update
#
InputArgument Name | Description | Required |
---|---|---|
name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
type | The operation mode of the appliance to display the corresponding pool options. Possible values are: Reverse Proxy, Offline Protection, True Transparent Proxy, Transparent Inspection, WCCP. | Optional |
comments | Enter a description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 199 characters. | Optional |
server_balance | Specifies whether the pool contains a single server or multiple members. Possible values are: Single Server, Server Balance. | Optional |
health_check | The name of the server health check FortiWeb uses to determine the responsiveness of server pool members (dependencies - use fortiwebvm-server-health-check-list command to get all health check policies). Relevant when server_balance=Server Balance. | Optional |
lb_algo | The load-balancing algorithms that FortiWeb uses when it distributes new connections among server pool members. Relevant when server_balance=Server Balance. Possible values are: Round Robin, Weighted Round Robin, Least Connection, URI Hash, Full URI Hash, Host Hash, Host Domain Hash, Source IP Hash. | Optional |
persistence | The name of the persistence policy that specifies a session persistence method and timeout to apply to the pool (dependencies - use fortiwebvm-persistence-policy-list command to get all persistence policies). Relevant when server_balance=Server Balance. | Optional |
http_reuse | Configure multiplexing so that FortiWeb uses a single connection to a server for requests from multiple clients. Enter one of these options: Aggressive - The first request from a client can use a cached server connection only when the cached server connection has been used by more than one client. Always - Client requests will use an available connection cached server connection. Never - Disable multiplexing. Safe - A client will establish a new connection for the first request, but will use an available cached server connection for subsequent requests. Relevant when protocol=HTTP. Supports API version 2 only. Possible values are: Aggressive, Always, Never, Safe. | Optional |
protocol | The server pool protocol. HTTP - Specifies that the server pool governs HTTP traffic. Specific options for configuring an HTTP server pool become available. FTP - Specifies that the server pool governs FTP traffic. Specific options for configuring an FTP server pool become available. ADFSPIP - Specifies that the server pool governs ADFSPIP traffic. Specific options for configuring an ADFSPIP server pool become available. In case you use FTP/ADFSPIP make sure it enabled in the โFeature Visibilityโ (under system->config). Supports API version 2 only. Relevant when type=Reverse Proxy. Possible values are: HTTP, FTP, ADFSPIP. | Optional |
reuse_conn_idle_time | Idle time limit for a cached server connection. If a cached server connection remains idle for the set duration, it will be closed. The valid range is 1โ1000. Supports API version 2 only. | Optional |
reuse_conn_max_count | The maximum number of allowed cached server connections. If FortiWeb meets the set number, no more cached server connections will be established. The valid range is 1โ1000 for each pserver. Supports API version 2 only. | Optional |
reuse_conn_max_request | The maximum number of HTTP responses that the cached server connection may handle. If a cached server connection meets the set number, it will be closed. The valid range is 1โ1000. Supports API version 2 only. | Optional |
reuse_conn_total_time | The maximum time limit in which a cached server connection may be reused. If a cached server connection exists for longer than the set limit, it will be closed. The valid range is 1โ1000. Supports API version 2 only. | Optional |
server_pool_id | A 64-bit random integer assigned to each server policy. The policy-id is a unique identification number for each server policy. Supports API version 2 only. | Optional |
proxy_protocol | If the back-end server enables proxy protocol, you need to enable the Proxy Protocol option on FortiWeb so that the TCP SSL and HTTP traffic can successfully go through. The real IP address of the client will be included in the proxy protocol header. Relevant when type=Reverse Proxy or True Transparent Proxy or Offline Protection or Transparent Inspection. Supports API version 2 only. Possible values are: enable, disable. | Optional |
proxy_protocol_version | The proxy protocol version for the back-end server. Relevant when type=Reverse Proxy or True Transparent Proxy. Supports API version 2 only. Possible values are: V1, V2. | Optional |
adfs_server_name | Enter a name for the AD FS Server. It should be the federation service name. This option is mandatory if the AD FS Server needs to verify the server name in the SSL handshake. Relevant when protocol=ADFSPIP. Supports API version 2 only. | Optional |
health_check_source_ip | Health check source IP. Supports API version 2 only. Required when the type="True Transparent Proxy" and health_check is not empty. | Optional |
health_check_source_ip_v6 | Health check source v6 IP. Supports API version 2 only. Required when the type="True Transparent Proxy" and health_check is not empty. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-group-update name=test comments=test
#
Human Readable OutputServer pool group test was successfully updated!
