Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jroy777
New Contributor III

Duplicate a working Cisco Router config on a FortiSwitch 424E-Fiber

We have a working Cisco router doing bgp to AWS Direct Connect. What is the correct way to create the layer 3 interfaces (Direct-Connect, inside and dmz/uat) and the required Vlan 2900 with correct dot1Q encapsulation. Do I create on a sub interface like with Cisco? See Cisco settings below. See attached drawing.

I am assuming just plugging in existing HPE switch to interface assigned on FortiSwitch for "DMZ/UAT" and for "Inside" but how do I create the interfaces correctly on FortiSwitch? IP's should be assigned to layer 3 but "router" does not give the options I think I should see.

Here are Cisco settings:

 

interface TenGigabitEthernet0/0/0.2900 (This is a sub interface)
description "Direct Connect to Amazon VPC or Transit Gateway on AWS Cloud"
encapsulation dot1Q 2900
ip address 169.254.38.182 255.255.255.252

interface TenGigabitEthernet0/0/1 (Physical interface)
description "Prod DBNET access"
ip address 192.168.51.249 255.255.254.0
no ip proxy-arp
ip nbar protocol-discovery


router bgp 64514 (my ASN)
bgp log-neighbor-changes
neighbor 169.254.38.181 remote-as 64513 (remote ASN)
neighbor 169.254.38.181 password *******
!
address-family ipv4
network 169.254.38.180 mask 255.255.255.252
network 192.168.50.0 mask 255.255.254.0
network 10.10.2.0 mask 255.255.255.0
network 10.1.0.0 mask 255.255.254.0
neighbor 169.254.38.181 activate
exit-address-family

 

Here are FortiSwitch settings I have applied or compiled so far:

AWS-DC-Megaport # show system interface
name Name.
internal static 192.168.50.41 255.255.254.0 up physical
mgmt dhcp 0.0.0.0 0.0.0.0 up physical
uat static 10.10.2.4 255.255.255.0 up vlan

How do I configure DMZ/UAT to use same interface (diff vlan) on fortiswitch?

config router bgp
set as 64514
set router-id 192.168.50.41

config neighbor
edit "<IPv4_or_IPv6 address>" (should this be 169.254.38.182?)
set remote-as 64513

end

UPDATED DRAWING!!!!!
FortiSwitch-AWS-DC-vlan-Diagram.png






33 REPLIES 33
jroy777
New Contributor III

OK, can someone tell me which is the correct type of interface to use? A RVI or a SVI. I need to make sure BGP works

I want to convert this cisco router interface config and bgp settings below to our new FortiSwitch 424e Anyone can offer a solution?

interface TenGigabitEthernet0/0/0.2900
description "Direct Connect to Amazon VPC or Transit Gateway on AWS Cloud"
encapsulation dot1Q 2900
ip address 169.254.38.182 255.255.255.252
!
router bgp 64514
bgp log-neighbor-changes
neighbor 169.254.38.181 remote-as 64513
neighbor 169.254.38.181 password zNG9HzGKJyWPq5MB4VWE
!
address-family ipv4
network 169.254.38.180 mask 255.255.255.252
network 192.168.50.0 mask 255.255.254.0
neighbor 169.254.38.181 activate
exit-address-family

Routed VLAN interfaces

A routed VLAN interface (RVI) is a physical port or trunk interface that supports layer-3 routing protocols. When the physical port or trunk is administratively down, the RVI for that physical port or trunk goes down as well. All RVIs use the same VLAN, 4095.

RVIs support ECMP, VRF, multiple IP addresses, IPv4 addresses, IPv6 addresses, BFD, VRRP, DHCP server, DHCP relay, RIP, OSPF, ISIS, BGP, and PIM.

Layer-2 protocols and most switch interface features are disabled on RVIs. 

https://docs.fortinet.com/document/fortiswitch/7.4.3/fortiswitchos-administration-guide/22391/routed...

Switch virtual interfaces

A switch virtual interface (SVI) is a logical interface that is associated with a VLAN and supports routing and switching protocols.

You can assign an IP address to the SVI to enable routing between VLANs. For example, SVIs can route between two different VLANs connected to a switch (no need to connect through a layer-3 router).

https://docs.fortinet.com/document/fortiswitch/7.4.3/fortiswitchos-administration-guide/626301/switc...

jroy777
New Contributor III

OK, I did this (from the docs) and have a RVI

Create a system interface. Set the IP address and netmask, set the interface type to physical, and then assign the layer-2 interface.

config system interface

edit <new_interface_name>

set ip <IP_address_and_netmask>

set type physical

set l2-interface <existing_interface_name>

next

end

Does this look correct?
edit "AWS-DC-L3"
set mode static
set dhcp-relay-service disable
set ip 169.254.38.182 255.255.255.252
unset allowaccess
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set status up
set type physical
set l2-interface "port28"
set description ''
set alias ''
set vrrp-virtual-mac disable
set secondary-IP disable
set snmp-index 35

jroy777
New Contributor III

Does anyone know default encapsulation mode on FortiSwitch interfaces?
I need 802.1q

Toshi_Esumi

I think .1Q only. That's why you can't find the command to select the encapsulation.

 

Toshi

Toshi_Esumi

And you're setting it up as "standalone" with L3 features that require licenses, which I've never done myself, so I can't comment on them specifically. But I can tell the concept of L2/L3 configuration mainly viewed from L2 side and up. 

You already figured out L3 interfaces need to be configured under "config system interface". But probably never imagined those L3 VLAN interfaces have to be sub-interfaces of "internal" special L3 interface if you haven't dealt with any FortiGates before.

Then to connect L2 VLANs at physical ports to those L3 VLAN interfaces, you have to include those VLANs as allowed-vlans on the L2 special interface "internal" under "config switch interface". It might be hard to understand but I depicted this command line structure in below.
FSW-internal-int.png

 

But beyond this, especially L3 features like BGP, you'll soon realize you likely need to refer to FortiGate(FGT) documentation since those features must have been "imported/ported" from FGT's software.

And you likely need to open a ticket at TAC to get help or figure them out by yourself by referring to FGT's documentation. I had to figure out above almost all by myself recently to utilize FSWs as L2 switches. But in my case, I have some experiences with FGTs.

Toshi 

jroy777
New Contributor III

Thank You for the detailed explanation. It is extremely valuable. Can I send you the config I came up with? I am able to ping from a host on my "inside" network all IP's listed in my drawing except the AWS-DC interface (only because I have not moved the cable from the Cisco to the FS. I want to see if you believe I have setup the interfaces correct based on what you outlined above.

Toshi_Esumi

Sure. I'll take a look at it when I have time to do so.

Toshi

jroy777
New Contributor III

Wow, am I missing it? Is there no way to attach a file?

