#config-version=FG100A-4.00-FW-build521-120313:opmode=0:vdom=0:user=admin #conf_file_ver=1880546965290468859 #buildno=0521 #global_vdom=1 config system global set access-banner disable set admin-concurrent enable set admin-https-pki-required disable set admin-lockout-duration 60 set admin-lockout-threshold 3 set admin-maintainer enable set admin-port 80 set admin-scp disable set admin-server-cert "self-sign" set admin-sport 443 set admin-ssh-grace-time 120 set admin-ssh-port 22 set admin-ssh-v1 disable set admin-telnet-port 23 set admintimeout 30 set anti-replay strict set auth-cert "self-sign" set auth-http-port 1000 set auth-https-port 1003 set auth-keepalive disable set auth-policy-exact-match enable set av-failopen pass set av-failopen-session disable set batch-cmdb enable set cfg-save automatic set check-protocol-header loose set check-reset-range disable set clt-cert-req disable set csr-ca-attribute enable set daily-restart disable set detection-summary enable set dst enable set endpoint-control-fds-access enable set endpoint-control-portal-port 8009 set explicit-proxy-auth-timeout 300 set fds-statistics enable set fgd-alert-subscription advisory latest-threat set fwpolicy-implicit-log disable set fwpolicy6-implicit-log disable set gui-ap-profile enable set gui-central-nat-table disable set gui-dns-database disable set gui-dynamic-profile-display disable set gui-icap disable set gui-implicit-id-based-policy disable set gui-implicit-policy enable set gui-ipsec-manual-key disable set gui-ipv6 disable set gui-lines-per-page 50 set gui-load-balance disable set gui-object-tags disable set gui-policy-interface-pairs-view enable set gui-voip-profile disable set hostname "FG100A3907501098" set http-obfuscate modified set internal-switch-mode switch set ip-src-port-range 3000-10000 set ipsec-hmac-offload enable set ipv6-accept-dad 1 set language english set ldapconntimeout 500 set log-user-in-upper disable set loglocaldeny disable set management-vdom "root" set phase1-rekey enable set policy-auth-concurrent enable set radius-port 1812 set refresh 0 set registration-notification enable set remoteauthtimeout 5 set reset-sessionless-tcp disable set send-pmtu-icmp enable set service-expire-notification enable set strict-dirty-session-check enable set strong-crypto disable set tcp-halfclose-timer 120 set tcp-halfopen-timer 120 set tcp-option enable set tcp-timewait-timer 1 set timezone 57 set tos-based-priority medium set udp-idle-timer 180 set usb-lte disable set user-server-cert "self-sign" set vdom-admin disable set vip-arp-range restricted set wifi-ca-certificate "PositiveSSL_CA" set wifi-certificate "Fortinet_Wifi" set wimax-4g-usb disable set wireless-controller-port 5246 set fds-statistics-period 60 end config system accprofile edit "prof_admin" set admingrp read-write set authgrp read-write set endpoint-control-grp read-write set fwgrp read-write set loggrp read-write unset menu-file set mntgrp read-write set netgrp read-write set routegrp read-write set sysgrp read-write set updategrp read-write set utmgrp read-write set vpngrp read-write set wifi read-write next end config system interface edit "wan1" set vdom "root" set ip 192.168.0.5 255.255.255.0 set allowaccess ping https set type physical next edit "wan2" set vdom "root" set allowaccess ping fgfm set type physical next edit "dmz1" set vdom "root" set type physical next edit "dmz2" set vdom "root" set allowaccess ping fgfm set type physical next edit "internal" set vdom "root" set ip 50.0.0.1 255.255.255.0 set allowaccess ping https fgfm set type physical next edit "modem" set vdom "root" set mode pppoe set type physical next edit "ssl.root" set vdom "root" set type tunnel next edit "FGTtoASA_IN" set vdom "root" set type tunnel set interface "wan1" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config dashboard-tabs edit 1 set name "Status" next end config dashboard edit 1 set tab-id 1 set column 1 next edit 2 set widget-type licinfo set tab-id 1 set column 1 next edit 3 set widget-type tr-history set tab-id 1 set column 1 set interface "wan1" set refresh enable next edit 4 set widget-type jsconsole set tab-id 1 set column 1 next edit 5 set widget-type sysres set tab-id 1 set column 2 next edit 6 set widget-type sessions set tab-id 1 set column 2 next edit 7 set widget-type sysop set tab-id 1 set column 2 next edit 8 set widget-type alert set tab-id 1 set column 2 next end next end config system ha set group-id 0 set group-name "FGT-HA" set mode standalone set password ENC lB44Rwc0WjnmRWreHmGXzAAtyvdrkWySQe+8itfu1CeVvY9N95UWsXOFXnBtLDmZ9sdUoSt/BYn1h5xNPzso+qtlho4HuiitUT8jiPQzz62KwpJE set hbdev "dmz2" 50 "wan2" 50 set route-ttl 10 set route-wait 0 set route-hold 10 set sync-config enable set encryption disable set authentication disable set hb-interval 2 set hb-lost-threshold 6 set helo-holddown 20 set arps 5 set arps-interval 8 set session-pickup disable set link-failed-signal disable set uninterruptable-upgrade enable set ha-eth-type "8890" set hc-eth-type "8891" set l2ep-eth-type "8893" set ha-uptime-diff-margin 300 set override disable set priority 128 set pingserver-failover-threshold 0 set pingserver-flip-timeout 60 end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 set domain '' set ip6-primary :: set ip6-secondary :: set dns-cache-limit 5000 set dns-cache-ttl 1800 set cache-notfound-responses disable set source-ip 0.0.0.0 end config system replacemsg-image edit "logo_fnet" set image-base64 '' set image-type gif next edit "logo_fguard_wf" set image-base64 '' set image-type gif next edit "logo_fw_auth" set image-base64 '' set image-type png next edit "logo_v2_fnet" set image-base64 '' set image-type png next edit "logo_v2_fguard_wf" set image-base64 '' set image-type png next end config system replacemsg mail "email-block" set buffer "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been blocked. File quarantined as: \"%%QUARFILENAME%%\"." set header 8bit set format text end config system replacemsg mail "email-virus" set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\".\"%%VIRUS_REF_URL%%\"" set header 8bit set format text end config system replacemsg mail "email-dlp" set buffer "This email has been blocked. The email message appeared to contain a data leak." set header 8bit set format text end config system replacemsg mail "email-dlp-subject" set buffer "Data leak detected!" set header 8bit set format text end config system replacemsg mail "email-dlp-ban" set buffer "This email has been blocked because a data leak was detected. Please contact your admin to be re-enabled." set header 8bit set format text end config system replacemsg mail "email-dlp-ban-sender" set buffer "This email has been blocked because the sender has sent a data leak. Please contact your admin to be re-enabled." set header 8bit set format text end config system replacemsg mail "email-filesize" set buffer "This email has been blocked. The email message is larger than the configured file size limit." set header 8bit set format text end config system replacemsg mail "partial" set buffer "Fragmented emails are blocked." set header 8bit set format text end config system replacemsg mail "smtp-block" set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%" set header none set format text end config system replacemsg mail "smtp-virus" set buffer "The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined as %%QUARFILENAME%%" set header none set format text end config system replacemsg mail "smtp-filesize" set buffer "This message is larger than the configured limit and has been blocked." set header none set format text end config system replacemsg http "bannedword" set buffer " The URL you requested has been blocked

