turn on Real Time AV protection on FortiClient from FortiGate

Forum|Forum|12 years ago
October 10, 2013
3 replies
9787 views

FortiOS 5.0.4, I have an Endpoint Profile configured which is successfully pushing configurations down to a FortiClint (on Windows XP, v5.0.6.320, with AntiVirus v5.147). The pushed configuration includes that AV appears in the FortiClient dashboard, and that AV is enabled. But the FortiClient dashboard shows the AV function as disabled. I don' t see, either in the FortiOS GUI or CLI, an option other than " forticlient-av: enable" , so I don' t understand why the FortiClient says that AV is disabled? thanks,

kolawale_FTNT

Staff

Upload your FortiOS and FortiClient configuration files for review. You may also send these to forticlient-feedback@fortinet.com.

Jay_LiboveAuthor

New Member

Thanks kolawale. FG100D configuration is below (since this forum doesn' t allow attaching non-graphics; private data removed). How do I get a copy/export of the FortiClient config?

#config-version=FG100D-5.00-FW-build228-130809:opmode=0:vdom=0:user=jlibove  #conf_file_ver=2696268914854781645  #buildno=0228  #global_vdom=1  config system global      set admin-server-cert " fortigate1"       set admintimeout 480      set fgd-alert-subscription advisory latest-threat      set gui-application-control disable      set gui-dlp disable      set gui-dns-database enable      set gui-load-balance enable      set gui-wanopt-cache enable      set hostname " FG100D3G........"       set optimize antivirus      set revision-backup-on-logout enable      set revision-image-auto-backup enable      set timezone 28  end  config system accprofile      edit " prof_admin"           set admingrp read-write          set authgrp read-write          set endpoint-control-grp read-write          set fwgrp read-write          set loggrp read-write          set mntgrp read-write          set netgrp read-write          set routegrp read-write          set sysgrp read-write          set updategrp read-write          set utmgrp read-write          set vpngrp read-write          set wanoptgrp read-write          set wifi read-write      next      edit " super-readonly"           set admingrp read          set authgrp read          set endpoint-control-grp read          set fwgrp read          set loggrp read          set mntgrp read          set netgrp read          set routegrp read          set sysgrp read          set updategrp read          set utmgrp read          set vpngrp read          set wanoptgrp read          set wifi read      next  end  config wireless-controller vap      edit " mesh.root"           set vdom " root"           set mesh-backhaul enable          set ssid " fortinet.mesh.root"           set passphrase ENC       next      edit " mesh.dmgmt-vdom"           set vdom " dmgmt-vdom"           set mesh-backhaul enable          set ssid " fortinet.mesh.dmgmt-vdom"           set passphrase ENC       next  end  config system interface      edit " wan1"           set vdom " root"           set type physical          set external enable          set snmp-index 1      next      edit " dmz"           set vdom " root"           set ip 10.10.10.1 255.255.255.0          set allowaccess ping https fgfm capwap          set type physical          set snmp-index 2      next      edit " modem"           set vdom " root"           set mode pppoe          set allowaccess capwap          set type physical          set snmp-index 3      next      edit " ssl.root"           set vdom " root"           set ip 169.254.1.1 255.255.255.255          set allowaccess capwap          set type tunnel          set alias " sslvpn tunnel interface"           set listen-forticlient-connection enable          set snmp-index 4      next      edit " mesh.root"           set vdom " root"           set type vap-switch          set snmp-index 11      next      edit " mesh.dmgmt-vdom"           set vdom " dmgmt-vdom"           set type vap-switch          set snmp-index 14      next      edit " wan2"           set vdom " root"           set type physical          set snmp-index 5      next      edit " mgmt"           set vdom " root"           set status down          set type physical          set snmp-index 6      next      edit " ha1"           set vdom " root"           set allowaccess capwap          set type physical          set snmp-index 7      next      edit " ha2"           set vdom " root"           set allowaccess capwap          set type physical          set snmp-index 8      next      edit " internal"           set vdom " root"           set ip 192.168.1.4 255.255.248.0          set allowaccess ping https ssh http telnet fgfm capwap          set type physical          set description " Internal"           set snmp-index 9      next      edit " iOSIPsec1"           set vdom " root"           set type tunnel          set snmp-index 12      next      edit " ONO"           set vdom " root"           set ip 84.124.xx.xx 255.255.255.248          set allowaccess ping https ssh          set snmp-index 13          set interface " wan2"           set vlanid 3      next      edit " FortiCliIPsec"           set vdom " root"           set type tunnel          set snmp-index 16          set interface " ONO"       next      edit " AndroidIPsec1"           set vdom " root"           set type tunnel          set snmp-index 10          set interface " ONO"       next      edit " internal2"           set vdom " root"           set ip 192.168.32.1 255.255.240.0          set allowaccess ping https ssh fgfm capwap          set device-identification enable          set listen-forticlient-connection enable          set snmp-index 15          set interface " internal"           set vlanid 5      next  end  config system password-policy      set status enable      set min-lower-case-letter 1      set min-upper-case-letter 1      set min-non-alphanumeric 1      set min-number 1      set expire-status enable      set expire-day 366  end  config system admin      edit " admin"           set trusthost1 192.168.0.0 255.255.192.0          set accprofile " super_admin"           set vdom " root"           set password-expire 2014-08-15 10:17:03              config dashboard-tabs                  edit 1                      set name " Status"                   next                  edit 2                      set columns 1                      set name " Top Sources"                   next                  edit 3                      set columns 1                      set name " Top Destinations"                   next                  edit 4                      set columns 1                      set name " Top Applications"                   next                  edit 5                      set columns 1                      set name " Traffic History"                   next                  edit 6                      set columns 1                      set name " Threat History"                   next              end              config dashboard                  edit 1                      set tab-id 1                      set column 1                  next                  edit 2                      set widget-type licinfo                      set tab-id 1                      set column 1                  next                  edit 3                      set widget-type jsconsole                      set tab-id 1                      set column 1                  next                  edit 4                      set widget-type sysres                      set tab-id 1                      set column 2                  next                  edit 5                      set widget-type gui-features                      set tab-id 1                      set column 2                  next                  edit 6                      set widget-type alert                      set tab-id 1                      set column 2                      set top-n 10                  next                  edit 21                      set widget-type sessions                      set tab-id 2                      set column 1                      set top-n 25                      set sort-by msg-counts                  next                  edit 31                      set widget-type sessions                      set tab-id 3                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by destination                  next                  edit 41                      set widget-type sessions                      set tab-id 4                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by application                  next                  edit 51                      set widget-type sessions-bandwidth                      set tab-id 5                      set column 1                  next                  edit 61                      set widget-type threat-history                      set tab-id 6                      set column 1                  next              end              config login-time                  edit " admin"                       set last-login 2013-10-11 10:45:36                  next              end          set password ENC       next      edit " jlibove"           set trusthost1 192.168.0.0 255.255.192.0          set accprofile " super_admin"           set comments " Jay Libove, Security Manager"           set vdom " root"           set password-expire 2014-08-15 10:17:03              config dashboard-tabs                  edit 1                      set name " Status"                   next                  edit 2                      set columns 1                      set name " Top Sources"                   next                  edit 3                      set columns 1                      set name " Top Destinations"                   next                  edit 4                      set columns 1                      set name " Top Applications"                   next                  edit 5                      set columns 1                      set name " Traffic History"                   next                  edit 6                      set columns 1                      set name " Threat History"                   next              end              config dashboard                  edit 1                      set tab-id 1                      set column 1                  next                  edit 2                      set widget-type licinfo                      set tab-id 1                      set column 1                  next                  edit 3                      set widget-type jsconsole                      set tab-id 1                      set column 1                  next                  edit 4                      set widget-type sysres                      set tab-id 1                      set column 2                  next                  edit 5                      set widget-type gui-features                      set tab-id 1                      set column 2                  next                  edit 6                      set widget-type alert                      set tab-id 1                      set column 2                      set top-n 10                  next                  edit 21                      set widget-type sessions                      set tab-id 2                      set column 1                      set top-n 25                      set sort-by msg-counts                  next                  edit 31                      set widget-type sessions                      set tab-id 3                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by destination                  next                  edit 41                      set widget-type sessions                      set tab-id 4                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by application                  next                  edit 51                      set widget-type sessions-bandwidth                      set tab-id 5                      set column 1                  next                  edit 61                      set widget-type threat-history                      set tab-id 6                      set column 1                  next              end          set email-to " "               config login-time                  edit " jlibove"                       set last-failed-login 2013-09-14 20:26:49                      set last-login 2013-10-11 10:57:26                  next              end          set password ENC       next      edit " dfranco"           set trusthost1 192.168.0.0 255.255.192.0          set accprofile " prof_admin"           set comments " Dani (HelpDesk)"           set vdom " root"           set password-expire 