Manual 20

#config-version=FGVM64-6.0.
2-FW-build0163-180725:opmode=0:vdom=0:user=admin
#conf_file_ver=738798799590679
#buildno=0163
#global_vdom=1
config system global
set admin-https-redirect disable
set admintimeout 30
set alias "FGVM010000148756"
set gui-theme mariner
set hostname "FGT1"
set timezone 12
end
config system accprofile
edit "prof_admin"
set secfabgrp read-write
set ftviewgrp read-write
set authgrp read-write
set sysgrp read-write
set netgrp read-write
set loggrp read-write
set fwgrp read-write
set vpngrp read-write
set utmgrp read-write
set wanoptgrp read-write
set wifi read-write
next
end
config system interface
edit "port1"
set vdom "root"
set ip 192.168.0.11 255.255.255.0
set allowaccess ping https ssh http
set type physical
set alias "mgmt"
set device-identification enable
set device-identification-active-scan enable
set snmp-index 1
next
edit "port2"
set vdom "root"
set ip 192.168.101.1 255.255.255.0
set allowaccess ping
set type physical
set alias "wan1"
set snmp-index 2
next
edit "port3"
set vdom "root"
set ip 192.168.102.1 255.255.255.0
set type physical
set alias "wan2"
set snmp-index 3
next
edit "port4"
set vdom "root"
set ip 192.168.10.1 255.255.255.0
set type physical
set alias "dmz1"
set snmp-index 4
next
edit "port5"
set vdom "root"
set ip 192.168.1.1 255.255.255.0
set type physical
set alias "lan1"
set fortiheartbeat enable
set snmp-index 5
next
edit "port6"
set vdom "root"
set allowaccess ping capwap
set type physical
set alias "flink1"
set snmp-index 6
next
edit "port7"
set vdom "root"
set ip 192.168.12.1 255.255.255.0
set type physical
set alias "fsaout"
set snmp-index 7
next
edit "port8"
set vdom "root"
set type physical
set snmp-index 8
next
edit "port9"
set vdom "root"
set type physical
set snmp-index 9
next
edit "port10"
set vdom "root"
set type physical
set snmp-index 10
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 11
next
edit "FGT01 – FGT02"
set vdom "root"
set ip 10.10.10.1 255.255.255.255
set type tunnel
set remote-ip 10.10.10.2 255.255.255.255
set alias "VPN_Tunnel"
set fortiheartbeat enable
set snmp-index 12
set interface "port2"
next
end
config system custom-language
edit "en"
set filename "en"
next
edit "fr"
set filename "fr"
next
edit "sp"
set filename "sp"
next
edit "pg"
set filename "pg"
next
edit "x-sjis"
set filename "x-sjis"
next
edit "big5"
set filename "big5"
next
edit "GB2312"
set filename "GB2312"
next
edit "euc-kr"
set filename "euc-kr"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Main"
config widget
edit 1
set x-pos 1
set y-pos 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 2
set y-pos 1
set width 1
set height 1
next
edit 3
set type vminfo
set x-pos 3
set y-pos 1
set width 1
set height 1
next
edit 4
set type forticloud
set x-pos 4
set y-pos 1
set width 1
set height 1
next
edit 5
set type security-fabric
set x-pos 5
set y-pos 1
set width 1
set height 1
next
edit 6
set type security-fabric-ranking
set x-pos 6
set y-pos 1
set width 1
set height 1
next
edit 7
set type admins
set x-pos 7
set y-pos 1
set width 1
set height 1
next
edit 8
set type cpu-usage
set x-pos 8
set y-pos 1
set width 2
set height 1
next
edit 9
set type memory-usage
set x-pos 9
set y-pos 1
set width 2
set height 1
next
edit 10
set type sessions
set x-pos 10
set y-pos 1
set width 2
set height 1
next
end
next
edit 2
set name "FortiClient Dashboard"
config widget
edit 1
set type vulnerability-summary
set width 2
set height 1
next
edit 2
set type host-scan-summary
set x-pos 1
set width 1
set height 1
next
edit 3
set type fortiview
set x-pos 2
set width 2
set height 1
set report-by endpoint-device
set sort-by "vuln_count"
next
end
next
end
next
end
config system ha
set override disable
end
config system storage
edit "Virtual-Disk"
set status enable
set media-status enable
set order 1
set partition "MIXEDXXXEFD7C384"
set device "/dev/sdb1"
set size 8616
set usage mix
set wanopt-mode mix
next
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system replacemsg-image
edit "logo_fnet"
set image-type gif
set image-base64 ''
next
edit "logo_fguard_wf"
set image-type gif
set image-base64 ''
next
edit "logo_fw_auth"
set image-base64 ''
next
edit "logo_v2_fnet"
set image-base64 ''
next
edit "logo_v2_fguard_wf"
set image-base64 ''
next
edit "logo_v2_fguard_app"
set image-base64 ''
next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg mail "email-decompress-limit"
end
config system replacemsg mail "smtp-decompress-limit"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-authorization-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg nntp "email-decompress-limit"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
end
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg auth "auth-quarantine-page"
end
config system replacemsg auth "auth-qtn-reject-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-linux"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg ec "endpt-warning-portal"
end
config system replacemsg ec "endpt-warning-portal-mac"
end
config system replacemsg ec "endpt-warning-portal-linux"
end
config system replacemsg ec "endpt-remedy-inst"
end
config system replacemsg ec "endpt-remedy-reg"
end
config system replacemsg ec "endpt-remedy-ftcl-autofix"
end
config system replacemsg ec "endpt-remedy-av-3rdp"
end
config system replacemsg ec "endpt-remedy-ver"
end
config system replacemsg ec "endpt-remedy-os-ver"
end
config system replacemsg ec "endpt-remedy-vuln"
end
config system replacemsg ec "endpt-remedy-sig-ids"
end
config system replacemsg ec "endpt-remedy-ems-online"
end
config system replacemsg ec "endpt-ftcl-incompat"
end
config system replacemsg ec "endpt-download-ftcl"
end
config system replacemsg ec "endpt-quarantine-portal"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "ipsfail-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system replacemsg utm "outbreak-prevention-html"
end
config system replacemsg utm "outbreak-prevention-text"
end
config system replacemsg icap "icap-req-resp"
end
config system snmp sysinfo
end
config user device-category
edit "android-phone"
next
edit "android-tablet"
next
edit "blackberry-phone"
next
edit "blackberry-playbook"
next
edit "forticam"
next
edit "fortifone"
next
edit "fortinet"
next
edit "gaming-console"
next
edit "ip-phone"
next
edit "ipad"
next
edit "iphone"
next
edit "linux-pc"
next
edit "mac"
next
edit "media-streaming"
next
edit "printer"
next
edit "router-nat-device"
next
edit "windows-pc"
next
edit "windows-phone"
next
edit "windows-tablet"
next
edit "other-network-device"
next
edit "collected-emails"
next
edit "amazon-device"
next
edit "android-device"
next
edit "blackberry-device"
next
edit "fortinet-device"
next
edit "ios-device"
next
edit "windows-device"
next
edit "all"
next
end
config system cluster-sync
end
config system fortiguard
set update-server-location usa
set sdns-server-ip "208.91.112.220"
end
config ips global
end
config log fortianalyzer setting
set status enable
set server "192.168.1.6"
set upload-option realtime
set reliable enable
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
end
config system fortisandbox
set status enable
set server "192.168.1.7"
end
config system csf
set status enable
set group-name "SecFabLab"
set group-password ENC
3Cc9u9A4Y9Y+NZ/hdLPUvMchx9KwuXEK/qkwKviss3ERmvVjGU3hTycgl+3eV1Ee7s/ZIXIzpB+
+2p2vEAwPom+7n1Fl2BvIpRrmWZIVfAs6iE2yZtgV61LbEHdG4DxmMy1NtyXLb1DXUz6S4cNR/3BXW6U+Mg
nnxsyPSwZUl24sQyeuzppnTd1KmxnX/3KudFtEng==
set fixed-key ENC
gfNl3RXoDVbq7tiX/gQlPAK/c864J3GbCwnp/ZbfRTBuV1haLv5Ly6mwStnXLBeYm2w39ZOHC1xVK2t3md7
G/XvBIkvxbpNu9D2kd8RxSMfyO2bTcAri+HTdopM1U9cjoZ89sT3B98TgZdpV4bGvItB9W+WaFM+Gh2CX4L
K2XCGx/F/0usSXv3gf3UBmETxA2hBo3A==
end
config system object-tagging
edit "default"
next
edit "Location"
set address disable
set interface disable
set multiple disable
set color 3
set tags "Site1" "Site2"
next
edit "Department"
set color 10
set tags "Marketing" "Sales" "Admin"
next
edit "Operation"
set address disable
set device mandatory
set interface disable
set color 6
set tags "Critical" "Normal"
next
end
config system settings
set inspection-mode flow
end
config system replacemsg-group
edit "auth-intf-qtn.port6"
set comment "This is quarantine notification replacement message for
quarantine VLAN interface"
set group-type auth
config auth
edit "auth-disclaimer-page-1"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-
8\"><style
type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{display:table;width
:100%;height:100%;}.ic{display:table-cell;vertical-
align:middle;height:100%;}form{display:block;background:#ccc;border:2px solid
red;padding:0 0 25px 0;width:500px;font-family:helvetica,sans-serif;font-
size:14px;margin:10px auto;}.fel,.fer,.fec{text-align:center;width:350px;margin:0
auto;padding:10px;}.fel{text-align:left;}.fer{text-align:right;}h1{font-
weight:bold;font-size:21px;margin:0;padding:20px 10px;text-
align:center;}p{margin:15px auto;width:75%;text-align:left;}ul{margin:15px
auto;width:75%;}h2{margin:25px 10px;font-weight:bold;text-
align:center;}label,h2{font-size:16px;}.logo{background:#eee center 25px url(%
%IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;}</style><title>Firewall
Quarantine Notification</title></head><body><div class=\"oc\"><div
class=\"ic\"><form action=\"%%DISCLAIMER_ACT%%\" method=\"%%DISCLAIMER_METHOD%
%\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%%PROTURI%%\"><input
type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><input type=\"hidden\"
name=\"%%ANSWERID%%\" value=\"%%DECLINEVAL%%\"><h1 class=\"logo\">Quarantine
Notification</h1><p>Your network access has been restricted due to detection of
potentially malicious traffic. Please contact your network administrator for
further information.</p><h2>Acknowledge your quarantine for limited network
access.</h2><div class=\"fec\"><input type=\"submit\" value= \"Accept\"
onclick=\"sb(\'%%AGREEVAL%%\')\"><input type=\"submit\" value= \"Decline\"
onclick=\"sb(\'%%DECLINEVAL%%\')\"></div></form></div></div><script>function
sb(val) { document.forms[0].%%ANSWERID%%.value = val; document.forms[0].submit(); }
</script></body></html>"
set header http
set format html
next
set buffer ''
set header http
set format html
next
set buffer ''
set header http
set format html
next
edit "auth-reject-page"
set buffer "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-
8\"><style
type=\"text/css\">html,body{height:100%;padding:0;margin:0;}.oc{display:table;width
:100%;height:100%;}.ic{display:table-cell;vertical-
align:middle;height:100%;}form{display:block;background:#ccc;border:2px solid
red;padding:0 0 25px 0;width:500px;font-family:helvetica,sans-serif;font-
size:14px;margin:10px auto;}.fel,.fer,.fec{text-align:center;width:350px;margin:0
auto;padding:10px;}.fel{text-align:left;}.fer{text-align:right;}h1{font-
weight:bold;font-size:21px;margin:0;padding:20px 10px;text-
align:center;}p{margin:15px auto;width:75%;text-align:left;}ul{margin:15px
auto;width:75%;}h2{margin:25px 10px;font-weight:bold;text-
align:center;}label,h2{font-size:16px;}.logo{background:#eee center 25px url(%