The URL you requested has been blocked

The page you requested has been blocked because it contains a banned word.

URL = %%PROTOCOL%%%%URL%%
%%OVERRIDE%%

" set header http set format html end config system replacemsg http "url-block" set buffer " The URL you requested has been blocked

The URL you requested has been blocked

The page you have requested has been blocked, because the URL is banned.

URL = %%URL%%
%%OVERRIDE%%

" set header http set format html end config system replacemsg http "urlfilter-err" set buffer " Web Page Blocked

Web Page Blocked

%%URLFILTER_ERROR%%

Web filter service error: %%URLFILTER_ERROR_DETAIL%%

" set header http set format html end config system replacemsg http "infcache-block" set buffer " High Security Alert!!

High Security Alert!!

The URL you requested was previously found to be infected.

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-block" set buffer " High Security Alert!!

High Security Alert!!

You are not permitted to download the file \"%%FILE%%\"

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-virus" set buffer " High Security Alert!!

High Security Alert!!

You are not permitted to download the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".

URL = %%PROTOCOL%%%%URL%%

File quarantined as: %%QUARFILENAME%%.

%%VIRUS_REF_URL%%

" set header http set format html end config system replacemsg http "http-filesize" set buffer " Attention!!

Attention!!

The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-dlp" set buffer " Attention!!

Attention!!

The transfer attempted appeared to contain a data leak!

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-dlp-ban" set buffer " Attention!!

Attention!!

Your user authentication or IP address has been banned due to a detected data leak.You need an admin to re-enable your computer.

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-archive-block" set buffer "

Attention!!!

The transfer contained an archive that has been blocked.

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-contenttypeblock" set buffer " Attention!!

Attention!!

Content-type not permitted

URL = %%PROTOCOL%%%%URL%%
%%OVERRIDE%%

" set header http set format html end config system replacemsg http "https-invalid-cert-block" set buffer "Untrusted Connection
%%FORTIGUARD_WF%%%%FORTINET%%
This Connection is Untrusted


A secure connection to %%HOSTNAME%% cannot be established.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site\'s identity can\'t be verified.
Site:%%HOSTNAME%%
Certificate CN:%%CN%%
Certificate Authority:%%AUTHORITY%%
Certificate Authority Validity:Not Before: %%START_VALID%%
Not After: %%END_VALID%%
" set header http set format html end config system replacemsg http "http-client-block" set buffer " Attention!!

Attention!!

You are not permitted to upload the file \"%%FILE%%\".

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-client-virus" set buffer " High Security Alert!!

High Security Alert!!

You are not permitted to upload the file \"%%FILE%%\" because it isinfected with the virus \"%%VIRUS%%\".

URL = %%PROTOCOL%%%%URL%%

File quarantined as: %%QUARFILENAME%%.

%%VIRUS_REF_URL%%

" set header http set format html end config system replacemsg http "http-client-filesize" set buffer " Attention!!

Attention!!

You request has been blocked. The request is larger than the configured file size limit.

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-client-bannedword" set buffer " Attention!!

Attention!!

The page you uploaded has been blocked because it contains a banned word.

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg http "http-post-block" set buffer " Attention!!

Attention!!

HTTP POST action is not allowed for policy reasons.

" set header http set format html end config system replacemsg http "http-client-archive-block" set buffer "

High security alert!!!

You are not permitted to upload the file \"%%FILE%%\".

URL = %%PROTOCOL%%%%URL%%

" set header http set format html end config system replacemsg webproxy "deny" set buffer " Access Denied

Access Denied

The page you requested has been blocked by a firewall policy restriction.

" set header http set format html end config system replacemsg webproxy "user-limit" set buffer " Access Denined

Access Denined

The maximum web proxy user limit has been reached.

" set header http set format html end config system replacemsg webproxy "auth-challenge" set buffer " Firewall Authentication

Firewall Authentication

You must authenticate to use this service.

" set header http set format html end config system replacemsg webproxy "auth-login-fail" set buffer " Firewall Authentication

Firewall Authentication

Authentication Failed

" set header http set format html end config system replacemsg webproxy "auth-authorization-fail" set buffer " Firewall Authorization

Firewall Authorization

Authorization Failed

" set header http set format html end config system replacemsg webproxy "http-err" set buffer " %%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%

%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%

The webserver for %%PROTOCOL%%%%URL%% reported that an error occurred while trying to access the website. Please click here to return to the previous page.