2014-09-05 16:26:22              config dashboard-tabs                  edit 1                      set name " Status"                   next                  edit 2                      set columns 1                      set name " Top Sources"                   next                  edit 3                      set columns 1                      set name " Top Destinations"                   next                  edit 4                      set columns 1                      set name " Top Applications"                   next                  edit 5                      set columns 1                      set name " Traffic History"                   next                  edit 6                      set columns 1                      set name " Threat History"                   next              end              config dashboard                  edit 1                      set tab-id 1                      set column 1                  next                  edit 2                      set widget-type licinfo                      set tab-id 1                      set column 1                  next                  edit 3                      set widget-type jsconsole                      set tab-id 1                      set column 1                  next                  edit 4                      set widget-type sysres                      set tab-id 1                      set column 2                  next                  edit 5                      set widget-type gui-features                      set tab-id 1                      set column 2                  next                  edit 6                      set widget-type alert                      set tab-id 1                      set column 2                      set top-n 10                  next                  edit 21                      set widget-type sessions                      set tab-id 2                      set column 1                      set top-n 25                      set sort-by msg-counts                  next                  edit 31                      set widget-type sessions                      set tab-id 3                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by destination                  next                  edit 41                      set widget-type sessions                      set tab-id 4                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by application                  next                  edit 51                      set widget-type sessions-bandwidth                      set tab-id 5                      set column 1                  next                  edit 61                      set widget-type threat-history                      set tab-id 6                      set column 1                  next              end          set email-to " dani"               config login-time                  edit " dfranco"                       set last-login 2013-10-04 18:04:43                  next              end          set password ENC       next      edit " jruiz"           set trusthost1 192.168.0.0 255.255.192.0          set accprofile " prof_admin"           set comments " Javi (HelpDesk)"           set vdom " root"           set password-expire 2014-09-05 16:19:12              config dashboard-tabs                  edit 1                      set name " Status"                   next                  edit 2                      set columns 1                      set name " Top Sources"                   next                  edit 3                      set columns 1                      set name " Top Destinations"                   next                  edit 4                      set columns 1                      set name " Top Applications"                   next                  edit 5                      set columns 1                      set name " Traffic History"                   next                  edit 6                      set columns 1                      set name " Threat History"                   next              end              config dashboard                  edit 1                      set tab-id 1                      set column 1                  next                  edit 2                      set widget-type licinfo                      set tab-id 1                      set column 1                  next                  edit 3                      set widget-type jsconsole                      set tab-id 1                      set column 1                  next                  edit 4                      set widget-type sysres                      set tab-id 1                      set column 2                  next                  edit 5                      set widget-type gui-features                      set tab-id 1                      set column 2                  next                  edit 6                      set widget-type alert                      set tab-id 1                      set column 2                      set top-n 10                  next                  edit 21                      set widget-type sessions                      set tab-id 2                      set column 1                      set top-n 25                      set sort-by msg-counts                  next                  edit 31                      set widget-type sessions                      set tab-id 3                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by destination                  next                  edit 41                      set widget-type sessions                      set tab-id 4                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by application                  next                  edit 51                      set widget-type sessions-bandwidth                      set tab-id 5                      set column 1                  next                  edit 61                      set widget-type threat-history                      set tab-id 6                      set column 1                  next              end          set email-to " javier"               config login-time                  edit " jruiz"                       set last-login 2013-10-04 17:35:37                  next              end          set password ENC       next      edit " fortisupport"           set trusthost1           set trusthost2           set accprofile " super-readonly"           set vdom " root"           set password-expire 2014-09-15 20:06:22              config dashboard-tabs                  edit 1                      set name " Status"                   next                  edit 2                      set columns 1                      set name " Top Sources"                   next                  edit 3                      set columns 1                      set name " Top Destinations"                   next                  edit 4                      set columns 1                      set name " Top Applications"                   next                  edit 5                      set columns 1                      set name " Traffic History"                   next                  edit 6                      set columns 1                      set name " Threat History"                   next              end              config dashboard                  edit 1                      set tab-id 1                      set column 1                  next                  edit 2                      set widget-type licinfo                      set tab-id 1                      set column 1                  next                  edit 3                      set widget-type jsconsole                      set tab-id 1                      set column 1                  next                  edit 4                      set widget-type sysres                      set tab-id 1                      set column 2                  next                  edit 5                      set widget-type gui-features                      set tab-id 1                      set column 2                  next                  edit 6                      set widget-type alert                      set tab-id 1                      set column 2                      set top-n 10                  next                  edit 21                      set widget-type sessions                      set tab-id 2                      set column 1                      set top-n 25                      set sort-by msg-counts                  next                  edit 31                      set widget-type sessions                      set tab-id 3                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by destination                  next                  edit 41                      set widget-type sessions                      set tab-id 4                      set column 1                      set top-n 25                      set sort-by msg-counts                      set report-by application                  next                  edit 51                      set widget-type sessions-bandwidth                      set tab-id 5                      set column 1                  next                  edit 61                      set widget-type threat-history                      set tab-id 6                      set column 1                  next              end              config login-time                  edit " fortisupport"                       set last-login 2013-09-23 16:15:48                  next              end          set password ENC       next  end  config system ha      set override disable  end  config system storage      edit " FLASH"           set media-type " scsi"           set partition " 47C5F8C40E34928E"       next  end  config system dns      set primary 192.168.1.1      set domain " mycompany.es"   end  config system replacemsg-image      edit " logo_fnet"           set image-base64 ' '           set image-type gif      next      edit " logo_fguard_wf"           set image-base64 ' '           set image-type gif      next      edit " logo_fw_auth"           set image-base64 ' '           set image-type png      next      edit " logo_v2_fnet"           set image-base64 ' '           set image-type png      next      edit " logo_v2_fguard_wf"           set image-base64 ' '           set image-type png      next  end  config system replacemsg mail " email-block"   end  config system replacemsg mail " email-dlp-subject"   end  config system replacemsg mail " email-dlp-ban"   end  config system replacemsg mail " email-filesize"   end  config system replacemsg mail " partial"   end  config system replacemsg mail " smtp-block"   end  config system replacemsg mail " smtp-filesize"   end  config system replacemsg http " bannedword"   end  config system replacemsg http " url-block"       set buffer " <!DOCTYPE html PUBLIC \" -//W3C//DTD HTML 4.01//EN\" >  <html>    <head>      <meta http-equiv=\" Content-Type\"  content=\" text/html; charset=UTF-8\" >      <style type=\" text/css\" >        html,body{          height:100%;          padding:0;          margin:0;        }.oc{          display:table;          width:100%;          height:100%;        }.ic{          display:table-cell;          vertical-align:middle;          height:100%;        }div.msg{          display:block;          border:1px solid #30c;          padding:0;          width:500px;          font-family:helvetica,sans-serif;          margin:10px auto;        }h1{          font-weight:bold;          color:#fff;          font-size:14px;          margin:0;          padding:2px;          text-align:center;          background: #30c;        }p{          font-size:12px;          margin:15px auto;          width:75%;          font-family:helvetica,sans-serif;          text-align:left;        }      </style>      <title>        The URL you requested has been blocked      </title>    </head>    <body>      <div class=\" oc\" >        <div class=\" ic\" >          <div class=\" msg\" >            <h1>              The URL you requested has been blocked            </h1>            <p>              The page you have requested has been blocked, because the URL is banned.              <br />              <br />              URL = %%URL%%              <br />              CATEGORY = %%CATEGORY%%              <br />              %%OVERRIDE%%            </p>          </div>        </div>      </div>    </body>  </html>"   end  config system replacemsg http " urlfilter-err"   end  config system replacemsg http " infcache-block"   end  config system replacemsg http " http-block"   end  config system replacemsg http " http-filesize"   end  config system replacemsg http " http-dlp-ban"   end  config system replacemsg http " http-archive-block"   end  config system replacemsg http " http-contenttypeblock"   end  config system replacemsg http " https-invalid-cert-block"   end  config system replacemsg http " http-client-block"   end  config system replacemsg http " http-client-filesize"   end  config system replacemsg http " http-client-bannedword"   end  config system replacemsg http " http-post-block"   end  config system replacemsg http " http-client-archive-block"   end  config system replacemsg http " switching-protocols-block"   end  config system replacemsg webproxy " deny"   end  config system replacemsg webproxy " user-limit"   end  config system replacemsg webproxy " auth-challenge"   end  config system replacemsg webproxy " auth-login-fail"   end  config system replacemsg webproxy " auth-authorization-fail"   end  config system replacemsg webproxy " http-err"   end  config system replacemsg ftp " ftp-dl-blocked"   end  config system replacemsg ftp " ftp-dl-filesize"   end  config system replacemsg ftp " ftp-dl-dlp-ban"   end  config system replacemsg ftp " ftp-explicit-banner"   end  config system replacemsg ftp " ftp-dl-archive-block"   end  config system replacemsg nntp " nntp-dl-blocked"   end  config system replacemsg nntp " nntp-dl-filesize"   end  config system replacemsg nntp " nntp-dlp-subject"   end  config system replacemsg nntp " nntp-dlp-ban"   end  config system replacemsg fortiguard-wf " ftgd-block"   end  config system replacemsg fortiguard-wf " http-err"   end  config system replacemsg fortiguard-wf " ftgd-ovrd"   end  config system replacemsg fortiguard-wf " ftgd-quota"   end  config system replacemsg fortiguard-wf " ftgd-warning"   end  config system replacemsg spam " ipblocklist"   end  config system replacemsg spam " smtp-spam-dnsbl"   end  config system replacemsg spam " smtp-spam-feip"   end  config system replacemsg spam " smtp-spam-helo"   end  config system replacemsg spam " smtp-spam-emailblack"   end  config system replacemsg spam " smtp-spam-mimeheader"   end  config system replacemsg spam " reversedns"   end  config system replacemsg spam " smtp-spam-bannedword"   end  config system replacemsg spam " smtp-spam-ase"   end  config system replacemsg spam " submit"   end  config system replacemsg im " im-file-xfer-block"   end  config system replacemsg im " im-file-xfer-name"   end  config system replacemsg im " im-file-xfer-infected"   end  config system replacemsg im " im-file-xfer-size"   end  config system replacemsg im " im-dlp"   end  config system replacemsg im " im-dlp-ban"   end  config system replacemsg im " im-voice-chat-block"   end  config system replacemsg im " im-video-chat-block"   end  config system replacemsg im " im-photo-share-block"   end  config system replacemsg im " im-long-chat-block"   end  config system replacemsg alertmail " alertmail-virus"   end  config system replacemsg alertmail " alertmail-block"   end  config system replacemsg alertmail " alertmail-nids-event"   end  config system replacemsg alertmail " alertmail-crit-event"   end  config system replacemsg alertmail " alertmail-disk-full"   end  config system replacemsg admin " pre_admin-disclaimer-text"   end  config system replacemsg admin " post_admin-disclaimer-text"   end  config system replacemsg auth " auth-disclaimer-page-1"   end  config system replacemsg auth " auth-disclaimer-page-2"   end  config system replacemsg auth " auth-disclaimer-page-3"   end  config system replacemsg auth " auth-reject-page"   end  config system replacemsg auth " auth-login-page"   end  config system replacemsg auth " auth-login-failed-page"   end  config system replacemsg auth " auth-token-login-page"   end  config system replacemsg auth " auth-token-login-failed-page"   end  config system replacemsg auth " auth-success-msg"   end  config system replacemsg auth " auth-challenge-page"   end  config system replacemsg auth " auth-keepalive-page"   end  config system replacemsg auth " auth-portal-page"   end  config system replacemsg auth " auth-password-page"   end  config system replacemsg auth " auth-fortitoken-page"   end  config system replacemsg auth " auth-next-fortitoken-page"   end  config system replacemsg auth " auth-email-token-page"   end  config system replacemsg auth " auth-sms-token-page"   end  config system replacemsg auth " auth-email-harvesting-page"   end  config system replacemsg auth " auth-email-failed-page"   end  config system replacemsg auth " auth-cert-passwd-page"   end  config system replacemsg auth " auth-guest-print-page"   end  config system replacemsg auth " auth-guest-email-page"   end  config system replacemsg captive-portal-dflt " cpa-disclaimer-page-1"   end  config system replacemsg captive-portal-dflt " cpa-disclaimer-page-2"   end  config system replacemsg captive-portal-dflt " cpa-disclaimer-page-3"   end  config system replacemsg captive-portal-dflt " cpa-reject-page"   end  config system replacemsg captive-portal-dflt " cpa-login-page"   end  config system replacemsg captive-portal-dflt " cpa-login-failed-page"   end  config system replacemsg sslvpn " sslvpn-login"   end  config system replacemsg sslvpn " sslvpn-limit"   end  config system replacemsg ec " endpt-download-portal"   end  config system replacemsg ec " endpt-download-portal-mac"   end  config system replacemsg ec " endpt-download-portal-ios"   end  config system replacemsg ec " endpt-download-portal-aos"   end  config system replacemsg ec " endpt-download-portal-other"   end  config system replacemsg device-detection-portal " device-detection-failure"   end  config system replacemsg nac-quar " nac-quar-virus"   end  config system replacemsg nac-quar " nac-quar-dos"   end  config system replacemsg nac-quar " nac-quar-ips"   end  config system replacemsg nac-quar " nac-quar-dlp"   end  config system replacemsg traffic-quota " per-ip-shaper-block"   end  config system replacemsg utm " virus-html"   end  config system replacemsg utm " virus-text"   end  config system replacemsg utm " dlp-html"   end  config system replacemsg utm " dlp-text"   end  config vpn certificate ca      edit " CA_Cert_1"           set ca   "            <h2 class=" fgd_icon" >blocked</h2>          </div>          <div class=" main" >  <h3>Endpoint Security Required</h3><div class=" notice" >The use of this security policy requires that the latest FortiClient Endpoint Security software and antivirus signature package are installed.<br></div><div><h4>Contact your network administrator for assistance.</h4></div>    </div>      </div>  </body>  </html>        next  end  config vpn certificate local      edit " fortigate1"           set password ENC           set private-key "   "            <h2 class=" fgd_icon" >blocked</h2>          </div>          <div class=" main" >  <h3>Endpoint Security Required</h3><div class=" notice" >The use of this security policy requires that the latest FortiClient Endpoint Security software and antivirus signature package are installed.<br></div><div><h4>Contact your network administrator for assistance.</h4></div>    </div>      </div>  </body>  </html>            set certificate "   "  the latest FortiClient Endpoint Security software and antivirus signature package are installed.<br></div><div><h4>Contact your network administrator for assistance.</h4></div>    </div>      </div>  </body>  </html>        next  end  config user device-category      edit " ipad"       next      edit " iphone"       next      edit " gaming-console"       next      edit " blackberry-phone"       next      edit " blackberry-playbook"       next      edit " linux-pc"       next      edit " mac"       next      edit " windows-pc"       next      edit " android-phone"       next      edit " android-tablet"       next      edit " media-streaming"       next      edit " windows-phone"       next      edit " windows-tablet"       next      edit " fortinet-device"       next      edit " ip-phone"       next      edit " router-nat-device"       next      edit " other-network-device"       next      edit " collected-emails"       next      edit " all"       next  end  config antivirus service " http"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " https"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " ftp"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " ftps"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " pop3"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " pop3s"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " imap"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " imaps"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " smtp"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " smtps"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " nntp"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config antivirus service " im"       set scan-bzip2 disable      set uncompnestlimit 12      set uncompsizelimit 10  end  config wanopt storage      edit " FLASH"           set size 8708      next  end  config system session-sync  end  config system fortiguard  end  config ips global      set default-app-cat-mask 18446744073474670591  end  config ips dbinfo      set version 1  end  config log syslogd setting      set status enable      set server " 192.168.1.200"       set source-ip 192.168.1.4  end  config system email-server      set reply-to " "       set server " aspmx.l.google.com"       set security starttls  end  config gui console      unset preferences  end  config system session-helper      edit 1          set name pptp          set port 1723          set protocol 6      next      edit 2          set name h323          set port 1720          set protocol 6      next      edit 3          set name ras          set port 1719          set protocol 17      next      edit 4          set name tns          set port 1521          set protocol 6      next      edit 5          set name tftp          set port 69          set protocol 17      next      edit 6          set name rtsp          set port 554          set protocol 6      next      edit 7          set name rtsp          set port 7070          set protocol 6      next      edit 8          set name rtsp          set port 8554          set protocol 6      next      edit 9          set name ftp          set port 21          set protocol 6      next      edit 10          set name mms          set port 1863          set protocol 6      next      edit 11          set name pmap          set port 111          set protocol 6      next      edit 12          set name pmap          set port 111          set protocol 17      next      edit 13          set name sip          set port 5060          set protocol 17      next      edit 14          set name dns-udp          set port 53          set protocol 17      next      edit 15          set name rsh          set port 514          set protocol 6      next      edit 16          set name rsh          set port 512          set protocol 6      next      edit 17          set name dcerpc          set port 135          set protocol 6      next      edit 18          set name dcerpc          set port 135          set protocol 17      next      edit 19          set name mgcp          set port 2427          set protocol 17      next      edit 20          set name mgcp          set port 2727          set protocol 17      next  end  config system auto-install      set auto-install-config enable      set auto-install-image enable  end  config system ntp          config ntpserver              edit 1                  set server " ntp1.fortinet.net"               next              edit 2                  set server " ntp2.fortinet.net"               next          end      set ntpsync enable      set syncinterval 60      set type custom  end  config system settings      set sip-tcp-port 5060      set sip-udp-port 5060  end  config system replacemsg-group      edit " web-filter-default"           set comment " System Generated"           set group-type utm              config custom-message                  edit " 26"                       set buffer " This website is blocked by the FortiGate URL Filter.  <br>  If you have a valid business need to access this site, please contact with all of the details in this message.  <br>  <br>    Filtering service %%SERVICE%%  <br>  Website IP %%DEST_IP%%  <br>  URL %%URL%%  <br>  Website Category %%CATEGORY%%  <br>  <br>  %%OVERRIDE%%  "                       set header http                      set format html                  next              end      next  end  config system dhcp server      edit 1          set default-gateway 192.168.32.1          set interface " internal2"               config ip-range                  edit 1                      set end-ip 192.168.32.254                      set start-ip 192.168.32.2                  next              end          set netmask 255.255.240.0          set dns-server1 192.168.1.1      next  end  config firewall address      edit " all"       next      edit " SSLVPN_TUNNEL_ADDR1"           set comment " SSLVPN clients IP addresses range"           set type iprange          set end-ip 192.168.8.94          set start-ip 192.168.8.65      next      edit " IPsecVPN_usersIPs_range"           set comment " IPsec VPN users IPs range Aggressive mode NOT iOS clients"           set type iprange          set end-ip 192.168.8.126          set start-ip 192.168.8.97      next      edit " SP internal wired LAN1"           set subnet 192.168.0.0 255.255.248.0      next      edit " iOSIPsec_users_range"           set comment " IPsec IPs for iOS Main mode only"           set type iprange          set end-ip 192.168.8.158          set start-ip 192.168.8.129      next      edit " SP internal WiFi LAN SP_OFFICE"           set subnet 192.168.12.0 255.255.252.0      next      edit " ONO IP address x.x.x.x/32"           set comment " ONO IP address x.x.x.x/32"           set type iprange          set end-ip x.x.x.x          set start-ip x.x.x.x      next      edit " Hacker1-212.67.x.x"           set comment " Repeated SSL VPN unauthorized login attempts"           set subnet 212.67.0.0 255.255.0.0      next      edit " 192.168.255.255"           set comment " 192.168.0.0/16 broadcast"           set type iprange          set end-ip 192.168.255.255          set start-ip 192.168.255.255      next      edit " 192.168.7.255"           set comment " 192.168.0.0/21 broadcast"           set type iprange          set end-ip 192.168.7.255          set start-ip 192.168.7.255      next      edit " SP internal WiFi LAN SP_GUEST"           set associated-interface " internal"           set subnet 192.168.16.0 255.255.255.0      next      edit " SP internal wired LAN2"           set associated-interface " internal2"           set subnet 192.168.32.0 255.255.240.0      next      edit " SP internal WiFi Mgmt subnet"           set associated-interface " internal"           set subnet 192.168.17.0 255.255.255.0      next      edit " 192.168.32.3"           set associated-interface " internal2"           set comment " Jay Android tablet 20131002"           set type iprange          set end-ip 192.168.32.3          set start-ip 192.168.32.3      next  end  config firewall multicast-address      edit " all"           set end-ip 239.255.255.255          set start-ip 224.0.0.0      next  end  config firewall address6      edit " all"       next      edit " SSLVPN_TUNNEL_IPv6_ADDR1"           set ip6 fdff:ffff::1/120      next  end  config firewall service category      edit " General"           set comment " general services"       next      edit " Web Access"           set comment " web access"       next      edit " File Access"           set comment " file access"       next      edit " Email"           set comment " email services"       next      edit " Network Services"           set comment " network services"       next      edit " Authentication"           set comment " authentication service"       next      edit " Remote Access"           set comment " remote access"       next      edit " Tunneling"           set comment " tunneling service"       next      edit " VoIP, Messaging & Other Applications"           set comment " VoIP, messaging, and other applications"       next      edit " Web Proxy"           set comment " Explicit web proxy"       next  end  config firewall service custom      edit " ALL"           set category " General"           set protocol IP      next      edit " ALL_TCP"           set category " General"           set tcp-portrange 1-65535      next      edit " ALL_UDP"           set category " General"           set udp-portrange 1-65535      next      edit " ALL_ICMP"           set category " General"           set protocol ICMP          unset icmptype      next      edit " ALL_ICMP6"           set category " General"           set protocol ICMP6          unset icmptype      next      edit " GRE"           set category " Tunneling"           set protocol IP          set protocol-number 47      next      edit " AH"           set category " Tunneling"           set protocol IP          set protocol-number 51      next      edit " ESP"           set category " Tunneling"           set protocol IP          set protocol-number 50      next      edit " AOL"           set visibility disable          set tcp-portrange 5190-5194      next      edit " BGP"           set category " Network Services"           set tcp-portrange 179      next      edit " DHCP"           set category " Network Services"           set udp-portrange 67-68      next      edit " DNS"           set category " Network Services"           set tcp-portrange 53          set udp-portrange 53      next      edit " FINGER"           set visibility disable          set tcp-portrange 79      next      edit " FTP"           set category " File Access"           set tcp-portrange 21      next      edit " FTP_GET"           set category " File Access"           set tcp-portrange 21      next      edit " FTP_PUT"           set category " File Access"           set tcp-portrange 21      next      edit " GOPHER"           set visibility disable          set tcp-portrange 70      next      edit " H323"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 1720 1503          set udp-portrange 1719      next      edit " HTTP"           set category " Web Access"           set tcp-portrange 80      next      edit " HTTPS"           set category " Web Access"           set tcp-portrange 443      next      edit " IKE"           set category " Tunneling"           set udp-portrange 500 4500      next      edit " IMAP"           set category " Email"           set tcp-portrange 143      next      edit " IMAPS"           set category " Email"           set tcp-portrange 993      next      edit " Internet-Locator-Service"           set visibility disable          set tcp-portrange 389      next      edit " IRC"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 6660-6669      next      edit " L2TP"           set category " Tunneling"           set tcp-portrange 1701          set udp-portrange 1701      next      edit " LDAP"           set category " Authentication"           set tcp-portrange 389      next      edit " NetMeeting"           set visibility disable          set tcp-portrange 1720      next      edit " NFS"           set category " File Access"           set tcp-portrange 111 2049          set udp-portrange 111 2049      next      edit " NNTP"           set visibility disable          set tcp-portrange 119      next      edit " NTP"           set category " Network Services"           set tcp-portrange 123          set udp-portrange 123      next      edit " OSPF"           set category " Network Services"           set protocol IP          set protocol-number 89      next      edit " PC-Anywhere"           set category " Remote Access"           set tcp-portrange 5631          set udp-portrange 5632      next      edit " PING"           set category " Network Services"           set protocol ICMP          set icmptype 8          unset icmpcode      next      edit " TIMESTAMP"           set protocol ICMP          set visibility disable          set icmptype 13          unset icmpcode      next      edit " INFO_REQUEST"           set protocol ICMP          set visibility disable          set icmptype 15          unset icmpcode      next      edit " INFO_ADDRESS"           set protocol ICMP          set visibility disable          set icmptype 17          unset icmpcode      next      edit " ONC-RPC"           set category " Remote Access"           set tcp-portrange 111          set udp-portrange 111      next      edit " DCE-RPC"           set category " Remote Access"           set tcp-portrange 135          set udp-portrange 135      next      edit " POP3"           set category " Email"           set tcp-portrange 110      next      edit " POP3S"           set category " Email"           set tcp-portrange 995      next      edit " PPTP"           set category " Tunneling"           set tcp-portrange 1723      next      edit " QUAKE"           set visibility disable          set udp-portrange 26000 27000 27910 27960      next      edit " RAUDIO"           set visibility disable          set udp-portrange 7070      next      edit " REXEC"           set visibility disable          set tcp-portrange 512      next      edit " RIP"           set category " Network Services"           set udp-portrange 520      next      edit " RLOGIN"           set visibility disable          set tcp-portrange 513:512-1023      next      edit " RSH"           set visibility disable          set tcp-portrange 514:512-1023      next      edit " SCCP"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 2000      next      edit " SIP"           set category " VoIP, Messaging & Other Applications"           set udp-portrange 5060      next      edit " SIP-MSNmessenger"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 1863      next      edit " SAMBA"           set category " File Access"           set tcp-portrange 139      next      edit " SMTP"           set category " Email"           set tcp-portrange 25      next      edit " SMTPS"           set category " Email"           set tcp-portrange 465      next      edit " SNMP"           set category " Network Services"           set tcp-portrange 161-162          set udp-portrange 161-162      next      edit " SSH"           set category " Remote Access"           set tcp-portrange 22      next      edit " SYSLOG"           set category " Network Services"           set udp-portrange 514      next      edit " TALK"           set visibility disable          set udp-portrange 517-518      next      edit " TELNET"           set category " Remote Access"           set tcp-portrange 23      next      edit " TFTP"           set category " File Access"           set udp-portrange 69      next      edit " MGCP"           set visibility disable          set udp-portrange 2427 2727      next      edit " UUCP"           set visibility disable          set tcp-portrange 540      next      edit " VDOLIVE"           set visibility disable          set tcp-portrange 7000-7010      next      edit " WAIS"           set visibility disable          set tcp-portrange 210      next      edit " WINFRAME"           set visibility disable          set tcp-portrange 1494 2598      next      edit " X-WINDOWS"           set category " Remote Access"           set tcp-portrange 6000-6063      next      edit " PING6"           set protocol ICMP6          set visibility disable          set icmptype 128          unset icmpcode      next      edit " MS-SQL"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 1433 1434      next      edit " MYSQL"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 3306      next      edit " RDP"           set category " Remote Access"           set tcp-portrange 3389      next      edit " VNC"           set category " Remote Access"           set tcp-portrange 5900      next      edit " DHCP6"           set category " Network Services"           set udp-portrange 546 547      next      edit " SQUID"           set category " Tunneling"           set tcp-portrange 3128      next      edit " SOCKS"           set category " Tunneling"           set tcp-portrange 1080          set udp-portrange 1080      next      edit " WINS"           set category " Remote Access"           set tcp-portrange 1512          set udp-portrange 1512      next      edit " RADIUS"           set category " Authentication"           set udp-portrange 1812 1813      next      edit " RADIUS-OLD"           set visibility disable          set udp-portrange 1645 1646      next      edit " CVSPSERVER"           set visibility disable          set tcp-portrange 2401          set udp-portrange 2401      next      edit " AFS3"           set category " File Access"           set tcp-portrange 7000-7009          set udp-portrange 7000-7009      next      edit " TRACEROUTE"           set category " Network Services"           set udp-portrange 33434-33535      next      edit " RTSP"           set category " VoIP, Messaging & Other Applications"           set tcp-portrange 554 7070 8554          set udp-portrange 554      next      edit " MMS"           set visibility disable          set tcp-portrange 1755          set udp-portrange 1024-5000      next      edit " KERBEROS"           set category " Authentication"           