We have a working Cisco router doing bgp to AWS Direct Connect. What is the correct way to create the layer 3 interfaces (Direct-Connect, inside and dmz/uat) and the required Vlan 2900 with correct dot1Q encapsulation. Do I create on a sub interface like with Cisco? See Cisco settings below. See attached drawing.
I am assuming just plugging in existing HPE switch to interface assigned on FortiSwitch for "DMZ/UAT" and for "Inside" but how do I create the interfaces correctly on FortiSwitch? IP's should be assigned to layer 3 but "router" does not give the options I think I should see.
Here are Cisco settings:
interface TenGigabitEthernet0/0/0.2900 (This is a sub interface)
description "Direct Connect to Amazon VPC or Transit Gateway on AWS Cloud"
encapsulation dot1Q 2900
ip address 169.254.38.182 255.255.255.252
interface TenGigabitEthernet0/0/1 (Physical interface)
description "Prod DBNET access"
ip address 192.168.51.249 255.255.254.0
no ip proxy-arp
ip nbar protocol-discovery
router bgp 64514 (my ASN)
bgp log-neighbor-changes
neighbor 169.254.38.181 remote-as 64513 (remote ASN)
neighbor 169.254.38.181 password *******
!
address-family ipv4
network 169.254.38.180 mask 255.255.255.252
network 192.168.50.0 mask 255.255.254.0
network 10.10.2.0 mask 255.255.255.0
network 10.1.0.0 mask 255.255.254.0
neighbor 169.254.38.181 activate
exit-address-family
Here are FortiSwitch settings I have applied or compiled so far:
AWS-DC-Megaport # show system interface
name Name.
internal static 192.168.50.41 255.255.254.0 up physical
mgmt dhcp 0.0.0.0 0.0.0.0 up physical
uat static 10.10.2.4 255.255.255.0 up vlan
How do I configure DMZ/UAT to use same interface (diff vlan) on fortiswitch?
config router bgp
set as 64514
set router-id 192.168.50.41
config neighbor
edit "<IPv4_or_IPv6 address>" (should this be 169.254.38.182?)
set remote-as 64513
end
UPDATED DRAWING!!!!!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
OK, can someone tell me which is the correct type of interface to use? A RVI or a SVI. I need to make sure BGP works
I want to convert this cisco router interface config and bgp settings below to our new FortiSwitch 424e Anyone can offer a solution?
interface TenGigabitEthernet0/0/0.2900
description "Direct Connect to Amazon VPC or Transit Gateway on AWS Cloud"
encapsulation dot1Q 2900
ip address 169.254.38.182 255.255.255.252
!
router bgp 64514
bgp log-neighbor-changes
neighbor 169.254.38.181 remote-as 64513
neighbor 169.254.38.181 password zNG9HzGKJyWPq5MB4VWE
!
address-family ipv4
network 169.254.38.180 mask 255.255.255.252
network 192.168.50.0 mask 255.255.254.0
neighbor 169.254.38.181 activate
exit-address-family
Routed VLAN interfaces
A routed VLAN interface (RVI) is a physical port or trunk interface that supports layer-3 routing protocols. When the physical port or trunk is administratively down, the RVI for that physical port or trunk goes down as well. All RVIs use the same VLAN, 4095.
RVIs support ECMP, VRF, multiple IP addresses, IPv4 addresses, IPv6 addresses, BFD, VRRP, DHCP server, DHCP relay, RIP, OSPF, ISIS, BGP, and PIM.
Layer-2 protocols and most switch interface features are disabled on RVIs.
https://docs.fortinet.com/document/fortiswitch/7.4.3/fortiswitchos-administration-guide/22391/routed...
Switch virtual interfaces
A switch virtual interface (SVI) is a logical interface that is associated with a VLAN and supports routing and switching protocols.
You can assign an IP address to the SVI to enable routing between VLANs. For example, SVIs can route between two different VLANs connected to a switch (no need to connect through a layer-3 router).
https://docs.fortinet.com/document/fortiswitch/7.4.3/fortiswitchos-administration-guide/626301/switc...
OK, I did this (from the docs) and have a RVI
Create a system interface. Set the IP address and netmask, set the interface type to physical, and then assign the layer-2 interface.
config system interface
edit <new_interface_name>
set ip <IP_address_and_netmask>
set type physical
set l2-interface <existing_interface_name>
next
end
Does this look correct?
edit "AWS-DC-L3"
set mode static
set dhcp-relay-service disable
set ip 169.254.38.182 255.255.255.252
unset allowaccess
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set status up
set type physical
set l2-interface "port28"
set description ''
set alias ''
set vrrp-virtual-mac disable
set secondary-IP disable
set snmp-index 35
Does anyone know default encapsulation mode on FortiSwitch interfaces?
I need 802.1q
I think .1Q only. That's why you can't find the command to select the encapsulation.
Toshi
And you're setting it up as "standalone" with L3 features that require licenses, which I've never done myself, so I can't comment on them specifically. But I can tell the concept of L2/L3 configuration mainly viewed from L2 side and up.
You already figured out L3 interfaces need to be configured under "config system interface". But probably never imagined those L3 VLAN interfaces have to be sub-interfaces of "internal" special L3 interface if you haven't dealt with any FortiGates before.
Then to connect L2 VLANs at physical ports to those L3 VLAN interfaces, you have to include those VLANs as allowed-vlans on the L2 special interface "internal" under "config switch interface". It might be hard to understand but I depicted this command line structure in below.
But beyond this, especially L3 features like BGP, you'll soon realize you likely need to refer to FortiGate(FGT) documentation since those features must have been "imported/ported" from FGT's software.
And you likely need to open a ticket at TAC to get help or figure them out by yourself by referring to FGT's documentation. I had to figure out above almost all by myself recently to utilize FSWs as L2 switches. But in my case, I have some experiences with FGTs.
Toshi
Thank You for the detailed explanation. It is extremely valuable. Can I send you the config I came up with? I am able to ping from a host on my "inside" network all IP's listed in my drawing except the AWS-DC interface (only because I have not moved the cable from the Cisco to the FS. I want to see if you believe I have setup the interfaces correct based on what you outlined above.
Sure. I'll take a look at it when I have time to do so.
Toshi
Wow, am I missing it? Is there no way to attach a file?
AWS-DC-Megaport # show full-configuration
#config-version=S424EI-7.04-FW-build830-240422:opmode=0:vdom=0
#conf_file_ver=11362378364286318208
#buildno=0830
#global_vdom=1
config system global
set 802.1x-ca-certificate "Fortinet_CA"
set 802.1x-certificate "Fortinet_Factory"
set admin-concurrent enable
set admin-lockout-duration 60
set admin-lockout-threshold 3
set admin-password-hash sha256
set admin-restrict-local disable
set admin-scp disable
set admin-ssh-grace-time 120
set admin-ssh-port 22
set admin-ssh-v1 disable
set admin-telnet-port 23
set admintimeout 5
set alertd-relog disable
set allow-subnet-overlap enable
set arp-inspection-monitor-timeout 1440
set arp-timeout 180
set asset-tag ''
set cfg-save automatic
set clt-cert-req disable
set csr-ca-attribute enable
set daily-restart disable
set delaycli-timeout-cleanup 15
set detect-ip-conflict enable
set dh-params 2048
set dhcp-circuit-id intfname vlan mode
set dhcp-option-format ascii
set dhcp-remote-id mac
set dhcp-server-access-list disable
set dhcp-snoop-client-req drop-untrusted
set dhcps-db-exp 86400
set dhcps-db-per-port-learn-limit 64
set dst enable
set hostname "AWS-DC-Megaport"
set image-rotation enable
set ip-conflict-ignore-default enable
set ipv6-accept-dad 1
set ipv6-all-forwarding enable
set kernel-crashlog enable
set kernel-devicelog enable
set l3-host-expiry disable
set ldapconntimeout 500
set post-login-banner ''
set pre-login-banner ''
set private-data-encryption disable
set radius-coa-port 3799
set radius-port 1812
set remoteauthtimeout 5
set reset-button enable
set revision-backup-on-logout enable
set revision-backup-on-upgrade enable
set strong-crypto enable
set tcp-mss-min 48
set tcp-options enable
set tcp6-mss-min 48
set timezone 04
end
config system alias group
end
config system accprofile
edit "prof_admin"
set admingrp read-write
set exec-alias-grp read-write
set loggrp read-write
set mntgrp read-write
set netgrp read-write
set pktmongrp read-write
set routegrp read-write
set swcoregrp read-write
set swmonguardgrp read-write
set sysgrp read-write
set utilgrp read-write
next
end
config switch global
set access-vlan-mode legacy
set auto-fortilink-discovery enable
set auto-isl enable
set auto-isl-port-group 0
set auto-stp-priority enable
set bpdu-learn enable
set dhcp-snooping-database-export disable
set dmi-global-all enable
set flapguard-retain-trigger disable
set flood-unknown-multicast disable
set flood-vtp disable
set forti-trunk-dmac 02:80:c2:00:00:02
set fortilink-heartbeat-timeout 60
set fortilink-p2p-native-vlan 4094
set fortilink-p2p-tpid 0x8100
set fortilink-vlan-optimization disable
set l2-memory-check disable
set l2-memory-check-interval 120
set log-mac-limit-violations disable
set log-source-guard-violations disable
set loop-guard-tx-interval 3
set mac-aging-interval 300
set max-path-in-ecmp-group 8
set mclag-igmpsnooping-aware disable
set mclag-peer-info-timeout 60
set mclag-port-base 0
set mclag-split-brain-detect disable
set mclag-stp-aware enable
set name ''
set neighbor-discovery-to-cpu enable
config port-security
set link-down-auth set-unauth
set mab-entry-as static
set mab-reauth disable
set mac-called-station-delimiter hyphen
set mac-calling-station-delimiter hyphen
set mac-case lowercase
set mac-password-delimiter hyphen
set mac-username-delimiter hyphen
set max-reauth-attempt 0
set quarantine-vlan enable
set reauth-period 60
set tx-period 30
end
set reserved-mcast-to-cpu enable
set storm-control-monitor disable
set trunk-hash-mode default
set trunk-hash-unicast-src-port disable
set trunk-hash-unkunicast-src-dst enable
set virtual-wire-tpid 0xdee5
set vxlan-dport 4789
set vxlan-sport 0
set vxlan-stp-virtual-root disable
end
config switch lldp settings
set status enable
set tx-hold 4
set tx-interval 30
set fast-start-interval 2
set management-interface "mgmt"
set management-address ipv4 ipv6
set device-detection disable
end
config switch lldp profile
edit "default"
unset 802.1-tlvs
unset 802.3-tlvs
set auto-isl disable
set auto-isl-auth-identity "fortilink"
set auto-isl-auth-reauth 3600
set auto-isl-auth-user "Fortinet_Factory"
set auto-isl-hello-timer 3
set auto-isl-port-group 0
set auto-isl-receive-timeout 60
set auto-mclag-icl disable
config med-location-service
edit "coordinates"
set status disable
next
edit "address-civic"
set status disable
next
edit "elin-number"
set status disable
next
end
config med-network-policy
edit "voice"
set status disable
next
edit "voice-signaling"
set status disable
next
edit "guest-voice"
set status disable
next
edit "guest-voice-signaling"
set status disable
next
edit "softphone-voice"
set status disable
next
edit "video-conferencing"
set status disable
next
edit "streaming-video"
set status disable
next
edit "video-signaling"
set status disable
next
end
set med-tlvs inventory-management network-policy location-identification
next
edit "default-auto-isl"
unset 802.1-tlvs
unset 802.3-tlvs
set auto-isl enable
set auto-isl-auth legacy
set auto-isl-hello-timer 3
set auto-isl-port-group 0
set auto-isl-receive-timeout 60
set auto-mclag-icl disable
unset med-tlvs
next
end
config switch vlan-tpid
edit "default"
set ether-type 0x8100
next
end
config switch qos qos-policy
edit "default"
config cos-queue
edit "queue-0"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-1"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-2"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-3"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-4"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-5"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-6"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
edit "queue-7"
set description ''
set drop-policy taildrop
set max-rate 0
set min-rate 0
set weight 1
set wred-slope 45
next
end
set rate-by kbps
set schedule round-robin
next
end
config system ptp profile
edit "default"
set description ''
set mode transparent-e2e
next
end
config switch ptp settings
set status disable
set profile "default"
end
config system ptp interface-policy
edit "default"
set description ''
set vlan 0
set vlan-pri 4
next
end
config switch physical-port
edit "port1"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port2"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port3"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port4"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port5"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port6"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port7"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port8"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port9"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port10"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port11"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port12"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port13"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port14"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port15"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port16"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port17"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port18"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port19"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port20"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port21"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port22"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port23"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port24"
set cdp-status disable
set description ''
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 1000full
set status up
set storm-control-mode global
next
edit "port25"
set cdp-status disable
set description "To DBNET10G-03 Port 37 | inside"
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 10000full
set status up
set storm-control-mode global
next
edit "port26"
set cdp-status disable
set description "To DMZ10G-02 Port 35 | dmz"
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 10000full
set status up
set storm-control-mode global
next
edit "port27"
set cdp-status disable
set description "To DMZ10G-02 Port 37 | UAT"
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 10000full
set status up
set storm-control-mode global
next
edit "port28"
set cdp-status disable
set description "To AWS Direct Connect Vlan 2900"
set dmi-status global
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set speed 10000full
set status up
set storm-control-mode global
next
edit "internal"
set description ''
next
end
config switch vlan
edit 35
set private-vlan disable
set lan-segment disable
set description "UAT"
set learning enable
set learning-limit 0
set rspan-mode disable
set igmp-snooping disable
set dhcp-snooping disable
set dhcp6-snooping disable
set access-vlan disable
set assignment-priority 128
unset policer
unset cos-queue
next
edit 2900
set private-vlan disable
set lan-segment disable
set description "AWS-DC-FortiSW Port 28"
set learning enable
set learning-limit 0
set rspan-mode disable
set igmp-snooping disable
set dhcp-snooping disable
set dhcp6-snooping disable
set access-vlan disable
set assignment-priority 128
unset policer
unset cos-queue
next
edit 2
set private-vlan disable
set lan-segment disable
set description "dmz"
set learning enable
set learning-limit 0
set rspan-mode disable
set igmp-snooping disable
set dhcp-snooping disable
set dhcp6-snooping disable
set access-vlan disable
set assignment-priority 128
unset policer
unset cos-queue
next
end
config switch interface
edit "port1"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 1
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port2"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 2
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port3"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 3
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port4"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 4
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port5"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 5
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port6"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 6
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port7"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 7
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port8"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 8
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port9"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 9
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port10"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 10
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port11"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 11
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port12"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 12
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port13"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 13
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port14"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 14
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port15"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 15
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port16"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 16
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port17"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 17
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port18"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 18
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port19"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 19
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port20"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 20
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port21"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 21
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port22"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 22
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port23"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 23
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port24"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 24
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port25"
set description ''
set native-vlan 1
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state disabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 25
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port26"
set description ''
set native-vlan 2
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 26
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port27"
set description ''
set native-vlan 35
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state disabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-source-guard disable
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 27
config port-security
set port-security-mode none
end
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set learning-limit 0
set sticky-mac disable
set log-mac-event disable
set nac disable
next
edit "port28"
set description ''
set allow-arp-monitor disable
set ip-source-guard disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 28
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set qos-policy "default"
set ptp-status disable
next
edit "internal"
set description ''
set native-vlan 1
set allowed-vlans 2,35
unset untagged-vlans
set discard-mode none
set stp-state disabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 29
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set nac disable
next
end
config switch stp settings
set forward-time 15
set hello-time 2
set max-age 20
set max-hops 20
set mclag-stp-bpdu both
set name ''
set revision 0
set status enable
end
config switch stp instance
edit "0"
set priority 32768
config stp-port
edit "port1"
set cost 0
set priority 128
next
edit "port2"
set cost 0
set priority 128
next
edit "port3"
set cost 0
set priority 128
next
edit "port4"
set cost 0
set priority 128
next
edit "port5"
set cost 0
set priority 128
next
edit "port6"
set cost 0
set priority 128
next
edit "port7"
set cost 0
set priority 128
next
edit "port8"
set cost 0
set priority 128
next
edit "port9"
set cost 0
set priority 128
next
edit "port10"
set cost 0
set priority 128
next
edit "port11"
set cost 0
set priority 128
next
edit "port12"
set cost 0
set priority 128
next
edit "port13"
set cost 0
set priority 128
next
edit "port14"
set cost 0
set priority 128
next
edit "port15"
set cost 0
set priority 128
next
edit "port16"
set cost 0
set priority 128
next
edit "port17"
set cost 0
set priority 128
next
edit "port18"
set cost 0
set priority 128
next
edit "port19"
set cost 0
set priority 128
next
edit "port20"
set cost 0
set priority 128
next
edit "port21"
set cost 0
set priority 128
next
edit "port22"
set cost 0
set priority 128
next
edit "port23"
set cost 0
set priority 128
next
edit "port24"
set cost 0
set priority 128
next
edit "port25"
set cost 0
set priority 128
next
edit "port26"
set cost 0
set priority 128
next
edit "port27"
set cost 0
set priority 128
next
edit "port28"
set cost 0
set priority 128
next
edit "internal"
set cost 0
set priority 128
next
end
next
edit "15"
set priority 28672
set vlan-range 4094
next
end
config switch storm-control
set broadcast disable
set burst-size-level 0
set rate 500
set unknown-multicast disable
set unknown-unicast disable
end
config switch acl settings
set density-mode disable
set trunk-load-balance enable
end
config switch acl service custom
edit "ALL_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1-65535
unset udp-portrange
unset sctp-portrange
next
edit "ALL_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1-65535
unset sctp-portrange
next
edit "ALL_ICMP"
set protocol ICMP
set comment ''
set color 0
set icmptype 0
set icmpcode 0
next
edit "AOL"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 5190-5194
unset udp-portrange
unset sctp-portrange
next
edit "BGP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 179
unset udp-portrange
unset sctp-portrange
next
edit "DHCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 67-68
unset sctp-portrange
next
edit "DNS_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 53
unset udp-portrange
unset sctp-portrange
next
edit "DNS_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 53
unset sctp-portrange
next
edit "FINGER"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 79
unset udp-portrange
unset sctp-portrange
next
edit "FTP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 21
unset udp-portrange
unset sctp-portrange
next
edit "FTP_GET"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 21
unset udp-portrange
unset sctp-portrange
next
edit "FTP_PUT"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 21
unset udp-portrange
unset sctp-portrange
next
edit "GOPHER"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 70
unset udp-portrange
unset sctp-portrange
next
edit "H323_TCP1"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1720
unset udp-portrange
unset sctp-portrange
next
edit "H323_TCP2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1503
unset udp-portrange
unset sctp-portrange
next
edit "H323_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1719
unset sctp-portrange
next
edit "HTTP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 80
unset udp-portrange
unset sctp-portrange
next
edit "HTTPS"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 443
unset udp-portrange
unset sctp-portrange
next
edit "IKE"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 500
unset sctp-portrange
next
edit "IKE2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 4500
unset sctp-portrange
next
edit "IMAP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 143
unset udp-portrange
unset sctp-portrange
next
edit "IMAPS"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 993
unset udp-portrange
unset sctp-portrange
next
edit "Internet-Locator-Service"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 389
unset udp-portrange
unset sctp-portrange
next
edit "IRC"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 6660-6669
unset udp-portrange
unset sctp-portrange
next
edit "L2TP_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1701
unset udp-portrange
unset sctp-portrange
next
edit "L2TP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1701
unset sctp-portrange
next
edit "LDAP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 389
unset udp-portrange
unset sctp-portrange
next
edit "NetMeeting"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1720
unset udp-portrange
unset sctp-portrange
next
edit "NFS_TCP1"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 111
unset udp-portrange
unset sctp-portrange
next
edit "NFS_TCP2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 2049
unset udp-portrange
unset sctp-portrange
next
edit "NFS_UDP1"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 111
unset sctp-portrange
next
edit "NFS_UDP2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 2049
unset sctp-portrange
next
edit "NNTP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 119
unset udp-portrange
unset sctp-portrange
next
edit "NTP_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 123
unset udp-portrange
unset sctp-portrange
next
edit "NTP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 123
unset sctp-portrange
next
edit "OSPF"
set protocol IP
set comment ''
set color 0
set protocol-number 89
next
edit "PC-Anywhere_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 5631
unset udp-portrange
unset sctp-portrange
next
edit "PC-Anywhere_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 5632
unset sctp-portrange
next
edit "PTP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 319-320
unset sctp-portrange
next
edit "ONC-RPC-TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 111
unset udp-portrange
unset sctp-portrange
next
edit "ONC-RPC-UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 111
unset sctp-portrange
next
edit "DCE-RPC-TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 135
unset udp-portrange
unset sctp-portrange
next
edit "DCE-RPC-UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 135
unset sctp-portrange
next
edit "POP3"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 110
unset udp-portrange
unset sctp-portrange
next
edit "POP3S"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 995
unset udp-portrange
unset sctp-portrange
next
edit "PPTP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1723
unset udp-portrange
unset sctp-portrange
next
edit "QUAKE1"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 26000
unset sctp-portrange
next
edit "QUAKE2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 27000
unset sctp-portrange
next
edit "QUAKE3"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 27910
unset sctp-portrange
next
edit "QUAKE4"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 27960
unset sctp-portrange
next
edit "RAUDIO"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 7070
unset sctp-portrange
next
edit "REXEC"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 512
unset udp-portrange
unset sctp-portrange
next
edit "RIP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 520
unset sctp-portrange
next
edit "RLOGIN"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 513:512-1023
unset udp-portrange
unset sctp-portrange
next
edit "RSH"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 514:512-1023
unset udp-portrange
unset sctp-portrange
next
edit "SCCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 2000
unset udp-portrange
unset sctp-portrange
next
edit "SIP_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 5060
unset udp-portrange
unset sctp-portrange
next
edit "SIP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 5060
unset sctp-portrange
next
edit "SIP-MSNmessenger"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1863
unset udp-portrange
unset sctp-portrange
next
edit "SAMBA"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 139
unset udp-portrange
unset sctp-portrange
next
edit "SMTP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 25
unset udp-portrange
unset sctp-portrange
next
edit "SMTPS"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 465
unset udp-portrange
unset sctp-portrange
next
edit "SNMP_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 161-162
unset udp-portrange
unset sctp-portrange
next
edit "SNMP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 161-162
unset sctp-portrange
next
edit "SSH"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 22
unset udp-portrange
unset sctp-portrange
next
edit "SYSLOG"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 514
unset sctp-portrange
next
edit "TALK"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 517-518
unset sctp-portrange
next
edit "TELNET"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 23
unset udp-portrange
unset sctp-portrange
next
edit "TFTP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 69
unset sctp-portrange
next
edit "MGCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 2427
unset sctp-portrange
next
edit "MGCP2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 2727
unset sctp-portrange
next
edit "UUCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 540
unset udp-portrange
unset sctp-portrange
next
edit "VDOLIVE"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 7000-7010
unset udp-portrange
unset sctp-portrange
next
edit "WAIS"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 210
unset udp-portrange
unset sctp-portrange
next
edit "WINFRAME1"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1494
unset udp-portrange
unset sctp-portrange
next
edit "WINFRAME2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 2598
unset udp-portrange
unset sctp-portrange
next
edit "X-WINDOWS"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 6000-6063
unset udp-portrange
unset sctp-portrange
next
edit "MS-SQL"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1433-1434
unset udp-portrange
unset sctp-portrange
next
edit "MYSQL"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 3306
unset udp-portrange
unset sctp-portrange
next
edit "RDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 3389
unset udp-portrange
unset sctp-portrange
next
edit "VNC"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 5900
unset udp-portrange
unset sctp-portrange
next
edit "DHCP6"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 546-547
unset sctp-portrange
next
edit "SQUID"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 3128
unset udp-portrange
unset sctp-portrange
next
edit "SOCKS_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1080
unset udp-portrange
unset sctp-portrange
next
edit "SOCKS_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1080
unset sctp-portrange
next
edit "WINS_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1512
unset udp-portrange
unset sctp-portrange
next
edit "WINS_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1512
unset sctp-portrange
next
edit "RADIUS"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1812-1813
unset sctp-portrange
next
edit "RADIUS-OLD"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1645-1646
unset sctp-portrange
next
edit "CVSPSERVER_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 2401
unset udp-portrange
unset sctp-portrange
next
edit "CVSPSERVER_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 2401
unset sctp-portrange
next
edit "AFS3_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 7000-7009
unset udp-portrange
unset sctp-portrange
next
edit "AFS3_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 7000-7009
unset sctp-portrange
next
edit "TRACEROUTE"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 33434-33535
unset sctp-portrange
next
edit "RTSP_TCP1"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 554
unset udp-portrange
unset sctp-portrange
next
edit "RTSP_TCP2"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 7070
unset udp-portrange
unset sctp-portrange
next
edit "RTSP_TCP3"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 8554
unset udp-portrange
unset sctp-portrange
next
edit "RTSP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 554
unset sctp-portrange
next
edit "MMS_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 1755
unset udp-portrange
unset sctp-portrange
next
edit "MMS_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 1024-5000
unset sctp-portrange
next
edit "KERBEROS_TCP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 88
unset udp-portrange
unset sctp-portrange
next
edit "KERBEROS_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 88
unset udp-portrange
unset sctp-portrange
next
edit "LDAP_UDP"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
unset tcp-portrange
set udp-portrange 389
unset sctp-portrange
next
edit "SMB"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 445
unset udp-portrange
unset sctp-portrange
next
edit "NONE"
set protocol TCP/UDP/SCTP
set comment ''
set color 0
set tcp-portrange 0
unset udp-portrange
unset sctp-portrange
next
edit "ALL"
set protocol IP
set comment ''
set color 0
set protocol-number 0
next
end
config switch igmp-snooping globals
set aging-time 300
set leave-response-timeout 1000
set proxy-report-interval 60
set query-interval 125
set query-max-response-timeout 10000
end
config switch security-feature
set sip-eq-dip disable
set tcp-flag disable
set tcp-port-eq disable
set tcp-flag-FUP disable
set tcp-flag-SF disable
set v4-first-frag disable
set udp-port-eq disable
set tcp-hdr-partial disable
set macsa-eq-macda disable
set allow-mcast-sa enable
set allow-sa-mac-all-zero enable
end
config switch auto-network
set mgmt-vlan 1
set status enable
end
config switch network-monitor settings
set db-aging-interval 3600
set status disable
set survey-mode disable
set survey-mode-interval 120
end
config system interface
edit "mgmt"
set mode dhcp
set distance 5
set dhcp-relay-service disable
unset ip
set allowaccess ping https ssh
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set vlanforward disable
set status up
set type physical
set description ''
set alias ''
set vrrp-virtual-mac disable
set secondary-IP enable
set snmp-index 31
config ipv6
set ip6-address ::/0
set ip6-mode static
unset ip6-allowaccess
set autoconf disable
set dhcp6-information-request disable
set ip6-send-adv disable
set vrrp-virtual-mac6 disable
set vrip6_link_local ::
end
set dhcp-client-identifier ''
set dhcp-vendor-specific-option ''
set defaultgw disable
set dns-server-override enable
unset macaddr
set speed auto
set mtu-override disable
config secondaryip
edit 1
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh
next
end
next
edit "internal"
set mode static
set dhcp-relay-service disable
set ip 192.168.50.41 255.255.254.0
set allowaccess ping https ssh
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set status up
set type physical
set description ''
set alias "DBNET"
set vrrp-virtual-mac disable
set secondary-IP disable
set snmp-index 30
config ipv6
set ip6-address ::/0
set ip6-mode static
unset ip6-allowaccess
set autoconf disable
set dhcp6-information-request disable
set ip6-send-adv disable
set vrrp-virtual-mac6 disable
set vrip6_link_local ::
end
unset macaddr
set speed auto
set mtu-override disable
next
edit "uat"
set mode static
set dhcp-relay-service disable
set ip 10.10.2.4 255.255.255.0
set allowaccess ping https ssh
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set status up
set type vlan
set description ''
set alias "UAT"
set vrrp-virtual-mac disable
set secondary-IP disable
set snmp-index 32
config ipv6
set ip6-address ::/0
set ip6-mode static
unset ip6-allowaccess
set autoconf disable
set ip6-unknown-mcast-to-cpu disable
set dhcp6-information-request disable
set ip6-send-adv disable
set vrrp-virtual-mac6 disable
set vrip6_link_local ::
end
set vlanid 35
set interface "internal"
next
edit "dmz"
set mode static
set dhcp-relay-service disable
set ip 10.1.0.4 255.255.254.0
set allowaccess ping https ssh
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set status up
set type vlan
set description ''
set alias "dmz"
set vrrp-virtual-mac disable
set secondary-IP disable
set snmp-index 34
config ipv6
set ip6-address ::/0
set ip6-mode static
unset ip6-allowaccess
set autoconf disable
set ip6-unknown-mcast-to-cpu disable
set dhcp6-information-request disable
set ip6-send-adv disable
set vrrp-virtual-mac6 disable
set vrip6_link_local ::
end
set vlanid 2
set interface "internal"
next
edit "AWS-DC-L3"
set mode static
set dhcp-relay-service disable
set ip 169.254.38.182 255.255.255.252
set allowaccess ping https ssh
set bfd disable
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
set icmp-redirect enable
set status up
set type physical
set l2-interface "port28"
set description ''
set alias "AWS-DC-L3"
set vrrp-virtual-mac disable
set secondary-IP disable
set snmp-index 35
config ipv6
set ip6-address ::/0
set ip6-mode static
unset ip6-allowaccess
set autoconf disable
set ip6-unknown-mcast-to-cpu disable
set dhcp6-information-request disable
set ip6-send-adv disable
set vrrp-virtual-mac6 disable
set vrip6_link_local ::
end
unset macaddr
set mtu-override disable
next
end
config system password-policy
set status enable
set apply-to admin-password
set minimum-length 8
set min-lower-case-letter 0
set min-upper-case-letter 0
set min-non-alphanumeric 0
set min-number 0
set change-4-characters disable
set expire-status disable
end
config system admin
edit "admin"
set remote-auth disable
set peer-auth disable
set trusthost1 0.0.0.0 0.0.0.0
set trusthost2 0.0.0.0 0.0.0.0
set trusthost3 0.0.0.0 0.0.0.0
set trusthost4 0.0.0.0 0.0.0.0
set trusthost5 0.0.0.0 0.0.0.0
set trusthost6 0.0.0.0 0.0.0.0
set trusthost7 0.0.0.0 0.0.0.0
set trusthost8 0.0.0.0 0.0.0.0
set trusthost9 0.0.0.0 0.0.0.0
set trusthost10 0.0.0.0 0.0.0.0
set ip6-trusthost1 ::/0
set ip6-trusthost2 ::/0
set ip6-trusthost3 ::/0
set ip6-trusthost4 ::/0
set ip6-trusthost5 ::/0
set ip6-trusthost6 ::/0
set ip6-trusthost7 ::/0
set ip6-trusthost8 ::/0
set ip6-trusthost9 ::/0
set ip6-trusthost10 ::/0
set accprofile "super_admin"
set comments ''
unset ssh-public-key1
unset ssh-public-key2
unset ssh-public-key3
set schedule ''
set password-expire 0000-00-00 00:00:00
set force-password-change disable
set password ENC SH2ncd1Cufw/3H7/3OS8vVKU/5KhPSbuo4gnjn/n9+7AtmU3F9sPsumjzZ5HqI=
set allow-remove-admin-session enable
next
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
set domain ''
set ip6-primary ::
set ip6-secondary ::
set dns-cache-limit 5000
set dns-cache-ttl 1800
set cache-notfound-responses disable
set source-ip 0.0.0.0
end
config system sflow
end
config system snmp sysinfo
set contact-info ''
set description ''
set engine-id ''
set location ''
set status disable
set trap-high-cpu-interval 1min
set trap-high-cpu-threshold 80
set trap-log-full-threshold 90
set trap-low-memory-threshold 80
set trap-temp-alarm-threshold 70
set trap-temp-warning-threshold 65
end
config system snmp community
edit 1
set events cpu-high mem-low log-full intf-ip ent-conf-change llv sensor-fault sensor-alarm fan-detect psu-status ip-conflict tkmem-hb-oo-sync fsTrapStitch1 fsTrapStitch2 fsTrapStitch3 fsTrapStitch4 fsTrapStitch5 storm-control
config hosts
edit 1
set interface ''
set ip 0.0.0.0 0.0.0.0
set source-ip 0.0.0.0
next
end
set name "public"
set query-v1-port 161
set query-v1-status enable
set query-v2c-port 161
set query-v2c-status enable
set status enable
set trap-v1-lport 162
set trap-v1-rport 162
set trap-v1-status enable
set trap-v2c-lport 162
set trap-v2c-rport 162
set trap-v2c-status enable
next
end
config system certificate ca
edit "Fortinet_CA"
set ca "-----BEGIN CERTIFICATE-----
MIIKLDCCBhSgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UE
ChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMG
A1UEAxMMZm9ydGluZXQtY2EyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRp
bmV0LmNvbTAgFw0xNjA2MDYyMDI3MzlaGA8yMDU2MDUyNzIwMjczOVowgaUxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZh
bGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkxFTATBgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3Vw
cG9ydEBmb3J0aW5ldC5jb20wggQiMA0GCSqGSIb3DQEBAQUAA4IEDwAwggQKAoIE
AQC9YkiEs7iwMQVeJuZyV5hYi8RGwE5N8X8I8jLo1BI/r/HD/RbbtmPBkyWVgPpa
RQnAgnupxy06qJcWNrinZBxZyqKJrqke2RIBstV3lfoevSP7pmjF2raDZqL7EaDG
kvRzaLyei5pifzcBzpoY8TpBk6upDD2pjkU60MqgWY/0Eo7SsiTKAukWvEqK3mL0
K05+UNcEYzboWi0tIMBgXIYgIDDmYvOqUbDnPFYRTZQ6eltSFWrU+TvR4wEhBcwg
DxlFQHY02Ee9UxEav4Ej02KzdjDKq3ZKMHaczGLiam4N/5TwtLG5+7il2TZ309Uf
4Tjr5aWvEKMvHNTI4/hLDd+DsUs43qf0yD8HQ4kzpkyEEzdfXxPjbt6UNX7Dlz2T
DQXvcqESs27kRxcEQ3gmVeL3cyDC4R4G3DhyBQQxNi22rROOX5DRMNC0TIrLslld
RBMZfDbSUOrLZobfuOE4bMDHGz7pzJWxqkfBI/GoO9G4ZMFxC5JYr2/3lzod5K4P
lGRyWUJ9vax2JIeF5DM/UgfBdqhZetTXLKnKCOxT85cseAeYT335vlHNo/YVnYg5
LFfCpqAJMJYjFz9EG6oOBXeT34GHwtXOxpaib1uYqM6REzhiqSRLvwYdlQtXM7Tn
se4HqiYATflFv5ZUj4087YrG0ok6zjQaIleqbeLLciMpYIvUxcsrMM/BHPwZH/xE
Wx4uau7oTdeSZQOj9okUYWPCf2Id5f9aOpHoGbwn5Y7FvE+y1VmQNw46UpBYLFJO
hWtE2ZCx2sIDbH6sfQnPTG2gUqDkATHdZv5gLnFVQ2PRdL0465WCnrjIZHdJ7Isy
k/QfubQCWKnM4aPJmsxQl9I38BkxVAZk9Txgw0i/9HjD9FPO3b9K2+te0oifxPav
HqGfLKsU6TQE0GAJvsq3cYhGrqRUeD3fUTsmFypXw51Pr/Ka7O29Zt1kVZkf65J4
1xH+XxkTp594ffr47EP80j44jsILa8M66CBV9MpCYoNJSZz0Q6TZkSEfSnwO0Dek
uPmRwuVEcR18iCzpdhkqAIc+kalZbTJTsCBbZ1QNPxyEAzmjPLGFbQ00fH2o1nnW
ik4V4vtPgUCjJYomroF4U6I9J3FAtTnwejTiLMd4NMdbTibQQcM6706VnKvR7Z11
KMKDlCLEzoVaPnAItg1bVnsK6uwHDisAc1bfysTR7DRUPDI7b69CptrEqN+Gljnp
fJT+rhus/0RjUFVd/Z+2tGeLUVB+SYqaZgrWHhklaB1TKE38u8i4o6/V8sbCCUrJ
ad/nWvVY4lNYsxTrZbeAv+BPRy9SJMp7fWownkx8anhis5uVbR/w/nmJZK8TJ8RZ
7Z9v2duLk/T8vUOcpfAKnSS5AgMBAAGjYzBhMB0GA1UdDgQWBBSjMa+jSO6h4l+x
8v3W+0FIUBs6dTAfBgNVHSMEGDAWgBSjMa+jSO6h4l+x8v3W+0FIUBs6dTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCBAEA
PXG+lVec2WJGOZmb66q3isr/92spI8HvTUBp6nF8vbLmVgfWsctSKzF27+HhSkX1
xPhdmoBHVFASwfgcqdrLdDBOqb8Nm07iVYElPdiufTq3NzI2wIS5m8egAagILGQ+
V3IwGay67kUrH4MMwLqB3vR9YbNEAS/xq89RUZkPe9t5nvYm1WfXCkzLT3Poz8I8
0nP+FZGkBEz+pg05/rPfujU0DwQsIqds5IQBzmd4TcQm12UVxkBM9z4NEAZiII5a
Keo0vRbBnmaflBNUxeRaiPyLSncvlSNxUv5Q1rL4jUaDE4Ybqif1QQzB05jwLZbt
zUB7vppn0VSEBwnbaWwcVAtcBExY8YwJEEuhhZ7beYjQQ7TE4Jf1mwHD28nPT+B0
1DntS6+q+fIMG/4UzmF936sB8XicVGcscLmvGMtOoGTiCtXX9J1/E9+Qeb7Isu/W
jzQXXllgQTuK3F0K/M58eM4GjXSOY2KuLHclC+1jEusHKvXfwAYuIFLYm/mTlVAs
pqIRmg0ZFDhea6t1hu7U7G0JNMyPhS9DA7RpiTUUCbMJdAHGPIt9b+j/ggrI1t0N
1EHpKvViulIoHxH/wtQUEAkEYXH9Y011KF9mqeXP6w1pz1j3QERzxqmmslWB7jO7
KNcw0OjSlDQX5IkQ4py1IQj8jBuwzTZIuRSWnGDUZx6MeGd9JWcZeg/osMbBD2dc
NiUg84Zc2sZbN2+ma1br/YjcFVRfjjWG8JRo3Y4WevLeClJJCTD/3zb9pd9imPhQ
pS3M5vqEHlO4V6RVmCyugEWamEkdAc6LRBxcvs0V1328JQ0X9edJjn0FTPoY788w
2rY4akEPViJ9Ew2N3ZgG5ELxI5jrgd7AStdagwAj5ykIAHcQAPi2oz0ADl8YAgTM
2yJj5GiEkADU8s3Cyhf6Qf6WPWWiRVmYtlCwXjp+bUl5Sgiy+dZaPv6GwXTKPsoc
3vAHdh2/Md0Jtv8ZqM6RgBHTMrewkkh7u7kjGjCFKS1VVtZ4lhDRZbTOEKdjYbQe
vGAieiYwArAFXBFyqMN6vQq8B/oZwmCPXuUL+y7vMvRsM8YXgy/vnJ6+B8NBwfEj
I6PFB1wur2zO/42AUBhndEIRX/k4I07WbX+Rwn+zKfVuic2v9mVv2R9oc95qV4NQ
jvk1EYUQvZ+H4BYAX8CxhU/SmLfaZOi/ysV/WD5J1IxZCd5qLNkmLwiWyoFwcCzO
18jp/3AG//GRZurh6xKUqylNUFGkTxHUI72lTDQKLBBYo0M16ij1JCZIz03Uno2A
IhTNSJ8pkXDrWBXUcQb26GWPyeQ4jSXTSgqWuaXM0PsMEqVg3hbJhGa1p2wFXiHg
x+nkkKoLQHPUczTwYRxQUQ==
-----END CERTIFICATE-----"
set scep-url ''
next
edit "Fortinet_Sub2001_CA"
set ca "-----BEGIN CERTIFICATE-----
MIIH6zCCA9OgAwIBAgICIAEwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNV
BAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTAT
BgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0
aW5ldC5jb20wIBcNMTYwNjA2MjA0ODMzWhgPMjA1NjA1MjcyMDQ4MzNaMIGrMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRswGQYDVQQDExJmb3J0aW5ldC1zdWJjYTIwMDExIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA3uzK/FLbKVH9xgTgDlyqXEs3RalzOKeFgewal656b9D4BD966MoS
951b1Q/L5cByMzuT5ClpFqlP0KpUBgXS8PQ88juxYNc9SQsKzunM1j91sUJFupDV
LiBCH0PrGGCRKTcNElgnCOvVtYWMmf6JUx6VJGyhVfpgltOebPXgs+WTCNDPe6ip
/z17qR4l402LFtt2df3tlgJMlLQxUo37x9UYW8Edw5OtXZZ04Nwsh7FJjmp/nHSm
4owISiSlq9ECnXRvZzAqpCKhxZCj+5O5ibGutUHSpyALhp5akhPFxrWsqqeBFFW/
CtkqRIuCJWpQ0bdcUoZzZFrpalv0mg2SpQIDAQABo4IBGTCCARUwHQYDVR0OBBYE
FJgrJTwwyiwrVufb/Fkzs9w9W2rXMIHSBgNVHSMEgcowgceAFKMxr6NI7qHiX7Hy
/db7QUhQGzp1oYGrpIGoMIGlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwG
A1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRUwEwYDVQQDEwxmb3J0aW5ldC1j
YTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tggEAMA8GA1Ud
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IEAQAv
9F8uzJw3xVXxDuXbOpL3r0oo01fSfXEuinFBYXcZzk3iF2PGEDX7s7CE7PQ1ne7l
/LXaVDR/G7RB2m6HYDIZhAV4h3Ru+YfgL/cpMgjkbl1L+BqI9wMjyK+FqHwnGW3B
8iPzBd6WWJOBLZ/x/4XLknkg9C+h2Skj9LMMIsCXIyoR7OP4Pbsotv5jU6qM11C1
2QCkC4rHjgL7jHrlY40sSL/nqv9og18EGL9VwQRPKNgLPjPNnUGkPtr6DCWCD/Mv
rvd6qCvVG/t4mgZ8/DTZ2eluVW98sETOJ7kakdk1WKGSSp4UE2e1Kpwgt1GD3OGD
IYRQlezdUj3CbqKbE0Cm/ESKsOybVvTrMeK9HBJQ6Ma4DJwxp/OF+3F5ROasHSAV
9Y+y53aD87FqLmzntd24ovxjaAOo/AJy5+MFnTCEeRnjng7hdOPdknglA7PHHqjn
H/olodK4xEBMSgFB+xP3Ca26Ld9kuDsLkuVWpjCr5+40BozrX4oPvL1GC0kSYU/D
1mDuo23sL40yFkrUQxK9mABwaqkxETpLsKmFm4YFOtvrAlx1GOZKT2QAuY3jYdZi
KcH5D7bE85GZ4eaehtJ2fTQSP/hRjEZFnC6j7wIbqazKehswR3yo4+DWSNk9yaFe
mGxuQwaTr3wdw1z2dWfL/pU/iMdh7CVUe9GdJfPOQACgVVJ1jr80rhxE0Av0Ku3P
YASqqP7f3NpQK6AlveKndEYVxYePHXEOuYlTNb272DxWC70PwF6vVjZlohCxd/4/
K9pMZr9FLLWM4oKC8ciKaykiyVfqJZdaleamqUkKmRllUxmajzW9nr99HHPMjiHN
K1oWackR9q+0ZKAoOx5Zq2Yc1jehfZGTSbXFhFdqnOdQMBYoxnL/TNHs4QJXe2Va
n6DCziL4BKOb4LskmWE7Flw5A6JDqSW8zhQMbiSl6yutrXzcP5RxQ7hLsaoO/7oC
IvBOnSAMu2uKhbttrekwFpogB4oC+YIWlFGY0emuwYJAAVu6QQL8c6OOw8zyJouX
3wjAmsxbT9X+PtYpekEbeBBPoQPH4qFmKyJJJ0a65iTq/Kmeeq2ywwAxdZK5foZG
0D4oNOhFbO9Mg+Noc0lDpSjEkS9rckHJj4tIjotq7OBZ7ZGYzsnadQI1/GZbebK/
cFMMH85UHc/46k/0lBWjDjFyDIliPRRCnV3Y+TFO3c8GN/SRofspod5vrAQdnMjF
iZHJUTLZ1iRMo7wWMXtJ04R+h8dtz5FbSgC8gDKmvNOU1ucMFpfLtzcgoKD8eZTq
IN/gJdRSPLzwVuu9AHZOAwo9BzfrtbzLVK20sXN7xKBOdXUwbzaX9axZE2TQOjDB
rLhbvd2nZoW0QmqqVpTr
-----END CERTIFICATE-----"
set scep-url ''
next
edit "Fortinet_Sub2002_CA"
set ca "-----BEGIN CERTIFICATE-----
MIII5zCCBM+gAwIBAgICIAIwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNV
BAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTAT
BgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0
aW5ldC5jb20wIBcNMjIwMjA0MTg1MTQ5WhgPMjA1NjA1MjYwMDAwMDBaMIGGMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRswGQYDVQQDExJmb3J0aW5ldC1zdWJjYTIwMDIwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDT7ZH2LetzggWK1STTUkP0UPU2WDLML3GCujfG
jZItNeH4DyV4X6U3rUNDDKGXonq49xvpPA9k3/zuGGVry8dq7Xswwp3fStPvoodv
71OQ7PlZdpuXq4LhGsrs5SbBY7oGQiIBFj12YQhJ0H4LMTJafOO4vxUOwVKnEPgS
d9jV1VKoPw2o5Yg9yEccjuqPpoQbCdTuCTBKqThKSGiIefqhzVQD/l8mmQsnqGYM
GQlaV0nnrTcbduZfq1ja/KaIJqdxORz2o0579SrkP5nacM6RkrBLE2r8UsyGUxuz
xZxARYTtIHVSaefqlstICqu4XSZdJf++UW3npLWKwsh2zr0ovPjrBYg7UK7azNZM
hSGUpeI+BsoC2ff1J9rVXDORp7eQqQjyKRFuHsi1SH7mGftWevBj+KA+6mYJOO2Q
nkaNyMMC305QBltkEtOWXWLd24uO+zb45+Pr+4SlnZrSpiatt3UJVj1Seqba61BB
Mclmx1sL/3so5MgJ8xfnMZGyhPacQS+29G/p+OwG6s7B4pCvDW/QGmJr4wJnM9Cq
WVmTKNCc4NqRYKLFDHKD7pd940RVHpMyDlQ5HqnQX+eOuSXS7MhlvzUu3k9fH79C
cni7hcYUXRhEYHbqOhl+AGr2qodFMz1DdnpoJunTWGdvfekeKqU/bfQ3au23NGno
M8MhrwIDAQABo4IBOjCCATYwHQYDVR0OBBYEFGY+NXrivoThkHAP7+/hZqbCtkcu
MIHSBgNVHSMEgcowgceAFKMxr6NI7qHiX7Hy/db7QUhQGzp1oYGrpIGoMIGlMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRUwEwYDVQQDEwxmb3J0aW5ldC1jYTIxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tggEAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB8GA1UdEQQYMBaBFHN1cHBvcnRAZm9ydGluZXQuY29tMA0GCSqGSIb3
DQEBCwUAA4IEAQBIdirpBEEtZMZmy3vbMrmdIiqbqCMh3F57Z0C4B4vurJhTt01e
F2qlQeXl0IvQakhcGHz+VT3kJsrKfFmmGYEnpmSpTBxqNRJ8VQiUYo+m22F4uGLJ
DTD0b+ZvrSRPOwxMD0hWFOZCEH0NPJqxZgmGSoRwoC+0lLFxRq3zonK760DWvGoX
BKxuUcVaKyVjbkbzn2Rd2pnA0/9Bzg8abkTJF/T7eRmoRqBhfjfmYjxhseuL6I6x
bzYJGAot6PlNKbCCOxljIdwcELTULwNU+hHFosq4dLqSLXTLVNIHLaiWm4G9pFHF
u0n9PAbRHwGNs+dp3KoNbyLoGMNKeC2qRG94LpjJk7MJBjclKpErhBgfbXkm6PI0
6KWkiOJUu0H1grSofIK+r+sdt1CtQfiXV/KDaMRj++rSrzt59a8FgZ2TkIUESO2Q
I2cEPlAKnRyIUkvLY+iUjOj4d8bTYzBshS8RMihkICkOIvaJWjknnkk4CX6nDR7x
u36GWZGXKa5yu7eb0Zubqcp9yfppQilfg8BDPntdRLa2ZqZwzrEUqGdKho8thL1q
c2PqyoC1D0aShr8nA+czF6hkWmqYFUE6x+mcXwBO1sSM4TzZdzhgRVjBZfah9ZQN
e0PU6f5lfO+FyqOcRyfm/8DE++Dy1uwTIf6+Aa05S8CA1E6kFzrHhCTEMcOfxy7b
Y7vSshAFD07liTOD86Ic3SdAnE3LmSpW4Nwtwk9OPDtgb+zkRnNjBE+j/Auuvb0X
oQYvJpTVU1v5WsvY41aXUB+ha2fLVm5Jd2MvWcRUBTlWs98Yfdbq+khg7fhTJEsn
R/tfqWC0WZbiLRRekiEneS68+rZxw7IxDZKJDwX66cqgfojJ6TF8EUR8cZS5BWfD
yydbLsi+vgnzjWDnz/Ommgxx+fFOb82bnOsapyTr4UyAd73KWnijQcccC70QXPc9
hvRFWbnWxLm8KFHLVal7Lo9GJx8QQnYAO83CjZCQXcEtn5w6f/q9Syl+VIzTxxfH
97YAgb8AZd8cK6lsp5VQPwh+xiTeq/c9jmENezbxr9y+KMm2JFDWttBkNuH1YB0l
YRG2qyT+WYb8s5dx5f1RCMSghkYoXvcBiJWcPWXgWx2MjY+9rmFocm9w9ijkvenT
fewFGdCWGjs6Lvrus6InuluydSMZ13szJ/OEfZHch0yTDx/4fOS+L0vnsHIqM3xZ
yEECG9jz5ttWuAC/wyRgWOD+9srFAcXjcLN20PULpBBX0W2CpZgMdbD2reRZOMp7
S0obgcg2jG0XcWCsOV2HmYyFV069OZgSSaHWvUe0LaPmAb0pw8tXFevfie4mC9T7
LoT128v6tZp89c7YJ+GHDFMdVE7qDDLmrE4s
-----END CERTIFICATE-----"
set scep-url ''
next
edit "Fortinet_Sub2003_CA"
set ca "-----BEGIN CERTIFICATE-----
MIII5zCCBM+gAwIBAgICIAMwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNV
BAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFTAT
BgNVBAMTDGZvcnRpbmV0LWNhMjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0
aW5ldC5jb20wIBcNMjIwMjA0MTg1NzI4WhgPMjA1NjA1MjYwMDAwMDBaMIGGMQsw
CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2
YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRswGQYDVQQDDBJmb3J0aW5ldC1zdWJjYTIwMDMwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDAfW0Mnb4wMgg2p0tZFKcU4WHFn75Rj9tAKFzw
obFcU6AAiP+6t3nqRiVbdX7Vmta4C2uhX67G52ir8MR8tMB8EZRNYmZARaIwaYLt
m3VEUm3YU3AnL2D6h5rSSIgIEUF1KsjfQh41nRO/PzhtE2KJIWKKSuKCQY0xaA0/
41xncinqQVOC1H4aDETZfKjX1I8nuj5Y1znpyY1YJMcrautRayh/+GgNcZw6PNbU
G3Cyr31d2WkrKkfrrG9uIrHEZdwlahW0jLeIkLf82JVG5eFqxGPVEsNEY7pCXhNY
qTsvc2rUTsgM3pyyAlSjRW7IOrRys2SXNNsqw4HnbF5zZ5WGdUSYIiWE+TzaeqTV
AI7WytQTnYEyn2yyNauzkf6r2U8nxUKKLJav6+pxhqD7q2nGAnWP2EjsUlMHsXq1
AD+I4NobS9Pa3SnkOah+vWbKH5/bLyITbC8jIzad4ZPPZV+Ncfi+iJhKnVLMDXmy
tE2nBb3WDJeRdHb5BX0V7J4YJjxATs94iHeZXXg1sPZMc1bAEyIDpmUlnPyyD8Xh
PT255gcRz4Oug4S0Bqz2wl87HQ8Zo4miGbOO4rMiVlIQrYDpfdWJshoVzU1SJnRm
sMIutIHI8WdGyiOH+7zM1RerKfwxtnBwTAdhHO91gTNyf5Zdto7F/JPDx+wLSxZH
J4Qj1wIDAQABo4IBOjCCATYwHQYDVR0OBBYEFM0PR6Keg6VjyeasxdtYvhQIP2Vj
MIHSBgNVHSMEgcowgceAFKMxr6NI7qHiX7Hy/db7QUhQGzp1oYGrpIGoMIGlMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRUwEwYDVQQDEwxmb3J0aW5ldC1jYTIxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tggEAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB8GA1UdEQQYMBaBFHN1cHBvcnRAZm9ydGluZXQuY29tMA0GCSqGSIb3
DQEBCwUAA4IEAQAZwRoHXRhUyS9cNQW4wd6h6NrNSTxU7jUpIXajkEOIxPgBoS3t
6rhrXqsUBaexx51tdA+9VE70cEIyZIbuC12wwjmJwds7uBltksUzqSHX4eGDiADB
Uvrh3dpL30GthUI7S9o4WJGmjsBlPTLUgmuaW6p53b2y6OhgjpatihxbfukiNq8G
npl2joljcfP2nZQiWWzpU6B69WRoh/ikJJskoCU0XB57qVZvubHv73/Q37WdDeXc
hqw30OAmxVQhxjBK2gNR6nM83lZsz38gOwW4Parb1EaJNHP383kFmtSs5GNANP3x
MoW9/uN23Bkc21iNVfoXenFF9sQnlHZ4zNiGwlgfujTbxMEAAsYfWU0i/IuX1+/A
OHhTC6VUdQkM6aOngP/C0P0p5m9u2o4quAdNpEqjmZ/3Hb0asKFqYj6cosFdnxEl
xPUOq2lsaIFSiAwpgSv+tGVyNcpfYqM9Uo6FmEDmjH7piulvEJc8q2Urmy1UQx7D
88y02oRSypXCQqXfoyZo3m/o06cKz1sJfmGgJrz+3PLOV9/OvDwsOcOIbRnR3d1o
MLiZUwyeYb8D8cz2gWananUNwFZUFasZceVUbdVG+uZTF1JkGXfO3Pvl1WtsLz2N
IoO4V1OForjLvWnbhEJGVjX2G4diymyGE6kj+izWtQKhhb4YQgEcHfWyXH/VT4GW
ruTaG7s/4eXpf/TMdZSQqSbVCcFOiiIwKmW/T/xN7VCSe2xmxy84ZsJxEvgKYpE4
dxX85Pp+B3akAn0Wm5B6pnTahLP8xQAFMyeHyzb5H3TmAw6KDKt88LBqABdSX106
j+4WnqICs6S3qp6AbVdvm/ADS/OrkvJim4zEmRX4RXZPFA4YHiga6O3C8jTeQKMu
rnzIiF0PEZqUjIKChh3Tr5khP6ES+dBI0xWk4Kis0GikDP8Dc8V16IcRfjUIpyjh
55SlscMBboOKwOBNjsZINXjiERQu8X6Y+J1kNkkZObpp2YQr+oIIMBReFJdEOTfH
WdG37BoJWA3AFk5WuW92nK1k31GH/9mQMJIEEXmKhy/lkVrkWpcH7XaD12plEdbC
V5E3yyw2zCZKUVpHTm+JWUKbXdfiZ956GzSUVS8qDzvuaE863QEY7gPKJ2w3Gann
Grxo2ZDxM9B/IHqEYcuH/LaI9a5KhlZb0GIJc2gXqerLP6CkUtPK/ue+VBkFjSis
W+VF14r3MdYGna9wCNfvZNR7kod9elakxODrlIv9LQCmPfk9pSUUJveLP+M3Nz0r
NlHDFQmy5UyyvaMynSgU9hzltoe2fTWZZ9fv5MVjhynTPh30T+Valz5HlrPJ+ig2
PWnTclMtGiaVAG5KQfFGLTKJ/7uNSwS77k8a
-----END CERTIFICATE-----"
set scep-url ''
next
edit "Fortinet_CA_Backup"
set ca "-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIJANr2NrRD1KWLMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxl
MREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZv
cnRpbmV0LmNvbTAeFw0xNTA3MTYyMjM0MzlaFw0zODAxMTkyMjM0MzlaMIGgMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2
YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0
QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQ7
UXPQNRISyMNOWUFI0TvBsKbVD4MhKYt4v+vDRJ3GZoKa7gQfoJ+r4M14xWzTNN26
NrJtUutYSUmDmX/m5rbo24JjtGdx1FzKL6+3cDKHUDV8wZCI0DQZLamhgbNJ7fv0
VergsuJXxp8urzFJA25pbqxH9X6u1lOs4NqCM6CTHvVp+IqmZGucVmFQTMh9fiE0
L20IFY0K5wc/C3XP1Pa0CzXLu6smjtr0prwXisGSiTkxg0+HTSO24tv0q5ABPgfz
OWKpX9b6gaMt17r3hSi5GhKElbCDGLtMbdKcldboxNBQZ5nxPRNFS26Lde5duB8j
oc6Rwdgv9dsxSS17HWMCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAhxf7jexnSrTNshppXpiMmlK5C9HxuQQZQT/dq0FkmN/7cp6rtgl3
6WUfBU95ia0q9GJnaxbSWpXO4jq4wT5vlGCIEaiajJLJx1BFRu7dMUZnkmoyIvKT
893YUGlAZeGME/WXVBaAHsj4wIhYIOMvUm7VB3wUK9SjZtn0qGEz+OjxmWjnJ2+c
k67pZbRLl8gOuRB6OkFIiNp8slO08g4lXIYquHIltC7RCadNQPz3qfYvW4npIW49
04JH4CUAtzvbRdDs4MCvszKuPOICvm6pnqin1AIqJ+4cMwPrVVyBN5NsIhohAUjS
ELtlWJR1qQ7HT5Q9tVLCr/qOnEHEkoy4hw==
-----END CERTIFICATE-----"
set scep-url ''
next
edit "Fortinet_fsw_cloud_CA"
set ca "-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=
-----END CERTIFICATE-----"
set scep-url ''
next
end
config system certificate local
edit "Fortinet_Factory"
set password ENC w1kwsoNL2s4OuLpw4P1y4oJkFcxV9ONx6C6UYhv1UheUfBzR6sOvLx/IQGqQkyDOLPhsiFGeVSlu6tlaZ+UiZPOrqOgHprxLr5ukjzOPe61/Pj9LVrwdUWJJxy/4rAL9NO32I9npFmuCPRKxhtUKZsE1jm5BP2/CxtOtbNsxXGZahkQk
unset private-key
set certificate "-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIEAjWMnTANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8G
A1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEb
MBkGA1UEAxMSZm9ydGluZXQtc3ViY2EyMDAxMSMwIQYJKoZIhvcNAQkBFhRzdXBw
b3J0QGZvcnRpbmV0LmNvbTAgFw0yMzA3MTEwNDM5MjBaGA8yMDU2MDUyNjIwNDgz
M1owgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MRQwEgYDVQQLDAtGb3J0aVN3
aXRjaDEZMBcGA1UEAwwQUzQyNEVJVEYyMzAwNDQzOTEjMCEGCSqGSIb3DQEJARYU
c3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCm9WB1So1o6ZU5Rq8FLRmQXMCrJuFuM4t/jZ6+7u2ktbwrN1oVVZJ4xOdh
ToSwIDb4Kb9b2oSRgfUMWW2nWWtUQD5es50HA3hklqGwh61XAqidCRn5+YoPPk0f
P20576V+6crgvKUzqhhJf3qUoSW9CIfBSBxUv2K4zYFvXXs7bn58yg7cMA2vSD9K
WZLe+m73E2mJ0DWDid+rRpKsCYhtqXKFf5gdmyiLnXFhYL2xdSQbIvb+LOwwzYAO
xa8VrEaqiKXNquEZdEUlUXZX95ojkYH9ks9GZ6e8kpGckwQiXM7V2qhyv3e3tkt8
RoaCkjkTEJc3xpL6+5HE2hNZGVLPAgMBAAGjggEXMIIBEzAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBRo5WJhJOeNM68AK30b0Y8DCuuc/DCB0wYDVR0jBIHLMIHIgBSY
KyU8MMosK1bn2/xZM7PcPVtq16GBq6SBqDCBpTELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9y
dGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMM
Zm9ydGluZXQtY2EyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNv
bYICIAEwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQAZUVfntMhC
c/9UpWYoKUNICxMzFleuHv6s0vX85ZVEbEmHUkSO+OIoXQeAUswACmgtigBDahbK
soSSZebgde05NzLftq9Msc0ZUSsaymKHgxbIcztEg/pl/4zXYSYSIi/2RGZvlq5e
tw3nvfuLT2Qxl6NlQ2H42L0/oXCUo8RHiz93PCgT1YOeCbSh3RyfOIHwTtRJIAcO
x1exTWU8gxgtB6ubDahGScqlBgC3t6/3gP3Un09mnHX4sbxmb2oVeezz2xx11avf
yOPUSoIkbf0vQPDX4x2uyObYDTZlf69cQv8c6QgqVSZ/iD85/J7PIaWe+ah8UA/4
BsCpB7LodJnO
-----END CERTIFICATE-----"
set scep-url ''
next
edit "Fortinet_Factory_Backup"
set password ENC Seippb9BTFn2WdIrCGjJYQOvMtyHj4EZ7rpZ/sz54oiFAcTm/qVnEFpcEWjpUPjDNzAulKZarHDQmjgtBp8EcVmLpPlxMiCHl0NEVAKQMihsMRCVwskZaWSCgLP0gPR4my+05yjeYPvMOn+NPJFXG3GXZlPAaM+XHrvQBYiVyU5khZy9
unset private-key
set certificate "-----BEGIN CERTIFICATE-----
MIIDzDCCArSgAwIBAgIEAjWMnjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8G
A1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQ
MA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5l
dC5jb20wHhcNMjMwNzExMDQzOTIwWhcNMzgwMTE4MjIzNDM5WjCBnzELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTER
MA8GA1UECgwIRm9ydGluZXQxFDASBgNVBAsMC0ZvcnRpU3dpdGNoMRkwFwYDVQQD
DBBTNDI0RUlURjIzMDA0NDM5MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRp
bmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyQsJp6sdef
UaQj+jAlVPGMk1qaQnbJrdRY2VlkIx3LpFJNqF06pqVutqYmsiAWJYZffsphrTU+
AnHHBY5bew7A8Hwzptq3fdK7/6nSDglvFU2IgyAG5TERenIPQwVyZpBKpOzDQM8z
qUVFjqkfbAGLOsnyhBu0Ixfo1eNsKUlwe2NXyE/JObRqiQaoVYodY8IEWIfIroXW
FurINRMCiBh6KzalrADsFDFlHyvXGmkQCdYYZhY/DR4PpQIB/duVHwmzfaf/k+AP
AU3SfauoEsCfEItDxsRm/Qzz3Ep4qUACyg/uayPTgNlGcD2duZ/poUZPcPeWbcVU
e39ZQNKBxCECAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
RJWnKUrMknVWbpZxcS0IU4PGSVx8/8KMxi7705l3Wz8RPRAdp9Q22nUH7PKCa0T6
odpFY4pQ+BTQwqwV57aX3ELyonMdlNIduiSsAzWw6VS5S8L4EgUS1MrBsRROTgmB
fe9dwIIl9bXKQ6RCRtoxwwf8enMYqmvzxRS0LozNzU5iYHkuBa9nu5mXZZH1atmP
IL18RN10DVj7krLq/qWQNbZw49zzttv/ZvCxqSskII/zixEHYSYFBikQJ+wiqGUN
FJabnQWnSNJpPC3fVoEX9jAJ6AeAeI3TpThB1i8ZdAKfmvoFV4i/bt+R2733yyNr
Cq2R6Nn88UvMC2BenqejOg==
-----END CERTIFICATE-----"
set scep-url ''
next
end
config switch-controller global
set name ''
set location ''
set max-discoveries 3
set max-retransmit 5
set echo-interval 30
set ac-port 5246
set ac-data-port 15250
set ac-discovery-type auto
set tunnel-mode compatible
set mgmt-mode capwap
set ac-discovery-mc-addr 224.0.1.140
set ac-dhcp-option-code 138
end
config log syslogd setting
unset override
set status disable
set enc-algorithm disable
set certificate ''
end
config log syslogd2 setting
unset override
set status disable
set enc-algorithm disable
set certificate ''
end
config log syslogd3 setting
unset override
set status disable
set enc-algorithm disable
set certificate ''
end
config log memory global-setting
set full-final-warning-threshold 95
set full-first-warning-threshold 75
set full-second-warning-threshold 90
set max-size 98304
end
config log syslogd filter
unset override
set severity information
end
config log syslogd2 filter
unset override
set severity information
end
config log syslogd3 filter
unset override
set severity information
end
config system email-server
set port 25
set reply-to ''
set security none
set server ''
set source-ip 0.0.0.0
set source-ip6 ::
set authenticate disable
end
config system security
set mode none
end
config system console
set baudrate 115200
set hostname-display-length 17
set login enable
set mode line
set output more
end
config system bug-report
set auth no
set mailto "fortiswitch@fortinet.com"
set password ''
set server "fortinet.com"
set username "bug_report"
set username-smtp "bug_report"
end
config system ntp
set allow-unsync-source enable
set authentication disable
set log-time-adjustments enable
config ntpserver
edit 1
set authentication disable
set ntpv3 disable
set server "ntp.birchstreet.net"
next
end
set ntpsync enable
set source-ip 0.0.0.0
set source-ip6 ::
set syncinterval 10
end
config system flan-cloud
set interval 3
set name "fortiswitch-dispatch.forticloud.com"
set port 443
set service-type flan-cloud
set status enable
end
config system flow-export
set filter ''
set format netflow9
set identity 0x00000000
set level ip
set max-export-pkt-size 512
set template-export-period 5
set timeout-general 3600
set timeout-icmp 300
set timeout-max 604800
set timeout-tcp 3600
set timeout-tcp-fin 300
set timeout-tcp-rst 120
set timeout-udp 300
end
config system web
set gui-language browser
set http-port 80
set https-pki-required disable
set https-port 443
set https-server-cert "Fortinet_Factory"
set https-ssl-versions tlsv1-1 tlsv1-2 tlsv1-3
end
config system settings
set ip-ecmp-mode source-ip-based
end
config system certificate ocsp
set cert ''
set unavail-action revoke
set url ''
end
config user setting
set auth-blackout-time 0
set auth-cert ''
set auth-http-basic disable
set auth-invalid-max 5
set auth-multi-group enable
set auth-secure-http disable
set auth-timeout 5
set auth-timeout-type idle-timeout
set auth-type http https ftp telnet
end
config log memory setting
set diskfull overwrite
set status enable
end
config log disk setting
set status disable
set max-log-file-size 1
set diskfull overwrite
set log-quota 1
set full-first-warning-threshold 75
set full-second-warning-threshold 90
set full-final-warning-threshold 95
end
config log eventfilter
set event enable
set link enable
set poe enable
set router enable
set spanning_tree enable
set switch enable
set switch_controller enable
set system enable
set user enable
end
config log memory filter
unset override
set severity information
end
config log disk filter
unset override
set severity information
end
config log gui
set log-device disk
end
config router policy
end
config router rip
set bfd disable
set default-information-originate disable
set default-metric 1
set garbage-timer 120
config redistribute "connected"
set status disable
set metric 0
set routemap ''
end
config redistribute "static"
set status disable
set metric 0
set routemap ''
end
config redistribute "ospf"
set status disable
set metric 0
set routemap ''
end
config redistribute "bgp"
set status disable
set metric 0
set routemap ''
end
config redistribute "isis"
set status disable
set metric 0
set routemap ''
end
set timeout-timer 180
set update-timer 30
set version 2
end
config router ripng
set bfd disable
set default-information-originate disable
set default-metric 1
set garbage-timer 120
config redistribute "connected"
set status disable
set metric 0
set routemap ''
end
config redistribute "static"
set status disable
set metric 0
set routemap ''
end
config redistribute "ospf6"
set status disable
set metric 0
set routemap ''
end
config redistribute "isis"
set status disable
set metric 0
set routemap ''
end
config redistribute "bgp"
set status disable
set metric 0
set routemap ''
end
set timeout-timer 180
set update-timer 30
end
config router isis
set auth-keychain-area ''
set auth-keychain-domain ''
set auth-mode-area password
set auth-mode-domain password
set auth-password-area ENC IaMSAA0qe7O5WQU4xBb3zQV0bvDssgVJxhkTTKaQyJ43kjRsxjsNcNGPxBKR1TTeI82fJ6XRPts4fAnfqUUV3Qtq+awbNCMmjeVsID5j0awyGs1JEypJ6gtq6+5NicOAOTKQjRR7G2ksD5UL/6Faf4QwHduZnfUWd7o5GT+CXzCxJTZb
set auth-password-domain ENC +df9oIQXTmvohRWZWy79nSrbjpYfMybQcglYia1/5OBtmH54YqAYzrPvsUM9TbiIYEvXAIMsufLkqJEnAesg8PU7Uo3QMcMSAt+xAIPpVY97jdCJ29or2rXf8DW4PPpt69DOfzlWcLlGROQNUvpH0YGByh+qnrDJtQJYue1NTUyq/8mQ
set auth-sendonly-area disable
set auth-sendonly-domain disable
set default-information-level level-2
set default-information-level6 level-2
set default-information-metric 10
set default-information-metric6 10
set default-information-originate disable
set default-information-originate6 disable
set ignore-attached-bit disable
set is-type level-1-2
set log-neighbour-changes enable
set lsp-gen-interval-l1 1
set lsp-gen-interval-l2 1
set lsp-refresh-interval 900
set max-lsp-lifetime 1200
set metric-style narrow
set overload-bit disable
config redistribute "connected"
set status disable
set metric 10
set metric-type external
set level level-2
set routemap ''
end
config redistribute "rip"
set status disable
set metric 10
set metric-type external
set level level-2
set routemap ''
end
config redistribute "ospf"
set status disable
set metric 10
set metric-type external
set level level-2
set routemap ''
end
config redistribute "bgp"
set status disable
set metric 10
set metric-type external
set level level-2
set routemap ''
end
config redistribute "static"
set status disable
set metric 10
set metric-type external
set level level-2
set routemap ''
end
set redistribute-l1 enable
set redistribute-l1-list ''
config redistribute6 "connected"
set status disable
set metric 10
set level level-2
set routemap ''
end
config redistribute6 "static"
set status disable
set metric 10
set level level-2
set routemap ''
end
config redistribute6 "ospf6"
set status disable
set metric 10
set level level-2
set routemap ''
end
config redistribute6 "ripng"
set status disable
set metric 10
set level level-2
set routemap ''
end
config redistribute6 "bgp"
set status disable
set metric 10
set level level-2
set routemap ''
end
set redistribute6-l1 enable
set redistribute6-l1-list ''
set router-id 0.0.0.0
set spf-interval-exp-l1 1
set spf-interval-exp-l2 1
end
config router multicast
set multicast-routing disable
end
config router ospf
set router-id 0.0.0.0
set abr-type cisco
set distance-external 0
set distance-inter-area 0
set distance-intra-area 0
set database-overflow disable
set default-information-originate disable
set default-information-metric 10
set default-information-metric-type 2
set distance 110
set rfc1583-compatible disable
set spf-timers 5 10
set log-neighbour-changes enable
config redistribute "connected"
set status disable
set metric 10
set routemap ''
set metric-type 2
set tag 0
end
config redistribute "static"
set status disable
set metric 10
set routemap ''
set metric-type 2
set tag 0
end
config redistribute "bgp"
set status disable
set metric 10
set routemap ''
set metric-type 2
set tag 0
end
config redistribute "rip"
set status disable
set metric 10
set routemap ''
set metric-type 2
set tag 0
end
config redistribute "isis"
set status disable
set metric 10
set routemap ''
set metric-type 2
set tag 0
end
end
config router ospf6
set router-id 0.0.0.0
set spf-timers 5 10 10
set log-neighbor-changes enable
config redistribute "connected"
set status disable
set metric 10
set routemap ''
set metric-type 2
end
config redistribute "static"
set status disable
set metric 10
set routemap ''
set metric-type 2
end
config redistribute "ripng"
set status disable
set metric 10
set routemap ''
set metric-type 2
end
config redistribute "isis"
set status disable
set metric 10
set routemap ''
set metric-type 2
end
config redistribute "bgp"
set status disable
set metric 10
set routemap ''
set metric-type 2
end
end
config router bgp
set as 64514
set router-id 192.168.50.41
set keepalive-timer 60
set holdtime-timer 180
set always-compare-med disable
set bestpath-as-path-ignore disable
set bestpath-cmp-confed-aspath disable
set bestpath-cmp-routerid disable
set bestpath-med-confed disable
set bestpath-med-missing-as-worst disable
set client-to-client-reflection enable
set dampening disable
set deterministic-med disable
set fast-external-failover enable
set log-neighbour-changes enable
set cluster-id 0.0.0.0
set confederation-identifier 0
set default-local-preference 100
set scan-time 60
set maximum-paths-ebgp 1
set bestpath-aspath-multipath-relax disable
set maximum-paths-ibgp 1
set distance-external 20
set distance-internal 200
set distance-local 200
set ebgp-requires-policy enable
set graceful-stalepath-time 360
set route-reflector-allow-outbound-policy disable
config neighbor
edit "169.254.38.181"
set advertisement-interval 30
set allowas-in-enable disable
set allowas-in-enable-evpn disable
set allowas-in-enable6 disable
set enforce-first-as disable
unset attribute-unchanged
unset attribute-unchanged-evpn
unset attribute-unchanged6
set activate enable
set activate6 enable
set activate-evpn disable
set bfd disable
set capability-dynamic disable
set capability-orf none
set capability-orf6 none
set capability-default-originate disable
set capability-default-originate6 disable
set dont-capability-negotiate disable
set ebgp-enforce-multihop disable
set next-hop-self disable
set next-hop-self6 disable
set override-capability disable
set passive disable
set remove-private-as disable
set remove-private-as6 disable
set route-server-client disable
set route-server-client6 disable
set shutdown disable
set soft-reconfiguration disable
set soft-reconfiguration-evpn disable
set soft-reconfiguration6 disable
set as-override disable
set as-override6 disable
set strict-capability-match disable
set description ''
set distribute-list-in ''
set distribute-list-in6 ''
set distribute-list-out ''
set distribute-list-out6 ''
set filter-list-in ''
set filter-list-in6 ''
set filter-list-out ''
set filter-list-out6 ''
set interface ''
set maximum-prefix 0
set maximum-prefix6 0
set prefix-list-in ''
set prefix-list-in6 ''
set prefix-list-out ''
set prefix-list-out6 ''
set remote-as 64513
set route-map-in ''
set route-map-in-evpn ''
set route-map-in6 ''
set route-map-out ''
set route-map-out-evpn ''
set route-map-out6 ''
set send-community both
set send-community6 both
set keep-alive-timer 4294967295
set holdtime-timer 4294967295
set connect-timer 4294967295
set unsuppress-map ''
set unsuppress-map6 ''
set update-source ''
set weight 4294967295
set password ''
next
end
config redistribute "connected"
set status disable
set route-map ''
end
config redistribute "static"
set status disable
set route-map ''
end
config redistribute "ospf"
set status disable
set route-map ''
end
config redistribute "rip"
set status disable
set route-map ''
end
config redistribute "isis"
set status disable
set route-map ''
end
config redistribute6 "connected"
set status disable
set route-map ''
end
config redistribute6 "static"
set status disable
set route-map ''
end
config redistribute6 "ospf"
set status disable
set route-map ''
end
config redistribute6 "rip"
set status disable
set route-map ''
end
config redistribute6 "isis"
set status disable
set route-map ''
end
end
config router setting
end
AWS-DC-Megaport #
Would you recommend I use RVI interfaces or switch to SVI?
Switch virtual interfaces
A switch virtual interface (SVI) is a logical interface that is associated with a VLAN and supports routing and switching protocols.
You can assign an IP address to the SVI to enable routing between VLANs. For example, SVIs can route between two different VLANs connected to a switch (no need to connect through a layer-3 router).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.