#
fortiwebvm-server-pool-group-deleteDelete a server pool group. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-group-delete name=test
#
Human Readable OutputServer pool group test was successfully deleted!
#
fortiwebvm-server-pool-group-listList server pool groups. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-group-list
#
InputArgument Name | Description | Required |
---|---|---|
name | Server pool group name. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.id | String | Server pool group ID. |
FortiwebVM.ServerPoolGroup.pool_count | String | The number of rule members. |
FortiwebVM.ServerPoolGroup.server_balance | String | Whether the pool contains a single server or multiple members. |
FortiwebVM.ServerPoolGroup.type | String | Server pool type. |
FortiwebVM.ServerPoolGroup.comments | String | Comments that are attached to the server pool. |
FortiwebVM.ServerPoolGroup.lb_algorithm | String | Server pool load balancing algorithm. |
FortiwebVM.ServerPoolGroup.health_check | String | The name of the server health check. |
FortiwebVM.ServerPoolGroup.persistence | String | The name of the persistence policy that specifies a session persistence method and timeout to apply to the pool. |
FortiwebVM.ServerPoolGroup.protocol | String | Server pool protocol. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.http_reuse | String | Server pool HTTP reuse. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.reuse_conn_total_time | Number | The maximum time limit in which a cached server connection may be reused. If a cached server connection exists for longer than the set limit, it will be closed. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.reuse_conn_idle_time | Number | Idle time limit for a cached server connection. If a cached server connection remains idle for the set duration, it will be closed. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.reuse_conn_max_request | Number | The maximum number of HTTP responses that the cached server connection may handle. If a cached server connection meets the set number, it will be closed. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.reuse_conn_max_count | Number | The maximum number of allowed cached server connections. If FortiWeb meets the set number, no more cached server connections will be established. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.adfs_server_name | String | The name for the AD FS Server. Supports API version 2 only. |
FortiwebVM.ServerPoolGroup.server_pool_id | String | A 64-bit random integer assigned to each server policy. Supports API version 2 only. |
#
Command example!fortiwebvm-server-pool-group-list limit=1
#
Context Example - API Version 1#
Context Example - API Version 2#
Human Readable Output#
Server pool groupShowing page 1. Current page size: 50 |Id|Type|Pool Count|Server Balance|Comments|Lb Algorithm|Health Check|Persistence| |---|---|---|---|---|---|---|---| | rp | Reverse Proxy | 0 | Single Server | | | | |
#
fortiwebvm-server-pool-reverse-proxy-rule-createCreate a rule for a reverse proxy server pool group (server pool rule is a member of server pool group). Reverse proxy โ Requests are destined for a virtual serverโs network interface and IP address on the FortiWeb appliance. Supports API versions 1 & 2. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-reverse-proxy-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | Server pool rule status. Possible values are: enable, disable, maintenance. Default is enable. | Optional |
server_type | Specify whether to specify the pool member by IP address, domain, or automatically pulled by SDN connector. The value โExternal connectorโ. Supports API version 2 only. Possible values are: IP, Domain, External connector. | Required |
sdn_address_type | Select whether you want FortiWeb to get the public or private addresses of your application's VM instances, or select all to get both the public and the private addresses. Relevant when the server pool group server balance=Server Balance and server_type=External connector. Supports API version 2 only. Possible values are: Private, Public, All. | Optional |
sdn_connector | Select the SDN connector you have created (dependencies - use fortiwebvm-sdn-connector-list command to get all the SDN connectors). Required when the server pool group server balance=Server Balance and server_type=External connector. Supports API version 2 only. Possible values are: aws, azure. | Optional |
filter | Once you select the SDN collector that you have created, choose the filter for your VMs in your public cloud account. You should know the filter name (there is no helper command). For example (AWS filter) instance-id=i-12345678. Required when the server pool group server balance=Server Balance and server_type=External connector. Supports API version 2 only. | Optional |
ip | The IP address of the web server to include in the pool. Required when: (server_type= ip). | Optional |
domain | The fully-qualified domain name of the web server to include in the pool, such as www.example.com. Required when: (server_type=domain). | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . Default is 80. | Optional |
connection_limit | Connection limit. The maximum number of concurrent connections to the backend server. 0 for no connection limit. Size range: 0-1048576. Default is 0. | Optional |
http2 | Enable to allow HTTP/2 communication between the FortiWeb and this back-end web server for HTTP/2 security inspections. Possible values are: enable, disable. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Relevant when: ssl=enable. | Optional |
recover | The number of seconds to postpone forwarding traffic after downtime when a health check indicates that this server has become available again. Size range: 0-86400. Default is 0. | Optional |
warm_up | Warm up, if the server cannot initially handle full connection load when it begins to respond to health checks. Size range: 0-86400. Default is 0. | Optional |
warm_rate | The maximum connection rate per second while the server is starting up. Size range: 1-86400.. Default is 10. | Optional |
weight | The assigned relative preference among members. Higher values are more preferred and are assigned with connections more frequently. Relevant when the server pool group server balance=Server Balance. Size range: 1-9999. Default is 1. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Relevant when the server pool group server balance=Server Balance. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when the server pool group server balance=Server Balance and health_check_inherit=enable. Supports API version 2 only. | Optional |
backup_server | Enter enable to configure this pool member as a backup server. FortiWeb only routes connections for the pool to a backup server when all the other members of the server pool fail their server health check. Relevant when the server pool group server balance=Server Balance.. Possible values are: enable, disable. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-reverse-proxy-rule-create group_name=rp server_type=IP ip=1.2.3.4
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group rp.