set tcp-portrange 88          set udp-portrange 88      next      edit " LDAP_UDP"           set category " Authentication"           set udp-portrange 389      next      edit " SMB"           set category " File Access"           set tcp-portrange 445      next      edit " ALL_CUSTOM"           set category " General"           set protocol IP      next      edit " webproxy"           set explicit-proxy enable          set category " Web Proxy"           set protocol ALL          set tcp-portrange 0-65535:0-65535      next  end  config firewall service group      edit " Email Access"           set member " DNS"  " IMAP"  " IMAPS"  " POP3"  " POP3S"  " SMTP"  " SMTPS"       next      edit " Web Access"           set member " DNS"  " HTTP"  " HTTPS"       next      edit " Windows AD"           set member " DCE-RPC"  " DNS"  " KERBEROS"  " LDAP"  " LDAP_UDP"  " SAMBA"  " SMB"       next      edit " Exchange Server"           set member " DCE-RPC"  " DNS"  " HTTPS"       next      edit " Exchange Server OWA"           set member " DNS"  " HTTPS"       next      edit " Outlook"           set member " DCE-RPC"  " DNS"  " IMAP"  " IMAPS"  " POP3"  " POP3S"  " SMTP"  " SMTPS"  " HTTPS"       next  end  config webfilter ftgd-local-cat      edit " custom1"           set id 140      next      edit " custom2"           set id 141      next  end  config ips sensor      edit " default"           set comment " prevent critical attacks"               config entries                  edit 1                      set severity high critical                   next              end      next      edit " all_default"           set comment " all predefined signatures with default setting"               config entries                  edit 1                  next              end      next      edit " all_default_pass"           set comment " all predefined signatures with PASS action"               config entries                  edit 1                      set action pass                  next              end      next      edit " protect_http_server"           set comment " protect against HTTP server-side vulnerabilities"               config entries                  edit 1                      set location server                       set protocol HTTP                   next              end      next      edit " protect_email_server"           set comment " protect against EMail server-side vulnerabilities"               config entries                  edit 1                      set location server                       set protocol SMTP POP3 IMAP                   next              end      next      edit " protect_client"           set comment " protect against client-side vulnerabilities"               config entries                  edit 1                      set location client                   next              end      next  end  config firewall shaper traffic-shaper      edit " high-priority"           set maximum-bandwidth 1048576          set per-policy enable      next      edit " medium-priority"           set maximum-bandwidth 1048576          set per-policy enable          set priority medium      next      edit " low-priority"           set maximum-bandwidth 1048576          set per-policy enable          set priority low      next      edit " guarantee-100kbps"           set guaranteed-bandwidth 100          set maximum-bandwidth 1048576          set per-policy enable      next      edit " shared-1M-pipe"           set maximum-bandwidth 1024      next  end  config application list      edit " default"           set comment " monitor all applications"               config entries                  edit 1                      set action pass                  next              end      next      edit " block-p2p"               config entries                  edit 1                      set category 2                  next              end      next      edit " monitor-p2p-and-media"               config entries                  edit 1                      set action pass                      set category 2                  next                  edit 2                      set action pass                      set category 5                  next              end      next  end  config dlp filepattern      edit 1              config entries                  edit " *.bat"                   next                  edit " *.com"                   next                  edit " *.dll"                   next                  edit " *.doc"                   next                  edit " *.exe"                   next                  edit " *.gz"                   next                  edit " *.hta"                   next                  edit " *.ppt"                   next                  edit " *.rar"                   next                  edit " *.scr"                   next                  edit " *.tar"                   next                  edit " *.tgz"                   next                  edit " *.vb?"                   next                  edit " *.wps"                   next                  edit " *.xl?"                   next                  edit " *.zip"                   next                  edit " *.pif"                   next                  edit " *.cpl"                   next              end          set name " builtin-patterns"       next      edit 2              config entries                  edit " bat"                       set filter-type type                      set file-type bat                  next                  edit " exe"                       set filter-type type                      set file-type exe                  next                  edit " elf"                       set filter-type type                      set file-type elf                  next                  edit " hta"                       set filter-type type                      set file-type hta                  next              end          set name " all_executables"       next  end  config dlp fp-sensitivity      edit " Private"       next      edit " Critical"       next      edit " Warning"       next  end  config dlp sensor      edit " default"           set comment " summary archive email and web traffics"           set extended-utm-log enable      next      edit " Content_Summary"           set extended-utm-log enable      next      edit " Content_Archive"           set extended-utm-log enable      next      edit " Large-File"           set extended-utm-log enable      next      edit " Credit-Card"           set extended-utm-log enable      next      edit " SSN-Sensor"           set extended-utm-log enable      next  end  config webfilter content  end  config webfilter urlfilter      edit 1              config entries                  edit " www.meneame.net"                       set action allow                  next              end          set name " default"       next  end  config spamfilter bword  end  config spamfilter bwl  end  config spamfilter mheader  end  config spamfilter dnsbl  end  config spamfilter iptrust  end  config client-reputation profile  end  config netscan assets      edit 1          set addr-type range          set name " internal2_LAN"           set start-ip 192.168.32.1          set end-ip 192.168.63.254      next      edit 2          set name " 192.168.32.4"           set start-ip 192.168.32.4      next  end  config icap profile      edit " default"       next  end  config vpn ssl settings      set dns-server1 192.168.32.1      set servercert " fortigate1"       set algorithm high      set idle-timeout 1800      set tunnel-ip-pools " SSLVPN_TUNNEL_ADDR1"       set port 8443  end  config vpn ssl web host-check-software      edit " FortiClient-AV"           set guid " C86EC76D-5A4C-40E7-BD94-59358E544D81"       next      edit " FortiClient-FW"           set guid " 528CB157-D384-4593-AAAA-E42DFF111CED"           set type fw      next      edit " FortiClient-AV-Vista-Win7"           set guid " 385618A6-2256-708E-3FB9-7E98B93F91F9"       next      edit " FortiClient-FW-Vista-Win7"           set guid " 006D9983-6839-71D6-14E6-D7AD47ECD682"           set type fw      next      edit " AVG-Internet-Security-AV"           set guid " 17DDD097-36FF-435F-9E1B-52D74245D6BF"       next      edit " AVG-Internet-Security-AV-Vista-Win7"           set guid " 0C939084-9E57-CBDB-EA61-0B0C7F62AF82"       next      edit " CA-Anti-Virus"           set guid " 17CFD1EA-56CF-40B5-A06B-BD3A27397C93"       next      edit " CA-Internet-Security-AV"           set guid " 6B98D35F-BB76-41C0-876B-A50645ED099A"       next      edit " CA-Internet-Security-AV-Vista-Win7"           set guid " 3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"       next      edit " F-Secure-Internet-Security-AV"           set guid " E7512ED5-4245-4B4D-AF3A-382D3F313F15"       next      edit " F-Secure-Internet-Security-AV-Vista-Win7"           set guid " 15414183-282E-D62C-CA37-EF24860A2F17"       next      edit " Kaspersky-AV"           set guid " 2C4D4BC6-0793-4956-A9F9-E252435469C0"       next      edit " Kaspersky-AV-Vista-Win7"           set guid " AE1D740B-8F0F-D137-211D-873D44B3F4AE"       next      edit " McAfee-Internet-Security-Suite-AV"           set guid " 84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"       next      edit " McAfee-Internet-Security-Suite-AV-Vista-Win7"           set guid " 86355677-4064-3EA7-ABB3-1B136EB04637"       next      edit " McAfee-Virus-Scan-Enterprise"           set guid " 918A2B0B-2C60-4016-A4AB-E868DEABF7F0"       next      edit " Norton-360-2.0-AV"           set guid " A5F1BC7C-EA33-4247-961C-0217208396C4"       next      edit " Norton-360-3.0-AV"           set guid " E10A9785-9598-4754-B552-92431C1C35F8"       next      edit " Norton-Internet-Security-AV"           set guid " E10A9785-9598-4754-B552-92431C1C35F8"       next      edit " Norton-Internet-Security-AV-Vista-Win7"           set guid " 88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"       next      edit " Symantec-Endpoint-Protection-AV"           set guid " FB06448E-52B8-493A-90F3-E43226D3305C"       next      edit " Symantec-Endpoint-Protection-AV-Vista-Win7"           set guid " 88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"       next      edit " Panda-Antivirus+Firewall-2008-AV"           set guid " EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"       next      edit " Panda-Internet-Security-AV"           set guid " 4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"       next      edit " Sophos-Anti-Virus"           set guid " 3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"       next      edit " Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"           set guid " 479CCF92-4960-B3E0-7373-BF453B467D2C"       next      edit " Trend-Micro-AV"           set guid " 7D2296BC-32CC-4519-917E-52E652474AF5"       next      edit " Trend-Micro-AV-Vista-Win7"           set guid " 48929DFC-7A52-A34F-8351-C4DBEDBD9C50"       next      edit " ZoneAlarm-AV"           set guid " 5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"       next      edit " ZoneAlarm-AV-Vista-Win7"           set guid " D61596DF-D219-341C-49B3-AD30538CBC5B"       next      edit " AVG-Internet-Security-FW"           set guid " 8DECF618-9569-4340-B34A-D78D28969B66"           set type fw      next      edit " AVG-Internet-Security-FW-Vista-Win7"           set guid " 34A811A1-D438-CA83-C13E-A23981B1E8F9"           set type fw      next      edit " CA-Internet-Security-FW"           set guid " 38102F93-1B6E-4922-90E1-A35D8DC6DAA3"           set type fw      next      edit " CA-Internet-Security-FW-Vista-Win7"           set guid " 06D680B0-4024-4FAB-E710-E675E50F6324"           set type fw      next      edit " CA-Personal-Firewall"           set guid " 14CB4B80-8E52-45EA-905E-67C1267B4160"           set type fw      next      edit " F-Secure-Internet-Security-FW"           set guid " D4747503-0346-49EB-9262-997542F79BF4"           set type fw      next      edit " F-Secure-Internet-Security-FW-Vista-Win7"           set guid " 2D7AC0A6-6241-D774-E168-461178D9686C"           set type fw      next      edit " Kaspersky-FW"           set guid " 2C4D4BC6-0793-4956-A9F9-E252435469C0"           set type fw      next      edit " Kaspersky-FW-Vista-Win7"           set guid " 9626F52E-C560-D06F-0A42-2E08BA60B3D5"           set type fw      next      edit " McAfee-Internet-Security-Suite-FW"           set guid " 94894B63-8C7F-4050-BDA4-813CA00DA3E8"           set type fw      next      edit " McAfee-Internet-Security-Suite-FW-Vista-Win7"           set guid " BE0ED752-0A0B-3FFF-80EC-B2269063014C"           set type fw      next      edit " Norton-360-2.0-FW"           set guid " 371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"           set type fw      next      edit " Norton-360-3.0-FW"           set guid " 7C21A4C9-F61F-4AC4-B722-A6E19C16F220"           set type fw      next      edit " Norton-Internet-Security-FW"           set guid " 7C21A4C9-F61F-4AC4-B722-A6E19C16F220"           set type fw      next      edit " Norton-Internet-Security-FW-Vista-Win7"           set guid " B0F2DB13-C654-2E74-30D4-99C9310F0F2E"           set type fw      next      edit " Symantec-Endpoint-Protection-FW"           set guid " BE898FE3-CD0B-4014-85A9-03DB9923DDB6"           set type fw      next      edit " Symantec-Endpoint-Protection-FW-Vista-Win7"           set guid " B0F2DB13-C654-2E74-30D4-99C9310F0F2E"           set type fw      next      edit " Panda-Antivirus+Firewall-2008-FW"           set guid " 7B090DC0-8905-4BAF-8040-FD98A41C8FB8"           set type fw      next      edit " Panda-Internet-Security-2006~2007-FW"           set guid " 4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"           set type fw      next      edit " Panda-Internet-Security-2008~2009-FW"           set guid " 7B090DC0-8905-4BAF-8040-FD98A41C8FB8"           set type fw      next      edit " Sophos-Enpoint-Secuirty-and-Control-FW"           set guid " 0786E95E-326A-4524-9691-41EF88FB52EA"           set type fw      next      edit " Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"           set guid " 7FA74EB7-030F-B2B8-582C-1670C5953A57"           set type fw      next      edit " Trend-Micro-FW"           set guid " 3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"           set type fw      next      edit " Trend-Micro-FW-Vista-Win7"           set guid " 70A91CD9-303D-A217-A80E-6DEE136EDB2B"           set type fw      next      edit " ZoneAlarm-FW"           set guid " 829BDA32-94B3-44F4-8446-F8FCFF809F8B"           set type fw      next      edit " ZoneAlarm-FW-Vista-Win7"           set guid " EE2E17FA-9876-3544-62EC-0405AD5FFB20"           set type fw      next  end  config vpn ssl web portal      edit " full-access"           set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portforward          set heading " SP FG SSLVPN Full Access"           set page-layout double-column              config widget                  edit 1                      set name " Tunnel Mode"                       set type tunnel                      set column two                      set ipv6-split-tunneling disable                      set ip-pools " SSLVPN_TUNNEL_ADDR1"                       set ipv6-pools " SSLVPN_TUNNEL_IPv6_ADDR1"                       set save-password enable                  next                  edit 2                      set name " Bookmark_Category1"                       set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward                          config bookmarks                              edit " bookmark1"                                   set description " Cisco SG500-52 no. 1 planta 11"                                   set url " https://192.168.1.217"                               next                              edit " Cisco SG500-52num1"                                   set description " Cisco SG500-52 num 1"                                   set url " https://cisco_sg500-52-1.mycompany.es"                               next                          end                  next                  edit 3                      set name " Connection Tool"                       set type tool                      set column two                      set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward                  next                  edit 4                      set name " Session Information"                       set type info                  next                  edit 5                      set name " FortiClient Download"                       set type forticlient-download                      set column two                  next              end      next      edit " web-access"           set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portforward          set theme orange          set heading " SP FG SSLVPN Web Access"               config widget                  edit 1                      set name " BookmarkCategory1Test"                       set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward                          config bookmarks                              edit " Bookmark1Test"                                   set description " Cisco SG500-52no.1"                                   set url " https://cisco_sg500-52-1.mycompany.es"                               next                          end                  next                  edit 3                      set name " FortiClient Download"                       set type forticlient-download                  next                  edit 4                      set name " Session Information"                       set type info                  next                  edit 5                      set name " Connection Tool"                       set type tool                      set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward                  next              end      next      edit " tunnel-access"           set heading " SP FG SSLVPN Tunnel Access"               config widget                  edit 1                      set name " Tunnel Mode"                       set type tunnel                      set ipv6-split-tunneling disable                      set ip-pools " SSLVPN_TUNNEL_ADDR1"                       set ipv6-pools " SSLVPN_TUNNEL_IPv6_ADDR1"                       set save-password enable                      set keep-alive enable                  next              end      next  end  config user fortitoken      edit " FTKMOB386DC3A717"           set license " FTMTRIAL00053118"       next      edit " FTKMOB38A585C0D5"           set license " FTMTRIAL00053118"       next  end  config user local      edit " guest"           set type password          set passwd-time 2013-08-22 12:26:47          set passwd ENC       next      edit " jlibove"           set type password          set email-to " "           set passwd-time 2013-09-12 17:25:27          set passwd ENC       next      edit " iOSTest"           set type password          set email-to " "           set passwd-time 2013-09-09 11:11:08          set passwd ENC       next      edit " svelez"           set type password          set email-to " "           set passwd-time 2013-08-13 11:30:42          set passwd ENC       next      edit " ganguera"           set type password          set email-to " "           set passwd-time 2013-09-26 17:45:29          set passwd ENC      next      edit " rvalles"           set type password          set email-to " "           set passwd-time 2013-08-21 18:21:21          set passwd ENC      next      edit " bjuncosa"           set type password          set email-to " "           set passwd-time 2013-08-28 11:00:35          set passwd ENC      next      edit " jgarcia"           set type password          set email-to " "           set passwd-time 2013-08-30 17:45:38          set passwd ENC      next      edit " dfranco"           set type password          set email-to " "           set passwd-time 2013-09-04 16:40:10          set passwd ENC      next      edit " rgomez"           set type password          set email-to " "           set passwd-time 2013-09-06 16:59:34          set passwd ENC      next      edit " mcanaleta"           set type password          set email-to " "           set passwd-time 2013-09-06 17:13:47          set passwd ENC      next      edit " jruiz"           set type password          set email-to " "           set passwd-time 2013-09-06 17:22:41          set passwd ENC      next      edit " adiaz"           set type password          set email-to " "           set passwd-time 2013-10-04 10:05:41          set passwd ENC      next      edit " jexposito"           set type password          set email-to " "           set passwd-time 2013-10-04 18:16:23          set passwd ENC      next  end  config user group      edit " FSSO_Guest_Users"           set group-type fsso-service      next      edit " Guest-group"           set member " guest"       next      edit " sslvpntunnel"       next      edit " ipsecvpn"           set member " jlibove"  " bjuncosa"  " mcanaleta"  " jruiz"       next      edit " sslvpnportal"       next      edit " ipseciOS"           set member " iOSTest"  " svelez"  " jlibove"  " ganguera"  " jgarcia"  " dfranco"  " rgomez"  " mcanaleta"  " jruiz"       next      edit " sslvpntunnelandportal"           set member " ganguera"  " rvalles"  " bjuncosa"  " jlibove"  " mcanaleta"  " jruiz"  " jexposito"       next      edit " WebFilterOverriders"           set member " bjuncosa"  " dfranco"  " ganguera"  " jlibove"  " jruiz"  " mcanaleta"  " adiaz"       next  end  config user device      edit " SP-JLibove"           set mac 30:f9:ed:f3:xx:xx          set type windows-pc      next      edit " Guillem MacOSX notebook"           set mac 40:6c:8f:2c:xx:xx          set type mac      next      edit " Jay Android Tablet"           set mac 14:89:fd:c7:xx:xx          set type android-tablet      next      edit " QA trasto Alberto"           set mac 00:53:45:00:00:00          set type windows-pc      next  end  config user device-group      edit " Windows-FortiAV"           set comment " Windows clients needing an AV of last resort"           set member " QA trasto Alberto "       next  end  config voip profile      edit " default"           set comment " default VoIP profile"           set extended-utm-log enable              config sip                  set log-violations enable              end              config sccp                  set log-call-summary enable                  set log-violations enable              end      next      edit " strict"           set extended-utm-log enable              config sip                  set malformed-request-line discard                  set malformed-header-via discard                  set malformed-header-from discard                  set malformed-header-to discard                  set malformed-header-call-id discard                  set malformed-header-cseq discard                  set malformed-header-rack discard                  set malformed-header-rseq discard                  set malformed-header-contact discard                  set malformed-header-record-route discard                  set malformed-header-route discard                  set malformed-header-expires discard                  set malformed-header-content-type discard                  set malformed-header-content-length discard                  set malformed-header-max-forwards discard                  set malformed-header-allow discard                  set malformed-header-p-asserted-identity discard                  set malformed-header-sdp-v discard                  set malformed-header-sdp-o discard                  set malformed-header-sdp-s discard                  set malformed-header-sdp-i discard                  set malformed-header-sdp-c discard                  set malformed-header-sdp-b discard                  set malformed-header-sdp-z discard                  set malformed-header-sdp-k discard                  set malformed-header-sdp-a discard                  set malformed-header-sdp-t discard                  set malformed-header-sdp-r discard                  set malformed-header-sdp-m discard              end      next  end  config webfilter profile      edit " default"           set comment " default web filtering"           set replacemsg-group " web-filter-default"           set ovrd-perm bannedword-override urlfilter-override fortiguard-wf-override contenttype-check-override          set post-action comfort              config override                  set ovrd-user-group " "               end              config web                  set urlfilter-table 1              end              config ftgd-wf                  set options error-allow                  set category-override 140 141                      config filters                          edit 19                              set action authenticate                              set auth-usr-grp " WebFilterOverriders"                               set category 4                          next                          edit 18                              set action authenticate                              set auth-usr-grp " WebFilterOverriders"                               set category 26                              set override-replacemsg " 26"                           next                          edit 20                              set action authenticate                              set auth-usr-grp " WebFilterOverriders"                               set category 61                              set override-replacemsg " 26"                           next                          edit 21                              set action authenticate                              set auth-usr-grp " WebFilterOverriders"                               set category 86                              set override-replacemsg " 26"                           next                      end              end          set extended-utm-log disable      next      edit " web-filter-flow"           set comment " flow-based web filter profile"           set inspection-mode flow-based          set post-action comfort              config ftgd-wf                      config filters                          edit 1                              set action warning                              set category 2                          next                          edit 2                              set action warning                              set category 7                          next                          edit 3                              set action warning                              set category 8                          next                          edit 4                              set action warning                              set category 9                          next                          edit 5                              set action warning                              set category 11                          next                          edit 6                              set action warning                              set category 12                          next                          edit 7                              set action warning                              set category 13                          next                          edit 8                              set action warning                              set category 14                          next                          edit 9                              set action warning                              set category 15                          next                          edit 10                              set action warning                              set category 16                          next                          edit 11                              set action warning                          next                          edit 12                              set action warning                              set category 57                          next                          edit 13                              set action warning                              set category 63                          next                          edit 14                              set action warning                              set category 64                          next                          edit 15                              set action warning                              set category 65                          next                          edit 16                              set action warning                              set category 66                          next                          edit 17                              set action warning                              set category 67                          next                          edit 18                              set action block                              set category 26                          next                      end              end      next  end  config webfilter override  end  config webfilter override-user  end  config webfilter ftgd-warning  end  config webfilter ftgd-local-rating  end  config webfilter search-engine      edit " google"           set hostname " .*\\.google\\..*"           set url " ^\\/((custom|search|images|videosearch|webhp)\\?)"           set query " q="           set safesearch url          set safesearch-str " &safe=active"       next      edit " yahoo"           set hostname " .*\\.yahoo\\..*"           set url " ^\\/search(\\/video|\\/images){0,1}(\\?|;)"           set query " p="           set safesearch url          set safesearch-str " &vm=r"       next      edit " bing"           set hostname " www\\.bing\\.com"           set url " ^(\\/images|\\/videos)?(\\/search|\\/async)\\?"           set query " q="           set safesearch url          set safesearch-str " &adlt=strict"       next      edit " yandex"           set hostname " yandex\\..*"           set url " ^\\/(yand){0,1}(search)[\\/]{0,}.{0,}\\?"           set query " text="           set safesearch url          set safesearch-str " &fyandex=1"       next      edit " youtube"           set hostname " .*\\.youtube\\..*"           set safesearch header      next      edit " baidu"           set hostname " .*\\.baidu\\.com"           set url " ^\\/s?\\?"           set query " wd="       next      edit " baidu2"           set hostname " .*\\.baidu\\.com"           set url " ^\\/(ns|q|m|i|v)\\?"           set query " word="       next      edit " baidu3"           set hostname " tieba\\.baidu\\.com"           set url " ^\\/f\\?"           set query " kw="       next  end  config vpn ipsec phase1-interface      edit " iOSIPsec1"           set type dynamic          set interface " ONO"           set dhgrp 2          set peertype one          set xauthtype auto          set mode aggressive          set mode-cfg enable          set proposal aes256-sha512 aes256-sha1 aes128-sha1          set peerid " iOSIPsec1"           set authusrgrp " ipseciOS"           set ipv4-start-ip 192.168.8.129          set ipv4-end-ip 192.168.8.158          set ipv4-netmask 255.255.255.224          set ipv4-dns-server1 192.168.1.1          set psksecret ENC       next      edit " FortiCliIPsec"           set type dynamic          set interface " ONO"           set xauthtype auto          set mode aggressive          set mode-cfg enable          set proposal aes256-sha512 aes128-sha1 3des-sha1          set authusrgrp " ipsecvpn"           set ipv4-start-ip 192.168.8.97          set ipv4-end-ip 192.168.8.126          set ipv4-netmask 255.255.255.224          set ipv4-dns-server1 192.168.1.1          set psksecret ENC       next      edit " AndroidIPsec1"           set type dynamic          set interface " ONO"           set dhgrp 2          set xauthtype auto          set mode-cfg enable          set proposal aes256-sha512 aes128-sha1 3des-md5          set comments " android 2.3 IPsec client requires Main Mode"           set authusrgrp " ipsecvpn"           set ipv4-start-ip 192.168.8.97          set ipv4-end-ip 192.168.8.126          set ipv4-dns-server1 192.168.1.1          set psksecret ENC       next  end  config vpn ipsec phase2-interface      edit " iOSIPsec1b"           set phase1name " iOSIPsec1"           set proposal aes256-sha512 aes256-sha1 aes128-sha1          set dhgrp 2      next      edit " FortiCliIPsec"           set phase1name " FortiCliIPsec"           set proposal aes256-sha512 aes128-sha1 3des-sha1      next      edit " AndroidIPsec1b"           set phase1name " AndroidIPsec1"           set proposal aes256-sha512 aes128-sha1 3des-md5          set dhgrp 2      next  end  config system dns-server      edit " internal2"           set mode forward-only      next      edit " ssl.root"           set mode forward-only      next  end  config antivirus settings      set grayware enable  end  config antivirus profile      edit " default"           set comment " scan and delete virus"           set inspection-mode flow-based          set block-botnet-connections enable          set extended-utm-log enable              config http                  set options scan              end              config ftp                  set options scan              end              config imap                  set options scan              end              config pop3                  set options scan              end              config smtp                  set options scan              end              config mapi                  set options scan              end              config nntp                  set options scan              end              config im                  set options scan              end              config smb                  set options scan              end          set av-virus-log disable      next      edit " AV-flow"           set comment " flow-based scan and delete virus"           set inspection-mode flow-based          set extended-utm-log enable              config http                  set options scan              end              config ftp                  set options scan              end              config imap                  set options scan              end              config pop3                  set options scan              end              config smtp                  set options scan              end              config nntp                  set options scan              end              config im                  set options scan              end          set av-virus-log disable      next  end  config spamfilter profile      edit " default"           set comment " malware and phishing URL filtering"           set flow-based enable          set extended-utm-log enable              config imap                  set log enable              end              config pop3                  set log enable              end              config smtp                  set log enable              end              config msn-hotmail                  set log enable              end              config yahoo-mail                  set log enable              end              config gmail                  set log enable              end      next  end  config report layout      edit " default"               config body-item                  edit 350                      set type misc                      set misc-component section-start                      set column 1                      set title " Bandwidth and Application Usage"                   next                  edit 401                      set type chart                      set chart " bandwidth.applications"                       set chart-options include-no-data                  next                  edit 501                      set type chart                      set chart " web.usage"                       set chart-options include-no-data                  next                  edit 511                      set type chart                      set chart " email.usage"                       set chart-options include-no-data                  next                  edit 515                      set type chart                      set chart " threats"                       set chart-options include-no-data                  next                  edit 521                      set type chart                      set chart " vpn.usage"                       set chart-options include-no-data                  next                  edit 525                      set type chart                      set chart " events"                       set chart-options include-no-data                  next                  edit 601                      set type chart                      set hide enable                      set chart " traffic.bandwidth.users"                       set chart-options include-no-data                      set drill-down-items " 5"                       set drill-down-types " 0"                   next              end          set email-recipients " "           set email-send enable          set format pdf          set options dummy-option              config page                      config footer                              config footer-item                                  edit 1                                      set content " Fortinet Inc. All rights reserved"                                   next                                  edit 2                                      set style " align_right"                                       set content " ${page_no}"                                   next                              end                      end                      config header                              config header-item                                  edit 1                                      set type image                                      set style " align_right"                                       set img-src " fortinet_logo.jpg"                                   