%IMAGE:logo_fw_auth%%) no-repeat;padding-top:80px;}</style><title>Firewall
Quarantine Declined</title></head><body><div class=\"oc\"><div class=\"ic\"><form
action=\"/\" method=\"post\"><input type=\"hidden\" name=\"%%REDIRID%%\" value= \"%
%PROTURI%%\"><input type=\"hidden\" name=\"%%MAGICID%%\" value=\"%%MAGICVAL%%\"><h1
class=\"logo\">Quarantine</h1><p>By failing to acknowledge the terms of Quarantine,
your access may be more severely restricted until acknowledged.</p><div
class=\"fec\"><input type=\"submit\" value= \"Return to Quarantine
Notification\"></div></form></div></div></body></html>"
set header http
set format html
next
end
next
end
config firewall address
edit "none"
set uuid 337a0f3c-a328-51e4-2e35-eb1e26924976
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid 337a14a0-a328-51e4-f40d-f70dec529036
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid 337a2094-a328-51e4-bc1f-266158c9408c
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid 337a253a-a328-51e4-3ca5-95211b2d3727
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid 337a299a-a328-51e4-6cdb-00f223b721b9
set type fqdn
set fqdn "update.microsoft.com"
next
edit "all"
set uuid 33a0cd34-a328-51e4-6caf-41c1a7ba5dbc
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid 33a0ceb0-a328-51e4-bbc9-0b21c3986d3e
set visibility disable
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid 33a15e5c-a328-51e4-e8cd-d18bca1ad998
set type iprange
set associated-interface "ssl.root"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "FB0"
set uuid 07b06048-ba87-51e8-4dae-ec362ae58d40
set subnet 5.178.32.0 255.255.240.0
next
edit "FB1"
set uuid 07b0a288-ba87-51e8-b381-dcbf20793687
set subnet 195.27.154.0 255.255.255.0
next
edit "FB2"
set uuid 0e1ae962-ba87-51e8-fa88-7eb61a07d667
set subnet 80.150.154.0 255.255.255.0
next
edit "FB3"
set uuid 0e1b42ae-ba87-51e8-582b-3797a3280bbb
set subnet 77.67.96.0 255.255.252.0
next
edit "FB4"
set uuid 0e1bb46e-ba87-51e8-cd84-14faa2ade430
set subnet 212.119.27.0 255.255.255.128
next
edit "FB5"
set uuid 0e1c3718-ba87-51e8-e35b-d3a705e55fe1
set subnet 2.16.0.0 255.248.0.0
next
edit "FB6"
set uuid 0e1ca022-ba87-51e8-b26a-01df8ea9881c
set subnet 66.171.231.0 255.255.255.0
next
edit "FB7"
set uuid 0e1d0c06-ba87-51e8-0335-ca68a1b64795
set subnet 31.13.24.0 255.255.248.0
next
edit "FB8"
set uuid 0e1d7574-ba87-51e8-4bf8-823faa597d3f
set subnet 31.13.64.0 255.255.192.0
next
edit "FB9"
set uuid 0e1de0f4-ba87-51e8-f15a-dd123ede3b62
set subnet 23.67.246.0 255.255.255.0
next
edit "akamai-subnet-23.74.8"
set uuid 0e1e6164-ba87-51e8-c131-6b5214ee7e3a
set subnet 23.74.8.0 255.255.255.0
next
edit "akamai-subnet-23.74.9"
set uuid 0e1ee51c-ba87-51e8-66bf-b3b638a53d9e
set subnet 23.74.9.0 255.255.255.0
next
edit "external.fcgr1-1.fna.fbcdn.net"
set uuid 0e1f7a86-ba87-51e8-7906-2a76f1c80131
set type fqdn
set fqdn "external.fcgr1-1.fna.fbcdn.net"
next
edit "scontent.xx.fbcdn.net"
set uuid 0e202b70-ba87-51e8-5686-016975157759
set type fqdn
set fqdn "scontent.xx.fbcdn.net"
next
edit "akamaihd.net"
set uuid 139ef8a6-ba87-51e8-42d3-cf146a687c91
set type fqdn
set fqdn "akamaihd.net"
next
edit "channel-proxy-06-frc1.facebook.com"
set uuid 139f42b6-ba87-51e8-58f4-4fe29f495032
set type fqdn
set fqdn "channel-proxy-06-frc1.facebook.com"
next
edit "code.jquery.com"
set uuid 139f99d2-ba87-51e8-16f7-aee7fa44fab0
set type fqdn
set fqdn "code.jquery.com"
next
edit "connect.facebook.com"
set uuid 139ffd82-ba87-51e8-39f0-6778b0014bb0
set type fqdn
set fqdn "connect.facebook.com"
next
edit "fbcdn-photos-c-a.akamaihd.net"
set uuid 13a0a2a0-ba87-51e8-e484-edbdda377f21
set type fqdn
set fqdn "fbcdn-photos-c-a.akamaihd.net"
next
edit "fbcdn-profile-a.akamaihd.net"
set uuid 13a15ace-ba87-51e8-41e1-80c3a8c35a3b
set type fqdn
set fqdn "fbcdn-profile-a.akamaihd.net"
next
edit "fbexternal-a.akamaihd.net"
set uuid 19d0fcce-ba87-51e8-42d8-47edb5f30a5f
set type fqdn
set fqdn "fbexternal-a.akamaihd.net"
next
edit "fbstatic-a.akamaihd.net"
set uuid 19d1418e-ba87-51e8-11a5-7946ea0ad950
set type fqdn
set fqdn "fbstatic-a.akamaihd.net"
next
edit "m.facebook.com"
set uuid 19d18306-ba87-51e8-1dac-af9e9ffd31f2
set type fqdn
set fqdn "m.facebook.com"
next
edit "ogp.me"
set uuid 19d1cffa-ba87-51e8-49e5-12281de1d988
set type fqdn
set fqdn "ogp.me"
next
edit "s-static.ak.facebook.com"
set uuid 19d26a8c-ba87-51e8-484e-aed156c2b1ff
set type fqdn
set fqdn "s-static.ak.facebook.com"
next
edit "static.ak.facebook.com"
set uuid 19d30564-ba87-51e8-79b1-efef2f11a4a8
set type fqdn
set fqdn "static.ak.facebook.com"
next
edit "static.ak.fbcdn.com"
set uuid 19d39c40-ba87-51e8-ba7b-ae29045c200e
set type fqdn
set fqdn "static.ak.fbcdn.com"
next
edit "www.facebook.com"
set uuid 19d4cc32-ba87-51e8-36aa-604e2ac0b91b
set type fqdn
set fqdn "www.facebook.com"
next
edit "edge-star-shv-02-gru2.facebook.com"
set uuid 1fe2ab9e-ba87-51e8-ff2d-c51b566f4851
set type fqdn
set fqdn "edge-star-shv-02-gru2.facebook.com"
next
edit "edge-star-mini-shv-01-gru2.facebook.com"
set uuid 1fe2fc8e-ba87-51e8-f7cb-69d83cc067f8
set type fqdn
set fqdn "edge-star-mini-shv-01-gru2.facebook.com"
next
edit "yv-in-f94.1e100.net"
set uuid 1fe37286-ba87-51e8-17cb-414e75928324
set type fqdn
set fqdn "yv-in-f94.1e100.net"
next
edit "star-mini.c10r.facebook.com"
set uuid 1fe41132-ba87-51e8-cadc-6a2b8eefd622
set type fqdn
set fqdn "star-mini.c10r.facebook.com"
next
edit "scontent.fplu3-1.fna.fbcdn.net"
set uuid 1fe4b9a2-ba87-51e8-4b5f-6295be4a9e0e
set type fqdn
set fqdn "scontent.fplu3-1.fna.fbcdn.net"
next
edit "static.ak.fbcdn.net"
set uuid 1fe55722-ba87-51e8-85cb-73052cb09d02
set type fqdn
set fqdn "static.ak.fbcdn.net"
next
edit "static.xx.fbcdn.net"
set uuid 1fe5e548-ba87-51e8-3a49-cdbb329472bd
set type fqdn
set fqdn "static.xx.fbcdn.net"
next
edit "staticxx.facebook.com"
set uuid 1fe68f20-ba87-51e8-bc96-4ef0e69040fb
set type fqdn
set fqdn "staticxx.facebook.com"
next
edit "scontent.xx.fplu3-1.fna.fbcdn.net1"
set uuid 28c656e8-ba87-51e8-e0d3-d86f243bfc04
set subnet 157.240.12.16 255.255.255.255
next
edit "z-m.c10r.facebook.com"
set uuid 28c6ac2e-ba87-51e8-b021-228c4ee09b6c
set type fqdn
set fqdn "z-m.c10r.facebook.com"
next
edit "z-m.c10r.facebook.com1"
set uuid 28c70296-ba87-51e8-e891-63926418fbc8
set subnet 157.240.12.36 255.255.255.255
next
edit "scontent.fplu4-1.fna.fbcdn.net"
set uuid 28c7d626-ba87-51e8-c9b5-69c1622d2421
set type fqdn
set fqdn "scontent.fplu4-1.fna.fbcdn.net"
next
edit "e7279.dsce9.akamaiedge.net"
set uuid 28c883be-ba87-51e8-b9eb-5d4ea0a15b7d
set type fqdn
set fqdn "e7279.dsce9.akamaiedge.net"
next
edit "cb-in-f113.1e100.net"
set uuid 28c9247c-ba87-51e8-9bde-3ad42d1d0f38
set type fqdn
set fqdn "cb-in-f113.1e100.net"
next
set uuid 28c9b806-ba87-51e8-7c5c-fec3194782c9
set type fqdn
next
set uuid 28ca49ce-ba87-51e8-be55-ebecce885ec8
set type fqdn
set fqdn "ce-in-f139.1e100.net"
next
set uuid 28cad984-ba87-51e8-0af2-ab4b061be440
set type fqdn
next
edit "ce-in-f139.1e100.net"
set uuid 28cb698a-ba87-51e8-865b-57018a0840da
set type fqdn
next
edit "ce-in-f188.1e100.net"
set uuid 28cbfc7e-ba87-51e8-6e47-cba64f0e0966
set type fqdn
next
edit "eze03s05-in-f4.1e100.net"
set uuid 28cc94fe-ba87-51e8-95e5-c1d4bc41aed5
set type fqdn
set fqdn "eze03s05-in-f4.1e100.net"
next
edit "eze03s16-in-f12.1e100.net"
set uuid 30a0ddd4-ba87-51e8-064f-2bedc8818c95
set type fqdn
set fqdn "eze03s16-in-f12.1e100.net"
next
edit "47-courier.push.apple.com"
set uuid 30a12528-ba87-51e8-d9b7-558bb6cd1cb8
set type fqdn
set fqdn "47-courier.push.apple.com"
next
edit "A-mia07s48-in-f14.1e100.net"
set uuid 30a16cae-ba87-51e8-62e8-456d729711d2
set type fqdn
set fqdn "mia07s48-in-f14.1e100.net"
next
set uuid 30a1cf64-ba87-51e8-de7c-f3318e3a9ec9
set type fqdn
next
set uuid 30a26bea-ba87-51e8-f134-a08bcb689c4a
set type fqdn
next
edit "apis.google.com"
set uuid 30a2fa9c-ba87-51e8-bfb1-084f4b67dbda
set type fqdn
set fqdn "apis.google.com"
next
edit "edge-star-mini-shv-02-gru2.facebook.com"
set uuid 30a39fe2-ba87-51e8-7793-c1f36d577c3e
set type fqdn
set fqdn "edge-star-mini-shv-02-gru2.facebook.com"
next
edit "edge-z-m-mini-shv-02-gru2.facebook.com"
set uuid 30a45f22-ba87-51e8-6c95-12a8633b388b
set type fqdn
set fqdn "edge-z-m-mini-shv-02-gru2.facebook.com"
next
edit "xx-fbcdn-shv-02-gru2.fbcdn.net"
set uuid 30a51b6a-ba87-51e8-6185-830b876476fc
set type fqdn
set fqdn "xx-fbcdn-shv-02-gru2.fbcdn.net"
next
edit "31-courier.push.apple.com"
set uuid 30a5c0b0-ba87-51e8-8b18-b3487a1f5301
set type fqdn
set fqdn "47-courier.push.apple.com"
next
edit "fqdn-auth.gfx.ms"
set uuid cff047e4-ba87-51e8-071e-b3fa1b3514f6
set type fqdn
set fqdn "auth.gfx.ms"
next
edit "dmz1-range"
set uuid 8ef44788-ba99-51e8-0c5f-029b841dcd8b
set associated-interface "port4"
set subnet 192.168.10.0 255.255.255.0
next
edit "FortiSandbox"
set uuid a549bffc-c0fe-51e8-9d2c-94a598333a3f
set subnet 192.168.1.7 255.255.255.255
next
edit "FML-SRV"
set uuid 0ecb9f90-d0ae-51e8-c9d0-a181734a8443
set subnet 192.168.1.5 255.255.255.255
next
edit "FML-GW"
set uuid 0ecc0dd6-d0ae-51e8-16fd-f4ba693363de
set subnet 192.168.10.4 255.255.255.255
next
edit "FGT01 – FGT02_local_subnet_1"
set uuid 7890f948-d176-51e8-d982-2c8ee3f8cf4a
set allow-routing enable
set subnet 192.168.1.0 255.255.255.0
next
edit "FGT01 – FGT02_remote_subnet_1"
set uuid 78afffe6-d176-51e8-28df-26a5c1623266
set subnet 192.168.20.0 255.255.255.0
next
edit "FGT01-Tunnel-Interface"
set uuid 2d94feae-d17a-51e8-0f03-58425a1eea1c
set subnet 10.10.10.1 255.255.255.255
next
edit "FGT02-Tunnel-Interface"
set uuid 40c50168-d17a-51e8-62f7-6bf7c1e919c7
set subnet 10.10.10.2 255.255.255.255
next
edit "FortiAnalyzer"
set uuid 28f24348-d17f-51e8-7357-5b1b66cbf64d
set subnet 192.168.1.6 255.255.255.255
next
end
config firewall multicast-address
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
edit "all_hosts"
set end-ip 224.0.0.1
next
edit "all_routers"
next
edit "Bonjour"
set end-ip 224.0.0.251
next
edit "EIGRP"
set end-ip 224.0.0.10
next
edit "OSPF"
next
end
config firewall address6
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid 33a1619a-a328-51e4-a97d-1c8aee71a9d4
set ip6 fdff:ffff::/120
next
edit "all"
set uuid 34b677aa-a328-51e4-5553-4b032b36d3cd
next
edit "none"
set uuid 34b68240-a328-51e4-f042-07c56bfb64c7
set ip6 ::/128
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall addrgrp
edit "Facebook_auth"
set uuid 5d96fb7a-ba87-51e8-b4d1-75749a582cb4
set member "31-courier.push.apple.com" "47-courier.push.apple.com" "A-
mia07s48-in-f14.1e100.net" "A-mia07s48-in-f3.1e100.net" "A-mia07s48-in-
f5.1e100.net" "akamai-subnet-23.74.8" "akamai-subnet-23.74.9" "akamaihd.net"
"apis.google.com" "cb-in-f113.1e100.net" "cb-in-f138.1e100.net" "cb-in-
f139.1e100.net" "cb-in-f95.1e100.net" "ce-in-f139.1e100.net" "ce-in-f188.1e100.net"
"channel-proxy-06-frc1.facebook.com" "code.jquery.com" "connect.facebook.com"
"e7279.dsce9.akamaiedge.net" "edge-star-mini-shv-01-gru2.facebook.com" "edge-star-
mini-shv-02-gru2.facebook.com" "edge-z-m-mini-shv-02-gru2.facebook.com"
"external.fcgr1-1.fna.fbcdn.net" "eze03s05-in-f4.1e100.net" "eze03s16-in-