Id 1
#
fortiwebvm-server-pool-reverse-proxy-rule-updateUpdate a rule for a reverse proxy server pool group. Supports API versions 1 & 2. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-reverse-proxy-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | Server pool rule status. Possible values are: enable, disable, maintenance. | Optional |
server_type | Specify whether to specify the pool member by IP address, domain, or automatically pulled by SDN connector. The value โExternal connectorโ. Supports API version 2 only. Possible values are: IP, Domain, External connector. | Optional |
sdn_address_type | Select whether you want FortiWeb to get the public or private addresses of your application's VM instances, or select all to get both the public and the private addresses. Relevant when the server pool group server balance=Server Balance and server_type=External connector. Supports API version 2 only. Possible values are: Private, Public, All. | Optional |
sdn_connector | Select the SDN connector you have created (dependencies - use fortiwebvm-sdn-connector-list command to get all the SDN connectors). Required when the server pool group server balance=Server Balance and server_type=External connector. Supports API version 2 only. Possible values are: aws, azure. | Optional |
filter | Once you select the SDN collector that you have created, choose the filter for your VMs in your public cloud account. You should know the filter name (there is no helper command). For example (AWS filter) instance-id=i-12345678. Required when the server pool group server balance=Server Balance and server_type=External connector. Supports API version 2 only. | Optional |
ip | The IP address of the web server to include in the pool. Required when: (server_type= ip). | Optional |
domain | The fully-qualified domain name of the web server to include in the pool, such as www.example.com. Required when: (server_type=domain). | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . | Optional |
connection_limit | The maximum number of concurrent connections to the backend server. 0 for no connection limit. Size range: 0-1048576. | Optional |
http2 | Enable to allow HTTP/2 communication between the FortiWeb and this back-end web server for HTTP/2 security inspections. Possible values are: enable, disable. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Relevant when: ssl=enable. | Optional |
recover | The number of seconds to postpone forwarding traffic after downtime when a health check indicates that this server has become available again. Size range: 0-86400. | Optional |
warm_up | Warm up, if the server cannot initially handle full connection load when it begins to respond to health checks. Size range: 0-86400. | Optional |
warm_rate | The maximum connection rate per second while the server is starting up. Size range: 1-86400.. | Optional |
weight | The assigned relative preference among members. Higher values are more preferred and are assigned with connections more frequently. Relevant when the server pool group server balance=Server Balance. Size range: 1-9999. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Relevant when the server pool group server balance=Server Balance. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when the server pool group server balance=Server Balance and health_check_inherit=enable. Supports API version 2 only. | Optional |
backup_server | Enter enable to configure this pool member as a backup server. FortiWeb only routes connections for the pool to a backup server when all the other members of the server pool fail their server health check. Relevant when the server pool group server balance=Server Balance.. Possible values are: enable, disable. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-reverse-proxy-rule-update group_name=rp rule_id=1 status=disable
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-offline-protection-rule-createCreate a rule for an offline protection server pool group (server pool rule is a member of server pool group). Offline Protection - Requests are destined for a real web server instead of the FortiWeb appliance; traffic is duplicated to the FortiWeb through a span port. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-offline-protection-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | Server pool rule status. Possible values are: enable, disable. Default is enable. | Optional |
ip | The IP address of the web server to include in the pool. | Required |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. Default is 80. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. Default is disable. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. Required when ssl=enable. | Optional |
enable_sni | Enable to use a Server Name Indication (SNI) certificate. Server Name Indication allows multiple HTTPS websites to be served by the same IP address without requiring all those sites to use the same certificate. Supports API version 2 only. Possible values are: enable, disable. | Optional |
sni_certificate | The name of the Server Name Indication (SNI) certificate that specifies which certificate FortiWeb uses when encrypting or decrypting SSL-secured connections for a specified domain. (dependencies - use fortiwebvm-sni-certificate-list command to get all SNI certificates). Required when enable_sni=enable. Supports API version 2 only. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-offline-protection-rule-create group_name=op ip=1.2.3.4
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group op.
