Skip to main content
AlexFeren
AlexFeren
New Member
July 23, 2015
Question

CLI for "Web Profile Overrides" in Web-based Manager

  • July 23, 2015
  • 3 replies
  • 8757 views

Hi all,

Security Profiles -> Advanced -> "Web Profile Overrides" shows (a) 'Administrative Overrides' (config webfilter override) and (b) dynamically allocated 'Blocked Override' (config webfilter profile's 'config override').

I am looking to find the CLI for the latter [ie. (b)] - what is it?

R's, Alex

    3 replies

    corymrussell
    corymrussell
    New Member
    July 23, 2015

    I too have been looking for this. Thanks for the post on this. I'll check back later in hopes there is an answer :-) Sorry. I was actually looking for the command for "a" that you posted. I was able to find that in the config file.

    hop_FTNT
    Staff
    hop_FTNT
    Staff
    July 29, 2015

    For b, "Web Profile Overrides" page shows the status of override, and there is not way to config anything of such entries inside this page. The configuration is in "Allow Blocked Override" section in Web Filter page. The associated CLI is as following.

     

    config webfilter profile     edit "default"         set ovrd-perm bannedword-override urlfilter-override fortiguard-wf-override contenttype-check-override             config override                 set ovrd-user-group "localgroup"                 set profile "webfilter"             end     next end

     

    For a, associated CLI is:

    config webfilter override     edit 1         set status enable         set old-profile "default"         set new-profile "webfilter"         unset expires         set expires 2015/07/29 11:01:00         set user "localuser"     next end

    AlexFeren
    AlexFerenAuthor
    New Member
    July 30, 2015

    Thank for replying, however, you have not answered the question.

    I am not asking for CLI configuration commands (which I've already referenced in original post).

    I am asking for CLI for showing (ie. printing of) dynamically allocated 'Blocked Override' - (b). I've attached snapshot.

    Do you need further clarification from me?

    R's, Alex

    PS. the above 'dynamically allocated 'Blocked Override' is a result of this configuration and then the end-user (me) overriding the restriction in the web-browser by entering credentials.

     

    FG60C (root) # show webfilter profile No-Bandwidth-Consumption
    config webfilter profile
        edit "No-Bandwidth-Consumption"
            set ovrd-perm bannedword-override urlfilter-override fortiguard-wf-override contenttype-check-override
                config override
                    set ovrd-scope ip
                    set ovrd-dur 2h
                    set ovrd-user-group "Local-Group"
                    set profile "monitor-all"
                end
                config ftgd-wf
    :
                end
        next
    end

     

    hop_FTNT
    Staff
    hop_FTNT
    Staff
    July 30, 2015

    600C_HA_Master (global) # dia test application ovrd 3 VD           Status    Initiator      Old Profile    New Profile    Scope              Expiry Date              vdom1        enable    localuser      webfilter      default        usr:localuser      Wed Jul 29 18:07:34 2015

    AlexFeren
    AlexFerenAuthor
    New Member
    July 30, 2015

    Brilliant, thanks!

    From usability point of view this don't seem right - if a data deserves a Web-based Manager page, then its CLI retrieval should be more obvious than be under a "diagnose test application ..."? Additionally, this is VDOM-related data - why should it be under Global?

     

    It's own "execute ....", perhaps? An improvement for Fortinet to consider?

     

     

     

    Terms & ConditionsAccessibility statement