f12.1e100.net" "FB0" "FB1" "FB2" "FB3" "FB4" "FB5" "FB6" "FB7" "FB8" "FB9" "fbcdn-
photos-c-a.akamaihd.net" "fbcdn-profile-a.akamaihd.net" "fbexternal-a.akamaihd.net"
"fbstatic-a.akamaihd.net" "s-static.ak.facebook.com" "scontent.fplu3-
1.fna.fbcdn.net" "scontent.fplu4-1.fna.fbcdn.net" "scontent.xx.fbcdn.net"
"scontent.xx.fplu3-1.fna.fbcdn.net1" "star-mini.c10r.facebook.com"
"static.ak.facebook.com" "static.ak.fbcdn.com" "fqdn-auth.gfx.ms"
"static.ak.fbcdn.net" "static.xx.fbcdn.net" "staticxx.facebook.com"
"www.facebook.com" "xx-fbcdn-shv-02-gru2.fbcdn.net" "yv-in-f94.1e100.net" "z-
m.c10r.facebook.com" "z-m.c10r.facebook.com1"
next
edit "FGT01 – FGT02_local"
set uuid 78a1b8c8-d176-51e8-931c-a3518c9a21cb
set member "FGT01 – FGT02_local_subnet_1"
set comment "VPN: FGT01 – FGT02 (Created by VPN wizard)"
next
edit "FGT01 – FGT02_remote"
set uuid 78bc9990-d176-51e8-f925-168ba95134c9
set member "FGT01 – FGT02_remote_subnet_1"
next
end
config firewall wildcard-fqdn custom
edit "adobe"
set uuid 33a23b42-a328-51e4-b2b6-3b0fd8a3ab94
set wildcard-fqdn "*.adobe.com"
next
edit "Adobe Login"
set uuid 33a23c82-a328-51e4-92d6-a3ba7d6d8c89
set wildcard-fqdn "*.adobelogin.com"
next
edit "android"
set uuid 33a23d90-a328-51e4-c76b-650dc80e9c45
set wildcard-fqdn "*.android.com"
next
edit "apple"
set uuid 33a23e9e-a328-51e4-d466-3dd7dc36c358
set wildcard-fqdn "*.apple.com"
next
edit "appstore"
set uuid 33a23fac-a328-51e4-7763-428cbce0cf42
set wildcard-fqdn "*.appstore.com"
next
edit "auth.gfx.ms"
set uuid 33a240e2-a328-51e4-6993-f46d55d80484
set wildcard-fqdn "*.auth.gfx.ms"
next
edit "citrix"
set uuid 33a24286-a328-51e4-648c-5c5bab2e80f3
set wildcard-fqdn "*.citrixonline.com"
next
edit "dropbox.com"
set uuid 33a24416-a328-51e4-6c1e-f8b207c152a4
set wildcard-fqdn "*.dropbox.com"
next
edit "eease"
set uuid 33a24542-a328-51e4-c2dd-6a74462f569e
set wildcard-fqdn "*.eease.com"
next
edit "firefox update server"
set uuid 33a24664-a328-51e4-5b2f-d2e339aae542
set wildcard-fqdn "aus*.mozilla.org"
next
edit "fortinet"
set uuid 33a24786-a328-51e4-ffe5-b82be3851829
set wildcard-fqdn "*.fortinet.com"
next
edit "googleapis.com"
set uuid 33a248bc-a328-51e4-e471-7ba6a9d4f24f
set wildcard-fqdn "*.googleapis.com"
next
edit "google-drive"
set uuid 33a249e8-a328-51e4-6fcd-750c46a3e2bc
set wildcard-fqdn "*drive.google.com"
next
edit "google-play2"
set uuid 33a24b0a-a328-51e4-d0ad-bfbd13b01b77
set wildcard-fqdn "*.ggpht.com"
next
edit "google-play3"
set uuid 33a24c2c-a328-51e4-cd51-15191ef6f989
set wildcard-fqdn "*.books.google.com"
next
edit "Gotomeeting"
set uuid 33a24dd0-a328-51e4-e55a-676170ad8178
set wildcard-fqdn "*.gotomeeting.com"
next
edit "icloud"
set uuid 33a25014-a328-51e4-c426-8a6c8f03bf9e
set wildcard-fqdn "*.icloud.com"
next
edit "itunes"
set uuid 33a2515e-a328-51e4-f0cf-84b4b5af7b92
set wildcard-fqdn "*itunes.apple.com"
next
edit "microsoft"
set uuid 33a2526c-a328-51e4-27a5-4c3502350fa0
set wildcard-fqdn "*.microsoft.com"
next
edit "skype"
set uuid 33a25384-a328-51e4-3c82-0b5c779bee4c
set wildcard-fqdn "*.messenger.live.com"
next
edit "softwareupdate.vmware.com"
set uuid 33a25492-a328-51e4-a57e-465a873a7c18
set wildcard-fqdn "*.softwareupdate.vmware.com"
next
edit "verisign"
set uuid 33a255aa-a328-51e4-4c95-c225be3e4395
set wildcard-fqdn "*.verisign.com"
next
edit "Windows update 2"
set uuid 33a256b8-a328-51e4-a82c-0e9966741da8
set wildcard-fqdn "*.windowsupdate.com"
next
edit "live.com"
set uuid 33a257d0-a328-51e4-55d8-65d4d5bfb92d
set wildcard-fqdn "*.live.com"
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set protocol IP
next
edit "ESP"
set protocol IP
next
edit "AOL"
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
next
edit "DNS"
set udp-portrange 53
next
edit "FINGER"
next
edit "FTP"
set category "File Access"
next
edit "FTP_GET"
next
edit "FTP_PUT"
next
edit "GOPHER"
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
next
edit "HTTP"
set category "Web Access"
next
edit "HTTPS"
set category "Web Access"
next
edit "IKE"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
next
edit "IMAPS"
next
edit "Internet-Locator-Service"
next
edit "IRC"
next
edit "L2TP"
next
edit "LDAP"
set category "Authentication"
next
edit "NetMeeting"
next
edit "NFS"
next
edit "NNTP"
next
edit "NTP"
next
edit "OSPF"
set protocol IP
next
edit "PC-Anywhere"
set category "Remote Access"
next
edit "PING"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
next
edit "DCE-RPC"
next
edit "POP3"
next
edit "POP3S"
next
edit "PPTP"
next
edit "QUAKE"
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
next
edit "REXEC"
next
edit "RIP"
next
edit "RLOGIN"
set tcp-portrange 513:512-1023
next
edit "RSH"
set tcp-portrange 514:512-1023
next
edit "SCCP"
next
edit "SIP"
next
edit "SIP-MSNmessenger"
next
edit "SAMBA"
next
edit "SMTP"
next
edit "SMTPS"
next
edit "SNMP"
next
edit "SSH"
next
edit "SYSLOG"
next
edit "TALK"
next
edit "TELNET"
next
edit "TFTP"
next
edit "MGCP"
next
edit "UUCP"
next
edit "VDOLIVE"
next
edit "WAIS"
next
edit "WINFRAME"
next
edit "X-WINDOWS"
next
edit "PING6"
set protocol ICMP6
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
next
edit "MYSQL"
next
edit "RDP"
next
edit "VNC"
next
edit "DHCP6"
next
edit "SQUID"
next
edit "SOCKS"
next
edit "WINS"
next
edit "RADIUS"
next
edit "RADIUS-OLD"
next
edit "CVSPSERVER"
next
edit "AFS3"
next
edit "TRACEROUTE"
next
edit "RTSP"
set tcp-portrange 554 7070 8554
next
edit "MMS"
next
edit "KERBEROS"
next
edit "LDAP_UDP"
next
edit "SMB"
next
edit "NONE"
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
edit "FSA OFTP"
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config ips sensor
edit "default"
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "sniffer-profile"
set comment "Monitor IPS attacks."
config entries
edit 1
next
end
next
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config entries
edit 1
next
end
next
edit "all_default"
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity
vulnerabilities"
set block-malicious-url enable
config entries
edit 1
set status enable
set action block
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set priority medium
next
edit "low-priority"
set priority low
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
next
edit "shared-1M-pipe"
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit "default"
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
set comment "Monitor all applications."
unset options
config entries
edit 1
set action pass
next
end
next
edit "wifi-default"
set deep-app-inspection disable
config entries
edit 1
set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 30 31
set action pass
set log disable
next
end
next
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set file-type exe
next
edit "elf"
set file-type elf
next
edit "hta"
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "default"
set comment "Default sensor."
next
set comment "Log a summary of email and web traffic."
set flow-based enable
set summary-proto smtp pop3 imap http-get http-post
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
edit "Entrust_Root_Certification_Authority_-_G2"
set ca "-----BEGIN CERTIFICATE-----
MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----"
set range global
set source fortiguard
next
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set password ENC
DcSIZtJgRldg3Z/agpeHWIm+w8uwc3AghIwLWvc98CBVrQlvJ3FOY8qoJHIeYM+TS64Is8IZmPshhQRv404
S+dlsxGgA2wVKwVzr6LvF2DIHCDczlB1ddluOwL5EoRPSy01+acHFjjUCYcUYdV9Lm+dyokeTiTA8OSxDiC
HMHwo0xscw4PYB5fdQd2OZddx0wYNMcA==
set comments "This is the default CA certificate the SSL Inspection will
use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFFDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQItPyRkDWdpB8CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNgiv6scMIzOBIIEwAx7weNCaf1T
lU6CN2P4bWiQLoEc1cpaKLYCl4UI+6H94Yl0XVJW5a3fNxKeaevvrz1IPpxEaFTT
NW+z2ooMEzyqBTKHWab8B2ItMSeGDf9ciOXa6uAZtuQVRlrdhUDA9mSOuOvrt/I+
LdNUgwX7rJrEJPWELSkM0MR88qPRrAc/m6Ec4ObCygqbdUjoWDFsQ5G7DR3Afg3Q
kv0zEApiAelMyxRCl1F326GnmQQguOI7QMO+W52sgWlqUbNK9Kh4BMMYQhNBb8hd
mjmeKmigYxTtGV26igcwpgxCDdPTPOrBMJi+l3z+XWswjwPnKq2hk8upaTnziTrS
jpQj/jfPb70aG/9etuQoMhGrZxzGvBib9WsZTDoNuRPUrfHE4322DGl3k5fZqoRJ
aXGC+MjMCxTpD9LPqO6ST6pxyp2HEEDkOSlILDm8XfZPFwp3hGu730TPp3MBr8dh
IbmJWYKcyRz3td3jiwhnPA+gw5LIPDPHgd5aaqVjHOJcVxPPNLLxjrNCZPvHPeHt
5qqNfm7TN2nLApEE6HpZ3/zZQN5Hfw/3ZFqBEPKvjuo1SheM3Wh5InuhpamxsmCH
uCeADaUzo9B4AsWtW+sXb5KwZ/gjiKsLSZ6lr3zAYNKIDKJFyKZD8aTho2Eqr30W
XHqPLXHTiH18p0GE/MUm0biJmRGWIyJesvb/P/cuiQYzeUWAPTyj7kAhitvCZTsE
uimzewS5hpYPXl3INp7Rw4DZEOJdBbho/ZeBDTX9F8F9+rkCUfoFBjcGTLbkqTaV
bAx3ed5LWfiRvJ+ug1iwBcUXjGqCZHGL5qeslEwXt7IcHhJWAp8wt26b12eGpCL4
84YHGPwXPfo+YtU9J/6S/wxPFGi1oVUp3iFrBh+elDycQvQ1Hdil8KjTTooMaubC
PFnlFwi5PW0Q8fJUv+mHMCejdMwLfB7TbKLOfsm/P8MSOkX+jFTxSAz9rifp33HX
bABxy8lMBPAVUydqNT0UC6bIxz3YFL2xx9eP8JioB+GFoMvAGHELg1kSVSgpjFox
7p1uzflwka2ZKybOsS2WUkrHS/6LYBC2jMdI1BAwbfguoNRhh6ulcagQXGLC8DoB
4yQS1CU5xjTIl5UBJt76SYiowfHWH/4KaBpp+UBwBykWa2ElKv7vjP4CfX6VII4R
XbYtDj2zvoKT9Ud58VIMMlHlTnUO+3hmPslimUJyOEqgcS3o08ZVM1aeAG3+07Ij
znS7SwEPW+GxBPTRT6CCjPY+R9v0Sye8nPS+eqeDALU1vPSNL520yERgTXXR62ci
4c1UDHIi3q9I3g8vuAbOUBR2NS9ukp9MC2duLDaUc1kK2ipbWGMX2qCNmYXoZBBv
GFIU8pfm920koUSiJ+11mGJEhKHlvDFvzBpgbZXQQ+cU+5J2KYT5bA1aj/CMoASa
ZOdhfUuDqbVngP3qSB6ZMiUTnuwmZwBhhuVMoO+gl1awmPpFUsy5ao1VS9T0VQf3
/u0SNdQTyv9gE0/Sd3nmhSAtSMN7sbnk0waX0rpkp1JQ+RCshfDgOAd7It8jVd8Q
qb1vdcUV4pWdONIQIk3VLwy5q9HG9BKwkuO8dPP4Blxz3XjhlU0akolDJAwsvG0G
HuoK+/H18v8=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID5jCCAs6gAwIBAgIIKPluk66PolUwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxGTAXBgNVBAMMEEZHVk0wMTAwMDAxNTI2NTYxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tMB4XDTE4MDkyODIzMjQwN1oXDTI4MDkyODIzMjQw
N1owgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk0wMTAwMDAxNTI2NTYxIzAhBgkq
hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAueO6gx24SzbkuPs99vm+M6bVCSgIeXlsDmof3CmQvu+Q
rkmvNDcYIAhnrJb1umucfHekxSCYtkHkIyS+AOmw0ckhUDeUdeT+z/V4WTi0a/yT
/rfYsEtepqvw6Lr1L+2R696k4rjmK5wyP9XcdqP6QeacmWICMJX9+92a/sgZCR4U
mCii/lwQkXC0oy1oD8roseFlyqT/Nc4lEaib5yjfmFsLxCMYU6SDkikom3Ycibil
6woKWlpgs4EFzEnwtXSsIaYcKdD0ir8rtDpkS4LDS4D/ndxbz5aqlYuND3CB3L5J
AA0jbr9ODQTTuwXYq0gQr/EMBd/BXStGjgwmPhC2bwIDAQABoxAwDjAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC1TH/Aa4kdNyFUK8e0zOQOeiqqMhN9
szmv2AozmBasQd5UfpqrOcp4+Rl22dmGxj1tNm7gGjAhPgsSuNXb+PrEVppmma1V
FFOdvwTO7qN7pJ0WyRNNTfS0AjEIghOC8q+oFL5yz0qgd6cjKniHkQbCp1/JbmZQ
0urMgm9vlZJ445uEvOzWUqtYDLNLwQ4DQf1vyax4TmSsWndRMCRIGSKT2tXCfr4i
4hcibr4uihHNCdR2FHNlD5qA88z5a1TeQm2uirsbM1AyYNtN70+TLmlrwBZ+BR3d
8dSorQkLnExU+sYZi+5Is8dYrFmDo76b1OfqSAUiKxErNkalZnplN7O8
set range global
set source factory
set last-updated 1422035378
next
edit "Fortinet_CA_Untrusted"
set password ENC
c3ZnR4yng2fqEL9+pk3awV/UWTzGKF6HmP69KWHmzWoLf6r7c5xkqMN68q0lI2uQy19mCBPF7ue7KFLT4xV
eRxhUun8r5LBpPU201hanKQy52yUoHyjwnVLHhjhiJCrV6RBa1te5bgyT2kne/9lvjX1K3QqMpVq8+nuZ1X
grBfDul5+wngwaRTtR04UPQyAi3/B3Kg==
set comments "This is the default CA certificate the SSL Inspection will
use when generating new server certificates."
MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIroY83SmGtpYCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIrtIRQ3yWGzBIIBYMfL9BjwrIau
EH1ts4EJY9cjHcaiDh4b1NxxPA3AqyhIMB3Bsprzg+fbZk/4tuyd3q6/Av2EG6KA
2h+/e7voSzK30Btbwsa1Z77M8/jG4e0dC/xdVPmDooXhmbZYRAsULux52UAvgobv
t0LlpOedomrZj7giu7ONMbKSqC44N/v6LvE10n2mZrGxtjAt4ppe/8HIW+MUxSiw
n8ln6pwXHgjI/Sv512uAPacdGnRkYkP8S6pr1rf8N726aQO8g0X/BhpTiQpBumRs
Irx5sADPpAdjPSlwe5olKKddZzqspOmQDDv6Qrow0/4ErIo/ROcoc+DJr2NT80oc
Wa2RcjxaeajK5N9RWftKbU5uwbipeWwdA8tOauPMY0O6w7VB8PnzLFbhk69hWm0s
OfZSvBnFhYSu5ZvIyepXdcmDj0bIf2c5kKCvkxPYpkfEtREbps0bWSPnM+TIjRfO
pxG6CcMjNXo=
MIICZjCCAhCgAwIBAgIIdTQT+P1btmgwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTUwMTIzMTc0OTM4WhcNMjUwMTIz
MTc0OTM4WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG
SIb3DQEBAQUAA0sAMEgCQQCqiA6Pw8A7foOW+1r4ETu+pTMO/rQQYBmYJ9uWRQaN
si7YvNPSrzAvLb2UYcBVZeuAz/VGz4D+BRIu2GEr1aOvAgMBAAGjEDAOMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCptnsIaqz7UHmm4kNtjfO5lRKnhqSX
prAC0WvPt4MFxWKb2/V8ww3iBm3SvdM7J8osRuaQxIAe0CA95l48ld0h
set range global
set source factory
next
edit "Fortinet_SSL"
set password ENC
/R/2Eg8YnWQ1r+KrmucPGWASjXzogjesp7VpzDJ91qbUgQzNOylIQVI/CFfjRSrI4OjYGBU9MHhUlZtyxpY
5IrnVrxxyKpb9L1TWY8zRuoEowHxHtTlXhuemsV10Hlm6xOsiMF01etogZN89HFkmsQI1GQ8qzh98jMbxZg
ZLVvjPj9DwQMWd5UxyS3sMsmYp/RK6Ug==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJtMM2QTpmVgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKaeI6AbxCgABIIEyPebr6YFhzgn
TkpuhdBQwUqd1PP88fkc6j2heeJOSND95UN6crUSn4tCYiwiibBO5TV8t4/zGqJ0
o/SxBIuMtE/68Fr9XrnF5aeADM2xwPSWDT1xWrnh5y9sSgMWWTAZAxCWS7+pSehD
x1tY7sXNFLLYevFclKbfDc7DOCucV73RFxaqgeXCwTRNjOrJtP6230/4Gy385cdN
ASD8jlhiijJyrGB7NEZHgH0GhuBoz+4glBk5vWzPsAzBj0SYZj9V5xYiNQ84Xv57
4XITxbP2IPT/HWWs2AH2ZXvsweQGQylqM4K99TOPAzxRt2hGwfkYDrWGJejpkTA4
x4hURvfOS8JNK8FBhOC1Ljb66Bq9KzX/4sCKGtxGNG+GZe850W3Hp6pUbwX4DP/M
c4Xvw6FFwMdD5/XD5a2Xd/ekhHm1I19j9+itv9SrW22kjVL+VUg86erVW7syVlgH
oqqCBlMdZxFLMrkdvOOnlAKrP44C3e2id8leRJXdTCRLQ/+vtNXn53/koPPoBKuW
DUzuDiH3pZ8x4On1G++7/3QLF4+5L2npOQ9LmgrWo6Zd9HD0ObLfoA/O5cjg8FKw
y7Hr3aIu9qsfA3G9yVphSU+HjA5uUzH4SiFDGjnis9mlqsyKymjdYgadjs2TAN2e
E+I0aqEbwdfqE0tNvDVaAWuPqwJek5mXRwsrMuyVGGMjSH0Bai9LoQJQez3EjUuC
2qHDGeh2QOETS9LW0iWPS71Izax3F/9VJ0IBj1XgswEGdyATbbml7VOEVSkrRRhm
4Wyf9+zko2rRTLQOCRejsHwc4vHPXDDF72eK1HaJKEQ3bbObxQZMiA/42g/UAtIf
QlEIShpHlfMbEnTg0ZVnCVmmftGuW/hxkRWhzm2bNsHkTShqM7t6anOk2Kz2o5MM
Kmm9xbmAlLVGjVy45tLF9UrSbR+QPwdwhabubJRktH4uBrY5dgh1J9i4LxHn+DoO
JwHENGOGo00VXQW1oDsZ51xwJkawpLZdv4JjYoHZ8VFe93Ke03GMMlOjDo6LMQ6y
BZmE/thFMP55QVnu9aCD7tujQntKKNF5bXvORxoa0+GW4IDyO/iiG4y7pYkM17G9
WPpncWPrca26EYwEG/RQPS9ntwCbCAMjOfApPPsQAi/NlxiYgnMte5B42JYzQePb
xQQT5+gKQ12Fyi8/C0qXQjMjP5y01E5UO6kQ/9U3eIctsDog54AwUytYo2z/naPk
A/nlYqduAnAbd/HCCgnfYZGtTBGoqc80AA8BGHTlihZmXWdCI9tQoDHjTwwQtTP0
cvrQjUDMBpM52n5WeevJEZzngQ8DHcpsw25kvSbTLdEgtc/qp8HQhKYZnzkgVYkJ
F0YDaZw0TxBroQF7+DR6Ybz1NowfUVoO7NOgMwudizBNpXf/v3rxT2lm47S1fK6R
axPQEKO29TS+b3I5Pz8+fZ8GJSwtCTabVCxtFVASy/rBAsw0fd4uEU+KkzneLc7D
JgdP2ffzjqEDZaYB3Xe073/vsWGjwuZTZi38/NLMz1XBdDLvCdvTuQ/STTWFHFDe
lO9UWH75BgAmkfBBToPDJLFJUM+wenHkQ02SwFsRRjUptvGJtbmS54egkTWKJ4NZ
AFXShNEQDTXiaY8VpauZPA==
MIIDyzCCArOgAwIBAgIIa7iapOy5NFAwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk0wMTAwMDAxNTI2NTYxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMB4XDTE4MDkyODIzMjQwOFoXDTI4MDkyODIzMjQwOFowgZ0xCzAJBgNV
ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPcFaD+hJnDh
upZKsxDlu03COoR0g907rT3B+b/mD1NqkmMdo85KmYH9AAmojSbTYgXZMuykPHOU
+C1CGzfuNyJvX4i2iOiotqh+SZB5QgPhxLz50BidS2QGDwwsckImlALgVwJ79Kvw
iEuwW2cO6i+4VHz2naryUKmOkf9XXw6Yitf6ThUeQac97s4Rx5g3P9kjKViadzpN
TAaLdYZ06yNOIo10O783xrXW9EOFwFGKa5GmyTazp1BiQwLT4oxbckGICu/QQfot
X/7NWlZQNffOvZBXn13NWdlxFM3jLltGWPmC3Q1ehfD228XZoxkA1NwGzwctrs99
IPMFslOqTwIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBD
hOH4zEL/nc4K++gcTBn57WyOD8w1/HVsosinRvCwKz+aU73+Zte33d3x8RI+xKE+
10/jz7PO9JgyDvedfzV7df6WQpDCEL/RVFyeeIiQTTYhxa8235wpmmCV+8Q1e0m4
SgYrzEoDaA7IRdxn4WFaFp8gcq3G3oyfPhFfAEFlvGWjt0tpTby1GQW7NsVfABGU
pY+Wg979MpBfK0apOG0YBLZ9mXuGEI2Reuo9YgMlfJ8hfh8oRjtWV8Kj7vHmbH6z
eywvHPLAzQXgyn2Hq4O32UKAauNd/TXDOQ+DDfJcBlHqmKKE+lz9sqZ7S7jAIXLS
qhM3dvkXvhs/XwrYzcZ4
set range global
set source factory
next
edit "Fortinet_SSL_RSA1024"
set password ENC
zw2wB/MKpeX3wyZ9ePa+uw6FuIXjmgtS+LoiP16C4ZS0Ru/ltPShRKQ9e8rTjVEaMX5vgL/Owehxbr10zSJ
fgFg+4DVXCWeUMPyCIZrllwrmIiIYbB19laN7PzpIsrax9zO8EmjDSTP9hXyLhbrIp9JPWzauLKdi//H+UU
OcPBFXPJEk9J5FDVZ/RNQG5rUeMxlgJQ==
MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0Ft4BcE07ykCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECARnWcZYuDHwBIICgGoalAI7JgF4
pNwUM5lhTrhxS4dnT2gjyvbtOrYoMZ5OCtBjRB7BwFmiAElFXfGP98rUBV2OSQml
eRLGqrn37a6vISDviIlDyM4s9aPb4mykM9wG0aFOJwggj44KWec1lBoVBmXpXHGG
N2CnBrkyJ/vka+ZWddKpp2GzFMhQ8YjtWhW0gpJkcMi09t+dxKzFippPg8nZBbrR
C7YBeqX2dX3jrm3vl0QC77loOQfzZKLnQOA5kZoyujwHh6Pac9v1odv7WkKTIoYa
DALVKHjAP1+qL682x+7OSTEnBNHdevTbGBamTAlFOfnM77+io1FQhc75i/l9nEsF
kY2X5NvbLLdHKrWSdLaHH71QA9l1Gi39R8IXgnAA1Acc9KkPQRYODuQrECNslMn7
y2HEU2TzjICTTAPqpQPGY3/prEgnmX2XAoJWdxlmFpz7bApyi9fMtvdlF7nwkZzr
GzEF9NObK6mALwKGT/r6TmNpkyKPLgve3fiEXuEsaUHyeROWEnArWln36EyrMkm2
myGen+CN62s0eYG+wNsLjjekE+dRRX8Z+2SCKHSFQVHCGqHnna+Pea99fO59VncD
mXbxftdeQV4DZJs0yJQptYh/xgcGhD4fI/3gwHKPlRWujc1BcrQZ87l/Z3fa8hu/
dsnZKVFQs9ARJ9J4zn20LSRIT8ux3m3CkfZkOZU8c5JShPxDK1aXJHUV4pZWtKWu
ngy5LOMGrUPiliU7WIvn6HQ8/NZ3+HHfZefUoceSJaE5b3NHVkL5hsFizSRGsh2O
z2eXl2GGolGcrtDU14yfghOfeQ5Wo5iKH9h9xkK0Hr0HCG+2Bos1AZAZUX9IR1we
tyC8bW2iJY0=
MIICxjCCAi+gAwIBAgIIBkAnHHlwedUwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
ZXQuY29tMB4XDTE4MDkyODIzMjQwOFoXDTI4MDkyODIzMjQwOFowgZ0xCzAJBgNV
ZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTNzVatKw3taIRNtAE
L547IM+p5+a1y3Wfb4Rf9QAOQldLgvFL4JdzmttJ1GjHHUHrGZj2cD4lI++uKjvu
8dfa3WZZuY1lvcXbBpHst77b+R8LJtjlRA8J3EvI7y9qf1EY9NmWztIYQgjg22ic
3dcgBCg8/1B4idFCIcavvZelvQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3
DQEBCwUAA4GBAMyX2HRmWrBgUzCVzjST4e/2Gv7GoQ+yRsyzI7YoMXdvvzAUDkSu
YVthbJd68X6C6OX/Kqfit6Dv4dEiA7VdylpECHIrd2yKXUoy/YIUnYwfR8kGI+18
EV6nM5v5ZCwuOOSP0xBq/Rt0GFvWw0fb9wAp50b2SPqsIVhVj0Zekoul
set range global
set source factory
next
edit "Fortinet_SSL_RSA2048"
set password ENC
gnAYeLHBvR6gVd2339iu5hl87sp1lRvHB9524w4D3DYNOZIP9yxnMJK/uOnYWdHPe1TBrD9fprnzj5xwCkh
ZGZISld644sJ6ROZaQfYVdDIe+lqIirukL+1rnR11So/KG1zZTrsXIJ4qfOl9wvNYPp7HygewOO70lxhn96
yVAkbUfnvWvNZ/XN7yjcz1cI2+xxHqpA==
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI/8IsbU+afm8CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBPy1YP6F5fWBIIEyDCVhGLTV93t
FhzFh1ladAJcBmNDtZx+YTHnu4gCfH0ywKVu9ATak38P7QHVd21snC+ea5HCNJeA
dfN4Zpw9TJAjjJl7FTh/7sZZvBPLHEv074WtxBRzGWW07wZb6/9x7E+XiLjuuG25
tkz+uxjXSNeApbBL2EsEOkCb2eGd4i18DfVm1qyHBbu59lCDHxk7ujsWsCJGWZH9
l/yTfQV/ZL0OQlCrLSjf64qF4wg0cqveVn26WLXm6cesIPgJmqL4mL91toyjvtQ2
GYWjZ/V0sbWZGuN+260rbmI6tCP4534dA/DTGjTz3TORlx2INb5dTioi03B+b7JR
nrXl7KuXZ3adN/CIAWwB5P3D3tbWRAhlQ0tLNLkASZCzQggJ1OT4NTCdoYEjd/cG
NxgV0kedQZO4DLZRA8xv3IPO3auv+ntlY76Ckw9N5MkIpOpGHyGPSzbZboBQACBs
piPpoglJ3dymA+qevu6JVqtos8jLfCXFps+FPf1IlYs+EBsVuwKAjYpQCDVro8gE
bsoqiVVvgmFlBZXCorO2qz6jH4rGEQuaqOzW04puQlWkiagB4aUHUHLVBKCFlcLm
ljDpMVTSCJAjolbI5pJ3XWZU/QgugO07uFjSTgwj50RwO9xJ519eN5+ZCsWDfhoh
rBS1cYsyohfDCYorIV7owUPHpeeTSxbZya1gy6ZzrKwIiFD2JRMNrAP/P4VOP4Hu
A6o1imDMAEPuUyd27W/DAKARsQGinhIuQlsnMKlGBPNpkY49brjvNYM/wijEWuVn
MbJ0w7xXQCeU5tRNQGqf7vagKCJIlHxau4lqhP5CFz9bj1+uPRUM1MByWVJOfKMk
uT5DdhvPRGLJkDFq50N7pxP4n3uy2xNGsknY580r5zwlh9VSYxH31Kzy6xXPHVzE
we2m5ge1K4ieA6oZJwQ4aPgja/fdb9SMrji+C7gOp8Eq+uooDSFXa1PwK3qPDs69
iUKx+JKZ+Uy5oPxtEyJS8CSGiCOR0PGMGuwCyNImB7VUaHG48F0onyqrAUHaRI0C
HbMxu9UvtfeyFZ/hrsf46UBkR0/cJFdc0hjsXIMjNRxH5chGMpiLyNVUZzgBOea5
6dV2k/Z/hiF6wnRNooR0NkFlSYNHwxhlR1DPqPHqTUiVCPadN9VGyw2rbs5xtbru
TlWzXBcsl2zFswh4Y+QBH03EW/kwBnIq5joQjOPd0jkEZg6LMy4FGd49ckzbNCQo
t//pZvE6ZPaPhFi/DRH3wkFBQRopLvpKqETkVThf198oaOCjWv8RXVLQj9b1XUj/
9kR+HvrZnIniG+w6qAfR/xUHD/qQdGGZ3NpRbk1VPIHWxm9aYt5RKN/WZIwr3cUR
gdIdmtI95QWQxNrubxSNU8aOHwoArv/IO6/r0tTwAdd90kpFxGBTr5Yl4dQjmfoP
hb8Mlf2Di1HyUR/VBj1H2eGdlFfh8WrT6152SMJhT7fPTbb9f6dVH+DCz6J64GWq
nZB9gjq9MnPcWO4EoqbDZv6Q/diTIKLyvKKXAfF63GUMc1rXyxlTqloQBcKcquCz
VgmaxBnyT2qXljNtzVeUi3AbDcw+i6bN5ZqwNS67/KSAvJ4wvGpo5hBxdkMRARO5
yf+4p93opWqXoCaO1SFH5w==
MIIDyzCCArOgAwIBAgIIXQKtdn95W0UwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
ZXQuY29tMB4XDTE4MDkyODIzMjQwOVoXDTI4MDkyODIzMjQwOVowgZ0xCzAJBgNV
ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCTPgoJGk1aV
ras07foEqPCnMaR5oGYZ2WFyMHsJ1vhBLgS/1ebY21AUsk4dG00Nm2Us6WUJg/Mp
aI7RemUSgSuWGxtlv8Hd89em8yx81ic7ckcxX/ReK9SgC+NJE4cyoTCAQdU0ke+s
WI6R5taA2WxbrYGf88iXyKwi23XCVOpHOaGaWN0wSzmmpX3DJwt/3PRlYDawIzeD
QLF9votPGT63BvQr1yTfyxU0eGEGJcXHGXI/+3fgnA+Kz1Ll7j0jb5b9pUR/vCbk
5ea3O8PF3dr113bbntRV/U6pAkn2QNXMbJFAKLGaenBUjXmMcT9D4Gn8S3Ehu4hL
RmEzMgYoeQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAm
lM4hmaHI9BkoE/Tsqx7uq6UIv71sbhdFVkLP24/+57w6bT3RiapY3wPUfHwNrO+M
OfhKnJ7IUe6Tc8+v7LXlTFk7D7wVa+KyiPi6P2alQt6anwfE5Zg1cGfbcD6j2QbE
Y2r4QFYA52ZZ/p0GpZVZC0un+Prn5nyJrCne+RO+k0uwr7pOarSnyvZ/M7Hx87r5
7rbnNJia7JrVgviLOu2/GlUO0hKkyoKT+OBfIUV7YdJT4vKiz6J9BhN/F/pqMoeS
MtYeKbXyiZCSP+do47gia1mOcR/hs7MAybGu5VbDjTTfEQjzSlDePGIE9Lpq8o6M