" set header http set format html end config system replacemsg ftp "ftp-dl-infected" set buffer "Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%." set header none set format text end config system replacemsg ftp "ftp-dl-blocked" set buffer "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." set header none set format text end config system replacemsg ftp "ftp-dl-filesize" set buffer "File size limit exceeded." set header none set format text end config system replacemsg ftp "ftp-dl-dlp" set buffer "Transfer failed. Data leak detected \"%%FILE%%\"." set header none set format text end config system replacemsg ftp "ftp-dl-dlp-ban" set buffer "Transfer failed. You are banned from transmitting due to a detected data leak. Contact your admin to be re-enabled." set header none set format text end config system replacemsg ftp "ftp-explicit-banner" set buffer "Welcome to Fortigate FTP proxy" set header none set format text end config system replacemsg ftp "ftp-dl-archive-block" set buffer "Transfer failed. Archive \"%%FILE%%\" has been blocked." set header none set format text end config system replacemsg nntp "nntp-dl-infected" set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"." set header none set format text end config system replacemsg nntp "nntp-dl-blocked" set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%" set header none set format text end config system replacemsg nntp "nntp-dl-filesize" set buffer "This article has been blocked. The article is larger than the configured file size limit." set header none set format text end config system replacemsg nntp "nntp-dlp" set buffer "This article has been blocked. It appears to contain a data leak." set header none set format text end config system replacemsg nntp "nntp-dlp-subject" set buffer "Data leak detected!" set header none set format text end config system replacemsg nntp "nntp-dlp-ban" set buffer "this article has been blocked. The user is banned for sending a data leak. Please contact your admin to be re-enabled." set header none set format text end config system replacemsg fortiguard-wf "ftgd-block" set buffer " Web Filter Violation

Powered By Fortinet

FortiGuard Web Filtering

blocked

Web Page Blocked!

You have tried to access a web page which is in violation of your internet usage policy.

URL: %%URL%%
Category: %%CATEGORY%%

%%OVERRIDE%%

To have the rating of this web page re-evaluated please click here.

" set header http set format html end config system replacemsg fortiguard-wf "http-err" set buffer " %%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%

Powered By Fortinet

FortiGuard Web Filtering

blocked

%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%

The webserver for %%URL%% reported that an error occurred while trying to access the website.Please click here to return to the previous page.
" set header http set format html end config system replacemsg fortiguard-wf "ftgd-ovrd" set buffer " Web Filter Block Override

Powered By Fortinet

FortiGuard Web Filtering

authenticate

Web Filter Block Override

If you have been granted override creation privileges by your administrator, you can enter your username and password here to gain immediate access to the blocked web-page. If you do not have these privileges, please contact your administrator to gain access to the web-page.
%%OVRD_FORM%%
" set header http set format html end config system replacemsg fortiguard-wf "ftgd-quota" set buffer " Web Filter Quota Exceeded

Powered By Fortinet

FortiGuard Web Filtering

blocked

Web Page Blocked

Your daily quota for this category of webpage has expired, in accordance with your internet usage policy.

URL: %%URL%%
Category: %%CATEGORY%%

To have the rating of this web page re-evaluated please click here.

%%OVERRIDE%%

" set header http set format html end config system replacemsg fortiguard-wf "ftgd-warning" set buffer " Web Filter Block Override

Powered By Fortinet

FortiGuard Web Filtering

authenticate

Web Page Blocked!

You have tried to access a web page which is in violation of your internet usage policy.

URL: %%URL%%
Category: %%CATEGORY%%

To have the rating of this web page re-evaluated please click here.

 
" set header http set format html end config system replacemsg spam "ipblocklist" set buffer "Mail from this IP address is not allowed and has been blocked." set header none set format text end config system replacemsg spam "smtp-spam-dnsbl" set buffer "This message has been blocked because it is from a DNSBL/ORDBL IP address." set header none set format text end config system replacemsg spam "smtp-spam-feip" set buffer "This message has been blocked because it is from a FortiGuard - AntiSpam black IP address." set header none set format text end config system replacemsg spam "smtp-spam-helo" set buffer "This message has been blocked because the HELO/EHLO domain is invalid." set header none set format text end config system replacemsg spam "smtp-spam-emailblack" set buffer "Mail from this email address is not allowed and has been blocked." set header none set format text end config system replacemsg spam "smtp-spam-mimeheader" set buffer "This message has been blocked because it contains an invalid header." set header none set format text end config system replacemsg spam "reversedns" set buffer "This message has been blocked because the return email domain is invalid." set header none set format text end config system replacemsg spam "smtp-spam-bannedword" set buffer "This message has been blocked because it contains a banned word." set header none set format text end config system replacemsg spam "smtp-spam-ase" set buffer "This message has been blocked because ASE reports it as spam. " set header none set format text end config system replacemsg spam "submit" set buffer "If this email is not spam, click here to submit the signatures to FortiGuard - AntiSpam Service." set header none set format text end config system replacemsg im "im-file-xfer-block" set buffer "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." set header none set format text end config system replacemsg im "im-file-xfer-name" set buffer "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the configured file name block list." set header none set format text end config system replacemsg im "im-file-xfer-infected" set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%." set header none set format text end config system replacemsg im "im-file-xfer-size" set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the configured limit." set header none set format text end config system replacemsg im "im-dlp" set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" contains a data leak." set header none set format text end config system replacemsg im "im-dlp-ban" set buffer "Transfer %%ACTION%%. The user is banned because of a detected data leak." set header none set format text end config system replacemsg im "im-voice-chat-block" set buffer "Connection failed. You are not permitted to use voice chat." set header none set format text end config system replacemsg im "im-video-chat-block" set buffer "Connection failed. You are not permitted to use video chat." set header none set format text end config system replacemsg im "im-photo-share-block" set buffer "Photo sharing failed. You are not permitted to share photo." set header none set format text end config system replacemsg im "im-long-chat-block" set buffer "Message blocked. The message is longer than the configured limit." set header none set format text end config system replacemsg alertmail "alertmail-virus" set buffer "Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% %%VIRUS_REF_URL%%" set header none set format text end config system replacemsg alertmail "alertmail-block" set buffer "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " set header none set format text end config system replacemsg alertmail "alertmail-nids-event" set buffer "The following intrusion was observed: %%NIDS_EVENT%%." set header none set format text end config system replacemsg alertmail "alertmail-crit-event" set buffer "The following critical firewall event was detected: %%CRITICAL_EVENT%%." set header none set format text end config system replacemsg alertmail "alertmail-disk-full" set buffer "The log disk is Full." set header none set format text end config system replacemsg admin "admin-disclaimer-text" set buffer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G This is a private computer system. Unauthorized access or use is prohibited and subject to prosecution and/or disciplinary action. All use of this system constitutes consent to monitoring at all times and users are not entitled to any expectation of privacy. If monitoring reveals possible evidence of violation of criminal statutes, this evidence and any other related information, including identification information about the user, may be provided to law enforcement officials. If monitoring reveals violations of security regulations or unauthorized use, employees who violate security regulations or make unauthorized use of this system are subject to appropriate disciplinary action. W A R N I N G W A R N I N G W A R N I N G W A R N I N G " set header none set format text end config system replacemsg auth "auth-disclaimer-page-1" set buffer " Firewall Disclaimer

