#config-version=FG100E-6.0.4-FW-build0231-190107:opmode=0:vdom=1:user=admin
#conf_file_ver=178301272367646
#buildno=0231
#global_vdom=1
config vdom
edit root
next
edit VDOM_Public
next
edit VDOM_Secure
next
end
config global
config system global
set alias "FG100ETK19009439"
set hostname "FG100ETK19009439"
set switch-controller enable
set timezone 29
set vdom-admin enable
end
config system accprofile
edit "prof_admin"
set secfabgrp read-write
set ftviewgrp read-write
set authgrp read-write
set sysgrp read-write
set netgrp read-write
set loggrp read-write
set fwgrp read-write
set vpngrp read-write
set utmgrp read-write
set wifi read-write
next
end
config system interface
edit "dmz"
set vdom "root"
set ip 10.10.10.1 255.255.255.0
set allowaccess ping https http fgfm capwap
set status down
set type physical
set role dmz
set snmp-index 1
next
edit "mgmt"
set vdom "root"
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh http fgfm
set type physical
set dedicated-to management
set role lan
set snmp-index 2
next
edit "wan1"
set vdom "VDOM_Public"
set ip 192.168.255.253 255.255.255.0
set allowaccess ping
set type physical
set role wan
set snmp-index 3
next
edit "wan2"
set vdom "root"
set allowaccess ping fgfm
set status down
set type physical
set role wan
set snmp-index 4
next
edit "ha1"
set vdom "root"
set status down
set type physical
set snmp-index 5
next
edit "ha2"
set vdom "root"
set status down
set type physical
set snmp-index 6
next
edit "modem"
set vdom "root"
set mode pppoe
set type physical
set snmp-index 7
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 8
next
edit "lan"
set vdom "root"
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https http fgfm capwap
set type hard-switch
set stp enable
set role lan
set snmp-index 9
next
edit "port14"
set vdom "root"
set fortilink enable
set ip 169.254.1.1 255.255.255.0
set allowaccess ping capwap
set type physical
config managed-device
edit "S124EN5919001593"
next
end
set snmp-index 10
next
edit "vsw.port14"
set vdom "root"
set snmp-index 11
set interface "port14"
set vlanid 1
next
edit "qtn.port14"
set vdom "root"
set ip 10.254.254.254 255.255.255.0
set description "Quarantine VLAN"
set security-mode captive-portal
set replacemsg-override-group "auth-intf-qtn.port14"
set device-identification enable
set snmp-index 12
set switch-controller-access-vlan enable
set color 6
set interface "port14"
set vlanid 4093
next
edit "npu0_vlink0"
set vdom "VDOM_Public"
set allowaccess ping
set type physical
set snmp-index 13
next
edit "npu0_vlink1"
set vdom "VDOM_Secure"
set allowaccess ping
set type physical
set snmp-index 14
next
edit "ssl.VDOM_Public"
set vdom "VDOM_Public"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 15
next
edit "ssl.VDOM_Secure"
set vdom "VDOM_Secure"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 16
next
edit "VLAN_Public"
set vdom "VDOM_Public"
set ip 172.3.255.1 255.255.255.0
set allowaccess ping
set role lan
set snmp-index 17
set interface "port14"
set vlanid 1000
next
edit "VLAN_Secure"
set vdom "VDOM_Secure"
set ip 172.4.255.1 255.255.255.0
set allowaccess ping
set role lan
set snmp-index 18
set interface "port14"
set vlanid 2000
next
end
config system physical-switch
edit "sw0"
set age-val 0
next
end
config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "port1"
next
edit "port2"
next
edit "port3"
next
edit "port4"
next
edit "port5"
next
edit "port6"
next
edit "port7"
next
edit "port8"
next
edit "port9"
next
edit "port10"
next
edit "port11"
next
edit "port12"
next
edit "port13"
next
edit "port15"
next
edit "port16"
next
end
next
end
config system custom-language
edit "en"
set filename "en"
next
edit "fr"
set filename "fr"
next
edit "sp"
set filename "sp"
next
edit "pg"
set filename "pg"
next
edit "x-sjis"
set filename "x-sjis"
next
edit "big5"
set filename "big5"
next
edit "GB2312"
set filename "GB2312"
next
edit "euc-kr"
set filename "euc-kr"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Main"
config widget
edit 1
set x-pos 1
set y-pos 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 2
set y-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 3
set y-pos 1
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 4
set y-pos 1
set width 1
set height 1
next
edit 5
set type security-fabric-ranking
set x-pos 5
set y-pos 1
set width 1
set height 1
next
edit 6
set type admins
set x-pos 6
set y-pos 1
set width 1
set height 1
next
edit 7
set type cpu-usage
set x-pos 7
set y-pos 1
set width 2
set height 1
next
edit 8
set type memory-usage
set x-pos 8
set y-pos 1
set width 2
set height 1
next
edit 9
set type sessions
set x-pos 9
set y-pos 1
set width 2
set height 1
next
end
next
edit 2
set name "Main"
set scope vdom
config widget
edit 1
set type cpu-usage
set x-pos 1
set y-pos 1
set width 2
set height 1
next
edit 2
set type memory-usage
set x-pos 2
set y-pos 1
set width 2
set height 1
next
edit 3
set type sessions
set x-pos 3
set y-pos 1
set width 2
set height 1
next
end
next
end
set password ENC SH2ONtfiGARdnOLdZcR1WczewrBrRzm/P5XdTuvOU7izE7R7i7KGdREoNMRvKY=
next
end
config system ha
set override disable
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system replacemsg-image
edit "logo_fnet"
set image-type gif
set image-base64 ''
next
edit "logo_fguard_wf"
set image-type gif
set image-base64 ''
next
edit "logo_fw_auth"
set image-base64 ''
next
edit "logo_v2_fnet"
set image-base64 ''
next
edit "logo_v2_fguard_wf"
set image-base64 ''
next
edit "logo_v2_fguard_app"
set image-base64 ''
next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg mail "email-decompress-limit"
end
config system replacemsg mail "smtp-decompress-limit"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-group-info-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg nntp "email-decompress-limit"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
config system replacemsg auth "auth-disclaimer-page-2"
end
config system replacemsg auth "auth-disclaimer-page-3"
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg auth "auth-quarantine-page"
end
config system replacemsg auth "auth-qtn-reject-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-linux"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg ec "endpt-warning-portal"
end
config system replacemsg ec "endpt-warning-portal-mac"
end
config system replacemsg ec "endpt-warning-portal-linux"
end
config system replacemsg ec "endpt-remedy-inst"
end
config system replacemsg ec "endpt-remedy-reg"
end
config system replacemsg ec "endpt-remedy-ftcl-autofix"
end
config system replacemsg ec "endpt-remedy-av-3rdp"
end
config system replacemsg ec "endpt-remedy-ver"
end
config system replacemsg ec "endpt-remedy-os-ver"
end
config system replacemsg ec "endpt-remedy-vuln"
end
config system replacemsg ec "endpt-remedy-sig-ids"
end
config system replacemsg ec "endpt-remedy-ems-online"
end
config system replacemsg ec "endpt-ftcl-incompat"
end
config system replacemsg ec "endpt-download-ftcl"
end
config system replacemsg ec "endpt-quarantine-portal"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "ipsfail-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system replacemsg utm "outbreak-prevention-html"
end
config system replacemsg utm "outbreak-prevention-text"
end
config system replacemsg icap "icap-req-resp"
end
config system snmp sysinfo
end
config system central-management
set type fortiguard
end
config firewall wildcard-fqdn custom
edit "g-adobe"
set uuid 845eab16-c99c-51e9-cfd8-85c02bd181b4
set wildcard-fqdn "*.adobe.com"
next
edit "g-Adobe Login"
set uuid 845ec1f0-c99c-51e9-d810-be20f673d5ce
set wildcard-fqdn "*.adobelogin.com"
next
edit "g-android"
set uuid 845ed05a-c99c-51e9-4a6d-f0be23fd6130
set wildcard-fqdn "*.android.com"
next
edit "g-apple"
set uuid 845edea6-c99c-51e9-af78-3cbee358b509
set wildcard-fqdn "*.apple.com"
next
edit "g-appstore"
set uuid 845eecde-c99c-51e9-c4ff-4f9b2b40e7a8
set wildcard-fqdn "*.appstore.com"
next
edit "g-auth.gfx.ms"
set uuid 845efb2a-c99c-51e9-7baa-f02473437496
set wildcard-fqdn "*.auth.gfx.ms"
next
edit "g-citrix"
set uuid 845f0a52-c99c-51e9-33d6-74c5ae010c74
set wildcard-fqdn "*.citrixonline.com"
next
edit "g-dropbox.com"
set uuid 845f18b2-c99c-51e9-a0db-5c0850bb00f2
set wildcard-fqdn "*.dropbox.com"
next
edit "g-eease"
set uuid 845f26f4-c99c-51e9-62d0-5b759b840b2c
set wildcard-fqdn "*.eease.com"
next
edit "g-firefox update server"
set uuid 845f354a-c99c-51e9-660f-1cc99dfe4acb
set wildcard-fqdn "aus*.mozilla.org"
next
edit "g-fortinet"
set uuid 845f43b4-c99c-51e9-3001-8c2bb4a4c2c8
set wildcard-fqdn "*.fortinet.com"
next
edit "g-googleapis.com"
set uuid 845f52d2-c99c-51e9-022a-bb04b2170d89
set wildcard-fqdn "*.googleapis.com"
next
edit "g-google-drive"
set uuid 845f6146-c99c-51e9-f5a6-fc00c044881e
set wildcard-fqdn "*drive.google.com"
next
edit "g-google-play2"
set uuid 845f708c-c99c-51e9-66e1-578f031e6b03
set wildcard-fqdn "*.ggpht.com"
next
edit "g-google-play3"
set uuid 845f7f00-c99c-51e9-9f55-7113d552be7e
set wildcard-fqdn "*.books.google.com"
next
edit "g-Gotomeeting"
set uuid 845f8d6a-c99c-51e9-f3c8-6ef554de7ce0
set wildcard-fqdn "*.gotomeeting.com"
next
edit "g-icloud"
set uuid 845fa53e-c99c-51e9-71dc-91a18d45a0dd
set wildcard-fqdn "*.icloud.com"
next
edit "g-itunes"
set uuid 845fb4c0-c99c-51e9-6d26-09b001950a75
set wildcard-fqdn "*itunes.apple.com"
next
edit "g-microsoft"
set uuid 845fc35c-c99c-51e9-1722-cfcf94e02656
set wildcard-fqdn "*.microsoft.com"
next
edit "g-skype"
set uuid 845fd1c6-c99c-51e9-0f87-017e324524af
set wildcard-fqdn "*.messenger.live.com"
next
edit "g-softwareupdate.vmware.com"
set uuid 845fe03a-c99c-51e9-b37a-db8eba953f32
set wildcard-fqdn "*.softwareupdate.vmware.com"
next
edit "g-verisign"
set uuid 845feeae-c99c-51e9-5706-b8496d003019
set wildcard-fqdn "*.verisign.com"
next
edit "g-Windows update 2"
set uuid 845ffd22-c99c-51e9-9d07-eff5c53da8b4
set wildcard-fqdn "*.windowsupdate.com"
next
edit "g-live.com"
set uuid 84600ba0-c99c-51e9-1e8e-9add0d3c6b9d
set wildcard-fqdn "*.live.com"
next
end
config ips sensor
edit "g-default"
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "g-sniffer-profile"
set comment "Monitor IPS attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config entries
edit 1
set severity medium high critical
next
end
next
end
config application list
edit "g-default"
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
edit "g-sniffer-profile"
set comment "Monitor all applications."
unset options
config entries
edit 1
set action pass
next
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set deep-app-inspection disable
config entries
edit 1
set action pass
set log disable
next
end
next
end
config dlp sensor
edit "g-default"
set comment "Default sensor."