AWS-DC-Megaport # show full-configuration
#config-version=S424EI-7.04-FW-build830-240422:opmode=0:vdom=0
#conf_file_ver=11362378364286318208
#buildno=0830
#global_vdom=1
config system global
    set 802.1x-ca-certificate "Fortinet_CA"
    set 802.1x-certificate "Fortinet_Factory"
    set admin-concurrent enable
    set admin-lockout-duration 60
    set admin-lockout-threshold 3
    set admin-password-hash sha256
    set admin-restrict-local disable
    set admin-scp disable
    set admin-ssh-grace-time 120
    set admin-ssh-port 22
    set admin-ssh-v1 disable
    set admin-telnet-port 23
    set admintimeout 5
    set alertd-relog disable
    set allow-subnet-overlap enable
    set arp-inspection-monitor-timeout 1440
    set arp-timeout 180
    set asset-tag ''
    set cfg-save automatic
    set clt-cert-req disable
    set csr-ca-attribute enable
    set daily-restart disable
    set delaycli-timeout-cleanup 15
    set detect-ip-conflict enable
    set dh-params 2048
    set dhcp-circuit-id intfname vlan mode
    set dhcp-option-format ascii
    set dhcp-remote-id mac
    set dhcp-server-access-list disable
    set dhcp-snoop-client-req drop-untrusted
    set dhcps-db-exp 86400
    set dhcps-db-per-port-learn-limit 64
    set dst enable
    set hostname "AWS-DC-Megaport"
    set image-rotation enable
    set ip-conflict-ignore-default enable
    set ipv6-accept-dad 1
    set ipv6-all-forwarding enable
    set kernel-crashlog enable
    set kernel-devicelog enable
    set l3-host-expiry disable
    set ldapconntimeout 500
    set post-login-banner ''
    set pre-login-banner ''
    set private-data-encryption disable
    set radius-coa-port 3799
    set radius-port 1812
    set remoteauthtimeout 5
    set reset-button enable
    set revision-backup-on-logout enable
    set revision-backup-on-upgrade enable
    set strong-crypto enable
    set tcp-mss-min 48
    set tcp-options enable
    set tcp6-mss-min 48
    set timezone 04
end
config system alias group
end
config system accprofile
    edit "prof_admin"
        set admingrp read-write
        set exec-alias-grp read-write
        set loggrp read-write
        set mntgrp read-write
        set netgrp read-write
        set pktmongrp read-write
        set routegrp read-write
        set swcoregrp read-write
        set swmonguardgrp read-write
        set sysgrp read-write
        set utilgrp read-write
    next
end
config switch global
    set access-vlan-mode legacy
    set auto-fortilink-discovery enable
    set auto-isl enable
    set auto-isl-port-group 0
    set auto-stp-priority enable
    set bpdu-learn enable
    set dhcp-snooping-database-export disable
    set dmi-global-all enable
    set flapguard-retain-trigger disable
    set flood-unknown-multicast disable
    set flood-vtp disable
    set forti-trunk-dmac 02:80:c2:00:00:02
    set fortilink-heartbeat-timeout 60
    set fortilink-p2p-native-vlan 4094
    set fortilink-p2p-tpid 0x8100
    set fortilink-vlan-optimization disable
    set l2-memory-check disable
    set l2-memory-check-interval 120
    set log-mac-limit-violations disable
    set log-source-guard-violations disable
    set loop-guard-tx-interval 3
    set mac-aging-interval 300
    set max-path-in-ecmp-group 8
    set mclag-igmpsnooping-aware disable
    set mclag-peer-info-timeout 60
    set mclag-port-base 0
    set mclag-split-brain-detect disable
    set mclag-stp-aware enable
    set name ''
    set neighbor-discovery-to-cpu enable
    config port-security
        set link-down-auth set-unauth
        set mab-entry-as static
        set mab-reauth disable
        set mac-called-station-delimiter hyphen
        set mac-calling-station-delimiter hyphen
        set mac-case lowercase
        set mac-password-delimiter hyphen
        set mac-username-delimiter hyphen
        set max-reauth-attempt 0
        set quarantine-vlan enable
        set reauth-period 60
        set tx-period 30
    end
    set reserved-mcast-to-cpu enable
    set storm-control-monitor disable
    set trunk-hash-mode default
    set trunk-hash-unicast-src-port disable
    set trunk-hash-unkunicast-src-dst enable
    set virtual-wire-tpid 0xdee5
    set vxlan-dport 4789
    set vxlan-sport 0
    set vxlan-stp-virtual-root disable
end
config switch lldp settings
    set status enable
    set tx-hold 4
    set tx-interval 30
    set fast-start-interval 2
    set management-interface "mgmt"
    set management-address ipv4 ipv6
    set device-detection disable
end
config switch lldp profile
    edit "default"
        unset 802.1-tlvs
        unset 802.3-tlvs
        set auto-isl disable
        set auto-isl-auth-identity "fortilink"
        set auto-isl-auth-reauth 3600
        set auto-isl-auth-user "Fortinet_Factory"
        set auto-isl-hello-timer 3
        set auto-isl-port-group 0
        set auto-isl-receive-timeout 60
        set auto-mclag-icl disable
        config med-location-service
            edit "coordinates"
                set status disable
            next
            edit "address-civic"
                set status disable
            next
            edit "elin-number"
                set status disable
            next
        end
        config med-network-policy
            edit "voice"
                set status disable
            next
            edit "voice-signaling"
                set status disable
            next
            edit "guest-voice"
                set status disable
            next
            edit "guest-voice-signaling"
                set status disable
            next
            edit "softphone-voice"
                set status disable
            next
            edit "video-conferencing"
                set status disable
            next
            edit "streaming-video"
                set status disable
            next
            edit "video-signaling"
                set status disable
            next
        end
        set med-tlvs inventory-management network-policy location-identification
    next
    edit "default-auto-isl"
        unset 802.1-tlvs
        unset 802.3-tlvs
        set auto-isl enable
        set auto-isl-auth legacy
        set auto-isl-hello-timer 3
        set auto-isl-port-group 0
        set auto-isl-receive-timeout 60
        set auto-mclag-icl disable
        unset med-tlvs
    next
end
config switch vlan-tpid
    edit "default"
        set ether-type 0x8100
    next
end
config switch qos qos-policy
    edit "default"
        config cos-queue
            edit "queue-0"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-1"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-2"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-3"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-4"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-5"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-6"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
            edit "queue-7"
                set description ''
                set drop-policy taildrop
                set max-rate 0
                set min-rate 0
                set weight 1
                set wred-slope 45
            next
        end
        set rate-by kbps
        set schedule round-robin
    next
end
config system ptp profile
    edit "default"
        set description ''
        set mode transparent-e2e
    next
end
config switch ptp settings
    set status disable
    set profile "default"
end
config system ptp interface-policy
    edit "default"
        set description ''
        set vlan 0
        set vlan-pri 4
    next
end
config switch physical-port
    edit "port1"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port2"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port3"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port4"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port5"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port6"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port7"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port8"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
         set status up
        set storm-control-mode global
    next
    edit "port9"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port10"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port11"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port12"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port13"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port14"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port15"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port16"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port17"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port18"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port19"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
           set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port20"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port21"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port22"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port23"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port24"
        set cdp-status disable
        set description ''
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 1000full
        set status up
        set storm-control-mode global
    next
    edit "port25"
        set cdp-status disable
        set description "To DBNET10G-03 Port 37 | inside"
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 10000full
        set status up
        set storm-control-mode global
    next
    edit "port26"
        set cdp-status disable
        set description "To DMZ10G-02 Port 35 | dmz"
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 10000full
        set status up
        set storm-control-mode global
    next
    edit "port27"
        set cdp-status disable
        set description "To DMZ10G-02 Port 37 | UAT"
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 10000full
        set status up
        set storm-control-mode global
    next
    edit "port28"
        set cdp-status disable
        set description "To AWS Direct Connect Vlan 2900"
        set dmi-status global
        set flapguard disabled
        set flow-control disable
        set fortilink-p2p disable
        set l2-learning enabled
        set lldp-profile "default-auto-isl"
        set lldp-status tx-rx
        set loopback disable
        set max-frame-size 9216
        set speed 10000full
        set status up
        set storm-control-mode global
    next
    edit "internal"
        set description ''
    next
end
config switch vlan
    edit 35
        set private-vlan disable
        set lan-segment disable
        set description "UAT"
        set learning enable
        set learning-limit 0
        set rspan-mode disable
        set igmp-snooping disable
        set dhcp-snooping disable