Terms and Disclaimer Agreement

You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.

Do you agree to the above terms?

" set header http set format html end config system replacemsg auth "auth-disclaimer-page-2" set buffer '' set header http set format html end config system replacemsg auth "auth-disclaimer-page-3" set buffer '' set header http set format html end config system replacemsg auth "auth-reject-page" set buffer " Firewall Disclaimer Declined

Disclaimer Declined

Sorry, network access cannot be granted unless you agree to the disclaimer.

" set header http set format html end config system replacemsg auth "auth-login-page" set buffer " Firewall Authentication

Authentication Required

%%QUESTION%%


" set header http set format html end config system replacemsg auth "auth-login-failed-page" set buffer " Firewall Authentication

Authentication Failed

%%FAILED_MESSAGE%%


" set header http set format html end config system replacemsg auth "auth-success-msg" set buffer "Welcome to Fortinet Firewall Authentication is successful, please connect again" set header none set format text end config system replacemsg auth "auth-challenge-page" set buffer " Firewall Authentication

Authentication Required

%%QUESTION%%

" set header http set format html end config system replacemsg auth "auth-keepalive-page" set buffer " Firewall Authentication Keepalive Window

This browser window is used to keep your authentication session active.

Please leave it open in the background and open a new window to continue.

Authentication Refresh in %%TIMEOUT%% seconds

logout

%%QUOTA_TABLE%%

" set header http set format html end config system replacemsg auth "auth-fortitoken-page" set buffer " Firewall Authentication

FortiToken Code Required

%%QUESTION%%


" set header http set format html end config system replacemsg auth "auth-email-token-page" set buffer " Firewall Authentication

Email Token Code Required

%%QUESTION%%


" set header http set format html end config system replacemsg auth "auth-sms-token-page" set buffer " Firewall Authentication

SMS Token Code Required

%%QUESTION%%


" set header http set format html end config system replacemsg captive-portal-dflt "cpa-disclaimer-page-1" set buffer " Firewall Disclaimer

SSID \"%%CPAUTH_SSID%%\" Terms and Disclaimer Agreement

You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.

Do you agree to the above terms?

" set header http set format html end config system replacemsg captive-portal-dflt "cpa-disclaimer-page-2" set buffer '' set header http set format html end config system replacemsg captive-portal-dflt "cpa-disclaimer-page-3" set buffer '' set header http set format html end config system replacemsg captive-portal-dflt "cpa-reject-page" set buffer " Firewall Disclaimer Declined

SSID \"%%CPAUTH_SSID%%\" Disclaimer Declined

Sorry, network access cannot be granted unless you agree to the disclaimer.

" set header http set format html end config system replacemsg captive-portal-dflt "cpa-login-page" set buffer "Firewall Authentication

Terms and Disclaimer Agreement

You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.

Authentication for SSID: %%CPAUTH_SSID%%

Please enter your username and password to continue

" set header http set format html end config system replacemsg captive-portal-dflt "cpa-login-failed-page" set buffer "Firewall Authentication

Terms and Disclaimer Agreement

You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.

Authentication for SSID: %%CPAUTH_SSID%%

Please enter your username and password to continue

" set header http set format html end config system replacemsg sslvpn "sslvpn-login" set buffer "login
%%SSL_LOGIN%%
%%SSL_HIDDEN%%
" set header http set format html end config system replacemsg sslvpn "sslvpn-limit" set buffer "Already Logged In
Already Logged In

You already have an open SSL VPN connection. Opening multiple connections is not permitted.

If you proceed, your other connection will be disconnected.

Please contact your administrator if you blevieve there is a problem.

%%SSL_LOGIN_ANYWAY%%%%SSL_LOGIN_CANCEL%%
" set header http set format html end config system replacemsg ec "endpt-download-portal" set buffer " Endpoint Security Required

Powered By Fortinet

FortiGate: Endpoint Control

blocked

Endpoint Security Required

The use of this security policy requires that the latest FortiClient Endpoint Security software and antivirus signature package are installed.

Installing FortiClient requires that you have administrator privileges on your computer. If you do not, please contact your network administrator to have FortiClient installed.

The installer may be downloaded using the following link:
%%LINK%%

Installation instructions:

FortiClient installation may take a few minutes. Thank you for your patience.

" set header http set format html end config system replacemsg ec "endpt-recommendation-portal" set buffer " Endpoint Security Required

Powered By Fortinet

FortiGate: Endpoint Control

blocked

Endpoint Security Required

The use of this security policy requires that the latest FortiClient Endpoint Security software and antivirus signature package are installed.

Installing FortiClient requires that you have administrator privileges on your computer. If you do not, please contact your network administrator to have FortiClient installed.

The installer may be downloaded using the following link:
%%LINK%%

Installation instructions:

FortiClient installation may take a few minutes. Thank you for your patience.