next
edit "g-sniffer-profile"
set comment "Log a summary of email and web traffic."
set flow-based enable
set summary-proto smtp pop3 imap http-get http-post
next
end
config certificate ca
end
config certificate local
edit "Fortinet_CA_SSL"
set password ENC L2jeefehcDN1LP112xT3TqwPp9t7mgjQkxTQjrr5ueIJ7tHZycabqekJPw2KZykV8hIjODoTvbKMsoGEtdhRdJRWnFkHSKuvJfLNLK4s6x9GMlpxg3j3CoUYkjulzXBpicM04UCANA2V5XMMJP/q3zH3Emt8oaaUCyTYQ878FtU3JaXFJjBFTbl4vvlVmw8OOKP6pg==
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrxl0WkuxUccCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDl49yjvXDP/BIIEyBRBPPIr8yUS
OHJ8az0jlRCzWDpHTyWiU7JJKuQ3ZotEPJudXhMVroeuLIB9fy3KKQpDI7Dhnf5G
AtjeNyuTKtCs7uJ7Wp5DUi6yweleKtoFfe5FmoD9Cx1J39tGIpcFVdG5fuvCcAbN
oWZcJYsDAeyHcI/RH4cxuNELafCDAebIul7elp/thtaHEaztsvu7bIr1hOrFBty9
yWENjQJtldoLTBW7Xe9vE5jNYs3DwXA4JpHRFGTpCi0aNWPoPohb/3QvvpAYqeLz
8Gm+YdO6V/hodGQbClhJk63/GTOJNQiFBwJ1EygmyKvDBVonxI6q3KGExdSS3H/7
pca0p6BOi+rb6F8iDMc4yNhMjzBpv92yX6DPfTpapwLL/5gr4/lQnndFZLTSr6Ou
uxti/QIwkf1CvWUoX0Ct1PTKal9qzPLEQLO9bJw0HVQJzpp4jfJ3EHVZbSMtCX8R
o6xy9BmetZkErUfa2Hm+aEFg34us/U5Bnn3LJ1GELMC1m+QiA1Ze61XwgYTzzoQS
7V2D6Okcffw8t0VC9U4quPdkiWAmYcbvJ10DYqyWDbg+XtnZ0VtXfnMm3q8/nvXj
vsfiTlCGNKg9ndcWxWaKiK+w1D4G0subWNXkHJhh0BHeRGQ00T5Ax6Lo+dfVSnfq
mHespH7lT0Dhf4Y8V48T0rbJ3GBaSkLgf5X3NjoqDzuh2OR7rRv55nsRuWzzZB5R
P7myC03SKviBom9MJ8H3c+ZXbFNoARWmI9tT3wWkB2g0wmV/2NynfORFKvAsCxGL
IfBMK4wWxyRY+tHHkLboWyzH/aITeu5+BOIHN9wyeIVBYWUt1T+q//HuR9ofbWjk
3B3zC9e2hgWquscJh7LnkC/5eC9oxSHmm+E6zz6J2tkphA5D2hPcDFB5vyVN+djj
+fffjCjaKxqd/VL9nEZye5dyFDdnp8hbsxYwT2ud8t3Rw4ngSC1aU3WwXFyo+iui
aagccK7nz8nJ+w+KZ5OoeBz2CBk97ROTY+xoPn7BDQOh0nwIAM5pGXGebLIB0KMI
QSEC9DjrkZ8aI4O4UAaEn5oA4yMy70X+L48ftBqYOviAEsmAcyMGfCKhIe49qpxB
90T5XcPDzjnCjZ2djPYlYcuxzopRNUgQm5h3hSCSK84A46Vw9Hij9J+klvjwbWOt
qJT62WltdCfWk7TsxyXcv3ti7dfn5Z8DNKuunye+biJ9QpJQBN3Jjx70Sk0LNGhn
SSo3IVn3W+WjZ3q0/cQ1TiS6G71haRRg4sOHn2JvqX5vUSfVRnLvnZxiwtxMRdHY
MbCcvRa7FZMnGn49SZR8DVsSmMisfLx/qzE/HQMokuip0J+dyvaOJKcu3ygU6rlL
B2ISHqUDHD1WpnP78x+cRxlSB3sT5A0OOhWN3+sXTfIxM+S9M2rMlK2RhYHEGQkE
T6UyzHYNk0mVnz8V2ig37+mpW85py4Nlc2IdjH/A76I0zKU7MgrdhhhIAArOEXog
mgyJTNjQnFq9BNzfxrVpAAxjEjm9oFUe8i+L5qWHzJZGqosyWDZvdrG/RWxkRukz
jRw24wO0AF2Z8jkXGRho69PNqe1+OG3S4JcwO6LiTgroKVOaReUKvYG6vr1EhEeJ
VNLqRNw72syRLOHElymOWw==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID4jCCAsqgAwIBAgIEG/atjTANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ
MBcGA1UEAwwQRkcxMDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9y
dEBmb3J0aW5ldC5jb20wHhcNMTkwNjIxMDEwNzE1WhcNMjkwNjIxMDEwNzE1WjCB
qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1
bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl
IEF1dGhvcml0eTEZMBcGA1UEAwwQRkcxMDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3
DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZNf3Sm4R1VOLskC6kWZPFdcFXe8IN0Aznumz3n0722yZVZa6e
M0DXKbVcPD2vPjcK2cTC1iITKLpzuX+1LwTcaI3AmSn6AlOqZmoL5q6t4G/qSBO9
Vxqhxgc/MktRW+lY7/Zu99hFp6fY401eV2BR4DWzxht//+wMJT2N94D2g+C1eoRS
U4nnAWtcWqWAhEN1C/1P5GVhMHehxhgzaa6RQEz2bb9qDL14CZhx3FxVV7JW5AKA
aYx1Bd3CMHKanY51BU6IxXGguf9Q4l7cvI3sZf1suXzXrsw3wDVSDz/h9kaYkazS
spSED3z1CT/f0moW0eMQ71ZsS6C5OFkyg2cvAgMBAAGjEDAOMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBACHy9rX0bwMXGH40ii96GuVBuNMFLNNypzCZ
mLeFyBfQ/TgI8FyMhlOTHCXffVrST4Udljg6prBajD8r0VZVtYSPK+CHoFLmJvI4
Ja4Z6ZRV8F4p3eA5TucJUWFPCIjvzY8tSSjUlY391rHMGs/aRs4a0+sbztGBjbU3
nrCMRjkhinndJ2i+WkAJOOYz3Y51t8q3aND+LzO17/hi7xrsD+PRhyh8xU4kGxQy
Y/HAgxbztJVBtZj6O2u4ccSo3OuyfOeHIuDd3Wxr07Nq7MkdJ79vGOGBLYUfkgkP
lEwtgBadhzTE0WT5updC3TDl7H2aiAgHaTd1bBTwiqz9lKrBeK4=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_CA_Untrusted"
set password ENC zQdiedoNUbv2uiIMV1JFmXhCbP6G4fPTgsJaPFygg4Q7xmmDMkw7vXMEG3xUZQ6iwm0QCb7SHtfA/MtZzSlpQXKOUPdC+VmK0RBCLXDefGFKs4G9eaCSyL2p+7WMSzG4EKJClMKrEQyEcdwX18+SFMGQLyYgeUj3t7qOy+2oeHnu6V61sVd458CsyY2VOk567FiE+w==
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIOPIdFwB8Sk4CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEYqkgyQHbIMBIIEyEKnnRvnz+bE
6JDx/ftRE8yxwCyEdRq4LcDmgX3ZyV2Sf69HgL2nomwUmp7dwKWQPJKdoYCYbPdI
DmwHPfUYZS/oCXVKcjcCdyO5nki+pk7/YikI5SHV9nbspM7OoLktWEW30zCsSK/L
X6/M43cljoYi1CWeyMgm8kp9u4T/a3VOWevA75KQuk/B2VXEQTuwiQ1LChhme+wL
Z11DSrkgcA0T5cAIL5gLiXX6wm3P9aaO6rnsA7ULjZNZq6Oy60IFKuS0/pgLMWsp
u4wTk1od2N8WS2oNYOPhKa8Tq+Bqa3IB9JzvSEZSgt7T3Af9ha0FzE/ZOPMWh+mP
NaGiiX5IJm/VlQ5PPEiPNii3ItTa5rfCqQzydh/r0Yhfm/Y1gqa5+hSmjYEjevZn
IN0MSodxzVOtgrVEaaPmzncbWt6bhmOs90fNhjcx+nrfYBtwlF2rLbgdHo3kgsN0
SCclbZYj5atMV8CAM4xGXvkDBe61iNmFxEWThypeBpEXuzdEBChpGuD4RsX2/P1o
Tnp678CwFoUODe74IdZZqFL8SQHnqAkToTUrVFPpjL9/JrbfdtGXpXXNTZgiB6pw
G4AUDlNBI1Q8m1MViNXYAGN2osTp+3PkM6UVDEYEJObmPm5VtQjHSwcBJlEz4CkA
2w1H7UUUTITYTgNVPls/PiSN6kudnujTDfRq/78JNJ5HL4w3fESTvvgpkec7Quz7
+LGrVhL6V8iGROiUlNhryY9EI6tXb+A2FdTuELPXRT085uEO+o7vSVUUDuZ1K7gl
XST3WLJd3tdR5B8GTbzd9DUjNqnXus9R83Ejy/qEUaAi1h+ydLWXpPT1deEwApAi
YIpGFgjuA5zXS/eBr3Qj3jTuNvgFAB1dX6cuBBI9EzDwSlmFlbORojA6Irt4U3Gi
Aa9m3+9IfW0C/kgppGfkoaoAHeB6z3C7mKdukEkQ7M9juJpnInon0JpRmzEU/93k
VCCW5y8uE9/Y/F0JbhAgvpzfmQjeseX6AK5rcpJ2T2pZ18+tfKvhelDTUwHqRE7D
4gyJSp+FcPAjyk+ZuGGwkChgq9YUY5srzYehCAW00VeWm4JVG+YWf8O4uFo9P9kT
aT2o8rmC7I1BkiQAvCVRCCMoTMqzyLpwek9qb5fJr2BLUQbzZbISzuPYQZkkAp1Y
g7fwuSRXz3ylymc7LCg0wHrINrh4jBxj+rQ+2wxlhcRX0WiVkEndTzfiFPl9ojez
nIQgdjS6pT6aQ3eJNmTRqxjNEFT5a/0xYVVZfPgtKniXK2DzhjigMUml+9fILTwN
BDly6mMzyW0jiYtM1qpa76TirRK0ek7f7Et/BPjrE6kzPI71VJPt80hkQ2hayCqz
/YvErIhbbXK2/eeJXW1hfpelhaxsv1Ej2dkhiUUSoGrBSrq1kIQzTL7oCtL+wdnS
QRG0CxQMEy0oCuSokmgpWc6jTL83REr+tBRTEEdKGSpI0vqgN9w6Ex78cl5G4gIi
EkMEl/Xs7JWu21vPLAkJnAB6n6PJLzf1avJosTIcAmB7SOwMgDv+dxBgubEL0Ob4
FMbDTrjZjgtS2+PO0R1yqxWGAO5QZqXGJTKpAnZJ8Al90iGA0zSgnFJnww3HN3+i
/yZ9EaRVqMO/jaUHOfihUQ==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID6zCCAtOgAwIBAgIDPsjmMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREwDwYD
VQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4w
HAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tMB4XDTE5MDYyMTAxMDcxOFoXDTI5MDYyMTAxMDcx
OFowga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEj
MCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCn/Dj+w2rNM7b664GKWFLFP6VhhhOocP2svT18
DOPXfvoV7fqIcKOSBSQNqqMcqOUJwc/PXiMS5Tpj4r8uAOhh8Lbx0x68HMEXxpTt
ISSNI5xPDD1WleptSTZtdjp8LytvANBCGSOqoHDKqnLucs0TEp1WDYsLLewWTaQT
ACsrbKTQnxLT2jb8s0HuRD4A4sRCFjKuwDwTNkzKSnkOktHuy7K43PP9GO9AY0UF
skggUjGfmUfss3EGOVwxkaD2ZN9FdBL4snyShd01KOKjsVPzOM6F4GUy7e1OieJk
0ZxrwgfxMk+HRuJC8Nr0b0ZXl6jvWA5hdYALYIX05lFrSLYPAgMBAAGjEDAOMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG9GpyfYksDCeiMoOHeipUln
21wM/3L/IDFY2OYp3PBjSc8kzAKfGt4w2xaUHPYwyttj9IS4YJPtRNyw3/QW1vM2
/cvnyPz7QTOS2wTVNXBui83jnhadIokhlxyeE84Zi/zl2xB/B4Tz/ro2SeFp9ogh
auvz1zYi8ebcTq9JM/8PvDgZIjmWbYLOQ9aKQB/V2ThRhE3Q9vdeABdkKKqXvz2d