3qpFkJQ6HGIKaBGuoK2E
set range global
set source factory
next
edit "Fortinet_SSL_DSA1024"
set password ENC
jwKMvt9kLQQBMuSJ2CgQ59XE75Grog/jqZCiaOU/q3k4GJlKT2hAGIhRFGkgJnfwYWbSYVKlNn5OrWo726n
ZOwSSleFftRP/nEFrg0GsbOHwi2FaudYd0S75DcUnk/vMOl/JmPf3XyBgT3Ge8mk/TA//i8NwAnvJJarGLg
9iXi1EcdiYjkLzW4YmBTMS/b9PX7ACiQ==
MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQILfmIOGFyAlQCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOk/i4o5tgiuBIIBUDMgM/ob5GFo
FFPUSW4fR1ooQB8RGsQl9mRsYFLv/NufTZCHgqAJnNMtCD0Ct6Br7pGPjEo98dBu
YWwu/rW12FGJSwCANJJ1uranQf/FI6C6SNubRUZ0HetNt6W6BSFVHzKtwlYbYXMX
p9rnXvLIeNbuU6z7UL5ENJ/pSIMG/2IJYzBwn2x3r02BREDsnVtao7jUFYKW6xEZ
mupn+NXtDJvY8GMABM+sYZSUW66JDJTC1ic9KryhY/9PxVBv6aiqzbKlxK875Fl1
QrIGbIZWmz8Tnj4H9smc+swqpT5OMK8v5oT24Fyf7dhV99k3Y0lksXfNbiOosAjP
Ey1a/XZ4cemLSNmaogA08Ew7LMh/6EajWgmqZ7GgOlVrN6sIphyeEcDNusWu/wRH
92nar+eGRwxeEooar/RsYDlmfgsZpRxiVr1L1MiVtL2fp7lV+TASNQ==
MIIDiDCCA0agAwIBAgIIf85u1rUB95IwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
R1ZNMDEwMDAwMTUyNjU2MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
LmNvbTAeFw0xODA5MjgyMzI0MDlaFw0yODA5MjgyMzI0MDlaMIGdMQswCQYDVQQG
LmNvbTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCekICjkdrSY+i48IUKirK/sYM9
FiGCGCXMbYNBVmQ4TmLoQRhsakXLjIsR2HTlviXC53bjs2ISxdTx+mkZs4tJXLDG
rEg+lZATAHT9/JujylE8SiqqFNA0KvywqCMEnfDPrTuwpMTnTnYBbqM69qiwgVex
yYzIUw4bYeT3g0FEGQIVALJIP8bOWmLNJntNXtAigdY0lZJLAoGBAIlS1CihrVf4
X4UrBWeSJ4mOBmDobl9FRSRzZEijK2oFcqa3u3vvGAsY6XdS8BCU52pOHozYk1vb
dmG7zSxYTzLz8UnDalGr7QfRMP5++EtD8744nrJULaodbLqX8UuSiirh4cc0Z6Xg
0r2y26CQVoeXVoBZNrj/KFa9ZwxYxzm+A4GEAAKBgDb8jmVxTcwN62vt1SHXT9S/
cSMdLSjKcDSFA2C2WoqK7VHYvQ8EQ5zibucJU8eyLN6ITuydC8C5UyJgDYyuAvRD
5Wth6B9EdZRJRiQAweOpHxlbHmEYf0mvyfR8yxnWTErtCF9Y+SxLdquZ2YTHODGs
Yz4Ir/EzeoOqbiJf5h9bow0wCzAJBgNVHRMEAjAAMAsGCWCGSAFlAwQDAgMvADAs
AhR/RKoc6LwGAFWHIWbWikofYM+NiwIURgC7p2yg4ned5JKv5R/SsjwM0zU=
set range global
set source factory
next
edit "Fortinet_SSL_DSA2048"
set password ENC
uIa084cWefP/Ex7+StEz1rFXrnELHyyYjBAz4Kk3R+hHLbXXwRpgXTsNzWtMthWY40CaKnpfUGCG7AJnQ6Y
rma9Lo6XP72atvjyLn36xCFQs7OQA55kcHAc4k25G9rPtti51w+
+PXQ0Rvy3KN9g5ObTXcRY5P/MXs8acbIWgnuohVvw6PlgO9fQt7kgDqCVSVth3FA==
MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIUsm4nEQ96ksCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECN5VbQr54eBBBIICcO0TfiNHCgou
OXxqFJfOTvChnEpZyZsAyEDYvTZmSGRC3ywm94XTUeuKH3mR5BPdfWsfI7ZRI3T3
gBwo7QgxSuxZgG4wxAT568fcl0ossiyUOe1HapVMIXiSePVH+0KhK157bDgl/rCw
jQTGFtrL8PqXaX7/RiYFX89QWCz5q96fYmdxildMI9cJx3Mp7FUKBePAl0sDr3x5
xgHhcYc/4ETKvXu7gqCbdRu1ekKG1XtxWlO1BSSDeG3264wX8lHDsXWgWs0zKkjg
ogc3HazEytg3WMrWFkykY4WCvGTVVM8BK4fEcidSsILw2ECBF85/djun7hIeClOD
ntgM3pMQrkkgEsJHY3Row6YW1UIY809yCNpnDglmoftqGGlTQUerLEX96bkDOz+1
CJdtNflVgM7bFsPTdITPRmlXPppT66/IQ8mvNcYVa5bVkWqRllle6Hx/fEcnDZmj
pJFx3xYFKgoT388KHPHlNA46aY9DEAAUytDMYQ6KkfZDppJibK/vIoGpULJntKPU
8K2FbnEBAk2ut3UTvXTng91JDcYH/CTB9xaJK5QKEvSf9Qss0cULlG8XorILQcMo
NA2RyAW0lL0BZDOGGq9lL4e0Yys8HkgCPcSQBd7lXEHWvM0Jgp7HNwtrSV7Rscfa
IJJHTpVVg8WNYTqFEyzJG3MvDN1jk0n1JtrO9CsG6LhjokZzuvWUcsOgXkaIatpX
/hGtIu2td9bh0vcNikQgzIxOrCuwBhAM5Y/tr90YEPjIujomoODw3hw7FnXx4ZMu
W7zuOYtLJ9zkO9Vy1amBTGkM/HFJP5abABeTEXP/IesqrPwlKcCpYQ==
MIIFMTCCBNWgAwIBAgIIQAsWgDNTuvIwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
LmNvbTAeFw0xODA5MjgyMzI0MDlaFw0yODA5MjgyMzI0MDlaMIGdMQswCQYDVQQG
LmNvbTCCA0YwggI5BgcqhkjOOAQBMIICLAKCAQEAns0De/YG9fQIa/fWWGrRYc+l
DbYolLq8g8m5LP/9280fjPJMgAyrqD/ZVPBWQMM+X/OIXCMZmTCXZv0jh0iGJQkM
G499ABhff0Wa26+1luJJKLlsfKjYAgTA9zKaJ3sHQbbJ4bU9vWPd6/1g+/3ob5Vv
YZvZ45CQJMo5/zooqeCGh3tw2St18DSOWk7aSZbwqxTSal1jFsh9WMaNL1iY+GGg
knH0gWH4rWjvI6tEGfJpTRsviRw99Dd5NFkWtpscUwZLOFY6j5BSqibkZAlTfI7n
gXlmWJAQcsQ8/62Ml4D8En506N0lS5EEX8pbj+clt96w6pvazcBGtGT7amqV6QIh
AK1tzEBdZ7BJY7C89xSWRX3P2pRG+tXSQv7f6vXHq2lRAoIBABus/y9u/w3CyrRD
pd3v5h9LmpJzQdyC+0/b6NskCQUgJNYR2NFlnOVhl+8ET1E5XW61j4D1jrUaVPIl
974vqwbPIs784s+Ar7QQpjgrQHfk8tIaWPaWiFNAnwJ9VEiR/HsjJTgm5gdG9zPd
VZs4+zqnQyWqV3dhYEMA7GSNeXOvT09QAT/mjjQfopAF80zcj41bpKo3g0z7iS5d
ISL42E94WJ0uSd8dBevMl+7l+T5fhMTYsehwmkqpDWufySjiPSTr/feDtQWI4qpc
rSa3SmZYY3XQIVpTX2f1r/2MsP/aw02PPiV5BZlAjG7Y7ofmk+tXiIIsiRylZEs+
QBDWvnYDggEFAAKCAQAxE/KHR0mVnFT7Y60zWvnY8Mi4Xtzq1GFukgj41iXvtEdf
URcnxWS1obt8Vaw2OvW6hkntZ8teRt8ccgz6RIiZBzX8LPSke/0Aq4WrLNEojxeX
V2IDaepTLj5SeifGLJJ11iRwxXE8jrgVJBf1XJReRYQ1wHLZjsbH5N0jtPWqBPaS
fjTCQJwAUXLeoE5pJNAxSAbgIKql3ZPv/jajonLPksjEw6WrdvsWSN4MOjpJBRWo
AkOyemdSW+FOit9Bijf8kdPB4JUWEjiUghVWVBNfW0tXA1nQ9POjfGMDZnoaDmfH
4S1LOliXAvJrpXu6URahma7BFOsQ8zj2rnedWtSfow0wCzAJBgNVHRMEAjAAMAsG
CWCGSAFlAwQDAgNJADBGAiEApF0/GafthtaflZ3H1ifGJIqQnGfojDx75SLjZ+iH
8ZwCIQCqR+FTP78mifpeWWxSz77V2ZlrPFPSH8NDlUJSRf/H/g==
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA256"
set password ENC
hHEsU37QMBxaLiqBSnLXZNAVW+zE9gliqRFcutYenDv6GE5MQxBGjOg4dpJvdbHaECeJYGJ2WGxTuuq+smQ
RZvRydS6zg9UsijKtDQY6MFQDf8bB4TS8aI+xnsqM5mq1g4jfTKrTKd2Zo7c7302xxb25/0ajqNFr13LgIv
18pIYCi19QSyv2Qd3KKCOnv0OnwzCYyg==
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjmfvzV27qJbwICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQInKY20SBfj18EgZDAJthCF2ZvN1Uh
s+ijEdxDMuWfJZtICBsY2r7wmfKXRaedQ5AYbpuwg7buBDscNSPFVihGTXjxceCw
dzLlYltPyXQHkVYeSsDwnLqkiLQZKhCjpm4EOvepDR3H5NBWxKJHVjhkLadE8rDF
PW6r3AMZ7QAGqF2MMik3HM6lUPkBCrWI/cwFNqy4Z5ukx9oUTe4=
MIICPjCCAeWgAwIBAgIIQitY7NR1kqcwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
Vk0wMTAwMDAxNTI2NTYxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
Y29tMB4XDTE4MDkyODIzMjQwOVoXDTI4MDkyODIzMjQwOVowgZ0xCzAJBgNVBAYT
Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGUDIuBOPVHqA+31XxYe7X3VN
nsq6TxS0YTcOcSatvA9NZMmyamaHl6jcC6Cl2TOyh9lE3/eMYef8A7QNH1ZFr6MN
MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNHADBEAiB5A0xFvULAw4qxm5xgRgg2
VBB4hjmGeyZKYJBxXTgqEQIgP+HjBbifi8SwdqP2bYa1/viwCrNg9K2cygjY7X4t
5Rs=
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA384"
set password ENC
lpvGzyHepOpbO8uVksZw/T2OgiBUWqQNT0oiCGoJWJhcTkN8vzzNsWl6/zEUFnSYlyqGwwciiRqPcfivCbs
P4jXuhOEiffpaBbIyp9pd/9u8crUd8e925QY+RcWLOvBhiGqAqVq2QSszl4nHT6f1sRFuVqljDbTHD2wT0l
mjA3W9/9YyBcLOVHBbSsbHz94uW/wvFA==
MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIORpTwMUvWTkCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGXYN7/dAfiwBIHAbYUdnJzkY8NP
3qJpYEp9503lD9P16n7OqqdUW4lyPvrm3x5m/+NebCKWuNy5fm+C6tW5+DVjeOGf
LOEXhrc4g0c6umGaEgQT29+G9hj6YLxHGcDQDbxaVx4t5/D1uaG5XrSGdnHigeit
ChDQGdkmbLV1mXZCYFdV7SmOQMpRup2DmBeaYIeIEP259VyNj3svxcFXsRY+Tdh0
Fxmu75wjIe9L334yAFkUk7a1qneOEnu3b9YqPUc3YQsn+163S8Kn
MIICfDCCAgKgAwIBAgIIPgI9yRqLRI8wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
Y29tMB4XDTE4MDkyODIzMjQwOVoXDTI4MDkyODIzMjQwOVowgZ0xCzAJBgNVBAYT
Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEQiTWVxk3krVfdJf19kH+MMuJPBt4
wqb9KYotSJiirgTaVYXEDn96Y3QsxYnv13fEDI0ZlgFI7F23R2BJbyR8homHGIbg
WP3/c2QZqCRocRQrs+1RLZUiWKXKphd9bDKfow0wCzAJBgNVHRMEAjAAMAoGCCqG
SM49BAMCA2gAMGUCMExiACRjOMXm0BxVt3h6RrxeYwqHXkhPLWZ11cGUDqpmsYoQ
zme2JTbUEykpIOxPnAIxAOuEoBQKQi7g+nf/c6lc6xW4r/YXYObpS8trayVDFKzJ
9Zt3J1rWt9/fl1gLRIQmqQ==
set range global
set source factory
next
end
config user fortitoken
edit "FTKMOB8543C839A5"
set license "FTMTRIAL02122995"
next
edit "FTKMOB85799F448C"
set license "FTMTRIAL02122995"
next
end
config user local
edit "guest"
set type password
set passwd ENC
M3kZgTUcRmCEwcUQ+q1qWlnQ7llbYGO+f+jUy2LqoqkFYcfuCAuFTCAHjfON07KezO2B+zzX8ayqfngEbP1
jnY6Raqw5PqL3OWHcxIDE4iqHcMBHq9rvVoE7sWuXK/vHelFvTwWqmBInwcFt6ITtRVr0856smNM2Y6uqcU
Q4KWHV/T9YJLdBeySfLomkvs5UYANaTQ==
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
end
config user device
edit "Win-10-Client"
set mac 00:50:56:85:b5:79
config tagging
edit "Operation"
set category "Operation"
set tags "Normal"
next
edit "Department"
set category "Department"
set tags "Sales"
next
edit "Location"
set category "Location"
set tags "Site1"
next
end
set type windows-pc
set category windows-device
next
edit "Win-10-Client-00:50:56:85:61:a3"
set mac 00:50:56:85:61:a3
set master-device "Win-10-Client"
next
edit "EMS"
set mac 00:50:56:85:e4:71
config tagging
edit "Operation"
set category "Operation"
set tags "Critical"
next
edit "Department"
set category "Department"
set tags "Admin"
next
edit "Location"
set category "Location"
set tags "Site1"
next
end
set type windows-pc
set category windows-device
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-
playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "self-sign"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter profile
edit "default"
set comment "Default web filtering."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 2
set action block
next
edit 2
set category 7
set action block
next
edit 3
set category 8
set action block
next
edit 4
set category 9
set action block
next
edit 5
set category 11
set action block
next
edit 6
set category 12
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
edit 11
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 63
set action block
next
edit 14
set category 64
set action block
next
edit 15
set category 65
set action block
next
edit 16
set category 66
set action block
next
edit 17
set category 67
set action block
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
set comment "Monitor web traffic."