Continue to %%DST_ADDR_LABEL%%

" set header http set format html end config system replacemsg ec "endpt-block-portal" set buffer " Endpoint Security Required

Powered By Fortinet

FortiGate: Endpoint Control

blocked

Endpoint Security Required

The security policy requires the endpoint to be compliant in order to gain network access. Please check your FortiClient software for details.
" set header http set format html end config system replacemsg ec "endpt-rmd-block-portal" set buffer " Endpoint Security Recommended

Powered By Fortinet

FortiGate: Endpoint Control

blocked

Endpoint Security Recommended

The security policy recommends the endpoint to be compliant in order to gain network access. Please check your FortiClient software for details.
Continue to %%DST_ADDR_LABEL%%
" set header http set format html end config system replacemsg ec "endpt-ec-block-page" set buffer " Endpoint Security Required

Powered By Fortinet

FortiGate: Endpoint Control

blocked

Endpoint Security Required

FortiClient security check failed due to the following:
%%FEATURE_BLOCK_REASONS%%
" set header http set format html end config system replacemsg ec "endpt-rmd-ec-block-page" set buffer " Endpoint Security Recommended

Powered By Fortinet

FortiGate: Endpoint Control

blocked

Endpoint Security Recommended

FortiClient security check failed due to the following:
%%FEATURE_BLOCK_REASONS%%
Continue to %%DST_ADDR_LABEL%%
" set header http set format html end config system replacemsg nac-quar "nac-quar-virus" set buffer "Virus Quarantine
Blocked because of virus


A virus was detected, originating from your system. Please contact the system administrator.


" set header http set format html end config system replacemsg nac-quar "nac-quar-dos" set buffer "Attack Detected
Blocked because of DoS Attack


A DoS attack was detected, originating from your system. Please contact the system administrator.


" set header http set format html end config system replacemsg nac-quar "nac-quar-ips" set buffer "Attack Detected
Blocked because of IPS attack


An attack was detected, originating from your system. Please contact the system administrator.


" set header http set format html end config system replacemsg nac-quar "nac-quar-dlp" set buffer "Data Leak Detected
Blocked because of data leak


A data leak was detected, originating from your system. Please contact the system administrator.


" set header http set format html end config system replacemsg traffic-quota "per-ip-shaper-block" set buffer "Traffic Quota Control
Traffic blocked because of exceed session quota


Traffic blocked because of exceed per IP shaper session quota. Please contact the system administrator.
%%QUOTA_INFO%%