upi877ZPEGlz8KqLW23SmFjaunIAhHQEDX7dF3OwZXBKPXREZVXw8UXa+O+64rjk
4wqlvCEZAVvN7SkV8AOUdkaHqPeEIF5R2svU5oHNO0rEXF8jcfFtcFsyftQjZGo=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL"
set password ENC YoI2JA69t28in8H1iFeau8831w74LHvSeGUWUWEC182O8LkGeppd5oek2zCo225YhSQZmX+Ka6AmykbVzsvaLYMQsoxgeEqoZUBvtGc6BBvnDy79l+XUkcxnzGlFz6K3Td4iwhnM+7GrxztevhAzZyDU2TM6MKqquiKux0J8ZY4le/EvM97xho0TosXxkgRW/2/xDg==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIo+2gmvFYe5UCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDKOzz8Ko8zbBIIEyCRmSjeixh3x
cS23h6/a4obOjZQjlHEqantrlBAP7fXsfzhYUgnkPfz5E7ZWR4itMcHi8lVfjLiy
2JVwlti0BAFoRGR4Sjt14AK2fCbVkU2wYaF+VSBLk9PpWgecmWdiX1KCODVwQjx4
EB8p4G4q1dCE4HJ+hG8+yym8M/va7OrvHvyLWm9BwPphSe3Slf8F+OKxxBMNRusL
TaXJhok0G/ff+8Tg7SJInnKK54MDP8QisV5N8pX2vVnb1rNinX4K1Zv0rvu4nzJ9
nyNLhstlg19hiNRO7kpbr7tE68JaoM4h9vJ0u5AFRkakvvjJ0a1pIl7XNIxjNFIw
2bGri7BnQA/A337l1pUmSe3+i44t713cjCm2Kj5se6ySvOjRuQEMYPxUYMTQtRWD
oat7ehTGp+6gCrTwgcT4qeml+1gTO/XwmketRv0ZXLqyVnmnHqaCPA2xn9ruSZ5T
TYJryaHjQHHLv8Ekg6t/7b3JR0GvvXC9mMo5sjNR61kSCI2yVfyr4z3oCxjP34tz
YWDuu6J4bCP05yYKrOfaGgKqcsRO5X+1tS0BIrF3GLwnyzIuhueeHsRoaZbG93aC
04C8/DhKWmurVXGrw2ATWDLr+W4f2HB0JiedED5w0rWcrEDsUvOqF5o4B8mUILsR
l2GPJJHvnXCbA8BbWY8YBWQYX0tzpcdkS0gSK3v9CLmhPJ97OEPktmi1l/6YkNRa
ges0DjpCuaGa7akLhxZ4I0N6zZJp4PuS2hsTrLoZNSGsQ5AduQ4a4a/bJ/ItUMKa
o+Kn5eho2dztYRBsL/E8AB8XJJ9vWD8ES5M+dzcFV9gToPuIh78N3A+X12f3Odnw
0n3rVKyZ89gfzv8+48071LBobXvXIyJmraFrXSsUWGsajTila8QfuGUyNVevYH9n
7n+7YRWSSs+PdMCfFKkvnGOrxXecn4+pn0q18G769DGUCG5VSyOQKD2cw0ugzuu+
AHgQavTwSyx4I9b/n+nDD46J69aa4IMPoYGxWS5QlF3OcPordKt0jUHZmVNxVWKG
y3L2QXlist0apYCAEPMP/hLgLGs46e/JiqOteo7KmVLt3gdnGo/zaadSkFWtiPQa
0nlc95z2zHrrss/2IvFI9xoZ4ZO8v7SC7UA5mtIMIhQHydpyGRMMsY1FtKO6I4U1
f/3F/bneHN0mVtuCK9OgVJnwBGVLHeHJ+5yoTRr5nhVYGZUhBjUPS2xENjqjg9SO
A6pY/1vfjzEp97cWTRmXFBhrTtYkdpbcHg7/KfHugfzuWTGgdGV+NQP7FK6CBoQ1
CDPmLM+PU/znJU2OvIDY5phC3DwgeBJrHu+5IvlQ9YUrH2I7lIBoDZLwvROsB1+i
ESlDsONnKYuGwjyK0cUopePN+MR7BgCjBlwEUJyVKugHyaHRXu5+B2gXjqrEwprP
ofRKB0/ZFMoQZXbqJEk3rL3OsWr2r8AdyxIKww7DgGfCKZqdh4zRFANWUI0DUjh+
JM6hxYqF/uGDUlf2xM2/S9demnA2YL3xbLGQcQN5sfi/nTdDZczs8Wp9SOxWUgM3
d8y9fXbY0MhSqYXcOjhaEN5eYOikEiMLdA4qI1ouGjClW2q0cSczD4Q/OP4ZokP3
Wj9uFBLsWoXKG1b5ZO39cw==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEVpG/nTANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTkwNjIxMDEwNzI3WhcNMjkwNjIxMDEwNzI3WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7KnKxW6ebTMpP8iPJ
XKwfqj3pG0+KTzP6pqRz6CzaH/KCZSfXDv3mFIbd8X/9i7NyI7N1ma0X5my+JLhY
lOMslO6Jfft3okF5iBJav+iqQjbkdyjDfhoc/+c2FgpsxnY/JHt/pafAgBX8J4tN
dUba7Sz++YW4r6xY8LPCWwi3dVJkHystmhoy8eqxiT3OI50i1MFgfUqaUHmGusSd
HpBUcn3+jl7enLqbNvIBh3BrXV1HlBkZ+u8rTb3OkcZDXW0KGUIwjHbVJ34b1GgG
YVTgALs4G3XNFy2hZagww9yopLSeh7oeKRSlUvx/z3yLKpORz6DyR9L0qDgs45GG
N2HfAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACH1vrD6
CI6PSRenFDcHcedRki51YtYurxwjLCI/jAgFv9232Zyy+FWb+J1ThmiC2EBO+4Nl
CNTYKjQkUN/r1AA61OruuLw6Up11cUi0z0CGFcU2mF1MOdRqqWBzxaoVU+9h07eH
GhE9+7oIwsEL7dmYJkpePdjudSAxRW4JOrCr+SXfh90CllEz0GPP85vSWSpUTMQ+
koAK2nPGrgEojkjPW7rWAK9/mwkThD1TAnO9PRMpYgXs2LfA1m6tfdavBTqYONDL
g3tuXPTpTBxEK5W1CPKvBFiS1u5mTva7mgQX0FmToRcvfZpcWrK9nM/TNXVoUcpi
oMz2QkkiqqOpZxA=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL_RSA1024"
set password ENC O8wVH0CtulHfsCQAnKVhPdSsTMlT9JxS5T+7qvLeenUNpgzDWyJ3yIDHQG2GLfWdk3bhIxYm3mfR0rLgLeVatu1JrewutcdHsOjCztcnwfO246s1QL8ENpk46r5//J1IQR0y8e0pY2lftf9VcmGw4/dZEHGhzaZ8J8jlyR2TQex+leudYRdlQ8r6V9UV+PafvlIT8g==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIMFHvRTBVrtQCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLb3tK2dGselBIICgKXm/cOWNTNO
rs+0zuuh0wSP46dF8AlAUI0vrPbFCJibI0SSM9qkv6iAaKZ+2jYPjYku7AK1ae6l
TolrFJ6pnLTpRojAAn5srnFtQ3JWmwlh0waDX5rNCi9i8N8lbQd+l1viB1/AQ/Oh
cTK+NV3TjS5l0Es3TZG8e6NfX/VipBX6dWTqM3Qam9IO80edeEj/5DJtu0EXqQPT
9NqHv3pFTPlXV+ZBcTzOm0/8Ny9ElhOVFcpmbkbapiD/1SDAoE00koywT2Kx+EMS
pv6U4/Pi10wsgp9GHYmkDxe5uUxYpxY0+L7x0FeUR6Hdn8IbLDOdu9wQGKB++ZHB
FsyaRdg1qQimB1lvHBbGzHtJrqLoI82koMrltFFgOJfqnyxmgyR0YkDdn/Ud/eYW
dmgPsWn9f3j4eQ1dH3RsntRzIA640N7jopnQ4Se252sRxOFYLTIEjFJCuapHSKVk
c8pv9XpjLumC8th/P0qYnp5NDuNFvXVvkfq1jysZF8sN6UAMWr+c0aoxrAudrT3A
jKHhOklEhopOi7SXRpKIBFD9zmEMlqKDe5OhQaMFAO+etvLBStQDjXWPRYWTgfR8
KmP4zNzHnksYaoI+YVzug4/T6Mf3ge0pDpbMZBiQivtpUYOTlT6X8QkS79eE1aRd
g0oMkqDEvn6vE3e/mbT9zVdhzuZ8usRhO7u38cOEdUqt2eXlsPaaho8jN83M3knq
iWGJj4MdCqqix4UxtRlOAUCSEfnEI0W0Q2LpaYS4TDeieFhG2ZTXwbmAZZV8MDck
mcborqfemjpGO2uFn1UDd8F95OEmdYgxq8Jqd7EYrziya8cpnlr6LbgXnqZeEo4Y
pdijOclkdc8=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICwjCCAiugAwIBAgIEBGpSWzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTkwNjIxMDEwNzI5WhcNMjkwNjIxMDEwNzI5WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALY6DfAEbD5RQj8XDN89HdGF
zM3Y0Qb4jMEG4HkmHr8hZigI2Tw4EHUyjO2nNgBrtMC/t2OwbVniy3YX4PDYYdIK
eBgU3djpFtKMIASctrgQw5qlBuViZ/BNFWvR2f5aeioH9Gxi9ZEH2mZ4mEfr0UXA
PNxKjwUu8zg+w0QUl6EjAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADgYEAT8J/t5maXL/8IfI2fKskLTsxbDF6d9Jrv8uxmqNokR4ZhpqlNpM5g+fN
wip/ujye3KcvkgWX1R0R0HJmMpyPB+NQD3vERss6ILdyCMGxV25b7rsJbvkqTeOE
j07f+IA9PSz7Hj7ChiYGfAEwKDUuoYmKCDUt4Sv+2ZBOYk32b9g=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL_RSA2048"
set password ENC lXBI5/L5q6XFkblNTbArPJhVgaZinI6BE0sQWdpz1kk5ZXiNMpULLZC8btzqW9b5aPxewv8/YicGsGBeToxYglHCFBvugzzzJjrTeB60puYyav71wnsm+Z21AeTgnaDhU8lmT/LnI3KTsqpe+duAnAwvfCEop1anuotqcFNdXAJ8NjxyomX0Y29Y9vCFCMrOARUX2w==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0Ee1IolWhEgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEZRbvTGFTVdBIIEyBWG49BMwoCc
5PmLwmVSNQLgJ0AdHEJbt94s1eYLhIij5UiCJY2KcacNqfoeiPl8z7lpa5BQiB30
VPfNRXBGFC2QktN5DLuKMEzoUORG83sPRF64jNimjEhTSqPsXg2SoGrqIRlWrXwz
dKlj/Iph89p0hz9aPtf8D7HpTt1R2nC4qCFAeYBFQmTL1K0rHgZx5CC1DAZ1yC5Y
xUW6Gmj2W8SJLIrqnCC1bOQ/cXIjyEh7qOw+JL02aRujIe/njJFj/ecV3Hjol2q8
ywkSMaxLL+uZ9alJQcLrE3aXtMBFiFfoQgM6giW9pBvQMAq6KeSRJ07D8KKOqH7i
+aea3A/fSJ8RBtTOB9DrQ9TBexbqbA9BSQRG+AyTLNhYOHORtPHb/D4NVZq8HVsX
ius6Grr4Ke2ktOjQiB63oRugqZBa7vUiDzoDWfDtVsW6xiOWQEugzTGJzwj7zOth
TgVB8rEVp5BFkGl/SWmFN00o+hEKW8adIo++cscumOC2xRn7TjHdFJjLsXOQpFfX
b7ltySz2gsLKPJKuhxc29oSW/Hu4SThRNKRpQPdZ/nXTyCRPeTkRUt9MGGzY5GKW
WUJJ5FwUoC/4YU6ecdgmZ2LvNOy5FkwLMIF28y+QkT25XGEdg1wm7hhHmCUBECbl
UKzTHWz9PVnuCJXNctwaKjY8LyClYlxsBafnDhx69wtOwVKi48rmktDz4hY2le3B
n9T93SOTX7mlmq2bJF3rjB/hhOfs5O/zXu23rm0bYICtZQthMU93jLIeTTAr3wqQ
Pep2kEJxEP1s/H0SP6JK59uJVtRJWxWMtCBj9wsgbhGFqEcQvtvq78dZ74BAkP5M
0yoWX2+kOnPv0RFIQ4Y40LYlKtHxHHUoe+NCD/KNkmEd/WuRbrjsrEbMTvDH1i21
cUze/rojGWvKusSvWAP+fU7Wgy2dEsveVYZfFmdHisKPOlFdrg8HUU8tyzr3mIxN
KZiB31GTvQuXRL8c4AXhhKjB+ZBPThJgKLhzjLrvXT+9nkEiwf1VOMfZgnHnpTPd
lzwo8zxkR+zLtH4gOxEbfTHX4GxmOLIkyH+nY+ZwjrN99MQOQbsucy6FKSa8Gw4W
XUGi25bJex8nehlKkiXC8iSOO0C6+EplaHQoU0bOR0ARUDn6wR+G2MKZB64JPOGb
uEVtXOaEfAAwX1/ihoUx6YHArrF8nCqHnzfAc5BDhlQjvI+baIU0VpoXzRiW6PT/