Id 1
#
fortiwebvm-server-pool-offline-protection-rule-updateUpdate a rule for an offline protection server pool group (server pool rule is a member of server pool group). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-offline-protection-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | Server pool rule status. Possible values are: enable, disable. | Optional |
ip | The IP address of the web server to include in the pool. | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Required when ssl=enable. | Optional |
enable_sni | Enable to use a Server Name Indication (SNI) certificate. Server Name Indication allows multiple HTTPS websites to be served by the same IP address without requiring all those sites to use the same certificate. Supports API version 2 only. Possible values are: enable, disable. | Optional |
sni_certificate | The name of the Server Name Indication (SNI) policy that specifies which certificate FortiWeb uses when encrypting or decrypting SSL-secured connections for a specified domain. (dependencies - use fortiwebvm-sni-certificate-list command to get all SNI certificates). Required when enable_sni=enable. Supports API version 2 only. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-offline-protection-rule-update group_name=op rule_id=1 port=81
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-true-transparent-proxy-rule-createCreate a rule for a true transparent server pool group (server pool rule is a member of server pool group). True transparent proxy - Requests are destined for a real web server instead of the FortiWeb appliance. Supports API versions 1 & 2. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-true-transparent-proxy-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | The status of the server pool rule. enable - Specifies that this pool member can receive new sessions from FortiWeb. disable - Specifies that this pool member does not receive new sessions from FortiWeb and FortiWeb closes any current sessions as soon as possible. maintenance - Specifies that this pool member does not receive new sessions from FortiWeb but FortiWeb maintains any current connections. Possible values are: enable, disable. Default is enable. | Optional |
ip | The IP address of the web server to include in the pool. . | Required |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . Default is 80. | Optional |
http2 | Enable to allow HTTP/2 communication between the FortiWeb and this back-end web server for HTTP/2 security inspections. Possible values are: enable, disable. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
certificate_type | Enable this option to allow FortiWeb to use Local / Multi Certificate / Letsencrypt certificates. Supports API version 2 only. Possible values are: Local, Multi Certificate, Letsencrypt. Default is Local. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. Relevant when enable_ssl=enable. In API version 2 - relevant when enable_ssl=enable and certificate_type=Local (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
multi_certificate | Multi certificate (dependencies use fortiwebvm-multi-certificate-list to get all the multi-certificates). Relevant when enable_ssl=enable and certificate_file=Multi Certificate. Supports API version 2 only. | Optional |
letsencrypt | Relevant when enable_ssl=enable and certificate_file=Letsencrypt (dependencies - use fortiwebvm-letsencrypt-certificate-list command to list all the letsencrypt certificates). Supports API version 2 only. | Optional |
certficate_intermediate_group | The name of a group of intermediate certificate authority (CA) certificates, if any, that FortiWeb presents to clients to complete the signing chain for them and validate the server certificateโs CA signature (dependencies - use fortiwebvm-certificate-intermediate-group-list command to get all the certificate intermediate groups). Relevant when ssl=enable. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Relevant when: ssl=enable. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Supports API version 2 only. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when health_check_inherit=enable. Supports API version 2 only. | Optional |
health_check | The name of a server health check FortiWeb uses to determine the responsiveness of server pool members (dependencies - use fortiwebvm-server-health-check-list command to get all health check policies). Supports API version 2 only. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-true-transparent-proxy-rule-create group_name=ttp server_type=IP ip=1.2.3.4
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group ttp.