" set header http set format html end config vpn certificate ca end config vpn certificate local end config antivirus service "http" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "https" end config antivirus service "ftp" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "pop3" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "imap" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "smtp" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "nntp" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "im" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config system session-sync end config wireless-controller global set name '' set location '' set max-retransmit 3 set data-ethernet-II disable set discovery-mc-addr 224.0.1.140 set max-clients 0 set rogue-scan-mac-adjacency 7 end config gui console unset preferences end config system session-helper edit 1 set name pptp set port 1723 set protocol 6 next edit 2 set name h323 set port 1720 set protocol 6 next edit 3 set name ras set port 1719 set protocol 17 next edit 4 set name tns set port 1521 set protocol 6 next edit 5 set name tftp set port 69 set protocol 17 next edit 6 set name rtsp set port 554 set protocol 6 next edit 7 set name rtsp set port 7070 set protocol 6 next edit 8 set name rtsp set port 8554 set protocol 6 next edit 9 set name ftp set port 21 set protocol 6 next edit 10 set name mms set port 1863 set protocol 6 next edit 11 set name pmap set port 111 set protocol 6 next edit 12 set name pmap set port 111 set protocol 17 next edit 13 set name sip set port 5060 set protocol 17 next edit 14 set name dns-udp set port 53 set protocol 17 next edit 15 set name rsh set port 514 set protocol 6 next edit 16 set name rsh set port 512 set protocol 6 next edit 17 set name dcerpc set port 135 set protocol 6 next edit 18 set name dcerpc set port 135 set protocol 17 next edit 19 set name mgcp set port 2427 set protocol 17 next edit 20 set name mgcp set port 2727 set protocol 17 next end config system auto-install set auto-install-config enable set auto-install-image enable set default-config-file "fgt_system.conf" set default-image-file "image.out" end config system ntp config ntpserver edit 1 set server "ntp1.fortinet.net" next edit 2 set server "ntp2.fortinet.net" next end set ntpsync enable set source-ip 0.0.0.0 set syncinterval 60 end config system dns-server edit "internal" next end config system dhcp server edit 1 set auto-configuration disable set default-gateway 50.0.0.1 set interface "internal" config ip-range edit 1 set end-ip 50.0.0.50 set start-ip 50.0.0.10 next end set netmask 255.255.255.0 set dns-server1 202.188.0.133 set dns-server2 8.8.8.8 next end config firewall address edit "all" next edit "SSLVPN_TUNNEL_ADDR1" set type iprange set end-ip 10.212.134.210 set start-ip 10.212.134.200 next edit "Local_LAN" set subnet 50.0.0.0 255.255.255.0 next edit "Remote_LAN" set subnet 60.0.0.0 255.255.255.0 next end config firewall address6 edit "all" next end config ips sensor edit "default" set comment "prevent critical attacks" config entries edit 1 set severity high critical next end next edit "all_default" set comment "all predefined signatures with default setting" config entries edit 1 next end next edit "all_default_pass" set comment "all predefined signatures with PASS action" config entries edit 1 set action pass next end next edit "protect_http_server" set comment "protect against HTTP server-side vulnerabilities" config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "protect against EMail server-side vulnerabilities" config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "protect against client-side vulnerabilities" config entries edit 1 set location client next end next end config ips DoS edit "all_default" config anomaly edit "tcp_syn_flood" set status enable set threshold 2000 next edit "tcp_port_scan" set status enable set threshold 1000 next edit "tcp_src_session" set status enable set threshold 5000 next edit "tcp_dst_session" set status enable set threshold 5000 next edit "udp_flood" set status enable set threshold 2000 next edit "udp_scan" set status enable set threshold 2000 next edit "udp_src_session" set status enable set threshold 5000 next edit "udp_dst_session" set status enable set threshold 5000 next edit "icmp_flood" set status enable set threshold 250 next edit "icmp_sweep" set status enable set threshold 100 next edit "icmp_src_session" set status enable set threshold 300 next edit "icmp_dst_session" set status enable set threshold 1000 next edit "ip_src_session" set status enable set threshold 5000 next edit "ip_dst_session" set status enable set threshold 5000 next end next edit "block_flood" config anomaly edit "tcp_syn_flood" set status enable set action block set threshold 2000 next edit "tcp_port_scan" set threshold 1000 next edit "tcp_src_session" set threshold 5000 next edit "tcp_dst_session" set threshold 5000 next edit "udp_flood" set status enable set action block set threshold 2000 next edit "udp_scan" set threshold 2000 next edit "udp_src_session" set threshold 5000 next edit "udp_dst_session" set threshold 5000 next edit "icmp_flood" set status enable set action block set threshold 250 next edit "icmp_sweep" set threshold 100 next edit "icmp_src_session" set threshold 300 next edit "icmp_dst_session" set threshold 1000 next edit "ip_src_session" set threshold 5000 next edit "ip_dst_session" set threshold 5000 next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set per-policy enable set priority medium next edit "low-priority" set maximum-bandwidth 1048576 set per-policy enable set priority low next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config application list edit "default" set comment "monitor all applications" config entries edit 1 set action pass next end next edit "block-p2p" config entries edit 1 set category 2 next end next edit "monitor-p2p-and-media" config entries edit 1 set action pass set category 2 next edit 2 set action pass set category 5 next end next end config dlp filepattern edit 1 config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end set name "builtin-patterns" next edit 2 config entries edit "bat" set filter-type type set file-type bat set active imap smtp pop3 http ftp im nntp next edit "exe" set filter-type type set file-type exe set active imap smtp pop3 http ftp im nntp next edit "elf" set filter-type type set file-type elf set active imap smtp pop3 http ftp im nntp next edit "hta" set filter-type type set file-type hta set active imap smtp pop3 http ftp im nntp next end set name "all_executables" next end config dlp rule edit "All-Email" set protocol email set sub-protocol smtp pop3 imap set field always next edit "All-HTTP" set protocol http set sub-protocol http-get http-post set field always next edit "All-FTP" set protocol ftp set sub-protocol ftp-get ftp-put set field always next edit "All-NNTP" set protocol nntp set field always next edit "All-IM" set protocol im set sub-protocol aim icq msn ym set field always next edit "HTTP-Visa-Mastercard" set protocol http set sub-protocol http-post set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\b)" next edit "HTTP-AmEx" set protocol http set sub-protocol http-post set regexp "(\\W|\\b)3[47]\\d{2}([ \\-]?)\\d{6}\\2\\d{5}(\\W|\\b)" next edit "HTTP-Canada-SIN" set protocol http set sub-protocol http-post set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)" next edit "HTTP-US-SSN" set protocol http set sub-protocol http-post set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}(\\b|\\W)" next edit "HTTP-Post-Not-Webex" set protocol http set sub-protocol http-post set regexp "WebEx" set regexp-negated enable set regexp-wildcard enable next edit "Email-AmEx" set protocol email set sub-protocol smtp pop3 imap set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\b)" next edit "Email-Visa-Mastercard" set protocol email set sub-protocol smtp pop3 imap set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?)