KQvmfJQB4OsNOr69ca75gX8vzTNiEn8UUcaW4pS5FCqP1k0QcL44UpiUeg2ybgAg
W59+x/jsLCpB5PJJkx+fPH6t4cD2GYD5EmRoSj0Qf3DZ/Zu/qLGJhlqOdFA1lp9c
JV8aul3bYXgkZEJy3WwE+vRM3g40oVtCUkAoVc2S6MODYnRrte1CZt9SfhsmrHqM
znlavGVzHr6t37V6/1YK0IBqpJrdrYTm/Fzi21b/Y4/worn1j27GeH2OCHuViU0N
Fqj6WyxVt/IkSR/2t6pd1d2lKpgOoDsHMyjCuLKS/s9gVVT/AGLpCi8VMsZGO2vm
l5HN80GiaJbwnLj35RZ3NrWmXqGmgUfPvPaaRwO1UtNUvWNaMQi1//UfinNkaPjV
p8KRE01ND+hkagoL5p5AaQ==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEbCgNmDANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTkwNjIxMDEwNzM5WhcNMjkwNjIxMDEwNzM5WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+hmIkAc3xkQFUcZa8
LGOjQBwTnpGAd3ldgW+1hEXXb4dHQu5uuPTv9uN5jAzCiPtmLey326BlbU361q3X
68GU0x76fQ23fjT8eCq2SUKcvwwGD0C+weMPS0hnBK5RRBNz+h7Mqr7c+kIL/oV8
QteGrld0MTVm+KEugxvMHPi2vueC/C9mNo4T7kTjK6qshz6fS2CWkAfXxZaf0wdq
kKIhnhJubCX8QcSBsOjrvJRmGcjxWTauWSFmTyuvT1pYQjz87KJZ3csh4DPRdwlC
ijt8oTM4POk6x/2nZA78XTGalYYg8KIWvGSmQjNIg1UVD28hL9Pkg+USHvpLR5Nl
/DKrAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAExzkkX7
znnY0FYWXIGuII6IItL0iHyakjjIqIFiE8wkcAnX3SRnh/OKQB67DWkyWCLyIHBR
g8kEq7pjSKD91Vl05RsJGpQjk0cOLDk25+b78v5QGQMeZZqdTGOwx7x79Lqxv+HL
BDn7AtLpNPnKNKR+Y1TAy76X56l947+WMhvUvFWW6nODeH6HdBr+6TnCr4oExGKS
wDhglhHsnoWLnS/zhT9PI0PF7nIHOqCvIJ76lLIkrSU6GjDaj38Vyou3fgU+mofI
x72nZQZgpJO5kDXR50R9TA9S6bu1f5v+HIV+/Vx9Ap5FOheJ8nV2cyBh+OjL7akO
8ppfZ14qKipsfrA=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL_DSA1024"
set password ENC LFAu3PYQ6cnxmM4LgeqYo0TeU8yGQc8g1s/bRtxpTXFOoqvrmhxcF34tGATfLY7nuHykxsyhyLhUGjUPiNRux/udaMDnkHS1Pu/Uj2tAjVFebLicka8HrDdedDwm/6OocNyTXhMqOMdl2kKlfA8haFpV1drmdnrFLiomYVVU//oVQCK0aip9tLqcHSrYh8HkrShWNw==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1LmtyF9+dTACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBuoNa7d3H6JBIIBUBu+oL0RDRUk
9Eg9HOIG/egU8XbZmaKCC5cvxbTjhCCaXFhGvnykKzZGVskUwlw1qWcVwkZfJpgc
81McbrktqJxezlhKHPIy0NZkMlv7kwIgs41TMFg5rGb8jdSMTdpaoAR7+xhOGzrF
k1jHmNb/6J6euZzj8IYQqV2KCFBjx9vuDo4ieDLVOJxmu1JMCg5ceKRsLkbgZEw/
OJ8joAigox1lsJIZENnzeRAdlOBu7HdcB3E0IqgA46fqNdfKfpN6jimz/VriBbdz
lUj4xZ0IUGs6JjYNFiuL9N9ArXnVlirgPu2xCMguToIuNgIe6+R0bYtfM4zUdC45
eN8ZNjJ3YzzSKUswFYrb3xk1Rf+0bzvxp7Yv82xDojSJUtAwS5j9H/UL6571gL6V
A745TvmSGRoB39YTSg+zz4I3ssZq4eEE0ZkBxsBlQqA0plt/KBPG8Q==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDhTCCA0GgAwIBAgIETb/dRTALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MB4XDTE5MDYyMTAxMDc0M1oXDTI5MDYyMTAxMDc0M1owgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MIIBtjCCASsGByqGSM44BAEwggEeAoGBALvsEGhF568LWyVDe86u4+mR6UPBORtz
iPu+RlEOIJ3DNtWth1SF+eLZp2CFnYZ/6wKmdiOgkutoOi28/yWquHFPXqj+/CoV
Qz4BlRF0dB2NbXvn0ii2Cg5g0NGv8TPiSEApANB0mCqX72PCXXeFkiVwKHPvZoKu
bXIOHQp9nNuDAhUAz7lTs1LThW1Z+4npy5gfTxd/kWkCgYA5sTLw/Z4/miiAHIC8
gGCRK3u6ZPKPSf9l47+fhlN8o5neTpz/fEY1nnZk+6pbnmoQXFpfwCM9GKjBhVye
CGS+r3m+oKJ5H0CyhMO6qQDnR0OcblH1pwKigeQcEYEtTRHNp+Yex0WaFEzQpn1q
1rrFZEo2pn/0//TKN0vztLP7fQOBhAACgYAyBfJBnnv72oksEBneBAYHYdWuIU4p
eeaCON3unn9HIrzesbx/xxg1VlK14w8YfshjSHsvMS6Qfly5BJtA50uaRNQPTTzd
DmktgpJQk784WxuKf70FhQyGqgy5NLs3jS1SonQ9K3CjXB/RZ9lY6NFiQMAeXNUL
j7qunTdzv9FiiaMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDMQAwLgIVAJ72
tQI6NavJOoVk3l3mQaMhGPSkAhUAl5GxkcYfNi+V1BWSGQ1YJvuyPVQ=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL_DSA2048"
set password ENC 3qnd7qIRM8Ci15Kar7scv7UIm/lRa4a5wuHuK5okJxC1zVsJbPMONDn0mUT2OwYiDpcWr8Rp07Q8J0YXGZzvCggIt5Urz3f79jbYB2T7f7HxyKdzvr+BSwIZfUFZeRJ68h5IsKskjEwxK37Hj7RQRYIDL1gPNtUETc62TdNNk8P82px5/BwuLMhNrswQaSI5CMVr9A==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIblU1ZtoYSjwCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOPPgXs4sMysBIICcBmYQCeYJgoi
/CkV7gZvwSgITpx16YZgqvO0KTPGn12PwYaQgvZff9Qkh9qB7+BAuILlavg8pEPi
hmayjFibQemIRb9VTCESx5qNmkz/sU1IFyDIa6ea9+V+6PXbUPnl543pkoxT2n/P
OkoFQlMqig/F2BAfYItUWbQpNrjzRkLny+i6ZqGUsiDPnZMfv57zoM/OtoezUIXs
G3AJ5e/YUIEowab9p22E5/CIs4r8bCECzAlHWk0/EmSjLq4pUgJo9o/bTg6yvC70
0eu6HuOPRbm/AVVKZLeg3ygrBcKCek9eICjDPvnHEza+6QWC0/Y3TJl1Yo/CMFVb
qYZrk1FbEhRZ5wXC5J07Vk4rwf8X+hh4E2AhUzBXOZcaX6VpuKtTA8WL7o744s21
O4a47T9RlQIhWK0JQ2tl3wvRF3oOQjy+4aKsuyhyXsA1FvCEp8DQT0SSf+dzGNr5
KN0/+QWy+1PdATo8fvn8FFyqM2fa4qJaU6yogqjZvetM1GIz24cGTnxi5NrgGP97
w1ZKm/2VxIaJ7w8qaAovKbEFxyPn5Te0er1NDSMbH8IWVH63tBpqFvK08n7gTn01
FryiKBHyEs/LbJ+dfo6Cvt/WSuqolcd3Nkd/r99+OuQUt/56MtkhX6x2ShYKBp9W
1syJnw3VQWfWa9zEkHMU9Y4KxctH9pPMU5OtfDuRGIRv8RbeVxk4VECGBiIbGo6T
WyRdzvdyr5pHDPiKYwqG1WAMe2B2GFFTQ3ogRFul4gckUWV9WDYIZ/uMU2q/GkZl
qW3z9Bw/7KcVLxhxYb7q+3IGQj0XrWlGK8nkjHucjqqiUvTJY01Hbw==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIFKzCCBNGgAwIBAgIEAb9vbTALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MB4XDTE5MDYyMTAxMDgxNFoXDTI5MDYyMTAxMDgxNFowgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MIIDRjCCAjkGByqGSM44BAEwggIsAoIBAQD/whzWFu379pfwe1F1mjT7YWGr3uvr
0/pu1IPWKig4mNvACWISjYY3m7vpThdYBN9dqxFW3ysrG4r3m29GEqHiZ2axtNmg
M869g93r18sbKbwqCXvDJNjSmVLysSGoZDXn3zAbhInirleCnk6sAnYRsv70gq3D
NjBiq3lLCGFb4ZP+dy3fVmzjwApez9OdgWSKRvpj0JQg/ATWoiEbjOvt73Jo7Mdt
NcwX1y+faUEQPue4HGMNZkPkr5GTNmWPVyBBQ2EDLVB/ZJutoZlNxlYQWxqsbLZn
+Pqfh1stW6vL2igyOpjK6kpTXjmkM6s+aaj7dacsPcYSw1oHTTjW8sF7AiEAtm0Q
B9Mu29V4wwem6fVXoeZyVYxiPcOTkqBs+H0pCBUCggEAVORedlaTj+/w+gE8Jzlc
tYvYkBr8AREveicC02WEJ8mEF/9B+oW312hotairobAqoDXuV8hbDB2ymi4SlWew
ocleYOIWec/GpI+V6PC+sPKOckah8LT3uXD64FNw4sIHi8ahvbCR+fNHARtSeXu3
oCh15DJ4OwcB16B3MvrH4S9mtwjJ3ZYM/JimKVLtnPfEmU9OmxrvtYHRENs47FF8
KZMQIos0RVXf+daVmuxtrTE0gVIF0DiAFD3bxUr14tMLvNjJD5YCGi7vhoITlFTD
qOgq8Rp62E/Rw6PUBXX3SryfiI40mO0riluSIJlCFQVP65dQI47xgXzbmcUiOT9J
gwOCAQUAAoIBABfbwSWiOt+/IOOpTFMMrkwmm69z7mOhK/d69I2ZBbzmfImANbJG
3fbiull+Li4dQyCSAruRIQs6M94PPxcP6/7pcEm67KoB9ddmC/jptf77v6v0OocX
eSBWKP41+bgLNg3axNsKAbef27u1AELvUZZlzcBD6iUer/u4zIohgfgufxhuMbb2
9xaVJcamBQNA+sWxZYJk4SKuoTmAe0hRy67dMxvHmXvchGKuED2NuJfOy7pLY2G7
kLNYTuseP8yKu4yrIUa2pFlTjhmbjAU5QjGOHpjN2yc+FEd11Yr0XcHpL+nWmgYH
flJVFFUa31oIpLsWImU+zXP/lyDp81sYH++jDTALMAkGA1UdEwQCMAAwCwYJYIZI
AWUDBAMCA0cAMEQCIDZCLlOPO3UfZHRVQCgH/Hf87yMoI6WlhC7fkwMnzKv9AiBV
iZywU63hzoJfd5NDKArBS91oddwpAfkAGMZ+2dVITQ==
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL_ECDSA256"
set password ENC fLJjYcPs6YRHSww79zAxAT9q0rRLVY56gn/Oc52q8WcPhGhA1nAApCXwBlzRC7vysVV7DF2T/c1KbSIeFxOVyzdkBRBuAYRy9CNtcV+YQA0DSkOnUNsJY70ffJJlrUYkk3qM6MZIRZhYlQX6TfTpIydh3zRdyR224TZcK3xc2+mK+6fffy15WpLxWXE9pjX3dFc4fA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhRaYgX+ZyvxAICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIhXJz0Tg4PDIEgZCygHOa+8PlEDYV
8KYgMqbGfKJlrHFhWbNtFtlJEEq8mjLmaJTaRi9L04OJ/2wYTnd9YDaPGyzc1Xi8
Qd9ISEhzupPjJzm4hTNjHq/2gBqh8ahOhUuhLMsmmu6wsrw+WGSOuUzoYn/O2QwD
dsHPCJZj49bJlarKJnqzHwCstYwzUbZLdxHpNElzcFkFKlikeSA=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICOzCCAeGgAwIBAgIEEr4AhDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMTkwNjIxMDEwODE0WhcNMjkwNjIxMDEwODE0WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASYaAorVsabFejm2bv3JryLX88kYQ2J