        set dhcp6-snooping disable
        set access-vlan disable
        set assignment-priority 128
        unset policer
        unset cos-queue
    next
    edit 2900
        set private-vlan disable
        set lan-segment disable
        set description "AWS-DC-FortiSW Port 28"
        set learning enable
        set learning-limit 0
        set rspan-mode disable
        set igmp-snooping disable
        set dhcp-snooping disable
        set dhcp6-snooping disable
        set access-vlan disable
        set assignment-priority 128
        unset policer
        unset cos-queue
    next
    edit 2
        set private-vlan disable
        set lan-segment disable
        set description "dmz"
        set learning enable
        set learning-limit 0
        set rspan-mode disable
        set igmp-snooping disable
        set dhcp-snooping disable
        set dhcp6-snooping disable
        set access-vlan disable
        set assignment-priority 128
        unset policer
        unset cos-queue
    next
end
config switch interface
    edit "port1"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 1
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port2"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 2
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port3"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 3
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port4"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 4
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port5"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 5
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port6"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 6
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port7"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 7
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port8"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 8
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port9"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 9
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port10"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 10
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port11"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 11
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
         set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
         set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port12"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 12
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
         set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port13"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 13
         config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port14"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 14
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port15"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 15
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port16"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
         set sflow-counter-interval 0
        set snmp-index 16
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port17"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 17
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port18"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 18
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port19"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 19
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port20"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 20
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port21"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
         set sflow-counter-interval 0
        set snmp-index 21
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port22"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 22
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
             set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port23"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 23
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port24"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 24
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port25"
        set description ''
        set native-vlan 1
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state disabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 25
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port26"
        set description ''
        set native-vlan 2
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state enabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 26
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port27"
        set description ''
        set native-vlan 35
        unset allowed-vlans
        unset untagged-vlans
        set discard-mode none
        set dhcp-snooping untrusted
        set dhcp-snoop-learning-limit-check disable
        set dhcp-snoop-option82-trust disable
        set arp-inspection-trust untrusted
        set stp-state disabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set ip-source-guard disable
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 27
        config port-security
            set port-security-mode none
        end
        config qnq
            set status disable
            set stp-qnq-admin enable
        end
        set vlan-mapping-miss-drop disable
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-policy "default"
        set ptp-status enable
        set learning-limit 0
        set sticky-mac disable
        set log-mac-event disable
        set nac disable
    next
    edit "port28"
        set description ''
        set allow-arp-monitor disable
        set ip-source-guard disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 28
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set qos-policy "default"
        set ptp-status disable
    next
    edit "internal"
        set description ''
        set native-vlan 1
        set allowed-vlans 2,35
        unset untagged-vlans
        set discard-mode none
        set stp-state disabled
        set stp-loop-protection disabled
        set stp-root-guard disabled
        set stp-bpdu-guard disabled
        set loop-guard disabled
        set edge-port enabled
        set rpvst-port disabled
        set auto-discovery-fortilink-packet-interval 5
        set private-vlan disable
        set igmp-snooping-flood-reports disable
        set mcast-snooping-flood-traffic disable
        set packet-sampler disabled
        set sflow-counter-interval 0
        set snmp-index 29
        set vlan-tpid "default"
        set trust-dot1p-map ''
        set trust-ip-dscp-map ''
        set nac disable
    next
end
config switch stp settings
    set forward-time 15
    set hello-time 2
    set max-age 20
    set max-hops 20
    set mclag-stp-bpdu both
    set name ''
    set revision 0
    set status enable
end
config switch stp instance
    edit "0"
        set priority 32768
        config stp-port
            edit "port1"
                set cost 0
                set priority 128
            next
            edit "port2"
                set cost 0
                set priority 128
            next
            edit "port3"
                set cost 0
                set priority 128
            next
            edit "port4"
                set cost 0
                set priority 128
            next
            edit "port5"
                set cost 0
                set priority 128
            next
            edit "port6"
                set cost 0
                set priority 128
            next
            edit "port7"
                set cost 0
                set priority 128
            next
             edit "port8"
                set cost 0
                set priority 128
            next
            edit "port9"
                set cost 0
                set priority 128
            next
            edit "port10"
                set cost 0
                set priority 128
            next
            edit "port11"
                set cost 0
                set priority 128
            next
            edit "port12"
                set cost 0
                set priority 128
            next
            edit "port13"
                set cost 0
                set priority 128
            next
            edit "port14"
                set cost 0
                set priority 128
            next
            edit "port15"
                set cost 0
                set priority 128
            next
            edit "port16"
                set cost 0
                set priority 128
            next
            edit "port17"
                set cost 0
                set priority 128
            next
            edit "port18"
                set cost 0
                set priority 128
            next
            edit "port19"
                set cost 0
                set priority 128
            next
            edit "port20"
                set cost 0
                set priority 128
            next
            edit "port21"
                set cost 0
                set priority 128
            next
            edit "port22"
                set cost 0
                set priority 128
            next
            edit "port23"
                set cost 0
                set priority 128
            next
            edit "port24"
                set cost 0
                set priority 128
            next
            edit "port25"
                set cost 0
                set priority 128
            next
            edit "port26"
                set cost 0
                set priority 128
            next
            edit "port27"
                set cost 0
                set priority 128
            next
            edit "port28"
                set cost 0
                set priority 128
            next
            edit "internal"
                set cost 0
                set priority 128
            next
        end
    next
    edit "15"
        set priority 28672
        set vlan-range 4094
    next
end
config switch storm-control
    set broadcast disable
    set burst-size-level 0
    set rate 500
    set unknown-multicast disable
    set unknown-unicast disable
end
config switch acl settings
    set density-mode disable
    set trunk-load-balance enable
 end
config switch acl service custom
    edit "ALL_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1-65535
        unset udp-portrange
        unset sctp-portrange
    next
    edit "ALL_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1-65535
        unset sctp-portrange
    next
    edit "ALL_ICMP"
        set protocol ICMP
        set comment ''
        set color 0
        set icmptype 0
        set icmpcode 0
    next
    edit "AOL"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 5190-5194