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
next
edit "wifi-default"
set options block-invalid-url
set post-action block
config ftgd-wf
unset options
config filters
edit 1
next
edit 2
set category 2
set action block
next
edit 3
set category 7
set action block
next
edit 4
set category 8
set action block
next
edit 5
set category 9
set action block
next
edit 6
set category 11
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
edit 11
set category 26
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 61
set action block
next
edit 14
set category 63
set action block
next
edit 15
set category 64
set action block
next
edit 16
set category 65
set action block
next
edit 17
set category 66
set action block
next
edit 18
set category 67
set action block
next
edit 19
set category 86
set action block
next
edit 20
set category 88
set action block
next
edit 21
set category 90
set action block
next
edit 22
set category 91
set action block
next
end
end
next
edit "monitor-all"
set comment "Monitor and log all visited URLs, flow-based."
config ftgd-wf
unset options
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
set log-all-url enable
set web-content-log disable
set web-filter-activex-log disable
set web-filter-command-block-log disable
set web-filter-cookie-log disable
set web-filter-applet-log disable
set web-filter-jscript-log disable
set web-filter-js-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-referer-log disable
set web-filter-cookie-removal-log disable
set web-url-log disable
set web-invalid-domain-log disable
set web-ftgd-err-log disable
set web-ftgd-quota-usage disable
next
edit "SecFab"
config ftgd-wf
unset options
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
edit 24
set category 83
next
edit 25
set category 5
next
edit 26
set category 1
next
edit 27
set category 6
next
edit 28
set category 3
next
edit 29
set category 4
next
edit 30
set category 62
next
edit 31
set category 59
next
end
end
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*\\.youtube\\..*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config vpn ipsec phase1-interface
set peertype any
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: FGT01 – FGT02 (Created by VPN wizard)"
set remote-gw 192.168.103.1
set psksecret ENC
EaOi89EEAiw12cXUGTTjY7hesvHmuXlG9WjIdYD7C39MQBOSbz8P2ynrt4+ri3UrlMLTrxisj9MEzkPe5MA
cLEoj2gKA/0Nt1rZ6Minq07Qcb9Go4u+hf5MAYulAIyQ4gCxJZk+p1ZOTMngiHZ0b3/wei8gpe7WxiD0XLH
VoUeCw0Y1B4arNg5XPWjZelP3DPFJz+Q==
next
end
config vpn ipsec phase2-interface
set phase1name "FGT01 – FGT02"
set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm
aes256gcm chacha20poly1305
set src-addr-type name
set dst-addr-type name
set src-name "FGT01 – FGT02_local"
set dst-name "FGT01 – FGT02_remote"
next
edit "FGT01_Tunnel-FGT02_Tunnel"
set src-name "FGT01-Tunnel-Interface"
set dst-name "FGT02-Tunnel-Interface"
next
edit "FortiAnalyzer-FGT02"
set src-name "FortiAnalyzer"
next
edit "FortiSandbox-FGT02"
set src-name "FortiSandbox"
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config antivirus settings
set grayware enable
end
config antivirus profile
edit "default"
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
end
config smtp
set options scan
end
next
set comment "Scan files and monitor viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
next
edit "wifi-default"
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
next
edit "FortiSandbox"
set ftgd-analytics everything
set analytics-db enable
config http
set options scan
set outbreak-prevention full-archive
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
config nntp
end
config smb
set options scan
end
next
end
config spamfilter profile
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
edit "default"
set comment "Malware and phishing URL filtering."
next
end
config wanopt settings
set host-id "default-id"
end
config wanopt profile
edit "default"
set comments "Default WANopt profile."
next
end
config system virtual-wan-link
set status enable
config members
edit 1
set gateway 192.168.101.254
next
edit 2
set gateway 192.168.102.254
next
end
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
end
config pop3
set ports 110
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "android"
next
edit 8
set wildcard-fqdn "apple"
next
edit 9
set wildcard-fqdn "appstore"
next
edit 10
set wildcard-fqdn "citrix"
next
edit 11
set wildcard-fqdn "eease"
next
edit 12
set wildcard-fqdn "google-drive"
next
edit 13
set wildcard-fqdn "google-play2"
next
edit 14
next
edit 15
set wildcard-fqdn "Gotomeeting"
next
edit 16
set wildcard-fqdn "microsoft"
next
edit 17
set wildcard-fqdn "adobe"
next
edit 18
set wildcard-fqdn "Adobe Login"
next
edit 19
set wildcard-fqdn "dropbox.com"
next
edit 20
set wildcard-fqdn "fortinet"
next
edit 21
set wildcard-fqdn "googleapis.com"
next
edit 22
set wildcard-fqdn "icloud"
next
edit 23
set wildcard-fqdn "itunes"
next
edit 24
set wildcard-fqdn "skype"
next
edit 25
set wildcard-fqdn "verisign"
next
edit 26
set wildcard-fqdn "Windows update 2"
next
edit 27
set wildcard-fqdn "auth.gfx.ms"
next
edit 28
set wildcard-fqdn "softwareupdate.vmware.com"
next
edit 29
set wildcard-fqdn "firefox update server"
next
edit 30
set wildcard-fqdn "live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
next
edit 2
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set wildcard-fqdn "android"
next
edit 8
set wildcard-fqdn "apple"
next
edit 9
set wildcard-fqdn "appstore"
next
edit 10
set wildcard-fqdn "citrix"
next
edit 11
set wildcard-fqdn "eease"
next
edit 12
set wildcard-fqdn "google-drive"
next
edit 13
next
edit 14
next
edit 15
set wildcard-fqdn "Gotomeeting"
next
edit 16
set wildcard-fqdn "microsoft"
next
edit 17
set wildcard-fqdn "adobe"
next
edit 18
set wildcard-fqdn "Adobe Login"
next
edit 19
set wildcard-fqdn "dropbox.com"
next
edit 20
set wildcard-fqdn "fortinet"
next
edit 21
set wildcard-fqdn "googleapis.com"
next
edit 22
set wildcard-fqdn "icloud"
next
edit 23
set wildcard-fqdn "itunes"
next
edit 24
set wildcard-fqdn "skype"
next
edit 25
set wildcard-fqdn "verisign"
next
edit 26
set wildcard-fqdn "Windows update 2"
next
edit 27
set wildcard-fqdn "auth.gfx.ms"
next
edit 28
set wildcard-fqdn "softwareupdate.vmware.com"
next
edit 29
set wildcard-fqdn "firefox update server"
next
edit 30
set wildcard-fqdn "live.com"
next
end
next
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
end
set status enable
set action block
set severity high
end
end
set status enable
set action block
set severity high
end
end
set status enable
set action block
set severity high
end
set status enable
set severity low
end
set status enable
set severity high
end
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003
90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "lan to internet"
set uuid da4fa980-b5fc-51e8-f85a-8a0cc4facb6a
set srcintf "port5"
set dstintf "virtual-wan-link"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set service "ALL"
set utm-status enable
set av-profile "FortiSandbox"
set webfilter-profile "monitor-all"
set ips-sensor "default"
set application-list "default"
set ssl-ssh-profile "certificate-inspection"
set nat enable
next
edit 2
set name "lan to dmz"
set uuid eea7c7be-b5fc-51e8-9fee-1c98c769b21f
set srcintf "port5"
set dstintf "port4"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set service "ALL"
next
edit 3
set name "dmz to internet"
set uuid 02da8d0c-b5fd-51e8-2a4e-958534600a3e
set srcintf "port4"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set service "ALL"
next
edit 4
set name "fsa to internet"
set uuid 14d00514-b5fd-51e8-43a0-8f0de3e081f5
set srcintf "port7"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set service "ALL"
set nat enable
next
edit 5
set name "access-to-dmz"
set uuid 967be1e6-ba99-51e8-5ccc-17ba2233cd49
set srcintf "virtual-wan-link"
set dstintf "port4"
set srcaddr "all"
set dstaddr "dmz1-range"
set action accept
set status enable
set service "ALL"
next
edit 6
set name "OFTP to FSA"
set uuid d018e5c8-c0fe-51e8-98de-10dc9e40844a
set srcintf "port4"
set dstintf "port5"
set srcaddr "all"
set dstaddr "FortiSandbox"
set action accept
set status enable
set service "FSA OFTP"
next
edit 7
set name "sdwan-lan"
set uuid 61c6e630-c1fb-51e8-99f0-ab1d3b7a73d1
set srcintf "virtual-wan-link"
set dstintf "port5"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set service "ALL"
next
edit 8
set name "fml-gw to fml-srv"
set uuid 0ecca912-d0ae-51e8-7412-c74bde541e23
set srcintf "port4"
set dstintf "port5"
set srcaddr "FML-GW"
set dstaddr "FML-SRV"
set action accept
set status enable
set service "SMTP" "SMTPS"
set logtraffic all
next
edit 9
set name "vpn_FGT01 – FGT02_local"
set uuid 78f0cd14-d176-51e8-c787-289446d415c6
set srcintf "port5"
set dstintf "FGT01 – FGT02"
set srcaddr "FGT01 – FGT02_local" "FGT01-Tunnel-Interface"
set dstaddr "FGT01 – FGT02_remote" "FGT02-Tunnel-Interface"
set action accept
set status enable
set service "ALL"
next
edit 10
set name "vpn_FGT01 – FGT02_remote"