OD3OKv8yxdkBtlNijaccAFh5+KqFz0L0594F2ghGsYcZcUyVT/WZGm22ow0wCzAJ
BgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIHBqzR8XiBosInnmCbe8KNk3ZMul
kU5rdJYPdDeLV8MtAiEAoMZ8avgs6FPJCfmpZ9EsCz4KVNKhVRBDBPGb9HdVBak=
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
edit "Fortinet_SSL_ECDSA384"
set password ENC /J1hJydGzupfGTic7YhdnRKtI0Tz116zNAmnho4U7NhaIP3PxXug/+QSQU7jdyeKxg6sZV9BBxdeKEvWAEZpQfldKtkE633v5TbPEwOenXJDPFEsH5W6AGtU4OCyxEBw6fBzcUX9MgdBVfZiKpJK2eSObTdp0gUnXRIZ9Gb4kHn2ujT4F53TTXFuzcLRfFeBiRtSnQ==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIB4UYVyfZmNQCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBhquAaRAbtmBIHAuT4Vqkx0Os3g
hH1xBhWAY3Xt25+aEvyrQT/rdTpUmfMpJJZ0H1PXi6iqdpfAxunA5+49Bz+bWM6u
dkvAskvt3FSIa/iMwVkLgrm6Y65W/z1NT0J0mTdCrCI4c1ZFY4MU7qKCWs03clos
+Af/aXTxoSy7yZcRsOHn2jSluErzBqhaYd0HVGf9jD5eRmSnSw96zRhIwSMRat2J
298yhkvCMw7Gw9Dw5DMjFWEPbWl9z+OA0XkNXEvUPsqbTuIvCMam
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICeTCCAf6gAwIBAgIEdmVpXjAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMTkwNjIxMDEwODE0WhcNMjkwNjIxMDEwODE0WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
djAQBgcqhkjOPQIBBgUrgQQAIgNiAAShWh/S9tQdGf29+q8vgukRpU9qwB8/Efgt
A8XYdQDhjqlE6XLlHgiPU74gwseeONy8B1fk4S2KlI2SXV4DtP7ZW3dcNgdbFVH3
BRI5g3WkgSMIefpTL+b9CVnyuU2mMcKjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0E
AwIDaQAwZgIxAMObYEoc0RNpczMDSn/fFteJoJv0d/sWsZP8GemDlweIWbVAzGuY
xzzv7IfMn26eJQIxAOCRIx8XLGJLphKOCvocl2eUcujQPahEMBMG4uFdg5dA+QLZ
HPYR4Cy0vEiOiNoHUA==
-----END CERTIFICATE-----"
set source factory
set last-updated 1566999592
next
end
config user device-category
edit "android-phone"
next
edit "android-tablet"
next
edit "blackberry-phone"
next
edit "blackberry-playbook"
next
edit "forticam"
next
edit "fortifone"
next
edit "fortinet"
next
edit "gaming-console"
next
edit "ip-phone"
next
edit "ipad"
next
edit "iphone"
next
edit "linux-pc"
next
edit "mac"
next
edit "media-streaming"
next
edit "printer"
next
edit "router-nat-device"
next
edit "windows-pc"
next
edit "windows-phone"
next
edit "windows-tablet"
next
edit "other-network-device"
next
edit "collected-emails"
next
edit "amazon-device"
next
edit "android-device"
next
edit "blackberry-device"
next
edit "fortinet-device"
next
edit "ios-device"
next
edit "windows-device"
next
edit "all"
next
end
config webfilter profile
edit "g-default"
set comment "Default web filtering."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 2
set action block
next
edit 2
set category 7
set action block
next
edit 3
set category 8
set action block
next
edit 4
set category 9
set action block
next
edit 5
set category 11
set action block
next
edit 6
set category 12
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
edit 11
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 63
set action block
next
edit 14
set category 64
set action block
next
edit 15
set category 65
set action block
next
edit 16
set category 66
set action block
next
edit 17
set category 67
set action block
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
edit "g-sniffer-profile"
set comment "Monitor web traffic."
set inspection-mode flow-based
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set inspection-mode flow-based
set options block-invalid-url
config ftgd-wf
unset options
config filters
edit 1
next
edit 2
set category 2
set action block
next
edit 3
set category 7
set action block
next
edit 4
set category 8
set action block
next
edit 5
set category 9
set action block
next
edit 6
set category 11
set action block
next
edit 7
set category 12
set action block
next
edit 8
set category 13
set action block
next
edit 9
set category 14
set action block
next
edit 10
set category 15
set action block
next
edit 11
set category 16
set action block
next
edit 12
set category 26
set action block
next
edit 13
set category 57
set action block
next
edit 14
set category 61
set action block
next
edit 15
set category 63
set action block
next
edit 16
set category 64
set action block
next
edit 17
set category 65
set action block
next
edit 18
set category 66
set action block
next
edit 19
set category 67
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
end
config antivirus profile
edit "g-default"
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "g-sniffer-profile"
set comment "Scan files and monitor viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
end
config system resource-limits
end
config system vdom-property
edit "root"
set description "property limits for vdom root"
set snmp-index 1
next
edit "VDOM_Public"
set description "property limits for vdom VDOM_Public"
set snmp-index 2
next
edit "VDOM_Secure"
set description "property limits for vdom VDOM_Secure"
set snmp-index 3
next
end
config firewall ssh local-key
edit "g-Fortinet_SSH_RSA2048"
set password ENC n5Zlwq6eLBmo0P+Xfu33UGMzbv6bX7OnBq2G1AcqEcnh0QD3bIpQiQc4lKeIPstWnpyiDoBBAXW5kPi9oh614vA5A46xQ+JhbCHSJJ8HBaQ2ENKv1sInROydxf6qcjFGkwzkRmlUdY6yNB42f1X6u3EmYm9trQWcGIzvDIsHGHqEEW57/B9HzppGCMGQWRsp33sm1Q==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDHXVeSZS
uC6Fg/17DcLwFyAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDjhNcleUIS
oCcEbGpYXLute1trodkdUgMG4eQ+Go3mTNJe/8KFEwPNEj4Va9ltgRE/IBnRI0zpk9lIvi
7AhULhgcXABZ+u+zYkzG8+rQ2Pw+lVbcLbAFgX65y6PsVBvmm+92d1/zNd0PslXYoUwEog
DluVnac/a/n5NZYN3smbDehbEGOoWy8ExfJVA41MThcNrDXr+sQ1kzfOI4Dd1im+cYotPZ
jrMUHI4WtokNKXhGlsN/FyE4v+z5ISlwkz2mXo2SROIwjKIRh9KY4gnRKuKZWz4RZ6xrsl
QdwF0efGT/w7i92hCZYbWC1QZEcHMqhPj6WXKP8fCIlJFr20VDAxAAADwJpGGcazltzofi
0+GMp1McTp9lvBP5EWOZSyepfO1GRowoEfkc2++y5yuFzXoKc43XWaXdPJ+aSSBaxagjan
0zoTg6C83zmULg0DDyt3xkSVyNvKifYzd8UZMSNTTmoIyiG73FQGFn3TRBVmAc4MnNSq18
ndxHyBMU9AB2zXSd+YsBRHYM6g7YDntr26hqJUMtfzmWUBHMEfM3WmLjTeAgkfo+N61zae
0gdO2iK9L7tRGG9NIGPJWh2hQYKm5pnukVWi7t1KNEKJQbkB8qnkmXfdMtQ0aMV1mi9A4s
pAwRpdfgI3RjZ9o2IF8VGhdD4/0uNQM3OZpEdz6Z5qijqOULEZGaTIU3Yxnq8TOsSiujJd
XdzF8miryv8B1ibJ7RLVXcCM9JvJcfgsZY6+bHpUNk0pFOLYnFfCWpdaFS4QyUVU631qhv
npwAD7h7nYpZ+FnkiaZT9ZfinWUECeGPGnfWIcig7mjqYMDNefnDZaNf3G5YbLq/Y9+QNJ
EWVgV41dgUIJyQLH1Q2Fvk/I1AaTAsSeCFwGNIZTlMRRIKYfi5ufbEBwHdzd6OgLBhc0QO
f2ttLObulAV1eNpeeR4ZFoMfgPFA7Q70CXwMUd9FwXynuD6YzHE7GdocKiyV9oLit0kN/S
/EZe2iKIGVE1YVk48UgVp6Sfhmt5GYJ21iWb6DKgM+OE/ZfBdigJo2F/dB2pMYGa22vznt
qVMgeVIuDc+OlvL/5aenOwcDzfTGChUoU2qvWEis+YflDSqT+7maO5c9uta/B//pAV9ctm
0Md0NLw1j4G3+dVl2Y2Nf43UP41y0N4htZ4b9cctp4NvuNSmPnUwfu6izpaeZdcniaVjaH
oCrEgfEThTkqFg495SN0dWKNvPgUNMVtKJZepcGmf+spt7fq/GwLCg0jg3e22t1bLceBlY
a2PgZycYarfnqoSAaLmKUIfeJMvWjpFHveaxa+4EaXxl5aT7l+9GWMVg0DffOesSf3gfmL
uBfXfJz83YRxMdHGMsU3RB6D46e/gmRRLUqHPRL/+HbOjupeAGDFzTtC4gn0F9NxRL/13X
LyaTX7PSru4jDYJ+CHgZyKQN2A4dtDAg/HJux7xX9u8PpdLkrXcVwuOoqS3COvx8YCrh9o
exI5PEUTqNEvyMzaKC6SIB2fd+//AA+tYqfxv6UNMmj1X2R+76BIL+qxEB0fB7Ofb1koA0
R/niHUv6IBl0J63BIx+0BsDuBx6zTji1ci7xDrjd/O7Y6wmBOWlraKVKUoD0wVzUCz2IMw
ZKpUApWQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjhNcleUISoCcEbGpYXLute1trodkdUgMG4eQ+Go3mTNJe/8KFEwPNEj4Va9ltgRE/IBnRI0zpk9lIvi7AhULhgcXABZ+u+zYkzG8+rQ2Pw+lVbcLbAFgX65y6PsVBvmm+92d1/zNd0PslXYoUwEogDluVnac/a/n5NZYN3smbDehbEGOoWy8ExfJVA41MThcNrDXr+sQ1kzfOI4Dd1im+cYotPZjrMUHI4WtokNKXhGlsN/FyE4v+z5ISlwkz2mXo2SROIwjKIRh9KY4gnRKuKZWz4RZ6xrslQdwF0efGT/w7i92hCZYbWC1QZEcHMqhPj6WXKP8fCIlJFr20VDAx"
set source built-in
next
edit "g-Fortinet_SSH_DSA1024"
set password ENC S9cU/SYrO2vT7xH/pnkKVUMf2WtfGWQ0xc0r6ogrH6znBGVmyjogke7cz9tVHwoMdY1HfONCktORnZmC8ON6BJr5+ZejszGfsoWdosHFb+oA46bc09h9h1iEaHAIoUrfcXZ78r5BRbcM979EfvkRPaO9WqJGxzz1oQUq8fTUcv+y7eYDfbQgEBfATUeXeoKPYGHRXA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDbtSPK32
1QD3hTxev3u0erAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAPui2lylFX5ElNDEK/at
pnVRSuW+o6iITtujt3Yirn6wGwRzTIpY8ft16nbptLJESZsCnd/10FNeDBjrbS4T6/xYwr
7cErHyg3ATEfCgtwKTDVeE6UYGcYzdLfump8ZhBwDQbMKDYNj1N2d0ZXSnYUT24Y11BmEN
ySIDJrSAHD6DAAAAFQCaXJE4YmaTXBE+fxTgfW7uAavbnQAAAIA2fFMx+EFyVNPjzQ5u3F
XNlpJ62/KNq3LUBzhhbtcrER7dmJUz/w8fU5llc19IkgIxE6L4t8+vPZkSxaz7mpf/rQ/Y
BmSc8K3fr0ggeZuGUSS+05ixqWzCDyPbiWJr8GixFrabbG+N5YgHmJZNWOM9PNREfj9Y29
L4h4OTDq5CdQAAAIEA+rxLc/xmRbCdeKTtuAkTs0w8y9nUsE0uaKNHaEWnDFKxRhd5VB5E
41RgPug+vyLyTslDQqfvsuw5bOKbVCPv0/GLsM01mr4CrIfra2h59t2F3Lhql6VixCfrKu
7R5/aquZa2MvGkBXpuGi6toxXqdLowO6qbh/9zGUIenm8WdesAAAHgG19EyEenavgj6Ln7
2xDJzXhEbTunj/50EeJ3RPL+11z9uBkjx9X3BddCTBPSWfrmQQrO6hFb4EPd8CuEwpGkbh
xl6WeeS3iriNmeDavMarlrNTfogUeqN3o4UHgxgew21cPHUmd9BkavaPvdY8sLVFnNb8wM
lcO4g/Our2TaUjw4iLcFH6XApYi2yI5gvqupeprTxRTL9eYTyrrLniogRnsJ3K6Gd/SnnN
R2JF42xxChYTQqpn1UKz501A8qi20+pQj8QeQGdqf1/lOXvFj2cFASGvKpyyNY0hHZitlC
hA8A23yknHyjQSm+zvMSh+c7w7mfZbloZxX8P7lrsRncP47u2pIOgvGZctJA9jI3u5LhdT
LODVGI0XFtWBHKolC6OIHyQt+/50XYHysfwcSbmyiPCEY+GEE89JfWCPyoexX2NWp7TC18
j8DVxv+njdxdCIA07hvicuO79YmFELEz1wdK6n+qMJVqshQfDNbsNVJNdyPajdtmrqAta6
CSPIEdw0pHksSRJajRVhcWcD0PGC3sGqzpuw/kT/Ji3iILCQuQtXqZjScNyaA53yspofNw
VXc3W50YBs0OOWIy38gBCGA4s1Bayhpfgnn4JxVRg5H3Pww8rGB6kEbcnzwrSMNK
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAPui2lylFX5ElNDEK/atpnVRSuW+o6iITtujt3Yirn6wGwRzTIpY8ft16nbptLJESZsCnd/10FNeDBjrbS4T6/xYwr7cErHyg3ATEfCgtwKTDVeE6UYGcYzdLfump8ZhBwDQbMKDYNj1N2d0ZXSnYUT24Y11BmENySIDJrSAHD6DAAAAFQCaXJE4YmaTXBE+fxTgfW7uAavbnQAAAIA2fFMx+EFyVNPjzQ5u3FXNlpJ62/KNq3LUBzhhbtcrER7dmJUz/w8fU5llc19IkgIxE6L4t8+vPZkSxaz7mpf/rQ/YBmSc8K3fr0ggeZuGUSS+05ixqWzCDyPbiWJr8GixFrabbG+N5YgHmJZNWOM9PNREfj9Y29L4h4OTDq5CdQAAAIEA+rxLc/xmRbCdeKTtuAkTs0w8y9nUsE0uaKNHaEWnDFKxRhd5VB5E41RgPug+vyLyTslDQqfvsuw5bOKbVCPv0/GLsM01mr4CrIfra2h59t2F3Lhql6VixCfrKu7R5/aquZa2MvGkBXpuGi6toxXqdLowO6qbh/9zGUIenm8Wdes="
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC eHTgSXt4pYu3YingBfwqXzIkUT3A74fH2AX7mBtXyHBMinltRxED2g8NDlmYkafTc+77ubnQbs39iYRrY576dWU2SpZjoEpkaOR4lekq5iKGsNXobrQsuBGdrN8X/8zdtKHo6+pwIMkOIM4htIy6VUFtJDXPrzlkh938TWpadvP5Rs+1TJNmUKDGQPlXptx3S+snsw==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBOo2rbGA
SQbrwIKO69GKy3AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
dHAyNTYAAABBBOpavbpBDcwjHV4j/4C5VBAjcm6lcY/cVXXo8rAQPuXAwXE8ABSdIWJfHV
9Ui+81o4hQ08KwnmPTz+YbEFVYCHIAAACgyf3ajsiXaAAR2ZmI2/LAQH7CkCnDg9cA8JT7
ZirALK1mUvj+JY0MZ5lZufdBtd3R9rxULEQTYT6paZ8DdA94p+YOlbjIx1H5pxXJQqZMYc
njFAwQlVuD4A7kDqFU2BjMnLzd4DWmxqh54bde+b2ZEBXsRwS4BRWGn20qH8l0JVcgyddx
rR5lA+PY1W7xQLA9ip+A/on1ZFsjjqL7XjSVHQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOpavbpBDcwjHV4j/4C5VBAjcm6lcY/cVXXo8rAQPuXAwXE8ABSdIWJfHV9Ui+81o4hQ08KwnmPTz+YbEFVYCHI="
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC 0pC20PyJAqAImpraA1K10vuJP4OyiSj3vbykUSHzHzutZYWpHqGwvu4gEAqzXWT+xZDP1lIpcRqggsj5iodK56zXKN3vQ+q0zJiUQ775LrmHef3hEi9G/BrSG1FencAREgTMhngi0wsStDgLJKn9sxCQP8vqtio/2a+SNTKra1BnPd0efTayf6sTcqha1+ehqg4Nhw==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDN5lO7xp
i1eHaUXA9PgHl7AAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
dHAzODQAAABhBDhm17D+gQn9lj6O35cpIfxGSWKIY51FhYmaZDdNFEVyG6FoLyJI4SQ4vi
Yk9eGN2i24n2jLqI1T5MhZTsy39IiApE2bzP9hjjIb+5U1Sr58wEH1mnNLwVbMOBbYLurJ
8QAAANAlikme1M5ylKEsfm7rRVxsH1U8tpfNbJ6FoVjJeI6OxpxvZ+rTfZ4vPAzMjJifKe
h+5Wzc2uJmlkryvhOb0WhV2SxveWvKLK0C6YFCo43PC82+53690Bd/p/lHezflfDaJnzEs
mIsoDPD9ZfPrmaMT3cCQHc4KWtjQceiSov19ouGp2oHNQXizyvjs9BugdIuWgdRLdIQTsn
Dcx+wlxhZEbaYIj0RkFk32+KhCaBA9eQ0puFUwDkHK8V3cxlTZiDz+0rv2TlLFFIgUq1xJ
8TV3
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDhm17D+gQn9lj6O35cpIfxGSWKIY51FhYmaZDdNFEVyG6FoLyJI4SQ4viYk9eGN2i24n2jLqI1T5MhZTsy39IiApE2bzP9hjjIb+5U1Sr58wEH1mnNLwVbMOBbYLurJ8Q=="
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC f7+w/WQ13sqZZEVTI7eqO49g3Uag8GgIFKy68qSC0gXzELDIScMzmRhm0E0E7kaEJ67nqRdpbqwgtxfSxKAMTo9xLlSt4dJGOs1Z3bO78IaCcruDZma8Or4xHh7/c5IDS/LNZof2Kahe625vmEoYtpyXnUuQThyVKjkxT9bPe+bYpqJQKlIfrjgBdpJXjBOHBmls2A==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDYWTIml+
vHdnV4lhK3RBQoAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
dHA1MjEAAACFBAAaMF9N+3XSVt32lmMQkwGJKjnLSXSdLGln+gMuX8m50ZD9vNP5EUyYoZ
6P6aTQaGqFTz23ff7LBBABPLtrXKxIqQEKAHn7EEsCzyy35z/nV4TcrSGs0Uqd5yhpO6qV
GmicBPd8WfmwkDR88KVc24aydsRSCIB0i26+Qr+vEGLobVO+iwAAAQDk2W9yYUjVgIiJgJ
mOQaVKc2d5Be3pOFTthDpKE9lJ4mgZCB3xj/AmBvBWsRH9qPRGHUAh+PxHTykB++806M6R
bvNqZNxrPtAvTwg21iu4LX0dmxdpoKfFTIxSPifPjDWN2q9y8BUaI27LbP0P46bG/TufMB
G73iTCh5Z+NnZbnS2LgegYFN4uUFvJ2Tw5WAavnv04k7K2KHEti3jMcSVUtF2f6nppCxNl
npmGgiYd8r1eQp6cWmHvfz0qM6AqNlmwdcWwfQTFI6QRZjXJAeG6SSXytbZJHfClPDUfrg
j27/+kz+mKYat7BST+D7/GUIP6Bpn9yLyADxZVJO0JZvya
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAaMF9N+3XSVt32lmMQkwGJKjnLSXSdLGln+gMuX8m50ZD9vNP5EUyYoZ6P6aTQaGqFTz23ff7LBBABPLtrXKxIqQEKAHn7EEsCzyy35z/nV4TcrSGs0Uqd5yhpO6qVGmicBPd8WfmwkDR88KVc24aydsRSCIB0i26+Qr+vEGLobVO+iw=="
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC riOXsfBqV8oADDanTqlH17UHYthEPRGE7ZAPBtAvE7mDCgKW5ePfCEPo+XzBsSHdfk2RdFHKrgiKjpoDFRL48EvtUW/wF1fP225hLP25buwKm4RJ+zpaoUjT/BTOrMCMOJ6YBQKhFsZV0UjupR5bHCJ5X/gYRfGggxflfgKU65quMMrxFDmofmQ/iiKbFbWZPMinpA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABALA/iXfo
1/k+lHM/5tPXjOAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINLcIYKUWu+5VjMn
/Kpcfzu+ez881i1IYSbAYCGFv9ohAAAAkHPI/c3ORH7/ShnZmZjfIJ5zAJWpW23mkk8p0G
Ua7Sv6QjWe0jgV1sI2iexugXutnoIzJ0eCX0LigMjnQzyInfQLWVZZB0g96l77/bfd+P2j
99J7xHpfF4DWvlVeyZygD86eWgxv4DpluK2tvyx8wQj9ibJBjkXVI0c9dtsdU8RHwX5k8Z
um/A17NDZs/XDv1w==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINLcIYKUWu+5VjMn/Kpcfzu+ez881i1IYSbAYCGFv9oh"
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC A6zpXpgMQhHQqXYfvCv2hIQxBBv2+IUhoJ2rHxDS+wrAqHWNCBB4X2Dhm3kD55+xRbdhRS/tk2uc62uFgR5IETHUC3t1NsZvBELBerSz4hW8KSK0/qAngZs5fKDkceJtstX3TgW1Qbvv2VAsNOT0IYvo9Sj/seCkw2n2QIOlS2y2yPsnQTRGSKC448LOS1l6gEi/mQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC29jfQmW
yfnw73SThsR97nAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDTTQchMZbw
ExUGKFFl00ypgfj3oHwW1kyijs4doS9WsC8hAQIAm2g4dtVlO8wO3gLfkR4YPAoacnvAL0
yMYLAoiMp9d1+3dWub+O+oDXS4zaUJgVMv3CZEr78JIzhCFoOnMIc+RC1Ez1tMhNeeEn26
qWIrll4XVXP28bZnp/7FV0DBqD7HKOxc00iP+Uzb1zHXeADJ0KH/o7B4hOmt1pSUypOjkQ
dXRqRknppiI/k+7kFhers0dLMKr+6sYhxkfSwsNbOw6PMJZTPaqsOaw9s0+t38o1MbFL8N
xP4ZZqv3KfEIGDAhbES6R0t4GTnvOovlw6k2IxYQCBCS3qL8NPZtAAADwO/ldcuu2IPV/8
sS8FNO+qzQHTWQPjzhop0gkXLZ8QOKW69QX4aj3/XiHXj/uk/lGUmJFIkMSUMPHpXcb5f7
PWQkAszjS4C+Zb7JhRpP+8FiAFjnWitFaNKyWNjO2GI8a7dAHLR8cj2nLNSOICv4BEWkzc
O6p7BcqEP1jyoyO//wcFuUtzkUN1qGXBHTpKzG8neqiDN/1VtLZ8QCJSfP+pqWFul6dxD0
YpAyPwX/lFg0chTSByuks4e0llRJQ/Grp7HJD2n65nAAUuY1HKOgWiLNdldufOrswBsDf+
20SNtoVKSgAkVta3ltvfxi9IW1EUWrukb9uE3Wxzwk9urHNBbcVYcxre0ANHiLKPdA/hJF
kqlITu8uJ3QjVbQV8kCDBECa/L2QHer7UYGG0kH4038ZLWuwM8HWb5gj19Jm8sJtVZYgfP
C3dctEMWHDMzu/BgrOqorXFh5/A/gQCKiI02BPCkXTdVzQ39sIKL9cWfkyLFCnu3OOE9Ul
cHgJTRVZWzDocWpOZatwuINIViIgfbiOEa4IBYsMMh8q4hnM/IT7BLm2Z182FcENGTX4Om
+6J+xcxj7tD8O1PUFfEeX0Rx7OanLZRR3M/0CFQRkCpzP5mVPQo9IcEueOHhRwQwDr/4Sf
ooVNAqnvpguzV7erhEfEZDh4hNqW0z7qBanLupncVfS3xLNsn6kTESDd3CyxHVP7NEO/FU
YzYEf3CE3Guiu7dhOWwgGUpcDTZSnFHONKdOkpEUeb6dRTFaMTUmHe92ol5LCkDhHHpZwc
QPuTS/Oewr0NbCae450vBR1qyshcSmEpiGqu1UQZOKBn20Bnuh75Z/S2F+6sglkywjOyLh
eTFh3yE8srUiR6cimrtYAOCvM7UIb8mCAD7ot3VYOFGw+PeWyjqs1Gc3tMsew49K1xpIbk
4iMp7b/AlMC2x542GOKpNZlK7dv22fDRZscYjxmZT0AOMBH0BgP7uMEYHsFssXMi9bL6D1
VFX01vDxrPT5clf17meFnw4bXNZNzcG4yAaxBvWPp80xvv9VdFZOh+OeLUsXIPdY95BCZV
DwxMNUfVVq/lJwNm0LnmZ2UieL15NB/IdD76SfmlPZjLbJGE4BdmOOPtq+27j3Kl1tD9Eh
NHucHwz3IxqWEtSo0mL1SlxpfSxoU7KCYEIKIlb0qwqa2YV4BJ51uU65GzbY1DMQRBdfH2
jR3pWiqMYHBRxKralNzzXElj6KmwGjkpe0YOYj2XIvR2yOa282RNxBM+Xzc3A14p3WREW/
0D8D2hSQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTTQchMZbwExUGKFFl00ypgfj3oHwW1kyijs4doS9WsC8hAQIAm2g4dtVlO8wO3gLfkR4YPAoacnvAL0yMYLAoiMp9d1+3dWub+O+oDXS4zaUJgVMv3CZEr78JIzhCFoOnMIc+RC1Ez1tMhNeeEn26qWIrll4XVXP28bZnp/7FV0DBqD7HKOxc00iP+Uzb1zHXeADJ0KH/o7B4hOmt1pSUypOjkQdXRqRknppiI/k+7kFhers0dLMKr+6sYhxkfSwsNbOw6PMJZTPaqsOaw9s0+t38o1MbFL8NxP4ZZqv3KfEIGDAhbES6R0t4GTnvOovlw6k2IxYQCBCS3qL8NPZt"
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC IQoq1YUX70O+76blNFtUIWn/Yashvew2fMHhZPReRFdUtYyHAdC7Y6BS7njNhWMwgbLF4a1htHc1j3wjku8/RZDQNeKPSHV3h3fhbtae3oEkRjWkKgF1mfq+5k5QoEjU7DW/P9w55MNAzC+fsuGBCFSzLFeyAGAZadjgxlJTR7zchNmbhw+YDa/9m8pLOHpxCBHZ+Q==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCPIXDWNl
KkTiF3uUDAuUh7AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCodhYKSqg7
I4BNY6yxFfF8oSfeDMh/8m0wqCecFC9Tb7oyVmgdFFune6KOSNby9ZbjIZWvQ1SNvR00LS
1DkQkfTwNmcHMUtH+utsz13yhOtUIqRIjzPW4j2u6id/qE/REFcvDLjR/0dQAbP3OoHv+Q
ArjOLvliZ7zxX/bzP0P2Zsn7T3aNJHDxHOHCqOqZcgXABBKUhNXjP4icUEs2VviSO8BqEO
mtMWXRrAW0FYklYbUzJ1vl1rBB2G9kIzgaZxg50SDBxfJ/HJEN5L4nxn+DOF3Bc0x5Jyo7
m1jPfcna56Gx+XOlRxS2ZZDH3rk5TkF740mdE5Wh9ZJ3e0ETORZVAAADwG5yClr9O/6Kwb
m9lQcwY3qUHIePi+zSMQXUKk/kSHniPeZxF35L6DUErQJG7WQmdlsWHeO/WM0xAvlc2oXy
DpjBWxVkotvdO4apRZgQ188g7a4fyOpLuCio7v/f98GeA32mqsnw1Skcyh8UNPj4qPeQfg
62r8pnud1ZCsP9dsl0IkWMFaZErbYhrJu7zXMn5ssW/poud930p8YFA8X0HX5pruqeeytA
4QQeEf3FKzsti7YnO9oC5GdMeTOaujdKZT+1UOpT730BqwucJ5rz7hyZv8y8e5ah+h4ILJ
kHDmq6PqEbiYL4nm5Is6ZfWgCBcMr3jmcfkdECfafh7t8mLh77BCg94UkRMSPs3hkbNd9W
UseYkSVfDsh5vS0aHqxX0gupcuArhGGJduyhi6DHquD0iRwz8I9wOw9BKi1Wjg+lbeDvCt
nYcKGtgVtWyFteryVs9uyHFPTn8mPT8DoXRUJ0KAu43Yeg3/2mYP4113/1t4darq5t8Mig
GTU6sdwoL4GmJRsvg6Sx7mhvDJdrRCx73eG/txk0yK8lvhMqE567IU90lzuoihR32du5GW
tymE44aHZ8MqGS4g3bSN4I9Z7/cMqPvcvAEPL0eKU4DHakWy3mcRKao76b4ZbMp/2OWOH9
EEYMQ1p7rIxoNqmlXMxDohLuBTYfygPWKEeCCjac41x4TwRc8Js+zPyn3NJ0r/4qYTBCR5
EW1HeRaSCrGzmuNSWiAEl1uTUtK+sUVT76o4LsQjMIQ8E7adxUIB995mpm25EqEr24GOru
43PqWe/EpCB9YqRw7Q9HmaLMdMdnqZavcRdr5RmmZY1YR3nzeoaPbx0F6b2ro6os/mzQn6
jiWP7MZ5OKAc+G5uA/WNTyHQsH5WiqDLdx6i/mvJMiQU5Lx42CidKmPgCxlNk4jPCsglCG
iWRMwSBIVonMqhxEkRyTpAIN0KKfsU7V1SdHQ+E6BIiTms6WZvg3zSH2s3KG7L89nFwyfq
ijfsCPJeYXrEMJJEcqDYBaQFOmAJZlFOEJK2a9zKw7QH7BVbCMeq+xIQM6WrU4hhNAkApZ
ix2sY3Z0HiMWoOqmpTUdsbRC0lb2NyTK+8M+DWp0kLciiUpPdK2OqiqvPLqHuvABXwv15f
0HioytXLH4OtUOFjdPah8e1H4bFXH+qejfzhEDnZm+iV9bkKVWnmZ5n7KvpsURIic8lh5f
rD1w3/y2WaTEu0dWEr+8zYty8ZoTvBMl/A9D59AsFf8PNeBFwt89IpgcR2B2vgEoLbdlW+
GGMwerhQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCodhYKSqg7I4BNY6yxFfF8oSfeDMh/8m0wqCecFC9Tb7oyVmgdFFune6KOSNby9ZbjIZWvQ1SNvR00LS1DkQkfTwNmcHMUtH+utsz13yhOtUIqRIjzPW4j2u6id/qE/REFcvDLjR/0dQAbP3OoHv+QArjOLvliZ7zxX/bzP0P2Zsn7T3aNJHDxHOHCqOqZcgXABBKUhNXjP4icUEs2VviSO8BqEOmtMWXRrAW0FYklYbUzJ1vl1rBB2G9kIzgaZxg50SDBxfJ/HJEN5L4nxn+DOF3Bc0x5Jyo7m1jPfcna56Gx+XOlRxS2ZZDH3rk5TkF740mdE5Wh9ZJ3e0ETORZV"
set source built-in
next
end
config system cluster-sync
end
config system fortiguard
set sdns-server-ip "208.91.112.220"
end
config ips global
end
config wireless-controller utm-profile
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set ips-sensor "g-wifi-default"
set application-list "g-wifi-default"
set antivirus-profile "g-wifi-default"
set webfilter-profile "g-wifi-default"
next
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
set server-mode enable
set interface "port14"
end
end
config vdom
edit root
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
set gui-application-control disable
set gui-endpoint-control disable
set gui-wireless-controller disable
set gui-antivirus disable
set gui-webfilter disable
set gui-dnsfilter disable
end
config system replacemsg-group
edit "auth-intf-qtn.port1"
set comment "This is quarantine notification replacement message for quarantine VLAN interface"
set group-type auth
config auth
edit "auth-disclaimer-page-1"
set buffer "
Firewall Quarantine Notification"
set header http
set format html
next
edit "auth-disclaimer-page-2"
set buffer ''
set header http
set format html
next
edit "auth-disclaimer-page-3"
set buffer ''
set header http
set format html
next
edit "auth-reject-page"
set buffer "
Firewall Quarantine Declined"
set header http
set format html
next
end
next
edit "auth-intf-qtn.port14"
set comment "This is quarantine notification replacement message for quarantine VLAN interface"
set group-type auth
config auth
edit "auth-disclaimer-page-1"
set buffer "
Firewall Quarantine Notification"
set header http
set format html
next
edit "auth-disclaimer-page-2"
set buffer ''
set header http
set format html
next
edit "auth-disclaimer-page-3"
set buffer ''
set header http
set format html
next
edit "auth-reject-page"
set buffer "
Firewall Quarantine Declined"
set header http
set format html
next
end
next
edit "default"
set comment "Default replacement message group."
next
end
config system dhcp server
edit 3
set ntp-service local
set default-gateway 169.254.1.1
set netmask 255.255.255.0
set interface "port14"
config ip-range
edit 1
set start-ip 169.254.1.2
set end-ip 169.254.1.254
next
end
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
edit 4
set dns-service default
set default-gateway 10.254.254.254
set netmask 255.255.255.0
set interface "qtn.port14"
config ip-range
edit 1
set start-ip 10.254.254.192
set end-ip 10.254.254.253
next
end
set timezone-option default
next
end
config firewall address
edit "none"
set uuid 0dbca2b2-93c1-51e9-efa7-fe324c0415b2
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid 0dbcc116-93c1-51e9-0332-ffce5b953880
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid 0dbcdde0-93c1-51e9-ecfc-211c579f3843
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid 0dbcf69a-93c1-51e9-3151-0982ba36736e
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid 0dbd144a-93c1-51e9-2417-c1ef6b480354
set type fqdn
set fqdn "update.microsoft.com"
next
edit "all"
set uuid 0eee28e0-93c1-51e9-92b8-a1efc1c1364b
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid 0eee347a-93c1-51e9-cd13-30a2c9caa3da
set visibility disable
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid 0ef14de0-93c1-51e9-d044-4ac1914ca087
set type iprange
set associated-interface "ssl.root"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
end
config firewall multicast-address
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
end
config firewall address6
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid 0ef1621c-93c1-51e9-2ab6-1ed52c0222ed
set ip6 fdff:ffff::/120
next
edit "all"
set uuid 20e622dc-93c1-51e9-83e6-b6d1452b0e6c
next
edit "none"
set uuid 20e6617a-93c1-51e9-e00f-f379a89f8218
set ip6 ::/128
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config ips sensor
edit "all_default"
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
set block-malicious-url enable
config entries
edit 1
set severity medium high critical
set status enable
set action block
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "Content_Summary"
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Content_Archive"
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Large-File"
config filter
edit 1
set name "Large-File-Filter"
set proto smtp pop3 imap http-get http-post mapi
set filter-by file-size
set file-size 5120
set action log-only
next
end
next
edit "Credit-Card"
config filter
edit 1
set name "Credit-Card-Filter"
set severity high
set proto smtp pop3 imap http-get http-post mapi
set action log-only
next
edit 2
set name "Credit-Card-Filter"
set severity high
set type message
set proto smtp pop3 imap http-post mapi
set action log-only
next
end
next
edit "SSN-Sensor"
set comment "Match SSN numbers but NOT WebEx invite emails."
config filter
edit 1
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by regexp
set regexp "WebEx"
next
edit 2
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by ssn
set action log-only
next
edit 3
set name "SSN-Sensor-Filter"
set severity high
set proto smtp pop3 imap http-get http-post ftp mapi
set filter-by ssn
set action log-only
next
end
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1561079297
next
end
config user local
edit "guest"
set type password
set passwd ENC Ifv6ZzXkuXraxL5dCg2hJhgLoEFGWgykA5tdN0ZiUSllp0IQn2Z8lbHXwku6WqfXbvkqf/2SG7ePVLZxZsbdj4arnnt5TWkSYXOk/19Z6QPTt2zQRuAR6B5dTz86nixRHveqpCFf+Mu/58oTlS/8veZ6FBbstjW5qv1bO0pBYkLrCgBybbjaQwuzORI2/titSUPdVg==
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "Fortinet_Factory"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter profile
edit "monitor-all"
set comment "Monitor and log all visited URLs, flow-based."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
set log-all-url enable
set web-content-log disable
set web-filter-activex-log disable
set web-filter-command-block-log disable
set web-filter-cookie-log disable
set web-filter-applet-log disable
set web-filter-jscript-log disable
set web-filter-js-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-referer-log disable
set web-filter-cookie-removal-log disable
set web-url-log disable
set web-invalid-domain-log disable
set web-ftgd-err-log disable
set web-ftgd-quota-usage disable
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config antivirus settings
set grayware enable
end
config spamfilter profile
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
edit "default"
set comment "Malware and phishing URL filtering."
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config switch-controller managed-switch
edit "S124EN5919001593"
set fsw-wan1-peer "port14"
set fsw-wan1-admin enable
set version 1
set max-allowed-trunk-members 8
set dynamic-capability 30868
config ports
edit "port1"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port2"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port3"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port4"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port5"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port6"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port7"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port8"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port9"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port10"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port11"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port12"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port13"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port14"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port15"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port16"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port17"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port18"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port19"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port20"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port21"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port22"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port23"
set speed-mask 207
set vlan "vsw.port14"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port24"
set speed-mask 207
set vlan "vsw.port14"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port25"
set speed-mask 220
set vlan "vsw.port14"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port26"
set speed-mask 220
set vlan "vsw.port14"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port27"
set speed-mask 220
set vlan "vsw.port14"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
edit "port28"
set speed-mask 220
set vlan "vsw.port14"
set allowed-vlans "qtn.port14"
set untagged-vlans "qtn.port14"
set export-to "root"
next
end
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
config platform
set type 221E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
end
config vdom
edit VDOM_Public
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
end
config system replacemsg-group
edit "default"
set comment "Default replacement message group."
next
end
config firewall address
edit "none"
set uuid ac2d14ca-c99c-51e9-afa2-8e9d28ca0b0e
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid ac2d4dc8-c99c-51e9-09e4-9e1df4595d56
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid ac2d8b76-c99c-51e9-29ce-c8519f397933
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid ac2dc53c-c99c-51e9-7c3d-500fb3e33132
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid ac2dff5c-c99c-51e9-6a11-667fbd099464
set type fqdn
set fqdn "update.microsoft.com"
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid ae911ba8-c99c-51e9-39e4-657f77a56a80
set type iprange
set associated-interface "ssl.VDOM_Public"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "all"
set uuid ae91b8e2-c99c-51e9-1695-c6f33cb0ecfd
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid ae91c51c-c99c-51e9-7bc6-c26cc49e5c63
set visibility disable
next
end
config firewall multicast-address
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
end
config firewall address6
edit "all"
set uuid ac2e4138-c99c-51e9-9a87-53d6db632d83
next
edit "none"
set uuid ac2e702c-c99c-51e9-f4dd-e70b261b7eec
set ip6 ::/128
next
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid ae913246-c99c-51e9-16d0-f91906420c4b
set ip6 fdff:ffff::/120
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001035
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "Fortinet_Factory"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config spamfilter profile
edit "default"
set comment "Malware and phishing URL filtering."
next
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "VLAN_Public-wan1"
set uuid 0ff002d0-ca27-51e9-72fd-0249e5553378
set srcintf "VLAN_Public"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
edit 2
set name "VLAN_Public-VDOM_Link0"
set uuid 042df726-ca28-51e9-bdd1-95bcbcded399
set srcintf "VLAN_Public"
set dstintf "npu0_vlink0"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
edit 3
set name "VDOM_Link0-VLAN_Public"
set uuid 615a0f2a-ca28-51e9-b604-babfe20fff5c
set srcintf "npu0_vlink0"
set dstintf "VLAN_Public"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
config platform
set type 221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router static
edit 1
set dst 172.4.255.0 255.255.255.0
set gateway 172.3.255.1
set device "npu0_vlink0"
next
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
end
config vdom
edit VDOM_Secure
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
end
config system replacemsg-group
edit "default"
set comment "Default replacement message group."
next
end
config firewall address
edit "none"
set uuid b41b990e-c99c-51e9-05a1-ae2831aff546
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid b41bcfaa-c99c-51e9-963e-cea07030b24e
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid b41c0a88-c99c-51e9-3ab3-a3743277843d
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid b41c4476-c99c-51e9-3057-99915f888ae7
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid b41c7e1e-c99c-51e9-a57f-59dcdb6a6c81
set type fqdn
set fqdn "update.microsoft.com"
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid b6798c6a-c99c-51e9-d214-d9cc2c9a6db9
set type iprange
set associated-interface "ssl.VDOM_Secure"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "all"
set uuid b67a24b8-c99c-51e9-0b85-65baeb0b951e
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid b67a30fc-c99c-51e9-ab74-eb0709e3deb0
set visibility disable
next
end
config firewall multicast-address
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
end
config firewall address6
edit "all"
set uuid b41cc3ec-c99c-51e9-c2bf-fe9c629fb3e7
next
edit "none"
set uuid b41cf29a-c99c-51e9-d5e0-1e98cbedb3ec
set ip6 ::/128
next
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid b679a34e-c99c-51e9-be6c-6f21a7ca83ea
set ip6 fdff:ffff::/120
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567001048
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "Fortinet_Factory"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config spamfilter profile
edit "default"
set comment "Malware and phishing URL filtering."
next
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "VDOM_Link0-VLAN_Secure"
set uuid 91c545c6-ca28-51e9-ae8d-8b0127d04b9b
set srcintf "npu0_vlink1"
set dstintf "VLAN_Secure"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
edit 2
set name "VLAN_Secure-VDOM_Link1"
set uuid 953cb13a-ca28-51e9-1147-82b2ab98feb0
set srcintf "VLAN_Secure"
set dstintf "npu0_vlink1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
config platform
set type 221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router static
edit 1
set dst 172.3.255.0 255.255.255.0
set gateway 172.4.255.1
set device "npu0_vlink1"
next
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
end