\\d{4}(\\3\\d{4}){2}(\\W|\\b)" next edit "Email-Canada-SIN" set protocol email set sub-protocol smtp pop3 imap set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)" next edit "Email-US-SSN" set protocol email set sub-protocol smtp pop3 imap set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}(\\b|\\W)" next edit "Email-Not-Webex" set protocol email set sub-protocol smtp pop3 imap set regexp "WebEx" set regexp-negated enable set regexp-wildcard enable next edit "Large-Attachment" set protocol email set sub-protocol smtp pop3 imap set field attachment-size set value 5120 set operator greater-equal next edit "Large-FTP-Put" set protocol ftp set sub-protocol ftp-put set field transfer-size set value 5120 set operator greater-equal next edit "Large-HTTP-Post" set protocol http set sub-protocol http-post set field transfer-size set value 5120 set operator greater-equal next end config dlp compound edit "Email-SIN" set comment "Emails containing canadian SIN but are not WebEx invites" set protocol email set sub-protocol smtp pop3 imap set member "Email-Canada-SIN" "Email-Not-Webex" next edit "HTTP-Post-SIN" set comment "Posts containing canadian SIN but are not WebEx invites" set protocol http set sub-protocol http-post set member "HTTP-Canada-SIN" "HTTP-Post-Not-Webex" next end config dlp sensor edit "default" set comment "summary archive email and web traffics" config filter edit "All-Email" set filter-type advanced-rule set rule-name "All-Email" set archive summary-only next edit "All-HTTP" set filter-type advanced-rule set rule-name "All-HTTP" set archive summary-only next end next edit "Content_Summary" config filter edit "All-Email" set filter-type advanced-rule set rule-name "All-Email" set archive summary-only next edit "All-FTP" set filter-type advanced-rule set rule-name "All-FTP" set archive summary-only next edit "All-HTTP" set filter-type advanced-rule set rule-name "All-HTTP" set archive summary-only next edit "All-IM" set filter-type advanced-rule set rule-name "All-IM" set archive summary-only next edit "All-NNTP" set filter-type advanced-rule set rule-name "All-NNTP" next end next edit "Content_Archive" config filter edit "All-Email" set filter-type advanced-rule set rule-name "All-Email" set archive enable next edit "All-FTP" set filter-type advanced-rule set rule-name "All-FTP" set archive enable next edit "All-HTTP" set filter-type advanced-rule set rule-name "All-HTTP" set archive enable next edit "All-IM" set filter-type advanced-rule set rule-name "All-IM" set archive enable next edit "All-NNTP" set filter-type advanced-rule set rule-name "All-NNTP" next end next edit "Large-File" config filter edit "Large-Attachment" set filter-type advanced-rule set rule-name "Large-Attachment" next edit "Large-FTP-Put" set filter-type advanced-rule set rule-name "Large-FTP-Put" next edit "Large-HTTP-Post" set filter-type advanced-rule set rule-name "Large-HTTP-Post" next end next edit "Credit-Card" config filter edit "Email-AmEx" set filter-type advanced-rule set rule-name "Email-AmEx" next edit "Email-Visa-Mastercard" set filter-type advanced-rule set rule-name "Email-Visa-Mastercard" next edit "HTTP-AmEx" set filter-type advanced-rule set rule-name "HTTP-AmEx" next edit "HTTP-Visa-Mastercard" set filter-type advanced-rule set rule-name "HTTP-Visa-Mastercard" next end next edit "SSN-Sensor" config filter edit "Email-US-SSN" set filter-type advanced-rule set rule-name "HTTP-Visa-Mastercard" next edit "HTTP-US-SSN" set filter-type advanced-rule set rule-name "HTTP-US-SSN" next edit "Email-SIN" set filter-type advanced-compound-rule set compound-name "Email-SIN" next edit "HTTP-Post-SIN" set filter-type advanced-compound-rule set compound-name "HTTP-Post-SIN" next end next end config webfilter content end config webfilter urlfilter end config spamfilter bword end config spamfilter emailbwl end config spamfilter ipbwl end config spamfilter mheader end config spamfilter dnsbl end config spamfilter iptrust end config voip profile edit "default" set comment "default VoIP profile" config sip set log-violations enable end config sccp set log-call-summary enable set log-violations enable end next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set guid "528CB157-D384-4593-AAAA-E42DFF111CED" set type fw next edit "FortiClient-AV-Vista-Win7" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista-Win7" set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" set type fw next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "AVG-Internet-Security-FW" set guid "8DECF618-9569-4340-B34A-D78D28969B66" set type fw next edit "AVG-Internet-Security-FW-Vista-Win7" set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" set type fw next edit "CA-Internet-Security-FW" set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" set type fw next edit "CA-Internet-Security-FW-Vista-Win7" set guid "06D680B0-4024-4FAB-E710-E675E50F6324" set type fw next edit "CA-Personal-Firewall" set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" set type fw next edit "F-Secure-Internet-Security-FW" set guid "D4747503-0346-49EB-9262-997542F79BF4" set type fw next edit "F-Secure-Internet-Security-FW-Vista-Win7" set guid "2D7AC0A6-6241-D774-E168-461178D9686C" set type fw next edit "Kaspersky-FW" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" set type fw next edit "Kaspersky-FW-Vista-Win7" set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" set type fw next edit "McAfee-Internet-Security-Suite-FW" set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" set type fw next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" set type fw next edit "Norton-360-2.0-FW" set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" set type fw next edit "Norton-360-3.0-FW" set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" set type fw next edit "Norton-Internet-Security-FW" set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" set type fw next edit "Norton-Internet-Security-FW-Vista-Win7" set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" set type fw next edit "Symantec-Endpoint-Protection-FW" set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" set type fw next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" set type fw next edit "Panda-Antivirus+Firewall-2008-FW" set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" set type fw next edit "Panda-Internet-Security-2006~2007-FW" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" set type fw next edit "Panda-Internet-Security-2008~2009-FW" set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" set type fw next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set guid "0786E95E-326A-4524-9691-41EF88FB52EA" set type fw next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" set type fw next edit "Trend-Micro-FW" set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" set type fw next edit "Trend-Micro-FW-Vista-Win7" set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" set type fw next edit "ZoneAlarm-FW" set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" set type fw next edit "ZoneAlarm-FW-Vista-Win7" set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" set type fw next end config vpn ssl web portal edit "full-access" set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portforward set heading "Welcome to SSL VPN Service" set page-layout double-column config widget edit 4 set name "Session Information" set type info next edit 2 set name "Bookmarks" set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward next edit 3 set name "Connection Tool" set type tool set column two set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward next edit 1 set name "Tunnel Mode" set type tunnel set column two set tunnel-status enable set split-tunneling enable set ip-pools "SSLVPN_TUNNEL_ADDR1" next end next edit "web-access" set allow-access web ftp smb telnet ssh vnc rdp citrix rdpnative portforward set heading "Welcome to SSL VPN Service" config widget edit 4 set name "Session Information" set type info next edit 1 set name "Bookmarks" set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward next end next edit "tunnel-access" set heading "Welcome to SSL VPN Service" config widget edit 4 set name "Session Information" set type info next edit 1 set name "Tunnel Mode" set type tunnel set tunnel-status enable set split-tunneling enable set ip-pools "SSLVPN_TUNNEL_ADDR1" next end next end config user local edit "guest" set type password set passwd ENC 5oGYKUJfALd62mfqGVEaGlwIsWH73PIruAZWc99A/r4lBPSHbYRyQ5aokVDSJQ4SrGdesIx6AsP+Fe+pdSLVMt8cGhnVAUiZ7v+K+c40DpMPhpmC next end config user group edit "FSSO_Guest_Users" set group-type fsso-service next edit "Guest-group" set member "guest" next end config webfilter profile edit "default" set comment "default web filtering" set options https-scan set post-action comfort config ftgd-wf config filters edit 1 set action warning set category 2 next edit 2 set action warning set category 7 next edit 3 set action warning set category 8 next edit 4 set action warning set category 9 next edit 5 set action warning set category 11 next edit 6 set action warning set category 12 next edit 7 set action warning set category 13 next edit 8 set action warning set category 14 next edit 9 set action warning set category 15 next edit 10 set action warning set category 16 next edit 11 set action warning set category 32 next edit 12 set action warning set category 57 next edit 13 set action warning set category 63 next edit 14 set action warning set category 64 next edit 15 set action warning set category 65 next edit 16 set action warning set category 66 next edit 17 set action warning set category 67 next edit 18 set action block set category 26 next end end next end config webfilter override end config webfilter override-user end config webfilter ftgd-warning end config webfilter ftgd-local-rating end config vpn ipsec phase1 edit "FGTtoASA" set interface "wan1" set keylife 86400 set proposal 3des-sha1 set dpd disable set remote-gw 192.168.0.6 set psksecret ENC oeX+CO11kI1yYtnP2dzvZwSGdNbXQvg1hxf1h0CqalxBn1U0mwBSrkLk1Ifc9pfCWb2o4eFcK6vEpa8vZu176oEXaBIEaFTmdK9T+0FAyh8ci+sf next end config vpn ipsec phase2 edit "FGTtoASA2" set dst-addr-type name set keepalive enable set phase1name "FGTtoASA" set proposal 3des-sha1 set replay disable set src-addr-type name set dst-name "Remote_LAN" set keylifeseconds 28800 set src-name "Local_LAN" next end config vpn ipsec phase1-interface edit "FGTtoASA_IN" set interface "wan1" set keylife 86400 set proposal 3des-sha1 set dpd disable set remote-gw 192.168.0.6 set psksecret ENC oeX+CO11kI1yYtnP2dzvZwSGdNbXQvg1hxf1h0CqalxBn1U0mwBSrkLk1Ifc9pfCWb2o4eFcK6vEpa8vZu176oEXaBIEaFTmdK9T+0FAyh8ci+sf next end config vpn ipsec phase2-interface edit "FGTtoASA2_IN" set dst-addr-type name set keepalive enable set phase1name "FGTtoASA_IN" set proposal 3des-sha1 set replay disable set src-addr-type name set dst-name "Remote_LAN" set keylifeseconds 28800 set src-name "Local_LAN" next end config endpoint-control app-detect rule-list edit "Block_P2P_application" config entries edit 1 set category 15 set status running next end set comment "deny access from endpoints running P2P applications" set other-application-action allow next edit "Monitor_Microsoft_Office" config entries edit 1 set category 31 set vendor 53 set action monitor next end set comment "monitor installed Microsoft Office applications" set other-application-action allow next edit "Monitor_game" config entries edit 1 set category 20 set action monitor set status running next end set comment "monitor running games" set other-application-action allow next edit "Monitor_Internet_browser" config entries edit 1 set category 12 set action monitor next end set comment "monitor installed Internet browsers" set other-application-action allow next end config endpoint-control profile edit "Recommend_FortiClient" next edit "Enforce_FortiClient_AV" set feature-enforcement enable set recommendation-disclaimer disable set require-av enable next edit "P2P_application_detection" set application-detection enable set application-detection-rule-list "Block_P2P_application" next end config antivirus profile edit "default" set comment "scan and delete virus" config http set options scan end config ftp set options scan end config imap set options scan end config pop3 set options scan end config smtp set options scan end config nntp set options scan end config im set options scan end next end config spamfilter profile edit "default" set comment "malware and phishing URL filtering" next end config firewall service explicit-web edit "webproxy" next end config firewall service group edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next edit "Exchange Server OWA" set member "DNS" "HTTPS" next edit "Outlook" set member "DCE-RPC" "DNS" "IMAP" "POP3" "SMTP" "HTTPS" next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next end config firewall profile-protocol-options edit "default" set comment "all default services" config http set port 80 set options no-content-summary unset post-lang end config https set port 443 set options no-content-summary end config ftp set port 21 set options no-content-summary splice end config imap set port 143 set options fragmail no-content-summary end config pop3 set port 110 set options fragmail no-content-summary end config smtp set port 25 set options fragmail no-content-summary splice end config nntp set port 119 set options no-content-summary splice end next end config firewall policy edit 2 set srcintf "internal" set dstintf "wan1" set srcaddr "Local_LAN" set dstaddr "Remote_LAN" set action ipsec set status disable set schedule "always" set service "ANY" set logtraffic enable set inbound enable set outbound enable set vpntunnel "FGTtoASA" next edit 1 set srcintf "internal" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ANY" set logtraffic enable set nat enable next edit 3 set srcintf "internal" set dstintf "FGTtoASA_IN" set srcaddr "Local_LAN" set dstaddr "Remote_LAN" set action accept set schedule "always" set service "ANY" set logtraffic enable set nat enable next edit 4 set srcintf "FGTtoASA_IN" set dstintf "internal" set srcaddr "Remote_LAN" set dstaddr "Local_LAN" set action accept set schedule "always" set service "ANY" set logtraffic enable set nat enable next end config firewall local-in-policy end config firewall policy6 end config firewall local-in-policy6 end config firewall interface-policy end config firewall interface-policy6 end config firewall sniff-interface-policy end config firewall sniff-interface-policy6 end config wireless-controller wtp-profile edit "FAP220A-default" config platform set type 220A end config radio-1 set band 802.11n set channel "1" "6" "11" end config radio-2 set band 802.11n-5G set channel "36" "40" "44" "48" "149" "153" "157" "161" "165" end next edit "FAP220B-default" config radio-1 set band 802.11n-5G set channel "36" "40" "44" "48" "149" "153" "157" "161" "165" end config radio-2 set band 802.11n set channel "1" "6" "11" end next edit "FAP210B-default" config platform set type 210B end config radio-1 set band 802.11n set channel "1" "6" "11" end config radio-2 set mode disabled end next edit "FAP222B-default" config platform set type 222B end config radio-1 set band 802.11n set channel "1" "6" "11" end config radio-2 set band 802.11n-5G set channel "36" "40" "44" "48" "149" "153" "157" "161" "165" end next edit "11g-only" config platform set type 30B-50B end config radio-1 set band 802.11g set channel "1" "6" "11" end config radio-2 set mode disabled end next end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set device "wan1" set gateway 192.168.0.1 next edit 2 set device "FGTtoASA_IN" set distance 20 set dst 60.0.0.0 255.255.255.0 next end config router policy edit 1 set input-device "internal" set dst 60.0.0.0 255.255.255.0 set output-device "FGTtoASA_IN" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end end config router multicast end