set uuid 78fff3e8-d176-51e8-022b-45065afdc7ac
set srcintf "FGT01 – FGT02"
set dstintf "port5"
set srcaddr "FGT01 – FGT02_remote" "FGT02-Tunnel-Interface"
set dstaddr "FGT01 – FGT02_local" "FGT01-Tunnel-Interface"
set action accept
set status enable
set service "ALL"
next
end
config firewall ssh local-key
edit "Fortinet_SSH_RSA2048"
set password ENC
f/iBvOC/p7wIWz/dazlDg2QKKiGGmKqp23O0tnQZmO7BTQx7hKRh6J5a33ngmojVCmsiZwNq3RtjIVPwpmv
vYD8ae/cI0m8yEJN1us3eXOSqrAizK/No+7mhsP0MMsdpAVGVAu1nO+t2AWIAfiFmqHi12h84ZxocFP/Tl9
VlYvVgEHkeIQxVjl2o9opwJcqhjm6OnA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBvomECp+
o+2DllOnnAG8LLAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDT1Nxb3gCB
hQAj9oSFf11nKqgo6NmvAoFUGgzGtL9FCNJiSkk46LIrgHi5O8YXGtyME3GrE2G6gyiu3L
73iMVOi3m0jqS0jrfy5J0GVIpIh2m3jmWsFfhMjOuvrg9rdMMUu0zDdjsvd0Wt2+Rt522a
+lq5xaa3G7c420GL7jiUwk0yKWxyPyUh4qWYGJcum4NLDuZT+DpyHMavCcGU5I4nJFNkV0
xwxV5G0e2EJZ+ieOvDj1DvfceB7wM+8L8zpksDEWIDoJm2IOEBcgnDzmLcBebwe28B+vEf
xPsKiqxOjUBSOdIQINB20N22F9dI9xlqyUL5+Wm+leeX7Ee1beGJAAADwB7y4nu2cWv0mg
xU5f+7de+SfS0drUmr1ucH7wSfV3+IEI44B1kV3Lo7E289M5XapbhuvSikFJIiRYv0o5Eo
uTq2UyobxiGez40y8rMJ7IFov0Aj2MRUc193f50gOvE/6xbbjDm02LtkuHkXrn+5MhhoVk
6833OXjOEPSOFBbMf+s7RAmKonRI9lwsUKE1+1FKE1RUOBGsftd7KfeCrqwrPVNO3hdCI4
0D+pl5/y9CgvXiEgKcMuTBZ2SLGR+ZW9VH4QhaJyOXB5H8YNrCb5o212aEedIAeVu9CGQH
5yFrpRpwwUT4Z6NX/QlpjKNzBoqggmjXqGjBQnyaWLi3umcAiFQPFrxYCyn83Q4oibAgvi
cvUdrcYfl58PyYInb0xr5hl6hHr26mNFu+4h/kiH168VCefJ7cJ6z3Hg/ec01pjbFW1x0L
pWwroXi/vp5mn7oEtRF6l4Q9tUX+vM6q2B6CykmjoisqZnIE8fiJDO3JcXMg02MniNxSys
ouMLMPU4n2WBbZ35boaAg5VqelmbcCzWndFKyU+SiWgK5ObxxCR/nMhyXaRhWWjrS66MND
ICsR/brpxJ6kZUk4mcAnz8ef5zJtYC6tnUm9Wu6GUe+nkJDjJ3bK3Rdo7mRS74Ov6xd2H+
upk5W5Pf/U9t6Egp8V9cRCnGs0fAJgDQw6jB8WoaIbacZqiH+QPOvzgw37iztnPU8eiTKe
Hag/U6HnZ0QDeJMUjG90J66e+/BvWy5UcXJN5KEQb5L/auaXJucBF7MXXB0rGfRnUvgadY
yCCyvX5VX6Y+m491EyCrztkrIpoh1MW9sS8DjRyvlXqsjTAsBMie5tfDWF3cabFHIMhahs
DNmnr2Fdqe43A8DpUfPGYYX/x3h7jzg8qc30l5Qi6XPAstBd9/BH2SOLLBG/Ukr0DL9FA4
tEn/uOV9bV2UbUdLqjath5FWx3KbeWE0J1EwDA9aFIq1G9IFpc4rHAGZrPod5JgdeslWlj
nahFsLRlglwdTWMJ5uXslx9CIZaf5RjzFnbw0dgFlpFN5jRhMrcyRIDj8p47EcL+b23Uj/
neE8J8J3PASP3Br683Y7uHC4Kvl+uQxhR7Jsc16+nBeLfrdZ3eG2KWdxZJuXbO6gRY80WC
ZPdHDocAytZ9jgPHbrYcoCx6Ez3cgpSZOVXlxsJvi/hcS7ttqn+bSqDuLCMAp/UYr0FL+H
XvfKw85OyEEjugl7+GKdkJ4llSbq+5ETI2yyEdLSTkfa5RqQVIRCrTHbUoiOA5b2kuw0KL
bzRTnwbw==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1Nxb3gCBhQAj9oSFf11nKqgo6NmvAoFUGgzGtL9FCNJiSkk46LI
rgHi5O8YXGtyME3GrE2G6gyiu3L73iMVOi3m0jqS0jrfy5J0GVIpIh2m3jmWsFfhMjOuvrg9rdMMUu0zDdj
svd0Wt2+Rt522a+lq5xaa3G7c420GL7jiUwk0yKWxyPyUh4qWYGJcum4NLDuZT+DpyHMavCcGU5I4nJFNkV
0xwxV5G0e2EJZ+ieOvDj1DvfceB7wM+8L8zpksDEWIDoJm2IOEBcgnDzmLcBebwe28B+vEfxPsKiqxOjUBS
OdIQINB20N22F9dI9xlqyUL5+Wm+leeX7Ee1beGJ"
set source built-in
next
edit "Fortinet_SSH_DSA1024"
set password ENC
hwspBgWXYry73tDIt97ywd9snpaB8KBCIZ3XfKMMkscVdaeLM+Vy9WNqrUPJgcn/4BPje7kKIqlk4y0iGuZ
PykvUZihK4UIBRQALIGaDsMh6bkm2nJLrrWvz614iLBh5Gyo5Xmt5S3O14WMVSWfb9f0vZuJL3YUcBDRbk+
CrJhA/THQL8ILH3G9E08uxDlfvDKpuhg==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA19h2GoO
xeihkGVatwFOn5AAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAMGp2sD8DVnzmHPUSGQ1
Vrz572Qyfo8fvk/AA71qAhdN21PcrNN3Kp6W9npZzZVhkxkyJhozALQWxs3weaFmeY7eQh
Gj5xOt27ibHfH/Qbsg9+jXh8N3H5xg4yq4Pkb9Fqx9cAyvQKKlKFN9q6G34HrUdacxLdng
Vr41E24AXBsJAAAAFQD/DFK1UABoPpoXU4qQVlAqKiN0mwAAAIEAkmWPmaOOHV9oH6EXpz
BLaUKwxg2b4FUwBheiCtgbdQkmWU8iH73a+u6id+9/8dRHDw/PWhg1HPBIyq4jXcSiK9Zs
eD/3+26bsCdNHhA7CpO4Aofh7FbgYlXF1iMqZmA3mFHlRX1JoupTNNDIuX6yqKg0WmLE9e
OoK8/W0QA2vGYAAACAV6oC9wSEDV6aGSEDsJbOnqdxJQi2JJ4ZcRI++QruWn+bw6igL2K5
skqrQhtl2fXg/rnoATf2GQosfG02XRMHQVJc0hTEvfOEN7E58A3m1ewgh2UO1F666ZWkQr
jtBl/YjD4z5m/jQ1D30D1KwB6aebiWR08Vr27Xm7QUtvoBXVIAAAHg1LxW5i604TTQIv4b
dhTIW1XqcgkA3jWXPrBuMUu2i6IHUXnFOlPNJsHGA9hmDvcp2LmgCEw7W7wH7A4Uukz7Rq
90jH6ZaRzM/a4/unkHDjcCHb5E1V+p43JotmgXH3YYS5VFWCcu/ioN9bVRl1WQ13RsIPQj
zKruOcg4obL2C6f2EWuOzn7wAO97jIZMxBAZbiREyexQ3SdtFQbUdmUkTm7txgNPUqB726
zXJD59UcRCdm1HooWqm/uOhY444wMx1Qp74IfkZHieBD4bY7HVL0ilwXTlU79nY4bIivfg
QlL6vD5CEkiZlmuHsuCIkSy3B2S7dDQTfsigicpOOeNtYrOFGe36F2OGaFgaPErnIkJv06
4NaWQ1CH+psV7oNgqwr5d0ilZwqgiOnXZ3NXzizmVHDLdOjz63P2dYQiFi029TsT6ndcVw
3JVdRl8DBjx0ExDQXpcvjyUiFgqMIxhf6NN6XMNQVxaYdoj7INChN2pC86Hp9JJkfKOcWW
lafsTGPFDotsVPuYLBsgDyY5vawrOGSPk3KD63HFReCC7sbXCK/dyMMg4CnoRumJZ3fuZe
PJs3URLOy05I0EH372If/CkU0dToUUteNTbVKzgH0sGdFx+9Jj5rHJcSW2A79y89
"
set public-key "ssh-dss
AAAAB3NzaC1kc3MAAACBAMGp2sD8DVnzmHPUSGQ1Vrz572Qyfo8fvk/AA71qAhdN21PcrNN3Kp6W9npZzZV
hkxkyJhozALQWxs3weaFmeY7eQhGj5xOt27ibHfH/Qbsg9+jXh8N3H5xg4yq4Pkb9Fqx9cAyvQKKlKFN9q6
G34HrUdacxLdngVr41E24AXBsJAAAAFQD/DFK1UABoPpoXU4qQVlAqKiN0mwAAAIEAkmWPmaOOHV9oH6EXp
zBLaUKwxg2b4FUwBheiCtgbdQkmWU8iH73a+u6id+9/8dRHDw/PWhg1HPBIyq4jXcSiK9ZseD/3+26bsCdN
HhA7CpO4Aofh7FbgYlXF1iMqZmA3mFHlRX1JoupTNNDIuX6yqKg0WmLE9eOoK8/W0QA2vGYAAACAV6oC9wS
EDV6aGSEDsJbOnqdxJQi2JJ4ZcRI+
+QruWn+bw6igL2K5skqrQhtl2fXg/rnoATf2GQosfG02XRMHQVJc0hTEvfOEN7E58A3m1ewgh2UO1F666ZW
kQrjtBl/YjD4z5m/jQ1D30D1KwB6aebiWR08Vr27Xm7QUtvoBXVI="
set source built-in
next
edit "Fortinet_SSH_ECDSA256"
set password ENC
mf87tEtlIAAAZwpFLIPEuvXJ733o1yV5GkdSTfP7S9aWxmz0ybwZDja+Hagwe/7CU7dePbU2lmo8s+2/OL3
+Ec/fU0pjE5xn+0IfpMSkWSh89hd5B94WwtGMlmox1+r6wNYZUDi8Cy350ow58VeMsazfRdWE7U4iMTgujO
vgUwl/HkVREm8WrCoEmL9od80aJ/WSPQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCbZNdWZd
ZgnvDOU1A+YcPDAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
dHAyNTYAAABBBGlpT7UUFv9F8wWmzXL7hjt/U0K681ojjL1KxE/rrzshS+SzeoxESITqw6
QDP2ZWR5uxEyqGoTDL4ro2kMtMetgAAACgTPkepLjAoAmBclAkG6HE7ti+BO9MzjKnESPu
Mmv0O+hdx6iey5biC+5AQCAo8sCiXP+bhiUZOJArw4Js7IA0nKotr+rF+/Runbr0eziGSv
wFhuOaplMY/Zlt6ncv8IHS/xhZ71Ec7G0nXvlP+2Tzr1jQ1k3C5ogjkeIAKcpZh9n0TDmE
bEx+cW6NKqF1pJKzrHHqjC37mi0rCIJ/bKpcZw==
"
set public-key "ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGlpT7UUFv9F8wWmzXL7hjt/U0K681o
jjL1KxE/rrzshS+SzeoxESITqw6QDP2ZWR5uxEyqGoTDL4ro2kMtMetg="
set source built-in
next
set password ENC
NjWSLcYQz2TuV9QSD0P+lzIKsAiamQeRZLjyvoY0VIMVeYU2W0Eldnu8wOM17A4CEojYYpM6QVZaVjmn1zF
ZJmywWUidDHw7461SAmayzq2tkndrSObWwlVpH7lPkljSwbNQ7gQ/7eYOk2k0xdjxas/c5Xb2HgGe18BDLe
9OttcCfbbntKEhy1AiwsAkhp5AEjZRyw==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBGbfRMm
OSvHITSRUWbOlMAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
dHAzODQAAABhBBj+zwKfbd4R04LBKsIXMJ+pi0seW+ae0taStrj0vgpvn2JYbsb+8eq2B2
AW3SuZr4uIZ9Pxh7yOlDo9UYdN4Llngl1uwqt8GxGh2uoR1O6Up+BtORYRZunzHKsNrdjq
bQAAANDGrGpirXooAFcn2cM3y/+ZsbbJbkC4BqOm4Wp/rY3BO3yIHEZAdP4e9isEPM4MtP
u5gZ6COHIe+Mh7ViCMYroa++hQ53640GUzgbW/DUzjK6tPzGKv5bk5oypHSdZsJy4nkBUT
wZTmXmFtuOOs2LqI/g2/tHuihA75As/oWryBLC0mdDBskfVjxFkAjs9oN5hV/pLlR8cNLX
Kz0Q/PN2ekt9RC1t6R44w1B6An5tfjb0h+gmD2x+TtQYEiAhcVA/NpieHdMPXPIb8fGclZ
JQxJ
"
AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBj+zwKfbd4R04LBKsIXMJ+pi0seW+a
e0taStrj0vgpvn2JYbsb+8eq2B2AW3SuZr4uIZ9Pxh7yOlDo9UYdN4Llngl1uwqt8GxGh2uoR1O6Up+BtOR
YRZunzHKsNrdjqbQ=="
set source built-in
next
set password ENC
Rh8kPg/lCNt1cLU+Mx3ricB8Xrt6LvWknJXl0VmiGXPe4oUnnzH+H9g+b3hjYlgMj+Jofljz01vPV/vHDHC
pa5XN7f2wTCk1tmHMd3P1iOllya1zPopzoJD7xftemkLGVUtGY+2S8rihx7/Cj70+Y0D5DKA+MNIWT5EDUh
s8IZm8/K0Hpy9RrFWD5DUoyJRYgJ/Cxw==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCwW1tol1
mYM+EveGQOYP1mAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
dHA1MjEAAACFBAGk0/xHGjX+6/cgrnyuRsSvcslI0d96U7j3PGiCJj6/8VO1E0HNR5/cPE
KFakq+k2AyoApBhhvTmBAkr5+8WTswoQH3spKQEl00Sxu0g6YITx/Gt4lSf8TcZwe7WlD4
Ls3jOLdkAkNDC7RNBlfWz6Y6kOCDYtAp5Z/ykMM+EiB0QY53cAAAAQAazHg7Vy8CT5C7LD
STXfJeDpfx9WzsSilM6kVi91lOIHWAr/gBiln5lRobfvtj4rvejztEDkkL2ugbm5fR08iW
Gajha5Ik6uW2KEafkiG5qouGaHTU/gRVPbeVdTv+A8YFu7ldjIuKzafHbE41PMpk0xkgt1
vIAHpW7D7jPYu7g1PhWsHgZUBGkUslQg1PnAcWO/rBujOlnnzNzaaUZQfD3WQBUMGcUxl5
Tfu0rxWAO22Nt8S2OlTecidiRAA00Kdl9elGPjnF/Ti9AU8pE2qb/JiR1gfohtBI66Jy0N
t8lM4I5V+igd7+uols/1YAAU4kP3lbgGxRADMFB5R+kZpN
"
AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGk0/xHGjX+6/cgrnyuRsSvcslI0d9
6U7j3PGiCJj6/8VO1E0HNR5/cPEKFakq+k2AyoApBhhvTmBAkr5+8WTswoQH3spKQEl00Sxu0g6YITx/Gt4
lSf8TcZwe7WlD4Ls3jOLdkAkNDC7RNBlfWz6Y6kOCDYtAp5Z/ykMM+EiB0QY53cA=="
set source built-in
next
edit "Fortinet_SSH_ED25519"
set password ENC
zyw7SMrdmOUJ8/qx/nwJvCcW4w4gD42YjgOzSMg42bmlv2m3RefkdAU8Fx43Cap6u2D+h16EEBsINqbY3X2
B0wWAkhvH4ZZQVR7mHcRMeSAUq+zB1SUIb24agRNCoQ+4AAm9pyMT+ztXgKdHRuj4biKld/ZLSQs8iWOs1Y
C2qKONtNPyR1IAJT/PxhgZp9nBKNISOw==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDb4HBaze
V0n3BE3wW0sIISAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJmySFbwm0klzxoh
XUUDuzbYNuA31mcXGOHbelOTmoVbAAAAkAhHJlk6UwMh8V7koP+rfIado3GpfeHUdGsoB6
eR4LvKE/SjOXgwwrjISkCR5F623c2VAHTiZYzxO1SbAv2OV3i4wVjVXG+chdzWoA584k03
KUtM0I7KnbSSmS7hPfOD6w2vC9wBImzOEZ/eBna0v2DPA2h3IOn3e1m9ZfDxUBNX5hAzjF
T+uHKn0CFicZfJTQ==
"
set public-key "ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIJmySFbwm0klzxohXUUDuzbYNuA31mcXGOHbelOTmoVb"
set source built-in
next
end
config firewall ssh local-ca
edit "Fortinet_SSH_CA"
set password ENC
7br90nz3LBo5hmU6NdGWjJ6YNiw8jG1EBhJhFsMpeuExbJZe0awHRhsTKT6V1pq0DhzzN9QgB+0alIctheB
rh51/424QnI3BkL4VUWHQivMcx7BdwIDA2omGM1lewTu48YSPfbQzojB63kzQLM9Fj9aXf5pueLY9PIpXEM
p4aQVV82bK6FFXSBysFjhPY2QMJpAwSQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCce0wqmu
q/DWRnEEXQDfOvAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDdqqD7enS4
6fPE9ViFcbqz44TjX6LGqLajiKXhF2nCJtta3abFVXvIotUb8iKJ/Soc+0kZ3gIZQ89fiC
Aejkk0fySEudPlVBMgBuwiNnT/FJFUtSfovlVIWJ+sUbe8UaoVQjRJZr7H5QSIAQihoJvJ
xN/B7UwLVsHhNiLylC7VbbI4/MAgpqEqWe8KGSglU0Y9GnzXeCF4o7tHXcnSx9r/o8cxfR
fFYOuw2/l1AdSHE9yRIflJGIq2BYhMpdGwf0B3ubl5MQMQzYOrLXWm+myG1KMVV1fVdSw1
PAq5MFTLRcc8cvl+oNYscfNZa7urmtcZQk8sOAcVeM+oq7D38EDBAAADwHpZGqSyayDLm8
F3zbU6S7/W4FThTvgmcUbqvmQmn9yQLKfeluknZF2lmVDIfRKNe4LgXd+RRE1iAw5h5mrg
te8uEOC9gMzUCZ8TiIMHhNNM+wFoVahFWLzxEP02aB5lX8L8uKoVum2g0PZy9onluxpn+L
AKaUVktmbU4h3v6wr1Ee4GdMbXvYvgOOKz7Ch20Fuy+ePh3KWb0ss5DScu7Drmmuw9c2TS
Waw3k9hwGWaiBoQxKUgJxNBvr+8h+RB+JziZxrgL15e8fcal4UunQbUuiGaGP5KNGIXQEw
PxuNtCFi9GQc5waYsuYFAUh9mwzMSq3NWao0c5qHSQisAWPR8YMZa3VNp2NdBxDBR0cd0y
9CkuuFlVdwqPhIkC30zbndhRniMsI2Ts2zL331hTt6X6mMoI8Qj17BpVMg3OEDEoiOClcx
elrcCLQF3d+d0lat/8aGjjoWT4OH8P4zELTM43lh+zEB+hWxEwOjvhBzMefRSbMbEl59IT
pCjlXMefx+wO9bmw1cH3e2SUuTJhdGu3RBsWX/iUUffMUbuTM5l0ch9bVHqk5CIvc4TqpA
NvKFFKMkyfMwk0+kxypYAPuz/JAn93cfV6Kyu4TyrB1C6hP1tsg0QSwhptoepqZwrlMTKM
xONzRNfMQ9qkzELfUCFRu+HVtyLvm/PDbGJaHN8KCq+eB3S9v4jWNXUkki7KLk/Ksh9EOC
uXb6dyf7koZ1bOdrQsvfwISyVdK+VaR9AHAZNJI3WUwnCQskH1Q2JaEJg0K6JXho7Q548Z
t7eEZ3hkFPShCN5TKbssNM7WHOULV+Rs2X2tY3Yu/sed01YaDl0hNSIQByuWFKnfXYoB83
xI1wBfk6QqIZQePR4K/SIJMdY5rs//6GnwQGoYGWQcUUymRt5Wm23b/XEUOoRguB2VHMCx
eHUbxJSnljAOFOuQgpS4nIPMOasBUAogMx6Ku0L8943Irxg4+eCuLUOB2AlJBtWDkcdBLl
eNNyjSwZ8V9KaR7sOHnNlpr9reGH9n0kbrLpzMF5pkDHfTbR7lMPqx+b50G0ZaGOugyvqn
9uTbqzncv0ozTqobc9BuRFAt7BxkvHRWv7Zf4bas+159506SQfdY9rllX1hCfrF9gC2TIo
FAFG4hmeMZQ3Hau+TzHOV6kiQTtQn+6BYIoEtOSWCBpxzZwN1w6SBkw2/b1zzXmBz+YGfJ
pNXlry3ihrphOt/GDUpbioxV6rqOX95CSO3LnAP03APn+DbslNX7LFXmSYycFWXZ51X2N3
MnCCyLPg==
"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDdqqD7enS46fPE9ViFcbqz44TjX6LGqLajiKXhF2nCJtta3abFVXv
IotUb8iKJ/Soc+0kZ3gIZQ89fiCAejkk0fySEudPlVBMgBuwiNnT/FJFUtSfovlVIWJ+sUbe8UaoVQjRJZr
7H5QSIAQihoJvJxN/B7UwLVsHhNiLylC7VbbI4/MAgpqEqWe8KGSglU0Y9GnzXeCF4o7tHXcnSx9r/o8cxf
RfFYOuw2/l1AdSHE9yRIflJGIq2BYhMpdGwf0B3ubl5MQMQzYOrLXWm+myG1KMVV1fVdSw1PAq5MFTLRcc8
cvl+oNYscfNZa7urmtcZQk8sOAcVeM+oq7D38EDB"
set source built-in
next
edit "Fortinet_SSH_CA_Untrusted"
set password ENC
nak6PJCvWSRtmVA/7J191L6/5SczPWW3+OwQIoMiB8hk55+9mnr0tXPICMfVO2n6TCtoAYxaUjFNgL8i4fk
Q1KyCBsjwd/s1G9zykzfldhtDYZaaM9fXY7XwdUmYm6zZsF5Bam7+B9r+sgkgPav41hSbBFn1N0UFqqrGTf
DCpmTsK7esiNRoY/4k0mOhVZvgg/TU+A==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBa/wyOmq
rSzdhXYeyaImMHAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDsFC/KmG4n
8ve1z1ZNr0tVHyuSFw8OBZJEjTaYsFtHQo+MNgZJuIb0zUpsx1g2vB6ehlsibk7nYGtGdR
EphvV0P0aWNYeRiyyneJnvBC8TsmUp7zBIb+UThak1/8sMPtO6ewdhg+p3gAgcQ92qc2jg
U84X/vRlFu5wfC1cpiDaukZbsptfDYlpgLgle+p2MQXxnyxNjjMGijQago0LOWIimfvgVa
mhOSimlNjR3+2Gnu7p2zupAz/B+Jb2zpzabOOX7KLLLl6oKJ8EnLZywEJ3MXgqUc8MNGIm
Mm55wQKbY2BSlrkWvtOmaXnlETbb8EWuDTJG7y6FRjD4R4rpXzL5AAADwBV4S69vZJF6Ev
cy9NM+r/UckUXvbxLH4jKQAGOieHuJWfwTM84YEwkvdP3lNCawsT/N04BTBFhxiA256nip
MnKki1bDKkq2lFKrofLXTYrFA5H6QXAm1lTxn0MvQNRgsgeR1qMcJnEVGFzUMqOx8ws10T
D7MsMGAzasHIL0HqUovsCdnf+WagCgvi+vv7GRWW7wX2yfMlKWMlpYCNZeP32s+6bFi+oD
UlBJuqgh/FwLCe2nu1MmYoAMRKvdhGtivbRtZPU8mFo1ngyQT2AocitR98eje73fCpDO59
ng50+FwrbIU8fKxMPpJ2B6Amw3W+kSEp2rn6MnevZRkD7vgLdV3u12QYrrR9sbJi/YJEE5
k9lLd+uhQAED4DG72PcBc6vuXtGc6diO5rpDYQgr3PH3gqi6fUImVRWI2dG+QeEyMALk4o
fPKzkJuqu0lOP4MLTUjIC10o19P9cS4dcxyNcMUuZiE65Dgm/sMNRgyGwiYiQ6d7HIdfRV
wxWWDXFdT9iRF/u44FbF+MvXo85NzIOQLdX2k/WFyhfYNju+QZBCvGtRo0BzaSX/3jxSZj
/2Z8oED8j2wYXQvL7W3epNgFIW2a7MnRu+rzR/4h1J+bGrLjouqUWcnIrZuMUw0giDn/Mq
eZ5Bwj53uV1cl+WX3kNlx068xKw55Ve06PIUHX2GfPNOtCMb85sO3SfW4Sch5pbSPEikjZ
g2+b4Xy/STk1fBlxwUIvVVcG2s0PMf6oEXcPlmF1MZsJGOpyCAwvs9CgW2PzKjXuXTqNAS
E4PAevFzyZpYecN9Bl9349sYT6Q2kk8b2e9MgSR1Lkogvo8JKOmyx3CmUdt/P+BxDCr4gd
HWiALJLFfvYz0ETSuPfEqMebSD0moppC8ZH44pNRCg+nwF4vKpX877X8usTzq7FVlp7jMK
FnJ3EggvVCLjgWaLpfRf0F6FiiY26pCSzKrHgnudGqL6qEPdfk78PWDkZnTVoKwstR+E2V
6PPy4zBDhJGHSjxyQZhu3RBKb/go/lCx7SDqoFR4ShfR/I1HUqKEs66jY6EIM6l+ayqAWP
RKOs1NmBCHCDvNv59nPp5LIieQz45SfZUX7FNrHLXz72o+MajrWmIyHTPF68Hqz8l35S4s
HY2F6kZoyJ227HHKyxvCy0ItazYia3FHlys7CjN3Qfaalc28QwrRpBf0nLqtm2co9LU6Jp
nGAFcWds3yGPjP67rRnOiYmn/Ny0Tioq0cO7cv0t7CQniAlz0qKhWKF41++wIi6AadWrcG
ZKdm2SNA==
"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDsFC/KmG4n8ve1z1ZNr0tVHyuSFw8OBZJEjTaYsFtHQo+MNgZJuIb
0zUpsx1g2vB6ehlsibk7nYGtGdREphvV0P0aWNYeRiyyneJnvBC8TsmUp7zBIb+UThak1/8sMPtO6ewdhg+
p3gAgcQ92qc2jgU84X/vRlFu5wfC1cpiDaukZbsptfDYlpgLgle+p2MQXxnyxNjjMGijQago0LOWIimfvgV
amhOSimlNjR3+2Gnu7p2zupAz/B+Jb2zpzabOOX7KLLLl6oKJ8EnLZywEJ3MXgqUc8MNGImMm55wQKbY2BS
lrkWvtOmaXnlETbb8EWuDTJG7y6FRjD4R4rpXzL5"
set source built-in
next
end
config firewall ssh setting
set caname "Fortinet_SSH_CA"
set untrusted-caname "Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
set hostkey-ed25519 "Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU323EV-default"
config platform
set type U323EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U321EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U223EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U221EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U422EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set ap-country US
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
config platform
set type S221E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 223E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 222E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 221E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 423E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 421E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S423E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S422E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S421E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S322CR
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S321CR
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set ap-country US
config radio-1
set band 802.11ac
end
next
config platform
set type S311C
end
set ap-country US
config radio-1
set band 802.11ac
end
next
config platform
set type S323C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S322C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S321C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 223C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set ap-country US
config radio-1
end
next
config platform
set type 24D
end
set ap-country US
config radio-1
end
next
config platform
set type 21D
end
set ap-country US
config radio-1
end
next
edit "FK214B-default"
config platform
set type 214B
end
set ap-country US
config radio-1
end
next
config platform
set type 224D
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
config platform
set type 222C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 25D
end
set ap-country US
config radio-1
end
next
config platform
set type 221C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 320C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 28C
end
set ap-country US
config radio-1
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
config platform
set type 14C
end
set ap-country US
config radio-1
end
next
config platform
set type 11C
end
set ap-country US
config radio-1
end
next
config platform
set type 320B
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
config platform
set type 112B
end
set ap-country US
config radio-1
end
next
config platform
set type 222B
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11n-5G
end
next
config platform
set type 210B
end
set ap-country US
config radio-1
end
next
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set ap-country US
config radio-1
end
next
end
config wireless-controller utm-profile
edit "wifi-default"
set ips-sensor "wifi-default"
set application-list "wifi-default"
set antivirus-profile "wifi-default"
set webfilter-profile "wifi-default"
next
end
config log memory setting
set status enable
end
config log disk setting
set status disable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
end
end
end
end
end
end
config router static
edit 1
set distance 1
set virtual-wan-link enable
next
edit 2
set device "FGT01 – FGT02"
set dstaddr "FGT01 – FGT02_remote"
next
edit 3
set distance 254
set blackhole enable
set dstaddr "FGT01 – FGT02_remote"
next
edit 4
set device "FGT01 – FGT02"
set dstaddr "FGT02-Tunnel-Interface"
next
end
config router ospf
end
end
config redistribute "rip"
end
end
end
end
config router ospf6
end
end
end
end
end
end
config router bgp
end
end
end
end
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
end
end
end
end
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end

Manual 20

Uploaded by

Copyright:

Available Formats

Manual 20

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual 20

Uploaded by

Copyright:

Available Formats

#config-version=FGVM64-6.0.

You might also like