        unset udp-portrange
        unset sctp-portrange
    next
    edit "BGP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 179
        unset udp-portrange
        unset sctp-portrange
    next
    edit "DHCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 67-68
        unset sctp-portrange
    next
    edit "DNS_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 53
        unset udp-portrange
        unset sctp-portrange
    next
    edit "DNS_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 53
        unset sctp-portrange
    next
    edit "FINGER"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 79
        unset udp-portrange
        unset sctp-portrange
    next
    edit "FTP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 21
        unset udp-portrange
        unset sctp-portrange
    next
    edit "FTP_GET"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 21
        unset udp-portrange
        unset sctp-portrange
    next
    edit "FTP_PUT"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 21
        unset udp-portrange
        unset sctp-portrange
    next
    edit "GOPHER"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 70
        unset udp-portrange
        unset sctp-portrange
    next
    edit "H323_TCP1"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1720
        unset udp-portrange
        unset sctp-portrange
    next
    edit "H323_TCP2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1503
        unset udp-portrange
        unset sctp-portrange
    next
    edit "H323_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1719
        unset sctp-portrange
    next
     edit "HTTP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 80
        unset udp-portrange
        unset sctp-portrange
    next
    edit "HTTPS"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 443
        unset udp-portrange
        unset sctp-portrange
    next
    edit "IKE"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 500
        unset sctp-portrange
    next
    edit "IKE2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 4500
        unset sctp-portrange
    next
    edit "IMAP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 143
        unset udp-portrange
        unset sctp-portrange
    next
    edit "IMAPS"
         set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 993
        unset udp-portrange
        unset sctp-portrange
    next
    edit "Internet-Locator-Service"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 389
        unset udp-portrange
        unset sctp-portrange
    next
    edit "IRC"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 6660-6669
        unset udp-portrange
        unset sctp-portrange
    next
    edit "L2TP_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1701
        unset udp-portrange
        unset sctp-portrange
    next
    edit "L2TP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1701
        unset sctp-portrange
    next
    edit "LDAP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 389
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NetMeeting"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1720
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NFS_TCP1"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 111
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NFS_TCP2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 2049
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NFS_UDP1"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 111
        unset sctp-portrange
    next
    edit "NFS_UDP2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 2049
        unset sctp-portrange
    next
    edit "NNTP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 119
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NTP_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 123
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NTP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 123
        unset sctp-portrange
    next
    edit "OSPF"
        set protocol IP
        set comment ''
        set color 0
        set protocol-number 89
    next
    edit "PC-Anywhere_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 5631
        unset udp-portrange
        unset sctp-portrange
    next
    edit "PC-Anywhere_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 5632
        unset sctp-portrange
    next
    edit "PTP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 319-320
        unset sctp-portrange
    next
    edit "ONC-RPC-TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 111
        unset udp-portrange
        unset sctp-portrange
    next
    edit "ONC-RPC-UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 111
        unset sctp-portrange
    next
    edit "DCE-RPC-TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 135
        unset udp-portrange
        unset sctp-portrange
    next
    edit "DCE-RPC-UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 135
        unset sctp-portrange
    next
    edit "POP3"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 110
        unset udp-portrange
        unset sctp-portrange
    next
    edit "POP3S"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 995
        unset udp-portrange
        unset sctp-portrange
    next
    edit "PPTP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1723
        unset udp-portrange
        unset sctp-portrange
    next
    edit "QUAKE1"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 26000
        unset sctp-portrange
    next
    edit "QUAKE2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 27000
        unset sctp-portrange
    next
    edit "QUAKE3"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 27910
        unset sctp-portrange
    next
    edit "QUAKE4"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 27960
        unset sctp-portrange
    next
    edit "RAUDIO"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 7070
        unset sctp-portrange
    next
    edit "REXEC"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 512
        unset udp-portrange
        unset sctp-portrange
    next
    edit "RIP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 520
        unset sctp-portrange
    next
    edit "RLOGIN"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 513:512-1023
        unset udp-portrange
        unset sctp-portrange
    next
    edit "RSH"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 514:512-1023
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SCCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 2000
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SIP_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 5060
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SIP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 5060
        unset sctp-portrange
    next
    edit "SIP-MSNmessenger"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1863
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SAMBA"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 139
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SMTP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 25
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SMTPS"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 465
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SNMP_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 161-162
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SNMP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 161-162
        unset sctp-portrange
    next
    edit "SSH"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 22
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SYSLOG"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 514
        unset sctp-portrange
    next
    edit "TALK"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 517-518
        unset sctp-portrange
    next
    edit "TELNET"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 23
        unset udp-portrange
        unset sctp-portrange
    next
    edit "TFTP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 69
        unset sctp-portrange
    next
    edit "MGCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 2427
        unset sctp-portrange
    next
    edit "MGCP2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 2727
        unset sctp-portrange
    next
    edit "UUCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 540
        unset udp-portrange
        unset sctp-portrange
    next
    edit "VDOLIVE"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 7000-7010
        unset udp-portrange
        unset sctp-portrange
    next
    edit "WAIS"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 210
        unset udp-portrange
        unset sctp-portrange
    next
    edit "WINFRAME1"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1494
        unset udp-portrange
        unset sctp-portrange
    next
    edit "WINFRAME2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 2598
        unset udp-portrange
        unset sctp-portrange
    next
    edit "X-WINDOWS"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 6000-6063
        unset udp-portrange
        unset sctp-portrange
    next
    edit "MS-SQL"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1433-1434
        unset udp-portrange
        unset sctp-portrange
    next
    edit "MYSQL"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 3306
        unset udp-portrange
        unset sctp-portrange
    next
    edit "RDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 3389
        unset udp-portrange
        unset sctp-portrange
    next
    edit "VNC"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 5900
        unset udp-portrange
        unset sctp-portrange
    next
    edit "DHCP6"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 546-547
        unset sctp-portrange
    next
    edit "SQUID"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 3128
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SOCKS_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1080
        unset udp-portrange
        unset sctp-portrange
    next
    edit "SOCKS_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1080
        unset sctp-portrange
    next
    edit "WINS_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1512
        unset udp-portrange
        unset sctp-portrange
    next
    edit "WINS_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1512
        unset sctp-portrange
    next
    edit "RADIUS"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1812-1813
        unset sctp-portrange
    next
    edit "RADIUS-OLD"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1645-1646
        unset sctp-portrange
    next
    edit "CVSPSERVER_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 2401