next                              end                      end                  set options header-on-first-page footer-on-first-page                  set page-break-before heading1                  set paper letter              end          set style-theme " default-report"           set title " FortiGate System Analysis Report"       next  end  config wanopt settings      set host-id " default-id"   end  config wanopt profile      edit " default"           set comments " default WANopt profile"       next  end  config web-proxy global      set proxy-fqdn " default.fqdn"   end  config wanopt webcache      set always-revalidate enable  end  config web-proxy url-match      edit " AppRiver hosted Exchange OWA"           set cache-exemption enable          set url-pattern " exg6.exghost.com"       next  end  config firewall schedule recurring      edit " always"           set day sunday monday tuesday wednesday thursday friday saturday      next  end  config firewall profile-protocol-options      edit " default"           set comment " all default services"               config http                  set ports 80                  set options no-content-summary                  unset post-lang              end              config ftp                  set ports 21                  set options no-content-summary splice              end              config imap                  set ports 143                  set options fragmail no-content-summary              end              config mapi                  set ports 135                  set options fragmail no-content-summary              end              config pop3                  set ports 110                  set options fragmail no-content-summary              end              config smtp                  set ports 25                  set options fragmail no-content-summary splice              end              config nntp                  set ports 119                  set options no-content-summary splice              end              config im                  unset options              end              config dns                  set ports 53              end      next  end  config firewall deep-inspection-options      edit " default"           set comment " all default services"               config https                  set ports 443                  set status disable              end              config ftps                  set ports 990                  set status disable              end              config imaps                  set ports 993                  set status disable              end              config pop3s                  set ports 995                  set status disable              end              config smtps                  set ports 465                  set status disable              end              config ssh                  set ports 22              end      next  end  config firewall identity-based-route  end  config firewall policy      edit 12          set srcintf " ONO"           set dstintf " any"           set srcaddr " Hacker1-212.67.x.x"           set dstaddr " all"           set schedule " always"           set service " ALL"           set logtraffic disable          set comments " Repeated unauthorized SSL VPN login attempts 2013-08"       next      edit 21          set srcintf " internal2"           set dstintf " ONO"           set srcaddr " 192.168.32.3"           set action accept          set status disable          set comments " test enforcing endpoint policy"           set email-collection-portal enable          set forticlient-compliance-enforcement-portal enable          set forticlient-compliance-devices android          set identity-based enable          set identity-from device          set nat enable              config identity-based-policy                  edit 1                      set schedule " always"                       set utm-status enable                      set dstaddr " all"                       set service " ALL"                       set devices " Jay Android Tablet"                       set endpoint-compliance enable                      set av-profile " default"                       set webfilter-profile " default"                       set spamfilter-profile " default"                       set ips-sensor " default"                       set profile-protocol-options " default"                   next              end      next      edit 20          set srcintf " ONO"           set dstintf " any"           set srcaddr " all"           set dstaddr " ONO IP address 84.124.xx.xx/32"           set action ssl-vpn          set comments " SSL VPN Tunnel and Portal authentication rule for users who may access both. Gives access to SSL VPN Portal \" full-access\" . And allows onward tunnel as well as proxy access to all destinations internal and external."           set sslvpn-cipher high          set identity-based enable              config identity-based-policy                  edit 1                      set schedule " always"                       set groups " sslvpntunnelandportal"                       set service " ALL"                       set sslvpn-portal " full-access"                   next              end      next      edit 16          set srcintf " ONO"           set dstintf " any"           set srcaddr " all"           set dstaddr " all"           set action ssl-vpn          set comments " SSL VPN Tunnel (only) authentication rule for users. Gives access to SSL VPN Portal \" tunnel-access\" . And allows onward tunnel access to all destinations internal and external."           set sslvpn-cipher high          set identity-based enable              config identity-based-policy                  edit 1                      set schedule " always"                       set groups " sslvpntunnel"                       set service " ALL"                       set sslvpn-portal " tunnel-access"                   next              end      next      edit 19          set srcintf " FortiCliIPsec"           set dstintf " ONO"           set srcaddr " IPsecVPN_usersIPs_range"           set dstaddr " all"           set action accept          set schedule " always"           set service " ALL"           set nat enable      next      edit 8          set srcintf " FortiCliIPsec"           set dstintf " any"           set srcaddr " IPsecVPN_usersIPs_range"           set dstaddr " all"           set action accept          set schedule " always"           set service " ALL"       next      edit 10          set srcintf " ONO"           set dstintf " any"           set srcaddr " all"           set dstaddr " all"           set action ssl-vpn          set sslvpn-cipher high          set identity-based enable              config identity-based-policy                  edit 1                      set schedule " always"                       set groups " sslvpnportal"                       set service " ALL"                       set sslvpn-portal " web-access"                   next              end      next      edit 13          set srcintf " iOSIPsec1"           set dstintf " internal"           set srcaddr " iOSIPsec_users_range"           set dstaddr " SP internal wired LAN1"  " SP internal WiFi LAN SP_OFFICE"           set action accept          set schedule " always"           set service " ALL"       next      edit 11          set srcintf " iOSIPsec1"           set dstintf " ONO"           set srcaddr " iOSIPsec_users_range"           set dstaddr " all"           set action accept          set schedule " always"           set service " ALL"           set nat enable      next      edit 17          set srcintf " iOSIPsec1"           set dstintf " internal"           set srcaddr " iOSIPsec_users_range"           set dstaddr " all"           set action accept          set schedule " always"           set service " ALL"           set comments " While FortiGate uses MikroTik as outbound default route, must have this firewall rule to allow dest IP ALL via Internal interface."       next      edit 14          set srcintf " internal"           set dstintf " iOSIPsec1"           set srcaddr " SP internal wired LAN1"  " SP internal WiFi LAN SP_OFFICE"           set dstaddr " iOSIPsec_users_range"           set action accept          set schedule " always"           set service " ALL"       next      edit 15          set srcintf " internal"           set dstintf " FortiCliIPsec"           set srcaddr " SP internal wired LAN1"  " SP internal WiFi LAN SP_OFFICE"           set dstaddr " IPsecVPN_usersIPs_range"           set action accept          set schedule " always"           set service " ALL"       next      edit 18          set srcintf " internal"           set dstintf " ONO"           set srcaddr " SP internal wired LAN1"  " SP internal WiFi LAN SP_OFFICE"  " SP internal WiFi LAN SP_GUEST"           set dstaddr " all"           set action accept          set schedule " always"           set service " ALL"           set utm-status enable          set webcache enable          set comments " Allow Internal Wired LAN users to get out to the Internet via ONO VLAN interface"           set av-profile " default"           set webfilter-profile " default"           set spamfilter-profile " default"           set ips-sensor " default"           set profile-protocol-options " default"           set nat enable      next      edit 25          set srcintf " internal2"           set dstintf " ONO"           set srcaddr " SP internal wired LAN2"           set dstaddr " all"           set action accept          set schedule " always"           set service " ALL"           set utm-status enable          set av-profile " default"           set webfilter-profile " default"           set spamfilter-profile " default"           set ips-sensor " default"           set profile-protocol-options " default"           set nat enable ...

kolawale_FTNT

Staff

>> How do I get a copy/export of the FortiClient config? From the FortiClient GUI, select File -> Settings. Click the Backup button. Be sure to choose " no password" in the Backup Configuration dialog box displayed. >> FG100D configuration is below I reviewed the section of the configuration listed below and have the following question: Does the MAC address of the client match the one defined below? If it does not, you will get the default EC profile on the client. The MAC address used by the client is displayed on the FortiGate EC monitor page.

   config user device        edit " QA trasto Alberto"             set mac 00:53:45:00:00:00            set type windows-pc        next    end    config user device-group        edit " Windows-FortiAV"             set comment " Windows clients needing an AV of last resort"             set member " QA trasto Alberto "         next    end    config endpoint-control profile        edit " Windows-FortiAV"                 config forticlient-winmac-settings                    set forticlient-av enable                    set forticlient-vpn-provisioning enable                        config forticlient-vpn-settings                            edit " SP FG SSL VPN"                                 set type ssl                                set remote-gw " node.com"                                 set sslvpn-access-port 8443                            next                        end                    set forticlient-log-upload disable                    set forticlient-update-from-fmg enable                    set forticlient-update-failover-to-fdn disable                    set forticlient-ui-options av vpn                end                config forticlient-android-settings                end                config forticlient-ios-settings                end            set description " Windows clients needing an AV of last resort"             set device-groups " Windows-FortiAV"         next        edit " default"                 config forticlient-winmac-settings                    set forticlient-vpn-provisioning enable                        config forticlient-vpn-settings                            edit " FG SSL VPN"                                 set type ssl                                set remote-gw " vpn.mycompany.es"                                 set sslvpn-access-port 8443                            next                        end                    set forticlient-log-upload disable                    set forticlient-ui-options vpn                end                config forticlient-android-settings                end                config forticlient-ios-settings                end        next    end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded