#config-version=FG100E-5.04-FW-build1064-160921:opmode=0:vdom=0 #conf_file_ver=0 #buildno=5654 #global_vdom=1 config system global set admintimeout 30 set alias "FG100E4Q16006136" set fgd-alert-subscription advisory latest-threat set hostname "FG100E4Q16006136" set ipsec-asic-offload disable set registration-notification disable set timezone 65 end config system interface edit "wan1" set vdom "root" set ip 12.12.12.230 255.255.255.252 set allowaccess ping fgfm set type physical set role wan set snmp-index 3 set secondary-IP enable config secondaryip edit 1 set ip 5.5.5.228 255.255.255.248 next end next edit "port14" set vdom "root" set ip 192.168.45.1 255.255.255.0 set allowaccess ping set type physical set alias "server-port" set role lan set snmp-index 19 next end config system physical-switch edit "sw0" set age-val 0 next end config system central-management set type fortiguard end config system cluster-sync end config ips sensor edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity high critical next end next edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" set block-malicious-url enable config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "block-botnet" config entries edit 1 set category 19 next end next edit "block-high-risk" config entries edit 1 set category 2 6 19 next edit 2 set action pass next end next end config application casi profile edit "sniffer-profile" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next end config firewall ippool edit "external-ip" set type one-to-one set startip 5.5.5.228 set endip 5.5.5.228 set comments "This is 5.5.5.228" next end config firewall vip edit "demo" set uuid "removed" set extip 5.5.5.228 set extintf "wan1" set portforward enable set mappedip "192.168.45.10" set extport 22 set mappedport 22 next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall policy edit 1 set name "ssh-port-forwarding" set uuid "removed" set srcintf "wan1" set dstintf "port14" set srcaddr "all" set dstaddr "demo-ssh" set action accept set schedule "always" set service "ALL" set logtraffic all next end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config router static edit 1 set gateway 12.12.12.229 set device "wan1" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end end config router multicast end