        unset udp-portrange
        unset sctp-portrange
    next
    edit "CVSPSERVER_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 2401
        unset sctp-portrange
    next
    edit "AFS3_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 7000-7009
        unset udp-portrange
        unset sctp-portrange
    next
    edit "AFS3_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 7000-7009
        unset sctp-portrange
    next
    edit "TRACEROUTE"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 33434-33535
        unset sctp-portrange
    next
    edit "RTSP_TCP1"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 554
        unset udp-portrange
        unset sctp-portrange
    next
    edit "RTSP_TCP2"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 7070
        unset udp-portrange
        unset sctp-portrange
    next
    edit "RTSP_TCP3"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 8554
        unset udp-portrange
        unset sctp-portrange
    next
    edit "RTSP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 554
        unset sctp-portrange
    next
    edit "MMS_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 1755
        unset udp-portrange
        unset sctp-portrange
    next
    edit "MMS_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 1024-5000
        unset sctp-portrange
    next
    edit "KERBEROS_TCP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 88
        unset udp-portrange
        unset sctp-portrange
    next
    edit "KERBEROS_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 88
        unset udp-portrange
        unset sctp-portrange
    next
    edit "LDAP_UDP"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        unset tcp-portrange
        set udp-portrange 389
        unset sctp-portrange
    next
    edit "SMB"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 445
        unset udp-portrange
        unset sctp-portrange
    next
    edit "NONE"
        set protocol TCP/UDP/SCTP
        set comment ''
        set color 0
        set tcp-portrange 0
        unset udp-portrange
        unset sctp-portrange
    next
    edit "ALL"
        set protocol IP
        set comment ''
        set color 0
        set protocol-number 0
    next
end
config switch igmp-snooping globals
    set aging-time 300
    set leave-response-timeout 1000
    set proxy-report-interval 60
    set query-interval 125
    set query-max-response-timeout 10000
end
config switch security-feature
    set sip-eq-dip disable
    set tcp-flag disable
    set tcp-port-eq disable
    set tcp-flag-FUP disable
    set tcp-flag-SF disable
    set v4-first-frag disable
    set udp-port-eq disable
    set tcp-hdr-partial disable
    set macsa-eq-macda disable
    set allow-mcast-sa enable
    set allow-sa-mac-all-zero enable
end
config switch auto-network
    set mgmt-vlan 1
    set status enable
end
config switch network-monitor settings
    set db-aging-interval 3600
    set status disable
    set survey-mode disable
    set survey-mode-interval 120
end
config system interface
    edit "mgmt"
        set mode dhcp
        set distance 5
        set dhcp-relay-service disable
        unset ip
        set allowaccess ping https ssh
        set bfd disable
        set bfd-desired-min-tx 250
        set bfd-detect-mult 3
        set bfd-required-min-rx 250
        set icmp-redirect enable
        set vlanforward disable
        set status up
        set type physical
        set description ''
        set alias ''
        set vrrp-virtual-mac disable
        set secondary-IP enable
        set snmp-index 31
        config ipv6
             set ip6-address ::/0
            set ip6-mode static
            unset ip6-allowaccess
            set autoconf disable
            set dhcp6-information-request disable
            set ip6-send-adv disable
            set vrrp-virtual-mac6 disable
            set vrip6_link_local ::
        end
        set dhcp-client-identifier ''
        set dhcp-vendor-specific-option ''
        set defaultgw disable
        set dns-server-override enable
        unset macaddr
        set speed auto
        set mtu-override disable
        config secondaryip
            edit 1
                set ip 192.168.1.99 255.255.255.0
                set allowaccess ping https ssh
            next
        end
    next
    edit "internal"
        set mode static
        set dhcp-relay-service disable
        set ip 192.168.50.41 255.255.254.0
        set allowaccess ping https ssh
        set bfd disable
        set bfd-desired-min-tx 250
        set bfd-detect-mult 3
        set bfd-required-min-rx 250
        set icmp-redirect enable
        set status up
        set type physical
        set description ''
        set alias "DBNET"
        set vrrp-virtual-mac disable
        set secondary-IP disable
        set snmp-index 30
        config ipv6
            set ip6-address ::/0
            set ip6-mode static
            unset ip6-allowaccess
            set autoconf disable
            set dhcp6-information-request disable
            set ip6-send-adv disable
             set vrrp-virtual-mac6 disable
            set vrip6_link_local ::
        end
        unset macaddr
        set speed auto
        set mtu-override disable
    next
    edit "uat"
        set mode static
        set dhcp-relay-service disable
        set ip 10.10.2.4 255.255.255.0
        set allowaccess ping https ssh
        set bfd disable
        set bfd-desired-min-tx 250
        set bfd-detect-mult 3
        set bfd-required-min-rx 250
        set icmp-redirect enable
        set status up
        set type vlan
        set description ''
        set alias "UAT"
        set vrrp-virtual-mac disable
        set secondary-IP disable
        set snmp-index 32
        config ipv6
            set ip6-address ::/0
            set ip6-mode static
            unset ip6-allowaccess
            set autoconf disable
            set ip6-unknown-mcast-to-cpu disable
            set dhcp6-information-request disable
            set ip6-send-adv disable
            set vrrp-virtual-mac6 disable
            set vrip6_link_local ::
        end
        set vlanid 35
        set interface "internal"
    next
    edit "dmz"
        set mode static
        set dhcp-relay-service disable
        set ip 10.1.0.4 255.255.254.0
        set allowaccess ping https ssh
        set bfd disable
        set bfd-desired-min-tx 250
        set bfd-detect-mult 3
        set bfd-required-min-rx 250
        set icmp-redirect enable
        set status up
        set type vlan
        set description ''
        set alias "dmz"
        set vrrp-virtual-mac disable
        set secondary-IP disable
        set snmp-index 34
        config ipv6
            set ip6-address ::/0
            set ip6-mode static
            unset ip6-allowaccess
            set autoconf disable
            set ip6-unknown-mcast-to-cpu disable
            set dhcp6-information-request disable
            set ip6-send-adv disable
            set vrrp-virtual-mac6 disable
            set vrip6_link_local ::
        end
        set vlanid 2
        set interface "internal"
    next
    edit "AWS-DC-L3"
        set mode static
        set dhcp-relay-service disable
        set ip 169.254.38.182 255.255.255.252
        set allowaccess ping https ssh
        set bfd disable
        set bfd-desired-min-tx 250
        set bfd-detect-mult 3
        set bfd-required-min-rx 250
        set icmp-redirect enable
        set status up
        set type physical
        set l2-interface "port28"
        set description ''
        set alias "AWS-DC-L3"
        set vrrp-virtual-mac disable
        set secondary-IP disable
        set snmp-index 35
        config ipv6
            set ip6-address ::/0
            set ip6-mode static
            unset ip6-allowaccess
            set autoconf disable
            set ip6-unknown-mcast-to-cpu disable
            set dhcp6-information-request disable
            set ip6-send-adv disable
            set vrrp-virtual-mac6 disable
            set vrip6_link_local ::
        end
        unset macaddr
        set mtu-override disable
    next
end
config system password-policy
    set status enable
    set apply-to admin-password
    set minimum-length 8
    set min-lower-case-letter 0
    set min-upper-case-letter 0
    set min-non-alphanumeric 0
    set min-number 0
    set change-4-characters disable
    set expire-status disable
end
config system admin
    edit "admin"
        set remote-auth disable
        set peer-auth disable
        set trusthost1 0.0.0.0 0.0.0.0
        set trusthost2 0.0.0.0 0.0.0.0
        set trusthost3 0.0.0.0 0.0.0.0
        set trusthost4 0.0.0.0 0.0.0.0
        set trusthost5 0.0.0.0 0.0.0.0
        set trusthost6 0.0.0.0 0.0.0.0
        set trusthost7 0.0.0.0 0.0.0.0
        set trusthost8 0.0.0.0 0.0.0.0
        set trusthost9 0.0.0.0 0.0.0.0
        set trusthost10 0.0.0.0 0.0.0.0
        set ip6-trusthost1 ::/0
        set ip6-trusthost2 ::/0
        set ip6-trusthost3 ::/0
        set ip6-trusthost4 ::/0
        set ip6-trusthost5 ::/0
        set ip6-trusthost6 ::/0
        set ip6-trusthost7 ::/0
        set ip6-trusthost8 ::/0
        set ip6-trusthost9 ::/0
        set ip6-trusthost10 ::/0
        set accprofile "super_admin"
        set comments ''
        unset ssh-public-key1
        unset ssh-public-key2
        unset ssh-public-key3
        set schedule ''
        set password-expire 0000-00-00 00:00:00
        set force-password-change disable
        set password ENC SH2ncd1Cufw/3H7/3OS8vVKU/5KhPSbuo4gnjn/n9+7AtmU3F9sPsumjzZ5HqI=
        set allow-remove-admin-session enable
    next
end
config system dns
    set primary 208.91.112.53
    set secondary 208.91.112.52
    set domain ''
    set ip6-primary ::
    set ip6-secondary ::
    set dns-cache-limit 5000
    set dns-cache-ttl 1800
    set cache-notfound-responses disable
    set source-ip 0.0.0.0
end
config system sflow
end
config system snmp sysinfo
    set contact-info ''
    set description ''
    set engine-id ''
    set location ''
    set status disable
    set trap-high-cpu-interval 1min
    set trap-high-cpu-threshold 80
    set trap-log-full-threshold 90
    set trap-low-memory-threshold 80
    set trap-temp-alarm-threshold 70
    set trap-temp-warning-threshold 65
end
config system snmp community
    edit 1
        set events cpu-high mem-low log-full intf-ip ent-conf-change llv sensor-fault sensor-alarm fan-detect psu-status ip-conflict tkmem-hb-oo-sync fsTrapStitch1 fsTrapStitch2 fsTrapStitch3 fsTrapStitch4 fsTrapStitch5 storm-control
        config hosts
            edit 1
                set interface ''
                set ip 0.0.0.0 0.0.0.0
                set source-ip 0.0.0.0
            next
        end
        set name "public"
        set query-v1-port 161
        set query-v1-status enable
        set query-v2c-port 161
        set query-v2c-status enable
        set status enable
        set trap-v1-lport 162
        set trap-v1-rport 162
        set trap-v1-status enable
        set trap-v2c-lport 162
        set trap-v2c-rport 162
        set trap-v2c-status enable
    next
end
config system certificate ca
    edit "Fortinet_CA"
        set ca "-----BEGIN CERTIFICATE-----
MIIKLDCCBhSgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UE
ChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMG
A1UEAxMMZm9ydGluZXQtY2EyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRp
bmV0LmNvbTAgFw0xNjA2MDYyMDI3MzlaGA8yMDU2MDUyNzIwMjczOVowgaUxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZh
bGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkxFTATBgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3Vw
cG9ydEBmb3J0aW5ldC5jb20wggQiMA0GCSqGSIb3DQEBAQUAA4IEDwAwggQKAoIE
AQC9YkiEs7iwMQVeJuZyV5hYi8RGwE5N8X8I8jLo1BI/r/HD/RbbtmPBkyWVgPpa
RQnAgnupxy06qJcWNrinZBxZyqKJrqke2RIBstV3lfoevSP7pmjF2raDZqL7EaDG
kvRzaLyei5pifzcBzpoY8TpBk6upDD2pjkU60MqgWY/0Eo7SsiTKAukWvEqK3mL0
K05+UNcEYzboWi0tIMBgXIYgIDDmYvOqUbDnPFYRTZQ6eltSFWrU+TvR4wEhBcwg
DxlFQHY02Ee9UxEav4Ej02KzdjDKq3ZKMHaczGLiam4N/5TwtLG5+7il2TZ309Uf
4Tjr5aWvEKMvHNTI4/hLDd+DsUs43qf0yD8HQ4kzpkyEEzdfXxPjbt6UNX7Dlz2T
DQXvcqESs27kRxcEQ3gmVeL3cyDC4R4G3DhyBQQxNi22rROOX5DRMNC0TIrLslld
RBMZfDbSUOrLZobfuOE4bMDHGz7pzJWxqkfBI/GoO9G4ZMFxC5JYr2/3lzod5K4P
lGRyWUJ9vax2JIeF5DM/UgfBdqhZetTXLKnKCOxT85cseAeYT335vlHNo/YVnYg5
LFfCpqAJMJYjFz9EG6oOBXeT34GHwtXOxpaib1uYqM6REzhiqSRLvwYdlQtXM7Tn
se4HqiYATflFv5ZUj4087YrG0ok6zjQaIleqbeLLciMpYIvUxcsrMM/BHPwZH/xE
Wx4uau7oTdeSZQOj9okUYWPCf2Id5f9aOpHoGbwn5Y7FvE+y1VmQNw46UpBYLFJO
hWtE2ZCx2sIDbH6sfQnPTG2gUqDkATHdZv5gLnFVQ2PRdL0465WCnrjIZHdJ7Isy
k/QfubQCWKnM4aPJmsxQl9I38BkxVAZk9Txgw0i/9HjD9FPO3b9K2+te0oifxPav
HqGfLKsU6TQE0GAJvsq3cYhGrqRUeD3fUTsmFypXw51Pr/Ka7O29Zt1kVZkf65J4
1xH+XxkTp594ffr47EP80j44jsILa8M66CBV9MpCYoNJSZz0Q6TZkSEfSnwO0Dek
uPmRwuVEcR18iCzpdhkqAIc+kalZbTJTsCBbZ1QNPxyEAzmjPLGFbQ00fH2o1nnW
ik4V4vtPgUCjJYomroF4U6I9J3FAtTnwejTiLMd4NMdbTibQQcM6706VnKvR7Z11
KMKDlCLEzoVaPnAItg1bVnsK6uwHDisAc1bfysTR7DRUPDI7b69CptrEqN+Gljnp
fJT+rhus/0RjUFVd/Z+2tGeLUVB+SYqaZgrWHhklaB1TKE38u8i4o6/V8sbCCUrJ
ad/nWvVY4lNYsxTrZbeAv+BPRy9SJMp7fWownkx8anhis5uVbR/w/nmJZK8TJ8RZ
7Z9v2duLk/T8vUOcpfAKnSS5AgMBAAGjYzBhMB0GA1UdDgQWBBSjMa+jSO6h4l+x
8v3W+0FIUBs6dTAfBgNVHSMEGDAWgBSjMa+jSO6h4l+x8v3W+0FIUBs6dTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCBAEA
PXG+lVec2WJGOZmb66q3isr/92spI8HvTUBp6nF8vbLmVgfWsctSKzF27+HhSkX1
xPhdmoBHVFASwfgcqdrLdDBOqb8Nm07iVYElPdiufTq3NzI2wIS5m8egAagILGQ+
V3IwGay67kUrH4MMwLqB3vR9YbNEAS/xq89RUZkPe9t5nvYm1WfXCkzLT3Poz8I8
0nP+FZGkBEz+pg05/rPfujU0DwQsIqds5IQBzmd4TcQm12UVxkBM9z4NEAZiII5a
Keo0vRbBnmaflBNUxeRaiPyLSncvlSNxUv5Q1rL4jUaDE4Ybqif1QQzB05jwLZbt
zUB7vppn0VSEBwnbaWwcVAtcBExY8YwJEEuhhZ7beYjQQ7TE4Jf1mwHD28nPT+B0
1DntS6+q+fIMG/4UzmF936sB8XicVGcscLmvGMtOoGTiCtXX9J1/E9+Qeb7Isu/W
jzQXXllgQTuK3F0K/M58eM4GjXSOY2KuLHclC+1jEusHKvXfwAYuIFLYm/mTlVAs
pqIRmg0ZFDhea6t1hu7U7G0JNMyPhS9DA7RpiTUUCbMJdAHGPIt9b+j/ggrI1t0N
1EHpKvViulIoHxH/wtQUEAkEYXH9Y011KF9mqeXP6w1pz1j3QERzxqmmslWB7jO7
KNcw0OjSlDQX5IkQ4py1IQj8jBuwzTZIuRSWnGDUZx6MeGd9JWcZeg/osMbBD2dc
NiUg84Zc2sZbN2+ma1br/YjcFVRfjjWG8JRo3Y4WevLeClJJCTD/3zb9pd9imPhQ
pS3M5vqEHlO4V6RVmCyugEWamEkdAc6LRBxcvs0V1328JQ0X9edJjn0FTPoY788w
2rY4akEPViJ9Ew2N3ZgG5ELxI5jrgd7AStdagwAj5ykIAHcQAPi2oz0ADl8YAgTM
2yJj5GiEkADU8s3Cyhf6Qf6WPWWiRVmYtlCwXjp+bUl5Sgiy+dZaPv6GwXTKPsoc
3vAHdh2/Md0Jtv8ZqM6RgBHTMrewkkh7u7kjGjCFKS1VVtZ4lhDRZbTOEKdjYbQe
vGAieiYwArAFXBFyqMN6vQq8B/oZwmCPXuUL+y7vMvRsM8YXgy/vnJ6+B8NBwfEj
I6PFB1wur2zO/42AUBhndEIRX/k4I07WbX+Rwn+zKfVuic2v9mVv2R9oc95qV4NQ
jvk1EYUQvZ+H4BYAX8CxhU/SmLfaZOi/ysV/WD5J1IxZCd5qLNkmLwiWyoFwcCzO
18jp/3AG//GRZurh6xKUqylNUFGkTxHUI72lTDQKLBBYo0M16ij1JCZIz03Uno2A
IhTNSJ8pkXDrWBXUcQb26GWPyeQ4jSXTSgqWuaXM0PsMEqVg3hbJhGa1p2wFXiHg
x+nkkKoLQHPUczTwYRxQUQ==
-----END CERTIFICATE-----"
        set scep-url ''
    next
    edit "Fortinet_Sub2001_CA"
        set ca "-----BEGIN CERTIFICATE-----
MIIH6zCCA9OgAwIBAgICIAEwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNV
BAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTAT
BgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0
aW5ldC5jb20wIBcNMTYwNjA2MjA0ODMzWhgPMjA1NjA1MjcyMDQ4MzNaMIGrMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRswGQYDVQQDExJmb3J0aW5ldC1zdWJjYTIwMDExIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA3uzK/FLbKVH9xgTgDlyqXEs3RalzOKeFgewal656b9D4BD966MoS
951b1Q/L5cByMzuT5ClpFqlP0KpUBgXS8PQ88juxYNc9SQsKzunM1j91sUJFupDV
LiBCH0PrGGCRKTcNElgnCOvVtYWMmf6JUx6VJGyhVfpgltOebPXgs+WTCNDPe6ip
/z17qR4l402LFtt2df3tlgJMlLQxUo37x9UYW8Edw5OtXZZ04Nwsh7FJjmp/nHSm
4owISiSlq9ECnXRvZzAqpCKhxZCj+5O5ibGutUHSpyALhp5akhPFxrWsqqeBFFW/
CtkqRIuCJWpQ0bdcUoZzZFrpalv0mg2SpQIDAQABo4IBGTCCARUwHQYDVR0OBBYE
FJgrJTwwyiwrVufb/Fkzs9w9W2rXMIHSBgNVHSMEgcowgceAFKMxr6NI7qHiX7Hy
/db7QUhQGzp1oYGrpIGoMIGlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwG
A1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRUwEwYDVQQDEwxmb3J0aW5ldC1j
YTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tggEAMA8GA1Ud
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IEAQAv
9F8uzJw3xVXxDuXbOpL3r0oo01fSfXEuinFBYXcZzk3iF2PGEDX7s7CE7PQ1ne7l
/LXaVDR/G7RB2m6HYDIZhAV4h3Ru+YfgL/cpMgjkbl1L+BqI9wMjyK+FqHwnGW3B
8iPzBd6WWJOBLZ/x/4XLknkg9C+h2Skj9LMMIsCXIyoR7OP4Pbsotv5jU6qM11C1
2QCkC4rHjgL7jHrlY40sSL/nqv9og18EGL9VwQRPKNgLPjPNnUGkPtr6DCWCD/Mv
rvd6qCvVG/t4mgZ8/DTZ2eluVW98sETOJ7kakdk1WKGSSp4UE2e1Kpwgt1GD3OGD
IYRQlezdUj3CbqKbE0Cm/ESKsOybVvTrMeK9HBJQ6Ma4DJwxp/OF+3F5ROasHSAV
9Y+y53aD87FqLmzntd24ovxjaAOo/AJy5+MFnTCEeRnjng7hdOPdknglA7PHHqjn
H/olodK4xEBMSgFB+xP3Ca26Ld9kuDsLkuVWpjCr5+40BozrX4oPvL1GC0kSYU/D
1mDuo23sL40yFkrUQxK9mABwaqkxETpLsKmFm4YFOtvrAlx1GOZKT2QAuY3jYdZi
KcH5D7bE85GZ4eaehtJ2fTQSP/hRjEZFnC6j7wIbqazKehswR3yo4+DWSNk9yaFe
mGxuQwaTr3wdw1z2dWfL/pU/iMdh7CVUe9GdJfPOQACgVVJ1jr80rhxE0Av0Ku3P
YASqqP7f3NpQK6AlveKndEYVxYePHXEOuYlTNb272DxWC70PwF6vVjZlohCxd/4/
K9pMZr9FLLWM4oKC8ciKaykiyVfqJZdaleamqUkKmRllUxmajzW9nr99HHPMjiHN
K1oWackR9q+0ZKAoOx5Zq2Yc1jehfZGTSbXFhFdqnOdQMBYoxnL/TNHs4QJXe2Va
n6DCziL4BKOb4LskmWE7Flw5A6JDqSW8zhQMbiSl6yutrXzcP5RxQ7hLsaoO/7oC
IvBOnSAMu2uKhbttrekwFpogB4oC+YIWlFGY0emuwYJAAVu6QQL8c6OOw8zyJouX
3wjAmsxbT9X+PtYpekEbeBBPoQPH4qFmKyJJJ0a65iTq/Kmeeq2ywwAxdZK5foZG
0D4oNOhFbO9Mg+Noc0lDpSjEkS9rckHJj4tIjotq7OBZ7ZGYzsnadQI1/GZbebK/
cFMMH85UHc/46k/0lBWjDjFyDIliPRRCnV3Y+TFO3c8GN/SRofspod5vrAQdnMjF
iZHJUTLZ1iRMo7wWMXtJ04R+h8dtz5FbSgC8gDKmvNOU1ucMFpfLtzcgoKD8eZTq
IN/gJdRSPLzwVuu9AHZOAwo9BzfrtbzLVK20sXN7xKBOdXUwbzaX9axZE2TQOjDB
rLhbvd2nZoW0QmqqVpTr
-----END CERTIFICATE-----"
        set scep-url ''
    next
    edit "Fortinet_Sub2002_CA"
        set ca "-----BEGIN CERTIFICATE-----
MIII5zCCBM+gAwIBAgICIAIwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNV
BAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTAT
BgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0
aW5ldC5jb20wIBcNMjIwMjA0MTg1MTQ5WhgPMjA1NjA1MjYwMDAwMDBaMIGGMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRswGQYDVQQDExJmb3J0aW5ldC1zdWJjYTIwMDIwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDT7ZH2LetzggWK1STTUkP0UPU2WDLML3GCujfG
jZItNeH4DyV4X6U3rUNDDKGXonq49xvpPA9k3/zuGGVry8dq7Xswwp3fStPvoodv
71OQ7PlZdpuXq4LhGsrs5SbBY7oGQiIBFj12YQhJ0H4LMTJafOO4vxUOwVKnEPgS
d9jV1VKoPw2o5Yg9yEccjuqPpoQbCdTuCTBKqThKSGiIefqhzVQD/l8mmQsnqGYM
GQlaV0nnrTcbduZfq1ja/KaIJqdxORz2o0579SrkP5nacM6RkrBLE2r8UsyGUxuz
xZxARYTtIHVSaefqlstICqu4XSZdJf++UW3npLWKwsh2zr0ovPjrBYg7UK7azNZM
hSGUpeI+BsoC2ff1J9rVXDORp7eQqQjyKRFuHsi1SH7mGftWevBj+KA+6mYJOO2Q
nkaNyMMC305QBltkEtOWXWLd24uO+zb45+Pr+4SlnZrSpiatt3UJVj1Seqba61BB
Mclmx1sL/3so5MgJ8xfnMZGyhPacQS+29G/p+OwG6s7B4pCvDW/QGmJr4wJnM9Cq
WVmTKNCc4NqRYKLFDHKD7pd940RVHpMyDlQ5HqnQX+eOuSXS7MhlvzUu3k9fH79C
cni7hcYUXRhEYHbqOhl+AGr2qodFMz1DdnpoJunTWGdvfekeKqU/bfQ3au23NGno
M8MhrwIDAQABo4IBOjCCATYwHQYDVR0OBBYEFGY+NXrivoThkHAP7+/hZqbCtkcu
MIHSBgNVHSMEgcowgceAFKMxr6NI7qHiX7Hy/db7QUhQGzp1oYGrpIGoMIGlMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRUwEwYDVQQDEwxmb3J0aW5ldC1jYTIxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tggEAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB8GA1UdEQQYMBaBFHN1cHBvcnRAZm9ydGluZXQuY29tMA0GCSqGSIb3
DQEBCwUAA4IEAQBIdirpBEEtZMZmy3vbMrmdIiqbqCMh3F57Z0C4B4vurJhTt01e
F2qlQeXl0IvQakhcGHz+VT3kJsrKfFmmGYEnpmSpTBxqNRJ8VQiUYo+m22F4uGLJ
DTD0b+ZvrSRPOwxMD0hWFOZCEH0NPJqxZgmGSoRwoC+0lLFxRq3zonK760DWvGoX
BKxuUcVaKyVjbkbzn2Rd2pnA0/9Bzg8abkTJF/T7eRmoRqBhfjfmYjxhseuL6I6x
bzYJGAot6PlNKbCCOxljIdwcELTULwNU+hHFosq4dLqSLXTLVNIHLaiWm4G9pFHF
u0n9PAbRHwGNs+dp3KoNbyLoGMNKeC2qRG94LpjJk7MJBjclKpErhBgfbXkm6PI0
6KWkiOJUu0H1grSofIK+r+sdt1CtQfiXV/KDaMRj++rSrzt59a8FgZ2TkIUESO2Q
I2cEPlAKnRyIUkvLY+iUjOj4d8bTYzBshS8RMihkICkOIvaJWjknnkk4CX6nDR7x
u36GWZGXKa5yu7eb0Zubqcp9yfppQilfg8BDPntdRLa2ZqZwzrEUqGdKho8thL1q
c2PqyoC1D0aShr8nA+czF6hkWmqYFUE6x+mcXwBO1sSM4TzZdzhgRVjBZfah9ZQN
e0PU6f5lfO+FyqOcRyfm/8DE++Dy1uwTIf6+Aa05S8CA1E6kFzrHhCTEMcOfxy7b
Y7vSshAFD07liTOD86Ic3SdAnE3LmSpW4Nwtwk9OPDtgb+zkRnNjBE+j/Auuvb0X
oQYvJpTVU1v5WsvY41aXUB+ha2fLVm5Jd2MvWcRUBTlWs98Yfdbq+khg7fhTJEsn
R/tfqWC0WZbiLRRekiEneS68+rZxw7IxDZKJDwX66cqgfojJ6TF8EUR8cZS5BWfD
yydbLsi+vgnzjWDnz/Ommgxx+fFOb82bnOsapyTr4UyAd73KWnijQcccC70QXPc9
hvRFWbnWxLm8KFHLVal7Lo9GJx8QQnYAO83CjZCQXcEtn5w6f/q9Syl+VIzTxxfH
97YAgb8AZd8cK6lsp5VQPwh+xiTeq/c9jmENezbxr9y+KMm2JFDWttBkNuH1YB0l
YRG2qyT+WYb8s5dx5f1RCMSghkYoXvcBiJWcPWXgWx2MjY+9rmFocm9w9ijkvenT
fewFGdCWGjs6Lvrus6InuluydSMZ13szJ/OEfZHch0yTDx/4fOS+L0vnsHIqM3xZ
yEECG9jz5ttWuAC/wyRgWOD+9srFAcXjcLN20PULpBBX0W2CpZgMdbD2reRZOMp7
S0obgcg2jG0XcWCsOV2HmYyFV069OZgSSaHWvUe0LaPmAb0pw8tXFevfie4mC9T7
LoT128v6tZp89c7YJ+GHDFMdVE7qDDLmrE4s
-----END CERTIFICATE-----"
        set scep-url ''
    next
    edit "Fortinet_Sub2003_CA"
        set ca "-----BEGIN CERTIFICATE-----
MIII5zCCBM+gAwIBAgICIAMwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNV
BAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTAT
BgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0
aW5ldC5jb20wIBcNMjIwMjA0MTg1NzI4WhgPMjA1NjA1MjYwMDAwMDBaMIGGMQsw
CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2
YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRswGQYDVQQDDBJmb3J0aW5ldC1zdWJjYTIwMDMwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDAfW0Mnb4wMgg2p0tZFKcU4WHFn75Rj9tAKFzw
obFcU6AAiP+6t3nqRiVbdX7Vmta4C2uhX67G52ir8MR8tMB8EZRNYmZARaIwaYLt
m3VEUm3YU3AnL2D6h5rSSIgIEUF1KsjfQh41nRO/PzhtE2KJIWKKSuKCQY0xaA0/
41xncinqQVOC1H4aDETZfKjX1I8nuj5Y1znpyY1YJMcrautRayh/+GgNcZw6PNbU
G3Cyr31d2WkrKkfrrG9uIrHEZdwlahW0jLeIkLf82JVG5eFqxGPVEsNEY7pCXhNY
qTsvc2rUTsgM3pyyAlSjRW7IOrRys2SXNNsqw4HnbF5zZ5WGdUSYIiWE+TzaeqTV
AI7WytQTnYEyn2yyNauzkf6r2U8nxUKKLJav6+pxhqD7q2nGAnWP2EjsUlMHsXq1
AD+I4NobS9Pa3SnkOah+vWbKH5/bLyITbC8jIzad4ZPPZV+Ncfi+iJhKnVLMDXmy
tE2nBb3WDJeRdHb5BX0V7J4YJjxATs94iHeZXXg1sPZMc1bAEyIDpmUlnPyyD8Xh
PT255gcRz4Oug4S0Bqz2wl87HQ8Zo4miGbOO4rMiVlIQrYDpfdWJshoVzU1SJnRm
sMIutIHI8WdGyiOH+7zM1RerKfwxtnBwTAdhHO91gTNyf5Zdto7F/JPDx+wLSxZH
J4Qj1wIDAQABo4IBOjCCATYwHQYDVR0OBBYEFM0PR6Keg6VjyeasxdtYvhQIP2Vj
MIHSBgNVHSMEgcowgceAFKMxr6NI7qHiX7Hy/db7QUhQGzp1oYGrpIGoMIGlMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRUwEwYDVQQDEwxmb3J0aW5ldC1jYTIxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tggEAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB8GA1UdEQQYMBaBFHN1cHBvcnRAZm9ydGluZXQuY29tMA0GCSqGSIb3
DQEBCwUAA4IEAQAZwRoHXRhUyS9cNQW4wd6h6NrNSTxU7jUpIXajkEOIxPgBoS3t
6rhrXqsUBaexx51tdA+9VE70cEIyZIbuC12wwjmJwds7uBltksUzqSHX4eGDiADB
Uvrh3dpL30GthUI7S9o4WJGmjsBlPTLUgmuaW6p53b2y6OhgjpatihxbfukiNq8G
npl2joljcfP2nZQiWWzpU6B69WRoh/ikJJskoCU0XB57qVZvubHv73/Q37WdDeXc
hqw30OAmxVQhxjBK2gNR6nM83lZsz38gOwW4Parb1EaJNHP383kFmtSs5GNANP3x
MoW9/uN23Bkc21iNVfoXenFF9sQnlHZ4zNiGwlgfujTbxMEAAsYfWU0i/IuX1+/A
OHhTC6VUdQkM6aOngP/C0P0p5m9u2o4quAdNpEqjmZ/3Hb0asKFqYj6cosFdnxEl
xPUOq2lsaIFSiAwpgSv+tGVyNcpfYqM9Uo6FmEDmjH7piulvEJc8q2Urmy1UQx7D
88y02oRSypXCQqXfoyZo3m/o06cKz1sJfmGgJrz+3PLOV9/OvDwsOcOIbRnR3d1o
MLiZUwyeYb8D8cz2gWananUNwFZUFasZceVUbdVG+uZTF1JkGXfO3Pvl1WtsLz2N
IoO4V1OForjLvWnbhEJGVjX2G4diymyGE6kj+izWtQKhhb4YQgEcHfWyXH/VT4GW
ruTaG7s/4eXpf/TMdZSQqSbVCcFOiiIwKmW/T/xN7VCSe2xmxy84ZsJxEvgKYpE4
dxX85Pp+B3akAn0Wm5B6pnTahLP8xQAFMyeHyzb5H3TmAw6KDKt88LBqABdSX106
j+4WnqICs6S3qp6AbVdvm/ADS/OrkvJim4zEmRX4RXZPFA4YHiga6O3C8jTeQKMu
rnzIiF0PEZqUjIKChh3Tr5khP6ES+dBI0xWk4Kis0GikDP8Dc8V16IcRfjUIpyjh
55SlscMBboOKwOBNjsZINXjiERQu8X6Y+J1kNkkZObpp2YQr+oIIMBReFJdEOTfH
WdG37BoJWA3AFk5WuW92nK1k31GH/9mQMJIEEXmKhy/lkVrkWpcH7XaD12plEdbC
V5E3yyw2zCZKUVpHTm+JWUKbXdfiZ956GzSUVS8qDzvuaE863QEY7gPKJ2w3Gann
Grxo2ZDxM9B/IHqEYcuH/LaI9a5KhlZb0GIJc2gXqerLP6CkUtPK/ue+VBkFjSis
W+VF14r3MdYGna9wCNfvZNR7kod9elakxODrlIv9LQCmPfk9pSUUJveLP+M3Nz0r
NlHDFQmy5UyyvaMynSgU9hzltoe2fTWZZ9fv5MVjhynTPh30T+Valz5HlrPJ+ig2
PWnTclMtGiaVAG5KQfFGLTKJ/7uNSwS77k8a
-----END CERTIFICATE-----"
        set scep-url ''
    next
    edit "Fortinet_CA_Backup"
        set ca "-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIJANr2NrRD1KWLMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxl
MREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZv
cnRpbmV0LmNvbTAeFw0xNTA3MTYyMjM0MzlaFw0zODAxMTkyMjM0MzlaMIGgMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0
QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQ7
UXPQNRISyMNOWUFI0TvBsKbVD4MhKYt4v+vDRJ3GZoKa7gQfoJ+r4M14xWzTNN26
NrJtUutYSUmDmX/m5rbo24JjtGdx1FzKL6+3cDKHUDV8wZCI0DQZLamhgbNJ7fv0
VergsuJXxp8urzFJA25pbqxH9X6u1lOs4NqCM6CTHvVp+IqmZGucVmFQTMh9fiE0
L20IFY0K5wc/C3XP1Pa0CzXLu6smjtr0prwXisGSiTkxg0+HTSO24tv0q5ABPgfz
OWKpX9b6gaMt17r3hSi5GhKElbCDGLtMbdKcldboxNBQZ5nxPRNFS26Lde5duB8j
oc6Rwdgv9dsxSS17HWMCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAhxf7jexnSrTNshppXpiMmlK5C9HxuQQZQT/dq0FkmN/7cp6rtgl3
6WUfBU95ia0q9GJnaxbSWpXO4jq4wT5vlGCIEaiajJLJx1BFRu7dMUZnkmoyIvKT
893YUGlAZeGME/WXVBaAHsj4wIhYIOMvUm7VB3wUK9SjZtn0qGEz+OjxmWjnJ2+c
k67pZbRLl8gOuRB6OkFIiNp8slO08g4lXIYquHIltC7RCadNQPz3qfYvW4npIW49
04JH4CUAtzvbRdDs4MCvszKuPOICvm6pnqin1AIqJ+4cMwPrVVyBN5NsIhohAUjS
ELtlWJR1qQ7HT5Q9tVLCr/qOnEHEkoy4hw==
-----END CERTIFICATE-----"
        set scep-url ''
    next
    edit "Fortinet_fsw_cloud_CA"
        set ca "-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=
-----END CERTIFICATE-----"
        set scep-url ''
    next
end
config system certificate local
    edit "Fortinet_Factory"
        set password ENC w1kwsoNL2s4OuLpw4P1y4oJkFcxV9ONx6C6UYhv1UheUfBzR6sOvLx/IQGqQkyDOLPhsiFGeVSlu6tlaZ+UiZPOrqOgHprxLr5ukjzOPe61/Pj9LVrwdUWJJxy/4rAL9NO32I9npFmuCPRKxhtUKZsE1jm5BP2/CxtOtbNsxXGZahkQk
        unset private-key
        set certificate "-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIEAjWMnTANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8G
A1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEb
MBkGA1UEAxMSZm9ydGluZXQtc3ViY2EyMDAxMSMwIQYJKoZIhvcNAQkBFhRzdXBw
b3J0QGZvcnRpbmV0LmNvbTAgFw0yMzA3MTEwNDM5MjBaGA8yMDU2MDUyNjIwNDgz
M1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MRQwEgYDVQQLDAtGb3J0aVN3
aXRjaDEZMBcGA1UEAwwQUzQyNEVJVEYyMzAwNDQzOTEjMCEGCSqGSIb3DQEJARYU
c3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCm9WB1So1o6ZU5Rq8FLRmQXMCrJuFuM4t/jZ6+7u2ktbwrN1oVVZJ4xOdh
ToSwIDb4Kb9b2oSRgfUMWW2nWWtUQD5es50HA3hklqGwh61XAqidCRn5+YoPPk0f
P20576V+6crgvKUzqhhJf3qUoSW9CIfBSBxUv2K4zYFvXXs7bn58yg7cMA2vSD9K
WZLe+m73E2mJ0DWDid+rRpKsCYhtqXKFf5gdmyiLnXFhYL2xdSQbIvb+LOwwzYAO
xa8VrEaqiKXNquEZdEUlUXZX95ojkYH9ks9GZ6e8kpGckwQiXM7V2qhyv3e3tkt8
RoaCkjkTEJc3xpL6+5HE2hNZGVLPAgMBAAGjggEXMIIBEzAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBRo5WJhJOeNM68AK30b0Y8DCuuc/DCB0wYDVR0jBIHLMIHIgBSY
KyU8MMosK1bn2/xZM7PcPVtq16GBq6SBqDCBpTELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9y
dGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMM
Zm9ydGluZXQtY2EyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNv
bYICIAEwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAZUVfntMhC
c/9UpWYoKUNICxMzFleuHv6s0vX85ZVEbEmHUkSO+OIoXQeAUswACmgtigBDahbK
soSSZebgde05NzLftq9Msc0ZUSsaymKHgxbIcztEg/pl/4zXYSYSIi/2RGZvlq5e
tw3nvfuLT2Qxl6NlQ2H42L0/oXCUo8RHiz93PCgT1YOeCbSh3RyfOIHwTtRJIAcO
x1exTWU8gxgtB6ubDahGScqlBgC3t6/3gP3Un09mnHX4sbxmb2oVeezz2xx11avf
yOPUSoIkbf0vQPDX4x2uyObYDTZlf69cQv8c6QgqVSZ/iD85/J7PIaWe+ah8UA/4
BsCpB7LodJnO
-----END CERTIFICATE-----"
        set scep-url ''
    next
    edit "Fortinet_Factory_Backup"
        set password ENC Seippb9BTFn2WdIrCGjJYQOvMtyHj4EZ7rpZ/sz54oiFAcTm/qVnEFpcEWjpUPjDNzAulKZarHDQmjgtBp8EcVmLpPlxMiCHl0NEVAKQMihsMRCVwskZaWSCgLP0gPR4my+05yjeYPvMOn+NPJFXG3GXZlPAaM+XHrvQBYiVyU5khZy9
        unset private-key
        set certificate "-----BEGIN CERTIFICATE-----
MIIDzDCCArSgAwIBAgIEAjWMnjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8G
A1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQ
MA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5l
dC5jb20wHhcNMjMwNzExMDQzOTIwWhcNMzgwMTE4MjIzNDM5WjCBnzELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTER
MA8GA1UECgwIRm9ydGluZXQxFDASBgNVBAsMC0ZvcnRpU3dpdGNoMRkwFwYDVQQD
DBBTNDI0RUlURjIzMDA0NDM5MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRp
bmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyQsJp6sdef
UaQj+jAlVPGMk1qaQnbJrdRY2VlkIx3LpFJNqF06pqVutqYmsiAWJYZffsphrTU+
AnHHBY5bew7A8Hwzptq3fdK7/6nSDglvFU2IgyAG5TERenIPQwVyZpBKpOzDQM8z
qUVFjqkfbAGLOsnyhBu0Ixfo1eNsKUlwe2NXyE/JObRqiQaoVYodY8IEWIfIroXW
FurINRMCiBh6KzalrADsFDFlHyvXGmkQCdYYZhY/DR4PpQIB/duVHwmzfaf/k+AP
AU3SfauoEsCfEItDxsRm/Qzz3Ep4qUACyg/uayPTgNlGcD2duZ/poUZPcPeWbcVU
e39ZQNKBxCECAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
RJWnKUrMknVWbpZxcS0IU4PGSVx8/8KMxi7705l3Wz8RPRAdp9Q22nUH7PKCa0T6
odpFY4pQ+BTQwqwV57aX3ELyonMdlNIduiSsAzWw6VS5S8L4EgUS1MrBsRROTgmB
fe9dwIIl9bXKQ6RCRtoxwwf8enMYqmvzxRS0LozNzU5iYHkuBa9nu5mXZZH1atmP
IL18RN10DVj7krLq/qWQNbZw49zzttv/ZvCxqSskII/zixEHYSYFBikQJ+wiqGUN
FJabnQWnSNJpPC3fVoEX9jAJ6AeAeI3TpThB1i8ZdAKfmvoFV4i/bt+R2733yyNr
Cq2R6Nn88UvMC2BenqejOg==
-----END CERTIFICATE-----"
        set scep-url ''
    next
end
config switch-controller global
    set name ''
    set location ''
    set max-discoveries 3
    set max-retransmit 5
    set echo-interval 30
    set ac-port 5246
    set ac-data-port 15250
    set ac-discovery-type auto
    set tunnel-mode compatible
    set mgmt-mode capwap
    set ac-discovery-mc-addr 224.0.1.140
    set ac-dhcp-option-code 138
end
config log syslogd setting
    unset override
    set status disable
    set enc-algorithm disable
    set certificate ''
end
config log syslogd2 setting
    unset override
    set status disable
    set enc-algorithm disable
    set certificate ''
end
config log syslogd3 setting
    unset override
    set status disable
    set enc-algorithm disable
    set certificate ''
end
config log memory global-setting
    set full-final-warning-threshold 95
    set full-first-warning-threshold 75
    set full-second-warning-threshold 90
    set max-size 98304
end
config log syslogd filter
    unset override
    set severity information
end
config log syslogd2 filter
    unset override
    set severity information
end
config log syslogd3 filter
    unset override
    set severity information
end
config system email-server
    set port 25
    set reply-to ''
    set security none
    set server ''
    set source-ip 0.0.0.0
    set source-ip6 ::
    set authenticate disable
end
config system security
    set mode none
end
config system console
    set baudrate 115200
    set hostname-display-length 17
    set login enable
    set mode line
    set output more
end
config system bug-report
    set auth no
    set mailto "fortiswitch@fortinet.com"
    set password ''
    set server "fortinet.com"
    set username "bug_report"
    set username-smtp "bug_report"
end
config system ntp
    set allow-unsync-source enable
    set authentication disable
    set log-time-adjustments enable
    config ntpserver
        edit 1
            set authentication disable
            set ntpv3 disable
            set server "ntp.birchstreet.net"
        next
    end
    set ntpsync enable
    set source-ip 0.0.0.0
    set source-ip6 ::
    set syncinterval 10
end
config system flan-cloud
    set interval 3
    set name "fortiswitch-dispatch.forticloud.com"
    set port 443
    set service-type flan-cloud
    set status enable
end
config system flow-export
    set filter ''
    set format netflow9
    set identity 0x00000000
    set level ip
    set max-export-pkt-size 512
    set template-export-period 5
    set timeout-general 3600
    set timeout-icmp 300
    set timeout-max 604800
    set timeout-tcp 3600
    set timeout-tcp-fin 300
    set timeout-tcp-rst 120
    set timeout-udp 300
end
config system web
    set gui-language browser
    set http-port 80
    set https-pki-required disable
    set https-port 443
    set https-server-cert "Fortinet_Factory"
    set https-ssl-versions tlsv1-1 tlsv1-2 tlsv1-3
end
config system settings
    set ip-ecmp-mode source-ip-based
end
config system certificate ocsp
    set cert ''
    set unavail-action revoke
    set url ''
end
config user setting
    set auth-blackout-time 0
    set auth-cert ''
    set auth-http-basic disable
    set auth-invalid-max 5
    set auth-multi-group enable
    set auth-secure-http disable
    set auth-timeout 5
    set auth-timeout-type idle-timeout
    set auth-type http https ftp telnet
end
config log memory setting
    set diskfull overwrite
    set status enable
end
config log disk setting
    set status disable
    set max-log-file-size 1
    set diskfull overwrite
    set log-quota 1
    set full-first-warning-threshold 75
    set full-second-warning-threshold 90
    set full-final-warning-threshold 95
end
config log eventfilter
    set event enable
    set link enable
    set poe enable
    set router enable
    set spanning_tree enable
    set switch enable
    set switch_controller enable
    set system enable
    set user enable
end
config log memory filter
    unset override
    set severity information
end
config log disk filter
    unset override
    set severity information
end
config log gui
    set log-device disk
end
config router policy