Id 1
#
fortiwebvm-server-pool-true-transparent-proxy-rule-updateUpdate a rule for a true transparent server pool group (server pool rule is a member of server pool group). Supports API versions 1 & 2. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-true-transparent-proxy-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | The status of the server pool rule. enable - Specifies that this pool member can receive new sessions from FortiWeb. disable - Specifies that this pool member does not receive new sessions from FortiWeb and FortiWeb closes any current sessions as soon as possible. maintenance - Specifies that this pool member does not receive new sessions from FortiWeb but FortiWeb maintains any current connections. Possible values are: enable, disable. | Optional |
ip | The IP address of the web server to include in the pool. . | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . | Optional |
http2 | Enable to allow HTTP/2 communication between the FortiWeb and this back-end web server for HTTP/2 security inspections. Possible values are: enable, disable. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
certificate_type | Enable this option to allow FortiWeb to use Local / Multi Certificate / Letsencrypt certificates. Supports API version 2 only. Possible values are: Local, Multi Certificate, Letsencrypt. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. Relevant when enable_ssl=enable. In API version 2 - relevant when enable_ssl=enable and certificate_type=Local (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
multi_certificate | Multi certificate (dependencies use fortiwebvm-multi-certificate-list to get all the multi-certificates). Relevant when enable_ssl=enable and certificate_file=Multi Certificate. Supports API version 2 only. | Optional |
letsencrypt | Relevant when enable_ssl=enable and certificate_file=Letsencrypt (dependencies - use fortiwebvm-letsencrypt-certificate-list command to list all the letsencrypt certificates). Supports API version 2 only. | Optional |
certficate_intermediate_group | The name of a group of intermediate certificate authority (CA) certificates, if any, that FortiWeb presents to clients to complete the signing chain for them and validate the server certificateโs CA signature (dependencies - use fortiwebvm-certificate-intermediate-group-list command to get all the certificate intermediate groups). Relevant when ssl=enable. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Relevant when: ssl=enable. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Supports API version 2 only. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when health_check_inherit=enable. Supports API version 2 only. | Optional |
health_check | The name of a server health check FortiWeb uses to determine the responsiveness of server pool members (dependencies - use fortiwebvm-server-health-check-list command to get all health check policies). Supports API version 2 only. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-true-transparent-proxy-rule-update group_name=ttp rule_id=1 port=82
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-transparent-inspection-rule-createCreate a rule for a transparent inspection server pool group (server pool rule is a member of server pool group). Transparent Inspection - Requests are destined for a real web server instead of the FortiWeb appliance. The FortiWeb appliance asynchronously inspects traffic arriving on a network port that belongs to a Layer 2 bridge, applies the first applicable policy, and lets permitted traffic pass through. Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-transparent-inspection-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | Server pool rule status. Possible values are: enable, disable. | Optional |
ip | The IP address of the web server to include in the pool. . | Required |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . Default is 80. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Required when ssl=enable. | Optional |
enable_sni | Enable to use a Server Name Indication (SNI) certificate. Server Name Indication allows multiple HTTPS websites to be served by the same IP address without requiring all those sites to use the same certificate. Supports API version 2 only. Possible values are: enable, disable. | Optional |
sni_certificate | The name of the Server Name Indication (SNI) policy that specifies which certificate FortiWeb uses when encrypting or decrypting SSL-secured connections for a specified domain. (dependencies - use fortiwebvm-sni-certificate-list command to get all SNI certificates). Required when enable_sni=enable. Supports API version 2 only. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-transparent-inspection-rule-create group_name=ti ip=1.2.3.4
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group ti.
Id 1
#
fortiwebvm-server-pool-transparent-inspection-rule-updateUpdate a rule for a transparent inspection server pool group (server pool rule is a member of server pool group). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-transparent-inspection-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | Server pool rule status. Possible values are: enable, disable. | Optional |
ip | The IP address of the web server to include in the pool. . | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . Default is 80. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. (dependencies - use fortiwebvm-local-certificate-list command to get all the local certificates). Required when ssl=enable. | Optional |
enable_sni | Enable to use a Server Name Indication (SNI) configuration. Server Name Indication allows multiple HTTPS websites to be served by the same IP address without requiring all those sites to use the same certificate. Supports API version 2 only. Possible values are: enable, disable. | Optional |
sni_policy | The name of the Server Name Indication (SNI) configuration that specifies which certificate FortiWeb uses when encrypting or decrypting SSL-secured connections for a specified domain. Required when enable_sni=enable. Supports API version 2 only. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-transparent-inspection-rule-update group_name=ti rule_id=1 port=83
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-wccp-rule-createCreate a rule for an WCCP server pool group (server pool rule is a member of server pool group). WCCP - The FortiWeb appliance allows traffic to pass through to the server pool when it receives traffic that is directed to the FortiWeb (configured as a WCCP client) by a FortiGate acting as a WCCP server. Supports API versions 1 & 2. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-wccp-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | Server pool rule status. Possible values are: enable, disable. Default is enable. | Optional |
ip | The IP address of the web server to include in the pool. . | Required |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. Default is disable. | Optional |
certificate_type | Enable this option to allow FortiWeb to use Local / Multi Certificate certificates. Supports API version 2 only. Possible values are: Local, Multi Certificate. Default is Local. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. Relevant when enable_ssl=enable. Relevant when enable_ssl=enable and certificate_type=Local (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
multi_certificate | Multi certificate (dependencies use fortiwebvm-multi-certificate-list to get all the multi-certificates). Relevant when enable_ssl=enable and certificate_type=Multi Certificate. Supports API version 2 only. | Optional |
certficate_intermediate_group | The name of a group of intermediate certificate authority (CA) certificates, if any, that FortiWeb presents to clients to complete the signing chain for them and validate the server certificateโs CA signature (dependencies - use fortiwebvm-certificate-intermediate-group-list command to get all the certificate intermediate groups). Relevant when ssl=enable. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member. Relevant when: enable_ssl=enable (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-wccp-rule-create group_name=wccp ip=1.2.3.4 port=84
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group wccp.
Id 1
#
fortiwebvm-server-pool-wccp-rule-updateUpdate a rule for an WCCP server pool group (server pool rule is a member of server pool group). Supports API versions 1 & 2. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-wccp-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | Server pool rule status. Possible values are: enable, disable. | Optional |
ip | The IP address of the web server to include in the pool. . | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
certificate_type | Enable this option to allow FortiWeb to use Local / Multi Certificate certificates. Supports API version 2 only. Possible values are: Local, Multi Certificate. | Optional |
certificate_file | The name of the certificate that FortiWeb uses to decrypt SSL-secured connections. Relevant when enable_ssl=enable. Relevant when enable_ssl=enable and certificate_type=Local (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
multi_certificate | Multi certificate (dependencies use fortiwebvm-multi-certificate-list to get all the multi-certificates). Relevant when enable_ssl=enable and certificate_type=Multi Certificate. Supports API version 2 only. | Optional |
certficate_intermediate_group | The name of a group of intermediate certificate authority (CA) certificates, if any, that FortiWeb presents to clients to complete the signing chain for them and validate the server certificateโs CA signature (dependencies - use fortiwebvm-certificate-intermediate-group-list command to get all the certificate intermediate groups). Relevant when ssl=enable. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member. Relevant when: enable_ssl=enable (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-wccp-rule-update group_name=wccp rule_id=1 port=84
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-ftp-rule-createCreate a rule for an FTP server pool group (server pool rule is a member of server pool group). Supports API version 2 only. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-ftp-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | Server pool rule status. Possible values are: enable, disable, maintenance. Default is enable. | Optional |
server_type | Specify whether to specify the pool member by IP address or domain. Possible values are: IP, Domain. | Optional |
ip | The IP address of the web server to include in the pool. Required when: (server_type=IP). | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . Default is 21. | Optional |
connection_limit | Connection limit. The maximum number of concurrent connections to the backend server. 0 for no connection limit. Size range: 0-1048576. Default is 0. | Optional |
weight | The assigned relative preference among members. Higher values are more preferred and are assigned with connections more frequently. Relevant when the server pool group server balance=Server Balance. Size range: 1-9999. Default is 1. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Relevant when the server pool group server balance=Server Balance. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when the server pool group server balance=Server Balance and health_check_inherit=enable. . | Optional |
backup_server | Enter enable to configure this pool member as a backup server. FortiWeb only routes connections for the pool to a backup server when all the other members of the server pool fail their server health check. Relevant when the server pool group server balance=Server Balance.. Possible values are: enable, disable. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. Default is disable. | Optional |
implicit_ssl | Enable so that FortiWeb will communicate with the pool member using implicit SSL. Possible values are: enable, disable. Default is disable. | Optional |
recover | The number of seconds to postpone forwarding traffic after downtime when a health check indicates that this server has become available again. Size range: 0-86400. Default is 0. | Optional |
warm_up | Warm up, if the server cannot initially handle full connection load when it begins to respond to health checks. Size range: 0-86400. Default is 0. | Optional |
warm_rate | The maximum connection rate per second while the server is starting up. Size range: 1-86400.. Default is 10. | Optional |
domain | The fully-qualified domain name of the web server to include in the pool, such as www.example.com. Required when: (server_type=domain). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-ftp-rule-create group_name=ftp ip=1.2.3.4
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group ftp.
Id 1
#
fortiwebvm-server-pool-ftp-rule-updateUpdate a rule for an FTP server pool group (server pool rule is a member of server pool group). Supports API version 2 only.
#
Base Commandfortiwebvm-server-pool-ftp-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | Server pool rule status. Possible values are: enable, disable, maintenance. | Optional |
server_type | Specify whether to specify the pool member by IP address or domain. Possible values are: IP, Domain. | Optional |
ip | The IP address of the web server to include in the pool. Required when: (server_type=IP). | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . | Optional |
connection_limit | Connection limit. The maximum number of concurrent connections to the backend server. 0 for no connection limit. Size range: 0-1048576. | Optional |
weight | The assigned relative preference among members. Higher values are more preferred and are assigned with connections more frequently. Relevant when the server pool group server balance=Server Balance. Size range: 1-9999. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Relevant when the server pool group server balance=Server Balance. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when the server pool group server balance=Server Balance and health_check_inherit=enable. . | Optional |
backup_server | Enter enable to configure this pool member as a backup server. FortiWeb only routes connections for the pool to a backup server when all the other members of the server pool fail their server health check. Relevant when the server pool group server balance=Server Balance.. Possible values are: enable, disable. | Optional |
enable_ssl | Enable to use SSL/TLS for connections between FortiWeb and the pool member. Possible values are: enable, disable. | Optional |
implicit_ssl | Enable so that FortiWeb will communicate with the pool member using implicit SSL. Possible values are: enable, disable. | Optional |
recover | The number of seconds to postpone forwarding traffic after downtime when a health check indicates that this server has become available again. Size range: 0-86400. | Optional |
warm_up | Warm up, if the server cannot initially handle full connection load when it begins to respond to health checks. Size range: 0-86400. | Optional |
warm_rate | The maximum connection rate per second while the server is starting up. Size range: 1-86400.. | Optional |
domain | The fully-qualified domain name of the web server to include in the pool, such as www.example.com. Required when: (server_type=domain). | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-ftp-rule-update group_name=ftp rule_id=1 port=81
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-adfs-rule-createCreate a rule for an ADFS server pool group (server pool rule is a member of server pool group). Supports API version 2 only. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-adfs-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
status | Server pool rule status. Possible values are: enable, disable, maintenance. Default is enable. | Optional |
server_type | Specify whether to specify the pool member by IP address or domain. Possible values are: IP, Domain. | Required |
ip | The IP address of the web server to include in the pool. Required when: (server_type=IP). | Optional |
enable_ssl | The IP address of the web server to include in the pool. . Default is enable. | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . Default is 443. | Optional |
connection_limit | Connection limit. The maximum number of concurrent connections to the backend server. 0 for no connection limit. Size range: 0-1048576. Default is 0. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Relevant when the server pool group server balance=Server Balance. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when the server pool group server balance=Server Balance and health_check_inherit=enable. | Optional |
backup_server | Enter enable to configure this pool member as a backup server. FortiWeb only routes connections for the pool to a backup server when all the other members of the server pool fail their server health check. Relevant when the server pool group server balance=Server Balance.. Possible values are: enable, disable. | Optional |
registration_username | The username that will be used by FortiWeb to connect with the AD FS server. You should include the domain to which FortiWeb and the AD FS server belong. For example: administrator. | Required |
registration_password | The password that will be used by FortiWeb to connect with the AD FS server. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Required |
recover | The number of seconds to postpone forwarding traffic after downtime when a health check indicates that this server has become available again. Size range: 0-86400. Default is 0. | Optional |
warm_up | Warm up, if the server cannot initially handle full connection load when it begins to respond to health checks. Size range: 0-86400. Default is 0. | Optional |
warm_rate | The maximum connection rate per second while the server is starting up. Size range: 1-86400.. Default is 10. | Optional |
domain | The fully-qualified domain name of the web server to include in the pool, such as www.example.com. Required when: (server_type=domain). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | The server pool rule ID. |
#
Command example!fortiwebvm-server-pool-adfs-rule-create group_name=adfs client_certificate_file=certificate registration_username=test server_type=Domain domain=test.com
#
Context Example#
Human Readable Output#
Server pool rule 1 was successfully added to server pool group adfs.
Id 1
#
fortiwebvm-server-pool-adfs-rule-updateUpdate a rule for an ADFS server pool group (server pool rule is a member of server pool group). Supports API version 2 only. Server pool rule advanced SSL settings are not supported in this command.
#
Base Commandfortiwebvm-server-pool-adfs-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
status | Server pool rule status. Possible values are: enable, disable, maintenance. | Optional |
server_type | Specify whether to specify the pool member by IP address or domain. Possible values are: IP, Domain. | Optional |
ip | The IP address of the web server to include in the pool. Required when: (server_type=IP). | Optional |
port | The TCP port number where the pool member listens for connections. The valid range is 1โ65,535. . | Optional |
connection_limit | Connection limit. The maximum number of concurrent connections to the backend server. 0 for no connection limit. Size range: 0-1048576. | Optional |
health_check_inherit | Enable to use the health check specified by health in the server pool configuration. Disable to use the health check specified by health in this pool member configuration. Relevant when the server pool group server balance=Server Balance. Possible values are: enable, disable. | Optional |
health_check_domain | The domain name of the server pool. Required when the server pool group server balance=Server Balance and health_check_inherit=enable. | Optional |
backup_server | Enter enable to configure this pool member as a backup server. FortiWeb only routes connections for the pool to a backup server when all the other members of the server pool fail their server health check. Relevant when the server pool group server balance=Server Balance.. Possible values are: enable, disable. | Optional |
registration_username | The username that will be used by FortiWeb to connect with the AD FS server. You should include the domain to which FortiWeb and the AD FS server belong. For example: administrator. | Optional |
registration_password | The password that will be used by FortiWeb to connect with the AD FS server. | Optional |
client_certificate_file | The client certificate that FortiWeb uses to connect to this server pool member (dependencies - use fortiwebvm-local-certificate-list command to list all the local certificates). | Optional |
recover | The number of seconds to postpone forwarding traffic after downtime when a health check indicates that this server has become available again. Size range: 0-86400. | Optional |
warm_up | Warm up, if the server cannot initially handle full connection load when it begins to respond to health checks. Size range: 0-86400. | Optional |
warm_rate | The maximum connection rate per second while the server is starting up. Size range: 1-86400.. | Optional |
domain | The fully-qualified domain name of the web server to include in the pool, such as www.example.com. Required when: (server_type=domain). | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-adfs-rule-update group_name=adfs rule_id=1 port=81 client_certificate_file=certificate registration_username=test server_type=Domain domain=test2.com
#
Human Readable OutputServer pool rule 1 was successfully updated!
#
fortiwebvm-server-pool-rule-deleteDelete server pool rule (server pool rule is a member of server pool). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-rule-delete
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID (dependencies - use fortiwebvm-server-pool-rule-list command to get all server pool rules). | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortiwebvm-server-pool-rule-delete group_name=rp rule_id=1
#
Human Readable OutputServer pool rule 1 was successfully deleted!
#
fortiwebvm-server-pool-rule-listList server pool rules (server pool rule is a member of server pool group). Supports API versions 1 & 2.
#
Base Commandfortiwebvm-server-pool-rule-list
#
InputArgument Name | Description | Required |
---|---|---|
group_name | Server pool group name (dependencies - use fortiwebvm-server-pool-group-list command to get all server pool groups). | Required |
rule_id | Server pool rule ID. | Optional |
page | Page number of paginated results. Minimum value: 1. Default is 1. | Optional |
page_size | The number of items per page. Default is 50. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FortiwebVM.ServerPoolGroup.Rule.id | String | Server pool rule rule ID. |
FortiwebVM.ServerPoolGroup.Rule.server_type | String | Server pool rule type. |
FortiwebVM.ServerPoolGroup.Rule.ip | String | Server pool rule IP. |
FortiwebVM.ServerPoolGroup.Rule.domain | String | Server pool rule domain. |
FortiwebVM.ServerPoolGroup.Rule.port | String | Server pool rule port. |
FortiwebVM.ServerPoolGroup.Rule.weight | String | Server pool rule weight. |
FortiwebVM.ServerPoolGroup.Rule.status | String | Server pool rule status. |
FortiwebVM.ServerPoolGroup.Rule.backup_server | String | Server pool rule backup server. |
FortiwebVM.ServerPoolGroup.Rule.connection_limit | String | The maximum number of concurrent connections to the backend server. 0 for no connection limit |
FortiwebVM.ServerPoolGroup.Rule.http2 | String | Whether to allow HTTP/2 communication between the FortiWeb and this back-end web server for HTTP/2 security inspections. |
FortiwebVM.ServerPoolGroup.Rule.ssl_settings | String | Server pool rule SSL settings. |
#
Command example!fortiwebvm-server-pool-rule-list group_name=test
#
Context Example - API Version 1#
Context Example - API Version 2#
Human Readable Output#
SDN collectors:Showing page 1. Current page size: 50 |Id| |---| | test |