If access to the firewall is limited to the CLI, the web filter profile must be modified through CLI commands. Although the action cannot be set to 'allow' directly in the CLI, alternative actions are available.

These include:

• Block: Deny access.
• Authenticate: Require user authentication before granting access.
• Monitor: Permit access while logging the activity.
• Warning: Permit access after issuing a warning to the user.

To set the action to 'allow', the corresponding entry must be removed from the web filter’s configuration filter settings. This removal effectively changes the action to 'allow' by default.

Example:

In the screenshot below, the web filter profile named testcustomcli is used. The example demonstrates how to edit the 'Newly Observed Domain' category and change its default action from block to allow by removing the configured entry.

• In order to verify the category ID of each category from CLI, use the following command: 

get webfilter categories 

Use the following example to view the category ID of the Newly Observed Domain.

From the CLI view: 

To change the action delete the entry: 

config webfilter profile

    edit testcustomcli     <----- Name of the web filter profile.

        config ftgd-wf         

            config filters

                delete <entry number>      <----- Category entry from the above example: 22.

            end

        end

    end

Example: 

config webfilter profile

    edit testcustomcli      <----- Name of the web filter profile.

        config ftgd-wf         

            config filters

                delete 22          <----- Category entry from above example: 22.

            end

        end

    end

The Action will now change from block to allow.