end
config router rip
    set bfd disable
    set default-information-originate disable
    set default-metric 1
    set garbage-timer 120
    config redistribute "connected"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "static"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "ospf"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "bgp"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "isis"
        set status disable
        set metric 0
        set routemap ''
    end
    set timeout-timer 180
    set update-timer 30
    set version 2
end
config router ripng
    set bfd disable
    set default-information-originate disable
    set default-metric 1
    set garbage-timer 120
    config redistribute "connected"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "static"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "ospf6"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "isis"
        set status disable
        set metric 0
        set routemap ''
    end
    config redistribute "bgp"
        set status disable
        set metric 0
        set routemap ''
    end
    set timeout-timer 180
    set update-timer 30
end
config router isis
    set auth-keychain-area ''
    set auth-keychain-domain ''
    set auth-mode-area password
    set auth-mode-domain password
    set auth-password-area ENC IaMSAA0qe7O5WQU4xBb3zQV0bvDssgVJxhkTTKaQyJ43kjRsxjsNcNGPxBKR1TTeI82fJ6XRPts4fAnfqUUV3Qtq+awbNCMmjeVsID5j0awyGs1JEypJ6gtq6+5NicOAOTKQjRR7G2ksD5UL/6Faf4QwHduZnfUWd7o5GT+CXzCxJTZb
    set auth-password-domain ENC +df9oIQXTmvohRWZWy79nSrbjpYfMybQcglYia1/5OBtmH54YqAYzrPvsUM9TbiIYEvXAIMsufLkqJEnAesg8PU7Uo3QMcMSAt+xAIPpVY97jdCJ29or2rXf8DW4PPpt69DOfzlWcLlGROQNUvpH0YGByh+qnrDJtQJYue1NTUyq/8mQ
    set auth-sendonly-area disable
    set auth-sendonly-domain disable
    set default-information-level level-2
    set default-information-level6 level-2
    set default-information-metric 10
    set default-information-metric6 10
    set default-information-originate disable
    set default-information-originate6 disable
    set ignore-attached-bit disable
    set is-type level-1-2
    set log-neighbour-changes enable
    set lsp-gen-interval-l1 1
    set lsp-gen-interval-l2 1
    set lsp-refresh-interval 900
    set max-lsp-lifetime 1200
    set metric-style narrow
    set overload-bit disable
    config redistribute "connected"
        set status disable
        set metric 10
        set metric-type external
        set level level-2
        set routemap ''
    end
    config redistribute "rip"
        set status disable
        set metric 10
        set metric-type external
        set level level-2
        set routemap ''
    end
    config redistribute "ospf"
        set status disable
        set metric 10
        set metric-type external
        set level level-2
        set routemap ''
    end
    config redistribute "bgp"
        set status disable
        set metric 10
        set metric-type external
        set level level-2
        set routemap ''
    end
    config redistribute "static"
        set status disable
        set metric 10
        set metric-type external
        set level level-2
        set routemap ''
    end
    set redistribute-l1 enable
    set redistribute-l1-list ''
    config redistribute6 "connected"
        set status disable
        set metric 10
        set level level-2
        set routemap ''
    end
    config redistribute6 "static"
        set status disable
        set metric 10
        set level level-2
        set routemap ''
    end
    config redistribute6 "ospf6"
        set status disable
        set metric 10
        set level level-2
        set routemap ''
    end
    config redistribute6 "ripng"
        set status disable
        set metric 10
        set level level-2
        set routemap ''
    end
    config redistribute6 "bgp"
        set status disable
        set metric 10
        set level level-2
        set routemap ''
    end
    set redistribute6-l1 enable
    set redistribute6-l1-list ''
    set router-id 0.0.0.0
    set spf-interval-exp-l1 1
    set spf-interval-exp-l2 1
end
config router multicast
    set multicast-routing disable
end
config router ospf
    set router-id 0.0.0.0
    set abr-type cisco
    set distance-external 0
    set distance-inter-area 0
    set distance-intra-area 0
    set database-overflow disable
    set default-information-originate disable
    set default-information-metric 10
    set default-information-metric-type 2
    set distance 110
    set rfc1583-compatible disable
    set spf-timers 5 10
    set log-neighbour-changes enable
    config redistribute "connected"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
        set tag 0
    end
    config redistribute "static"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
        set tag 0
    end
    config redistribute "bgp"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
        set tag 0
    end
    config redistribute "rip"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
        set tag 0
    end
    config redistribute "isis"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
        set tag 0
    end
end
config router ospf6
    set router-id 0.0.0.0
    set spf-timers 5 10 10
    set log-neighbor-changes enable
    config redistribute "connected"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
    end
    config redistribute "static"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
    end
    config redistribute "ripng"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
    end
    config redistribute "isis"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
    end
    config redistribute "bgp"
        set status disable
        set metric 10
        set routemap ''
        set metric-type 2
    end
end
config router bgp
    set as 64514
    set router-id 192.168.50.41
    set keepalive-timer 60
    set holdtime-timer 180
    set always-compare-med disable
    set bestpath-as-path-ignore disable
    set bestpath-cmp-confed-aspath disable
    set bestpath-cmp-routerid disable
    set bestpath-med-confed disable
    set bestpath-med-missing-as-worst disable
    set client-to-client-reflection enable
    set dampening disable
    set deterministic-med disable
    set fast-external-failover enable
    set log-neighbour-changes enable
    set cluster-id 0.0.0.0
    set confederation-identifier 0
    set default-local-preference 100
    set scan-time 60
    set maximum-paths-ebgp 1
    set bestpath-aspath-multipath-relax disable
    set maximum-paths-ibgp 1
    set distance-external 20
    set distance-internal 200
    set distance-local 200
    set ebgp-requires-policy enable
    set graceful-stalepath-time 360
    set route-reflector-allow-outbound-policy disable
    config neighbor
        edit "169.254.38.181"
            set advertisement-interval 30
            set allowas-in-enable disable
            set allowas-in-enable-evpn disable
            set allowas-in-enable6 disable
            set enforce-first-as disable
            unset attribute-unchanged
            unset attribute-unchanged-evpn
            unset attribute-unchanged6
            set activate enable
            set activate6 enable
            set activate-evpn disable
            set bfd disable
            set capability-dynamic disable
            set capability-orf none
            set capability-orf6 none
            set capability-default-originate disable
            set capability-default-originate6 disable
            set dont-capability-negotiate disable
            set ebgp-enforce-multihop disable
            set next-hop-self disable
            set next-hop-self6 disable
            set override-capability disable
            set passive disable
            set remove-private-as disable
            set remove-private-as6 disable
            set route-server-client disable
            set route-server-client6 disable
            set shutdown disable
            set soft-reconfiguration disable
            set soft-reconfiguration-evpn disable
            set soft-reconfiguration6 disable
            set as-override disable
            set as-override6 disable
            set strict-capability-match disable
            set description ''
            set distribute-list-in ''
            set distribute-list-in6 ''
            set distribute-list-out ''
            set distribute-list-out6 ''
            set filter-list-in ''
            set filter-list-in6 ''
            set filter-list-out ''
            set filter-list-out6 ''
            set interface ''
            set maximum-prefix 0
            set maximum-prefix6 0
            set prefix-list-in ''
            set prefix-list-in6 ''
            set prefix-list-out ''
            set prefix-list-out6 ''
            set remote-as 64513
            set route-map-in ''
            set route-map-in-evpn ''
            set route-map-in6 ''
            set route-map-out ''
            set route-map-out-evpn ''
            set route-map-out6 ''
            set send-community both
            set send-community6 both
            set keep-alive-timer 4294967295
            set holdtime-timer 4294967295
            set connect-timer 4294967295
            set unsuppress-map ''
            set unsuppress-map6 ''
            set update-source ''
            set weight 4294967295
            set password ''
        next
    end
    config redistribute "connected"
        set status disable
        set route-map ''
    end
    config redistribute "static"
        set status disable
        set route-map ''
    end
    config redistribute "ospf"
        set status disable
        set route-map ''
    end
    config redistribute "rip"
        set status disable
        set route-map ''
    end
    config redistribute "isis"
        set status disable
        set route-map ''
    end
    config redistribute6 "connected"
        set status disable
        set route-map ''
    end
    config redistribute6 "static"
        set status disable
        set route-map ''
    end
    config redistribute6 "ospf"
        set status disable
        set route-map ''
    end
    config redistribute6 "rip"
        set status disable
        set route-map ''
    end
    config redistribute6 "isis"
        set status disable
        set route-map ''
    end
end
config router setting
end

AWS-DC-Megaport #




jroy777
New Contributor III

Would you recommend I use RVI interfaces or switch to SVI? 

Switch virtual interfaces

A switch virtual interface (SVI) is a logical interface that is associated with a VLAN and supports routing and switching protocols.

You can assign an IP address to the SVI to enable routing between VLANs. For example, SVIs can route between two different VLANs connected to a switch (no need to connect through a layer-3 router).

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors