#config-version=FG100E-6.0.4-FW-build0231-190107:opmode=0:vdom=1:user=admin
#conf_file_ver=172511656451298
#buildno=0231
#global_vdom=1
config vdom
edit root
next
edit VDOM_Public
next
edit VDOM_Secure
next
end
config global
config system global
set alias "FG100ETK19009439"
set hostname "FG100ETK19009439"
set switch-controller enable
set timezone 29
set vdom-admin enable
end
config system accprofile
edit "prof_admin"
set secfabgrp read-write
set ftviewgrp read-write
set authgrp read-write
set sysgrp read-write
set netgrp read-write
set loggrp read-write
set fwgrp read-write
set vpngrp read-write
set utmgrp read-write
set wifi read-write
next
end
config system vdom-link
edit "cust0_vlink"
next
end
config system interface
edit "dmz"
set vdom "root"
set ip 10.10.10.1 255.255.255.0
set allowaccess ping https http fgfm capwap
set status down
set type physical
set role dmz
set snmp-index 1
next
edit "mgmt"
set vdom "root"
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh http fgfm
set type physical
set dedicated-to management
set role lan
set snmp-index 2
next
edit "wan1"
set vdom "VDOM_Public"
set ip 192.168.255.253 255.255.255.0
set allowaccess ping
set type physical
set role wan
set snmp-index 3
next
edit "wan2"
set vdom "root"
set mode dhcp
set allowaccess ping
set status down
set type physical
set role wan
set snmp-index 4
next
edit "ha1"
set vdom "root"
set status down
set type physical
set snmp-index 5
next
edit "ha2"
set vdom "root"
set status down
set type physical
set snmp-index 6
next
edit "port16"
set vdom "root"
set fortilink enable
set ip 169.254.1.1 255.255.255.0
set allowaccess ping capwap
set type physical
config managed-device
edit "S124EN5919001593"
next
end
set snmp-index 13
next
edit "modem"
set vdom "root"
set mode pppoe
set type physical
set snmp-index 7
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 8
next
edit "ssl.VDOM_Public"
set vdom "VDOM_Public"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 12
next
edit "ssl.VDOM_Secure"
set vdom "VDOM_Secure"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 14
next
edit "npu0_vlink0"
set vdom "root"
set status down
set type physical
set snmp-index 10
next
edit "npu0_vlink1"
set vdom "root"
set status down
set type physical
set snmp-index 11
next
edit "cust0_vlink0"
set vdom "VDOM_Public"
set allowaccess ping
set type vdom-link
set snmp-index 17
next
edit "cust0_vlink1"
set vdom "VDOM_Secure"
set allowaccess ping
set type vdom-link
set snmp-index 18
next
edit "lan"
set vdom "root"
set ip 192.168.100.99 255.255.255.0
set allowaccess ping https http fgfm capwap
set status down
set type hard-switch
set stp enable
set role lan
set snmp-index 9
next
edit "VLAN_Public"
set vdom "VDOM_Public"
set ip 172.3.255.1 255.255.255.0
set allowaccess ping https ssh http fgfm
set role lan
set snmp-index 15
set interface "port16"
set vlanid 1000
next
edit "VLAN_Secure"
set vdom "VDOM_Secure"
set ip 172.4.255.1 255.255.255.0
set allowaccess ping https ssh http fgfm
set role lan
set snmp-index 16
set interface "port16"
set vlanid 2000
next
edit "vsw.port16"
set vdom "root"
set snmp-index 19
set interface "port16"
set vlanid 1
next
edit "qtn.port16"
set vdom "root"
set ip 10.254.254.254 255.255.255.0
set description "Quarantine VLAN"
set security-mode captive-portal
set replacemsg-override-group "auth-intf-qtn.port16"
set device-identification enable
set snmp-index 20
set switch-controller-access-vlan enable
set color 6
set interface "port16"
set vlanid 4093
next
end
config system physical-switch
edit "sw0"
set age-val 0
next
end
config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "port1"
next
edit "port2"
next
edit "port3"
next
edit "port4"
next
edit "port5"
next
edit "port6"
next
edit "port7"
next
edit "port8"
next
edit "port9"
next
edit "port10"
next
edit "port11"
next
edit "port12"
next
edit "port13"
next
edit "port14"
next
edit "port15"
next
end
next
end
config system custom-language
edit "en"
set filename "en"
next
edit "fr"
set filename "fr"
next
edit "sp"
set filename "sp"
next
edit "pg"
set filename "pg"
next
edit "x-sjis"
set filename "x-sjis"
next
edit "big5"
set filename "big5"
next
edit "GB2312"
set filename "GB2312"
next
edit "euc-kr"
set filename "euc-kr"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Main"
config widget
edit 1
set x-pos 1
set y-pos 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 2
set y-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 3
set y-pos 1
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 4
set y-pos 1
set width 1
set height 1
next
edit 5
set type security-fabric-ranking
set x-pos 5
set y-pos 1
set width 1
set height 1
next
edit 6
set type admins
set x-pos 6
set y-pos 1
set width 1
set height 1
next
edit 7
set type cpu-usage
set x-pos 7
set y-pos 1
set width 2
set height 1
next
edit 8
set type memory-usage
set x-pos 8
set y-pos 1
set width 2
set height 1
next
edit 9
set type sessions
set x-pos 9
set y-pos 1
set width 2
set height 1
next
end
next
edit 2
set name "Main"
set scope vdom
config widget
edit 1
set type cpu-usage
set x-pos 1
set y-pos 1
set width 2
set height 1
next
edit 2
set type memory-usage
set x-pos 2
set y-pos 1
set width 2
set height 1
next
edit 3
set type sessions
set x-pos 3
set y-pos 1
set width 2
set height 1
next
end
next
end
set password ENC SH2wk80hvM+kh9BM1HFPkL5sERAhvnpiaMAx46S9e/6nlxRxeZ805tWEil5BEg=
next
end
config system ha
set override disable
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system replacemsg-image
edit "logo_fnet"
set image-type gif
set image-base64 ''
next
edit "logo_fguard_wf"
set image-type gif
set image-base64 ''
next
edit "logo_fw_auth"
set image-base64 ''
next
edit "logo_v2_fnet"
set image-base64 ''
next
edit "logo_v2_fguard_wf"
set image-base64 ''
next
edit "logo_v2_fguard_app"
set image-base64 ''
next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg mail "email-decompress-limit"
end
config system replacemsg mail "smtp-decompress-limit"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-group-info-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg nntp "email-decompress-limit"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
config system replacemsg auth "auth-disclaimer-page-2"
end
config system replacemsg auth "auth-disclaimer-page-3"
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg auth "auth-quarantine-page"
end
config system replacemsg auth "auth-qtn-reject-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-linux"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg ec "endpt-warning-portal"
end
config system replacemsg ec "endpt-warning-portal-mac"
end
config system replacemsg ec "endpt-warning-portal-linux"
end
config system replacemsg ec "endpt-remedy-inst"
end
config system replacemsg ec "endpt-remedy-reg"
end
config system replacemsg ec "endpt-remedy-ftcl-autofix"
end
config system replacemsg ec "endpt-remedy-av-3rdp"
end
config system replacemsg ec "endpt-remedy-ver"
end
config system replacemsg ec "endpt-remedy-os-ver"
end
config system replacemsg ec "endpt-remedy-vuln"
end
config system replacemsg ec "endpt-remedy-sig-ids"
end
config system replacemsg ec "endpt-remedy-ems-online"
end
config system replacemsg ec "endpt-ftcl-incompat"
end
config system replacemsg ec "endpt-download-ftcl"
end
config system replacemsg ec "endpt-quarantine-portal"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "ipsfail-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system replacemsg utm "outbreak-prevention-html"
end
config system replacemsg utm "outbreak-prevention-text"
end
config system replacemsg icap "icap-req-resp"
end
config system snmp sysinfo
end
config system central-management
set type fortiguard
end
config firewall wildcard-fqdn custom
edit "g-adobe"
set uuid cef19678-ca66-51e9-5ba0-58da029ddc0f
set wildcard-fqdn "*.adobe.com"
next
edit "g-Adobe Login"
set uuid cef1ab0e-ca66-51e9-89af-55f21a9e58f4
set wildcard-fqdn "*.adobelogin.com"
next
edit "g-android"
set uuid cef1b978-ca66-51e9-dd21-45e0aec3c320
set wildcard-fqdn "*.android.com"
next
edit "g-apple"
set uuid cef1c7a6-ca66-51e9-ba39-6f17ff22334b
set wildcard-fqdn "*.apple.com"
next
edit "g-appstore"
set uuid cef1d5d4-ca66-51e9-27c9-8ecc96c528f8
set wildcard-fqdn "*.appstore.com"
next
edit "g-auth.gfx.ms"
set uuid cef1e40c-ca66-51e9-1242-f023e4e87dda
set wildcard-fqdn "*.auth.gfx.ms"
next
edit "g-citrix"
set uuid cef1f348-ca66-51e9-5635-03f2d08b71c5
set wildcard-fqdn "*.citrixonline.com"
next
edit "g-dropbox.com"
set uuid cef2019e-ca66-51e9-9af4-3c5012a3af41
set wildcard-fqdn "*.dropbox.com"
next
edit "g-eease"
set uuid cef20fea-ca66-51e9-2f5c-1b6037a4442c
set wildcard-fqdn "*.eease.com"
next
edit "g-firefox update server"
set uuid cef21e40-ca66-51e9-71cb-5d3fabb40ae8
set wildcard-fqdn "aus*.mozilla.org"
next
edit "g-fortinet"
set uuid cef22c96-ca66-51e9-87c1-7abcef612407
set wildcard-fqdn "*.fortinet.com"
next
edit "g-googleapis.com"
set uuid cef23bbe-ca66-51e9-6371-fdd77ab0cdcf
set wildcard-fqdn "*.googleapis.com"
next
edit "g-google-drive"
set uuid cef24a28-ca66-51e9-a310-fca0fae37f40
set wildcard-fqdn "*drive.google.com"
next
edit "g-google-play2"
set uuid cef25892-ca66-51e9-59f9-ceec1f79bb7d
set wildcard-fqdn "*.ggpht.com"
next
edit "g-google-play3"
set uuid cef266f2-ca66-51e9-281a-dd8cbc374309
set wildcard-fqdn "*.books.google.com"
next
edit "g-Gotomeeting"
set uuid cef27552-ca66-51e9-5384-85c1b7b4eb77
set wildcard-fqdn "*.gotomeeting.com"
next
edit "g-icloud"
set uuid cef28af6-ca66-51e9-9bcd-80ca6e8c240f
set wildcard-fqdn "*.icloud.com"
next
edit "g-itunes"
set uuid cef29ab4-ca66-51e9-da15-c21584f8a727
set wildcard-fqdn "*itunes.apple.com"
next
edit "g-microsoft"
set uuid cef2a9f0-ca66-51e9-0a4a-0f80cdb68fa1
set wildcard-fqdn "*.microsoft.com"
next
edit "g-skype"
set uuid cef2b86e-ca66-51e9-1f11-4a455059930e
set wildcard-fqdn "*.messenger.live.com"
next
edit "g-softwareupdate.vmware.com"
set uuid cef2c6d8-ca66-51e9-f494-765e696ce350
set wildcard-fqdn "*.softwareupdate.vmware.com"
next
edit "g-verisign"
set uuid cef2d542-ca66-51e9-5631-040630c123f1
set wildcard-fqdn "*.verisign.com"
next
edit "g-Windows update 2"
set uuid cef2e3b6-ca66-51e9-2844-9022ecad2d50
set wildcard-fqdn "*.windowsupdate.com"
next
edit "g-live.com"
set uuid cef2f22a-ca66-51e9-ad82-abc400cdfd1b
set wildcard-fqdn "*.live.com"
next
end
config ips sensor
edit "g-default"
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "g-sniffer-profile"
set comment "Monitor IPS attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config entries
edit 1
set severity medium high critical
next
end
next
end
config application list
edit "g-default"
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
edit "g-sniffer-profile"
set comment "Monitor all applications."
unset options
config entries
edit 1
set action pass
next
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set deep-app-inspection disable
config entries
edit 1
set action pass
set log disable
next
end
next
end
config dlp sensor
edit "g-default"
set comment "Default sensor."
next
edit "g-sniffer-profile"
set comment "Log a summary of email and web traffic."
set flow-based enable
set summary-proto smtp pop3 imap http-get http-post
next
end
config certificate ca
end
config certificate local
edit "Fortinet_CA_SSL"
set password ENC iZOjmrJIfN5aWur6yCwO8X1PrA+2nOPq1dn1ZN+mbbucWNqD8xdaim4bAJBkaJwc6r4mMKbS+55/iybzcrigvACvUy7mq6c8KoSbgUzHuRcRRy9xzOi/WR0ClCyqVQ7BhR+4WeAW29xUiLVH9ffro1r1P2p5l0uK1fTQ9V71uWMeDbfPUUV1vP+ICQNsWLZeyK4BXw==
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKjAw3gBFmycCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKKozHbA7UnVBIIEyKLYid9a75ek
CdrVPabSZfYSTM/TD08+wnbwQv58qSzrh+6fMKMemIZJiN1iVhCtL0dQqOPQEr1n
oER5Prp+XPO/XoIN+akWgVldfgE1ETQphQ47W5/bNgv2BPP0pc3TuVtidY8ozJNe
aiiYDCJfwY1UqypDzi56dVKfrEdTSEAx6moyhnNfO5dXGSi/6enMwSk6WZ+NX8EO
Xa9SlwFBLFNNkT8jW2A1cRJkvm3AM/mJalmCoMbXRSt8gBKWAsGt7iJwLjiPb5Rj
QzKYKWuOTWZzb+uyt8oM7cAH5qIBFNhOKpyK6aFzZIqON+eDdBI9y1VcBbAM2pvO
xCKDi/Whdjz7OnZswlNa8k4cdhEVwFpaaQHKKrtNKcTD4TdMyJARSALibCrENYUj
81N7wtjZ4suRLwVzWnlh4OMiXRTznU16PnenAc2kgZnaw5xzzFXEx+m/rk2lNVrn
JwauPsK8kJS+UsLGLhb2W3Rjt25y4j73KaBtTjFXZ0LapPcIOPTq01bGwL5V8xwV
Ndjm4Q1OPjfaIRac30MM3+e21mgaRKb0sYC14SNzMWDRw0ajSZNnWRen61bDd5Tq
L3TkU7FN/BzvC/VqsD2E4x9a4QIBGCLaqO7UIeoTPj8i0jKDXD56MAJFODqIUnr5
M3d3StXENZM2avPsiqCKBTzF7t2U0thorL/IcfUb8rTxqD3r2zy6trSO3raaPJpU
FYZPUWEd/3DyCuwmgp8zfDlX5XPZIThFMsHl0+U0d3jVzQ20ub29IIC5eUjk989i
kDwZOdnkJLvxO4dh2lBI4eaXM8p7NfdrEeT5KL+Rc0vYZblKjaQiJLz0h0ZPDk56
gxS0QG+v/8NwlXJowbAuhxa6rDG2zZllZw3V1U6B+be5NMmSyfpmP/qCQlv5CD+d
8DjBdyUa3UxouGdMnwHxF5X1hyXDlWsAHVeUzWUvNP6Lhqe1W+Iq+2s5warBoC2d
gSSM/nUHTi8xKEqNjx1lUG4XLDRUvTURGe+Z0EYGV5EjWrhPTHn+saCULmRFkdAM
ju2Aekd2H63SkB+1Claqq0/nUU3fap8AkO45wHEpDeisuowxAqJODR5Cf1aO4IP4
c2vgrvHG/Lrxg8HAaxGK8jp8nDAKExQjLNTkFJRx4HIqoeo/MpjyNRxrNm54EBMM
pFtgoZ+dUSxIBeAhUMWJKBBynBeXMIpezoplzHa2OB9VfskiNjFMvOcD+ZT65BD4
KFqGV82DXvrfNqU9uwdKZreOOVtCnNihdC+FbigVWHNS5WxTRJKxCsqx5pNGiShj
Bsw6tOIQno9Hhu8op5A90pqZLcEbzisVQnt5Kiy0Oq5M45QnxZxoQ0qQADr+aaRb
nEBIDz+/+1SlyQ0A7/HLuEL5FWkaKGlc7egfHvTi7FznvhPyBG1VvsnlNBZhp3cv
sIvjd3iX08tNRTmy7HGiBmLuQ+sT8W9at7cVd+OH7nFlnWql8cQmQRt20ZHnNvjj
Gff4Hgzsgrdf27JPtVF5lJu0f/lSUbrTvZLGoASba78EYH2mYHkxSmx8PbVAhumA
t9l0xZ+DbSEa24HQVl8mSWKPsVZFqiwvN0/dYfr5zh/pYKEUlsk34DS0p3PEwwn7
nE3o4ZoZvn5OaSSp6XZfNQ==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID4jCCAsqgAwIBAgIEF/MHKzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ
MBcGA1UEAwwQRkcxMDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9y
dEBmb3J0aW5ldC5jb20wHhcNMTkwODI5MTM1MDQwWhcNMjkwODI5MTM1MDQwWjCB
qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1
bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl
IEF1dGhvcml0eTEZMBcGA1UEAwwQRkcxMDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3
DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDyDyogO69ZRgNJAGafDgldD35bijiM1JJKFkntud0voJIbCIOw
qpoeqizKBC180ARgaHupLXQ3bSRF/0ute21i0oZDVGcU3ZSz0G4r30BBFAQ2sN2L
7nI1QUz/6u0iNIFINBxUEj3FsDRTNuFuRDkBFR3nA6RygYr6pIWL+bYoH4pr4W+a
mM1ZzI0iZg4x/3x7H8RY4G5RqCm/U/MOU3qIvS+u9g95sQCFLG8ukA2ql0nfY/0u
Mfrzi8PDroIiiEGzrsaSJ2IyARF/Xpfcirf8S88PEgTB/6hpyFQUHqMrNrgms9NZ
U/pha4/hxDmyZ1Y3Vnxx06/HRDr5ZBMbZrWFAgMBAAGjEDAOMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAEF/y++nkXPx+DjMoUSsm/dnucJxql63pGyG
2aYTUIrOhSrznkL2M4x2vpEJfyisUegCVAexcFJf14b9rx7+BLmC7YTDHK12nN43
kFSxnjXhhoFwJAwB6NM6nMZtOMBhriZleZnKFiVMc7avmjUu8328CSREY1MHKPFt
d+3ZjBofvPNT7YLTg48YVrzFz0Oi1Z7VJ6hgykA6jmkF/MS5TTaCKkNXHpkzO0Lz
+4jDEpiDtkqe4jf4dVUill5WDnL9DuRy7b4V5I1TJFT+mh/RTDcczwOXhCB05bTu
0PJYOSvhxEzqOVYkg6eYY7jXVpFFDKgm0AFyn7d/vB7OFvhTg6g=
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086633
next
edit "Fortinet_CA_Untrusted"
set password ENC ZbRBVNupImPK9wxEcaVsBXlIoDFfr1DG1onYo0b4njYg+I2y+pIRK0uXQp2vYS0BilSMwjNKSC2cPTg9evYg+SL+trnF+Z2z6fOR1dpc8Vtf3F/YN9m6pmb/cUMVULmpMJfIYJBxIvj/Hx5Ejhq0o65W/Cg4YdyvpZhFgIOFck//bYv9AQFrVqMQRvImiODpxnJyVg==
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIgM64yGdz6eECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIUbks5OXCPtBIIEyLulkkCW9hRy
JtKkuLa5cvgBgK/YJO+s9Z5iRXQooMOzUOHtBZInYJFvvBHyQ8wXaiPofyGSwoXq
zXf7WuwFu5b8LFl5K6GGw+3q0DbwDFt3mh3Ad38QytDMVSVr8Rnzv29B2rVygRi+
D2xbfXgZ1u6RPbYMlEXDgJxfm/iUVwULDjAgjqzGKBanBQvpWJ+pQzmaXWInyLhS
N6zSDe6BBQ248Tt2AtWXibWEScv++7WvEUQrwkOyfJ1BwmYHlAUqdPPIIowqw9aC
XG3gx+V2MoU3LAZrP7dnXRDQa3uZ17ytygVkv1D8pWMvbe4oeduhDtpCOHXWaX+a
6Idcbn2YP79IkWNIhKfX0xXhe028fc+/zb3fDZk7sLxmQdmI3fxD6Xdl+r7xlX9P
fUpVnpGcy9+hu42WVim6IAfRYRsSllorFb5orlbAThPk82Dfd3FBwGmTHHsqmVJ4
qQnIWTmpvhOpRaQSjgrLPPtZN8KRKGUWaWHpM/XY30zrLu6e5MB9xGCR6uvzHkNF
3XVed0DzE2WX2uLd5RkAfLMMUNKpSsQASDvoTld2X4yZ0HB2vijxcO5UuNA++r+O
XWVFJkU1qJyLbqph8wm3+wRg29OmrL7Gkyz1sp+ONOjLlvToplVGOY1yW04OzBUR
VXiKAvMozFZ3HS+8wKzYpxHmbeR2sEzYsepKM9XtezRBxLwvsDfo8hLBl0A+IHL4
rVqMF19nDEzIu8ZGyk+NdAeeBlopqbS2HHWpCMrQtF5EY7qDgMj4kSAtlylhsUl9
rduuO3Hnrdul1U/6HYEzfj0ZnUP54mDp0v/5CHLkZiIR78QYNqTwc6WH1lMPb3uK
Jp9Z4HDk7mycbrYCAUeb0VzcGccqIBmyk3mfpBO0wHSoi0LbUYlEutogwOLAvcxq
eB1lftTRo7QQ+IlMOrMi8FaRGSG0nYo71UwDwLDe35xyCxLoWv73DIoGwgzE1JJq
bHG3CgrOBg8+lPdC7Qugf+5f+K9b46HykspCR+03YncjGgIXtcnfmBHdLSvC7Q3Q
JJ1Jiw/t4qiefx5xAxJwFDBfR98Li0yOktWIq82Oz6Sw2Y7nqKsG9cXZTqb0ZkSf
Bui+LMpD89PWsasXfBFdPHYfHFlbDH5+ZTWfOT7RIIgK62TmDnUJmYVEJfqt0/9K
1VZO/kvp0vHApozz0Wg4AnLSrhwEgTUhIuy8OJGUj+49767z5Adxqm2svytoSlT8
6753aq6VGT56w20KPmhZQh2JOHxyDobHKUnnOCknDCmgk+DWz26ZcqkplPpF1aXy
zBYaMRcDPNrlJQLMRatcTsUwwIM5NY51755F8jxeZwKeRpTat9MUfSi/MfECANOb
Tc9SZDxlO4b5jDCxq0m5qql74Kg1CaLLCzWVzrR5AWP0+F/ncoA2YVImT3ur4a8l
mxgngfAjNKBjRKAuVjnPcyU1Rs0WS/DbqCawDt8519c2M+pXvs2694vWHO5hPOxz
Xsd1r+fArKcf4dDaAs8CYAEktHf/lyOMcpNmLffkAnoah+67N+iywl1nFPvyfrGf
QEvZe0UDy4ckTisUJVa7gseH9+psl5ZzQQzW3Rj/LwH1VOqMM45CRcRxC+lGBZGM
98pq0yZhPBTz+Yw/UXCYwg==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID7DCCAtSgAwIBAgIEZS+3sTANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe
MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz
dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xOTA4MjkxMzUwNTBaFw0yOTA4MjkxMzUw
NTBaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE
BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex
IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2V2Hc3GitEqGdeFgvphhXNhqCttuuN6tYSLG
2eI8CJfnRbv2TFmkJT3EvSqPg4mloEx7MNX5RH2CbP/f+HKkRv0tHPVTdK3C9qjf
gOct9lTfq7Uw/c/C2fsV06jQT7Kikp96kIprSAaf6GbljRsfAmMaHHqVHBHFrdr5
/Coek95kE5148ewMenwvgBACizCSzg+J4SpDp3SGFoPrvDc3pWrN+bK0lks3xHQA
8J/RVF82oKRfUQn5iNUq8fgwDtAGn1zTTRfrQtRnw1rj9y9LNSEqXvi9Jhf19Noj
PUkgIFfqVHAnhmcgYiE4o7C7aP2ZlU9gzUnwZzZlWHbqh4aWMQIDAQABoxAwDjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB89ao++Bb+tm4tsaSWrj4h
94sybuhQieyr/QfAbMN8nmMeKCrzz8SVTDhs3WWs2zzWBkEncTi+cDwTJZLHpSoX
29ZuWr7f4I9nlixnQK8z3qFGU+0XkclBK0R0t3Zd6baS6Tr5A4+cOLrGSdgA1Zx9
I4W24qxk9814En0I7jQATgMt16DVly5NORURP1KTasqjwgus+2GKaHMm7zD1/N0y
HCx7EPj6kIH0FgInrF0amXYSzXtTALZe1kaqBa6/2ghJYnoSITBE215WQG0i6cYF
Wv9/dgsUVupuX4K427uVj+0aoeR6LFFccarLSwjUW/Wm7WcVHZqGiUgpukG/6QC5
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086640
next
edit "Fortinet_SSL"
set password ENC kQyx1tM1YhmYHAWe8jw24x7Murm2Uhl9KpH4Qk95t4XGSIjWSIlGLsZxQCFr6sbyCrzWWzXoxTXmrNQijjhs/2V+E0xBujddBzqWKNYujCcQXvPV6OvDTFcL9lrDIVRGgPwIdcXzAPkRO3SoUnvFkmEO9kkXRKLby72HuOJGIvwuo0upS/tNRWp+FRvqn5THrRDLrw==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIOF10ISF3PQMCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCgfiWH1PDZBBIIEyJeOBauYhbEY
xmjqTxPLwRrWiD5D5GcCQUVsZ6vqWb9aAZ81xZ/NFzQ9qLhZknOWTVZZ922y40HM
ZOgWQj/doUWlmrJ9+/ddjUUvq9jMFBGHmoGGG7jGK+wGYuNZKwH35VLvojYHQkPH
piPaK/bkFPq4LnDIILEpoP+rGjIkR/o+QgoAGq2O8W8NYEmzPp5N38OcN3DxTFPb
6L4ysMqTVRXCleHAfAY+CvSImFtmkb/X+digXrVKbGT/IMZYAiKoyEkTYUm2m8PT
23h8Rq7YX/Ec+QgjQIbsSukflVdlTQn5kUJS6NQAepada1nSKO/N1qnVlbEtbLfy
bAebQjru25MNisQNaQDY2Oel4dSCCs5k88cq92oBYoTtggNoCsMXRnRahAp4R9CR
sp/JpQo2m1KsWbXfUAszm3VH68l3a2wTpZKyhii0v1Oxdfc+M1Qe4GYdiOtIxvrA
ciNzzLo/0BaXPdyt734PsRIORC73Ea5fB1TT7zQAUbbgV7VYhTosPfb2BRFlM8PC
pOeJ7xEAZMqL+1wZDgL7IsG0y2ZdoTpyWY7hhh6B+9rJXj3uAjm4+4WdOR1kXkfa
zfIoUS0y5BQQcNpR39AACHEKPyXJKmtF5F/YY77ST38eLl8OnpH2gwcqLM22jHgX
TJwMz/fQKZXqgpJGj48Q0A86GnYRMWmEjWbEeovDBCOw7Ix4kjT15e2XEb+fMucn
Yjvs9h4cvCj+02+pw0ZWyttfnZqf6L9HREY5Y2a1+rXsOZMR2PSmispu+Bi0YrnX
FwpreHlgXRwFnX1WKFErqzFnzug8yKFVqLgfUGfAKm94loDAuSMqd92qOfEBJO+u
siJ+bIHBciWU6qZkFrbj2LpIIJ7cPAnvEIOOXW15Au3YcF0swF3KRwTVYkQux7yD
Ir0XjHFt4cTuTs3IlRp00UkhaZWkJui2xDYL3aHZCmRMrTWP4JeQm+UusQ10qrri
rjxAiNsPQNirwCQ5xigOiL1QnNYy9lbcPSn7y6xrpZDI4jUf3npDamC7n1y02rtA
w85nz8ztiAjPC3h9Cu1DEn9pTeTWJ1IppG3xWOURj9nDh7Dt3nJVJcN6uqDKnB2P
mtOuBDi/yQgXliTTcz0n0BPiTDIXoAlGYBekTkJEe9NYq/AYc4cweu2yn+bsPOE9
P12ZG8MhNFlwBkAvB4XANufTQXFoK3EN9mwURt4OvdoX4ywyVf2Y9pKzxP0lE/zK
CuvDEIz3G7F3ZhFVyd5IzsFqfWA7k7rqhsu8lh4arftby2naXdPziReup0WX+EHQ
gDqryknjhQOcF1yXxz25jX5PUOAab2KZAK6IeDswubMdRtzB2DKMscIA/JUhMk8z
uhPvfZ89uosNDMRYqZkbBsG67v3pjkWivPP0RQH+Y4XqShFxEBOwzmR83yXrZ//8
89BZOpv+pmjfkV5Yb7mBV/kzXKA507NaTNG/rBZPkpFgCnOQgs/T+2AkGNHpSu3M
tbS5yBLq2h0XN5QA8kmSKEdQO1n8rciEX9RAbQPQf5W/BHgkLnwh20d7YtH/1jFJ
EPZFt7O1meOv6lpqZZNP5YQOlC0FK5+IhxvZRla/0eYLGr/ZPR4VhBxzksSl23Hg
iPY1yZGDh1Z4taJR2R+kag==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEffOvYzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTkwODI5MTM1MDU1WhcNMjkwODI5MTM1MDU1WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDn3ZFcsAfisz9I9Tsr
a3Pv4btHNvuGQSbyXn6sV03G+tA7Saw3xX6dYI0Sb2GjumLrkWAJWY5t3Q9HOpND
+76Jz31Cnno/PtR5njyN3Zyfhq8ouWoD+B9UB/kCV5zkaGjnp9Oza1l/QENBGvv4
vpgnKH7x/rcU9JFWEunFS+XzThdA8FlA3mEPXH7VHzkpMQRyP35DGTeTpsNc4Hhp
AyeT8o0GNTqfMtE/in2Cb0R2fLOhfXnXOvUx18BjLRH0ms6zOArP+GHTDwehpuyW
kg9AvuKt9tDyxtn+CDIdj9huWHyLe52uat6QFKE0saTox0UfowqrQNmO5dIbEaYb
0MHlAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBANE2MR/U
iBR33M4gp4I/8arrs0Hj0vsyDf3ex0jRTrG8HQQn5nPe4lcxvL8fRFQMxZW5xPdo
j1Lqe8Fmvr3XiyYViPbQ5OVDoCaQ/y1gTA3R/c0qTLgkdqIT+KTz5qYzjqubhu2z
vcTt/3pWdbD2VXWM1zFC0vP6FHFhiJjI4Zn35kFvDWZnd4I8joXz2eqOWa8xrOKI
Dw1sc6/qWVOiKTIhbvuyqeJd80aacZ09o7k8mAU8O7bo6jffYWd1fLip8Yv6eAQR
8pBGZufDE+wXFOlErbj8IN+gAE3jj93Xs8gsoNbfuAm+4WXuKVi25UCy7HLJ8IP+
/Yqx4pf11aVYKX8=
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086650
next
edit "Fortinet_SSL_RSA1024"
set password ENC bL305QPKhp9+lWIDfGycogR9z2jKcTOsddmuVO2k4luV01Ha+XwDy+PNdaLSeLvrNSrd3Eduk7YUviphdH2mKh+F9c+/XzNNv+pOmrDxrBhGMyPFMWx1u2fWbdc1OC5+pEGj/Kn7uWC9hiH2YgJp7NwJn727aDVSuJ73ZM9A3gJ7OMbzH4GadIh7IBqMYFrc8aWHWA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQITBPqGBX1KrwCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJYYJ/GGyNAQBIICgBRpjPTaHdM7
oogb6MQ8qd+w3ShCyg2trpkokNN63PFn74qEvGqIZv/LWTZVFmCpaYaksAn52pGE
6bZlgt5duBozqkIatow/971nG2CdB1jN8jT4m9wBRd5lH8F54db69nn8Fe177wdL
gCZgCHSNoBQKxb5ca0tNu40v3RIuEzWpdGBRjvSfn2uQrCquce8fkKIB2AUwluii
00bcu45uAs3py0AOXx9ZMZwIywXhrbpO7riSuCX3eFlKhAxMhEoUVy1qc7LJcTxd
FC+CJaLndODhg+izbtZJr0UjmscgsdEmtftrO+fRl1ywKoqlno/mFn58mOKmWfdj
f8q1gGIc4kPZdPUuRZEEjGhSnOUKAwiZvD3voA8bLfrK2Zca89Qo62sqzcOqS4LJ
nynUSDR7ZXgSmFEhDJm8jh3/7esxNOZhgpdr1Ha1QeQ5Ku/YaB0tb/ttDxWSquAx
g6wv6aMRbkdmISuCm91SaNze6cHcDH164zMW+PO5YIP1dfnedgI6Cb0zq3VGI4Uo
cWLUC7LT4cN0cHh+SOrG7jqkyOlsxW94jqxjrOICvofK1MS2FADb+aa5d5pM+Xlh
2YY4dnwMf7zEIAfiFyFUyga3NuxyqyxwRPqNxXv7xGLOPIbZIfpZ4dLjj3pU9vc3
gW2UPgeBcSaUaoBPBBa/XuANzRCV2eh5BQd55/Hjx7TnD6c11AAVusV3ktBjbZP8
nwButmfImLhD7VmajyTEhBCK9Ucpm0AFMls/rNDgG5b9xi3BBMNJOCffpBGPZMUK
mxxLd4Un8aR3jOiQp5thCkS8yGhP3NN4xWqnfy2oPOB3jCDAfCqjS6Qw9uCH3bwG
39MxJZCikQE=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICwjCCAiugAwIBAgIEAh2+3DANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTkwODI5MTM1MDU1WhcNMjkwODI5MTM1MDU1WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKOpuZnppfV/+oHvFX2y9yC
RCrHWfP2MpZ79mk6Xh8w4lof2ocJvbe7sWuNVTX2ZAwFvDxRNEkuUbIoCnTNPh2L
VqXFEsGmR0DsyHlFj5QSpQIOh/lL6D8bTg0Pfw1R9FEehvDTI9QrmeaFJDrY5vbe
NPdJ4KXLt4sZ3PG05jR5AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADgYEAD87fyHAZC3joVX8wulMqO98fPKnZXISLyFqGGSN2deFTtsdirnnXhmhU
q/LuKzBoGaqcJrXb82kdvXn3h2jont0wvu9qdJ3+nHUVGbYyQa6hc8j2x7MAq1ry
FHl6UAMGeTkiMUTkel3eziL0Ca//rUSpko5VvE9B7E+rIEsjk/4=
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086655
next
edit "Fortinet_SSL_RSA2048"
set password ENC 0klYh6n6kTsNjzAD9ooXzRfgEHj7LlyLYiC+xCljeT0b4IbZWLeDyqytCQDQnraJ0wGr622Ig7FdZr5hnJocGIM5Q8UrrTUtlewSOPbE0Ea995yyNfQvriZsIhDD2g+LShkQABUSsUqX/nE+5FhlKfE+Qig4tl+Pp3i7yvoduL03K/pI2gtzJnKu7CGFcFFXzc36fg==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFLFCbJSEl1ECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLFvRDlJ2iTbBIIEyGApf0i53hEo
SHrtw7v5o+wEh7akttBjJW41e134Xf+3joQ3Z+MfWnd+vizzj+rD2GPwwtfVa0UN
PIu+iNfz/UkBWhO2T6euHI84oxJWgzeyf3xcJvi+0kxOCtwfAkSK8oyVcWj5ryVB
CxpMbdUh6UbNDxHM5LtVbx5B6YEMUQIThyorM1NNePK4TqlTthSiOprWtA90tLnm
UMMnoXpxX/NyfFgQd6RaoYbSFI0wI9SZqiEntUFd1p2f3Xh9QOfTFFKf+6OqRYFS
mejX3RtmfizVTM1yXfcZeXrtgoeZ0BnQvu+CjPrPWZxxWyCeiAKTDEs65/Qvr/fG
lDHiyiE79qFilH12Urr3Z4Rb6A3TqsA7XKnQCrZWVHUS2HDT8uJX7z0lGDvISQtN
j/shFTe52tTYGGhCdt3WBeOowezKDI817FJ8UtrFimQxtQwNVFF+F899zfToZkL/
O3PEODrRxHo5g1bDLRGKoTqFhMXUnR5lX5CKsZE3ldouXk2qGWKNoEiDgldHRSFD
xHGU/0zXoZbeEn3dPqqpIkUyVTcUpOukxkJJ0ZMxOuBmV6abjH/ubEam8+xZ2vHn
jroxGAXeTC1GrqIVZVyhDc5VWa44oSE+O9AlwOM60sH1eNkP1Dvm5FdrzyokKPme
1hiEi7ziIZRmnjw3q+af16boTHz1GVttW49SWuMvQlMaLjRY4/YfOyHovgHKOaYO
ekZcwS/wzp++O1tVccB241wpgFWVv+mjCi9yxjZF9GEbuPMYKk1d+AfQdL+FSO7p
Tbc+XC6Nok3EKCosTpDiOvp4PVk2r7i0oe+CQpbs8P3ckwPJFSscIXOWon7Cvh0z
FtpUtO9ROKOh6aiytz//nQnmHKbTKH/+bAVdLR00KWnm6LSOOu0eIDFOrL+XGiTb
ZWcdYIL+BVWCAyXGWj/XlOz7JS4ujUisLMshjRwnHqjNnx0tPyOMoQCZCOhroXQv
uirnFSAV26WxA1ZHvA6ZYZc4iIOSJfdGUwLtTEYXzZDemplvHJzB3pDFc4Sxo4Wm
t5u0v7d/wYgyGJerl8/SOivJ20RmdgOVb0PpC6Pbl/5+0vytSPNZJdUmSGfArUJf
9zsZgD7+GCHC5fpKeD/4oQnT1evlxoV7LFjXJSs0D2AED6XF520SjT6KFEhypqBl
CRqAWUz92Uxh4tZ3W1loyPl6lupC87lBOeihUIIHzdyH7cQKdZIcSBAWWBeHJQh/
5D1B4RjI+PpMx5ujF+tXjXN6gR6NXw19E4Ftmr7F/OGzP7vH6ibIwOeCB86MfRrx
/7YRdiPEZ6F5qPMLX1IV7GALsE6rHlCYmuy9KSKASjuEv58mKLQsAPmP8X/oDngV
ZsEN/3UIryQ8KtL/8RopEIZXnLk0w8kp8PBbBjR1Czxz3NZtMXBCBVr+6aiYzjNu
/ZtwcT3qbnj8tFUGBQldKlo9BD0jLZBmH8lB60vPoj3outGTVE30YaPiOTFxJtq/
AdFwe06FjYbf4ZbxRe8+TMImDZDjUBWtZmZ734qHaC/LNTr+XtoMYbex0+4xIkjO
jwDogjreTOf1uQfL/zc+ttmakJ3vkiFm8mAUEZ0UdbM1muBQtLT8aGPvxX20YSCb
kLzHivygxQHPSpbWFFkGeA==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEO3M1AjANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMTkwODI5MTM1MDU5WhcNMjkwODI5MTM1MDU5WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcx
MDBFVEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk95GcdTVSrYqeQDtf
UYqwkpY7DfmZpZzl9vFKzgQt2aSVuUuegeRURpOd6sAiYWaUTgyymQDL2vpNp1Nk
f+A5AGolFk4oXlZ0JBvpy/36VFOVDlbuJ8C8ZLxNBQ8q+PeAG6YsvJPhbwjUYNjZ
SIqM/Hvz1k0bZ9TVZzBHiOLvt09lD2ST/3/wldOQdHdPCeLv5+ljhDkY0PcUtOrg
6k6dgGYXfM7vGSMe5/ouJ87dmPTtqEwm9FoQpbI4rlax9XjvwmUoBtmnVlunVix+
JVTZIm99DNZCohK4cWKQ4wizMA5sjFsHlXPLaDcGzMfoo69Kr6O9EMkAKz+3A1wy
EF9fAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAI3wVMCp
uZNx2atMaiGGY588+YzaWr9Pdrrx9t1h/CWCWueIjr5oqTio1R4DViRkuKYVf72Q
soluwnmxgQ0XDBDKx0L/vrTnCwg0vxlqOli15TEzM2Z/FBmbtWAT8vqReNim8N18
BN7nt+hWNaXXTMTmqs7cjCgvjHNd+uPy1Sy258sKAl358eBuada+b1CkdREmPCeu
ee2CQfqzHonjkgciw7kMMLEJBOFGflaQs0032MUmqVXrzolxX2gVeQcG77NB8/ev
d6jTdUusqf+M0ITfBGw8qxe6vJ7HHQK0T+74Ju90q39LWg1UKx87ic/yqgQI2b+4
5/vTJeBjh/ohiKk=
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086655
next
edit "Fortinet_SSL_DSA1024"
set password ENC iM6Ff8zIDjqOix6L2whyT0zbw9LuPD2fcpUD4K78WEbhAnJyKwO2OVcl0hpctZZ0ylAQp1I3KI+2weyjVWaW5SIGyE+52+1qZ6BncGO48AbZXpxk7N2w6Y8/0RZr32S+IOg0MpTTuIcEEG3VtVln7sBm3ItWJs3ee/QA7FbT4zC3kwBtnFer+VFfIhk4YBVgERXBbQ==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrr+IEKbBElECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPwafb7X8gRsBIIBUHkkwauZzjOL
DtfQmiG6qnIYNpyPnRX8Mg4eMwvASie0c9LAp+ZrY0F2XLgHeVh9RhDLb/DQrWLl
ZVZ5459F3AEdGzgqjffUkJU10k8L9ig8wZ9gHDKytgQPizzc45nZxgYtYVx5ba5A
lLKzuUrNy2gbvK5iW2VVtqYllMKzoSN/GmEenF5FXESX6PuKXjTVZs4yUhe1SKmK
jcyYHK7k5GSGlryzbykL3tni98rlWATONmJArpAYEGdxPkolf39/ax6+e/UeKEOX
V+8qS5+EPyFWQ31qz+7ymKVkw+bZx+pTpF9SdSOkymuoqLIYK9gbsZCM7iWYwm7W
Co7FHDzOMUFEmLB8BAujis0EY5r9ZxqzWRVzDupPRLGmqkTxsaGllE1cEp2TH7ou
bRmQAOk/Aqin74GMwQmtUszZO/b6SUlhzmtzodip7RqPsvfBEATzvg==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDhDCCA0GgAwIBAgIEJ62f9jALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MB4XDTE5MDgyOTEzNTEwMVoXDTI5MDgyOTEzNTEwMVowgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJktEJ+kNdWfsDK0IZtQI5dHswGaOE9v
8N6bTfVy2W31r2n+u3v+mY5tUZ5dlPiNr6ve76xC2PJjcw75EsR50GQZjEL9bgxf
BpmRWpkkwiI4m2SpusElcXXM5KLIVjN5p4kispfqTPPEenmesIXIbw7UWgWRMNWU
RZ77cZwEaQQFAhUA9RqQ9gZo8JP8iodBLPd2Wsb0nLcCgYA8OAQXaEz66e0pBLOY
NJrelOWasnYnwBjAOXrEvti7KvFYoG89DF8fw6N3SFAk8biZScpg/ARo4T7W2QUf
Nbg1sBkvTjcDUeavD5XjfH8DnaegdP/0kyIE5gxSTiHEc1JYXVm3Lab/l6IRJkQ9
aOqd0lpjC8h2MY9IWvfN2nZVVAOBhAACgYAicJL67Wl0VOEpMxEERZYtV6IJA6/K
oV0YEGsW2kFS0y44mYrXTSnHqPWPfojyBMXO4FrMayDqBJ+/SXtuOqY2CLegbXMp
4hg74valphzkAKilFZB+Bq2sT48N8AQrKq/DhG2K9c+ew0fqNyTR/Ldwdm7hSZdz
3eW440fgDSAdHKMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDMAAwLQIUPrL/
fIz0/IoMdQG/P3gL4m4lUqICFQCsIqqNNIhkGr2sNrnSZ4VkQb1GlQ==
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086660
next
edit "Fortinet_SSL_DSA2048"
set password ENC wqyBfEl14oQE2SqFu1A63QDMgcYt+NU4uEfF7f1t0huazjApDbAcNQuxBB0xCF7QWXc2t7pSjQvGkc7P0jZsuiIC3gxQVI72rTjrYaM+WcTzjoy7LU3Y6SXtl3yBGqH7xvvr8jGI+zSEoKyzxJU9DF/LdE2xS6FxS4AnPwDYAllidZrOCD2aCyPlBuVex1Jwc6C9sQ==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIEA+rqw78KGUCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIxZ4navo2eCBIICcGXVefOHIV45
wYcnh26OfcGdeTQThR5xCIHKOrqFWOybzfNclZvqVt4FuRkC6y+9ij2Pkw0uwLEf
sR5Jxyvh0M6IVSkcCZ0VUDmmm9//dtgxIIubO2/3Ls26u7LL2MvZT0pIS5RiU4d4
GBS3MZ1KkBIYuvaouJOg0xzVeP50LJryVx8mCjHJ4zVQsdQFkzYCrWw2ldKJqayt
E9YNJZc8upUly9aefBlsYsTp3qbNkXo4FA0l/+3CxkMGbYGw5bJKnoNfwIIVBpHU
oxfpq+a6dxVTEAXdulZmfqd5xJm4JVoTiRLdChsYAyijOKu0AZxnEZ0GL4ytblv5
DUxyvNFq8FSOLE5pRaxrxdsgCGEw1wbrgiQpPD80THVdWTXPXhc9eAJSvX0G1rTy
g0mmCB2hw9GAUC2/ePB+ItIBnuHhObeptIg72+vfAeDCKzPABc73aqjNxuvCk231
MPWssWZV+RpnaAlh+abwGj25YdValy4oFS2wbxqwMVbIGZOT7+Ol8nds2yQmqCfV
erYVZCjupUwZJD9na44td2w6+Eis8Nsxox/PJ0qrVMgquTleQ+6c3Jr1Z6ojtuwe
pHvUiUntffQRKU6/SEInYAYksypBJoc0zqXV48HXCsv4W88indXMAEnvjxnfVPSX
UkecnRtYjgrgv86BRevEuqVpXHxR8Hwl7vj9x3yf8KxqSVuJP7SivDzf5naObyVf
UsrUVxBGImWZyWhmbW1F/oLCurez4xkEusvONKABpQvWr+ddU8FTzGzpyLeCOsr8
qYcAnBzWJRAR74vkkhS3nj/eQmTCjURpGWZsjMpKARKrkVhJtwuYiA==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIFLDCCBNKgAwIBAgIEVR4o/TALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MB4XDTE5MDgyOTEzNTEzNVoXDTI5MDgyOTEzNTEzNVowgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHMTAw
RVRLMTkwMDk0MzkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MIIDRzCCAjoGByqGSM44BAEwggItAoIBAQDeh5SschvgZrhJckwxdFbHi+fi9g3y
ATVH67ghec8c3+mIHJH5vCu/wITTzJsIOZ4LW3IFRnkF+Cm6dkDI4M1GG4D4iQlk
qZ/xG604LqtADG3huiBjkNvpYWt0msdsFCAkZIO1tO2KOLM6XI8Jhk4FIVUBK1dt
ZaTJt9V2UI4QEBj0kzgg8/9TC4Js1SwenpOX8lnGuFJiNioO3vsPp3siAQs2hS57
MUP36Dlsi2KJbeORKqi5ox0QOy8oJzA7JjGVZS8TZNZC12wmx2hMYbogsEYqrmBZ
E6zUPZPsfkZ3gZ5qOs9Ldvmt/FgzqENu1H1l9CB6Fmr5ZtOc2ZNhxN8nAiEAs4A/
3i4KaIzqsLj7yy+zOgm6rO0vs8oOlnMyEUoLHLUCggEBAMra2+2QarkbgOjMzFNq
scCGP9AMSQ7AYtIK3OJdgBLahXs7XCYUDN80uibjRm87s8vCAUEojgaLVHEYWviG
socqJNUpYT88B4jNDkxotFUlgVMbV/fmM5288WPms95JX7gBgFncxgls0DAlNgDA
J195IdofrginhJ7HJS/VHodiyBSxh6U2cvzALhmKU/rv1wIOE0whw5vllB2L+h5W
1rJj4K8MXvP/jdOwLaW+l6qR0Xz6vNZo2WhzkkklQ7S7PyyOxTq7u7AVTEBZTSvm
OetJ4PWr5/+QKz2qzCQ/8vFCXwPXPCzgSYlaFw4/BQB3tizs3O/e4x+xNX7FQX1j
CO4DggEFAAKCAQANHs08z0ifnMKcA4PcKRlgbrLYAr4ec03c4yPFOrOhnnunewxH
1e9qJ7uHJMWoztNqn4PKCKilQsDcp+1d7uZhLKm/ZAG/NnLLgD+TyHyx6eQRkOWH
5YG03T023Rz9ZoCkqBa+AFrpdaAHYfi4HKvl5NyNbJKc5OFG0OiF7T7PVSK1nW19
y+wtYNT7/0hmWqIjIIbNlSL4FKZa7TLI6037rEHZV4OVm1Dl/+L3W3zoERg3HmQ3
xMeZ++rN5fLYhvnV1j0WPxytBwtXYboTtffbegUwNJoAcl75tpS4NpuKFHGNz33U
RRGCwHoCM7iuh8dAHVRx5YeO3+mxHXiLnoEwow0wCzAJBgNVHRMEAjAAMAsGCWCG
SAFlAwQDAgNHADBEAiBc9VexGAmRpAKyg14QzaSMF08Q8hU80r/0bsAumg3kIAIg
IpGcpt+WtVit5FcuLTyGFIWoHShUfcoYW3c2MshrX+M=
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086661
next
edit "Fortinet_SSL_ECDSA256"
set password ENC 4BVmy5ou2WAG0EO4KjuoSJb2Vb8U7v7bIdi7T6FtfeIQe75Z7eqT3H1/LaHNKkk3hE9m1zJLw13OD1FW+JC8BfobZajm8782zoj9CvFPwFG+uFqLu5B8tp9seOZiKohDRHcc5gq9D76SBif6F2fpEALkPqwMxRy2u5/6FNfQmweQmX8VOmDgMslGIhi3aXQRylFxhA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhMXrv82yGPPQICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIZnFCzTpfIwoEgZBB59XJzbOBG9in
RnoKUeUESJBcW779p9j1ByY9u9pI/adCaejKKZZ+fhu1Hkvq+6ruSJT9E/iNOwQX
FrVQ8sEg6zcuPypcx6tuuOmRnvWrHZSoheOqaS4eG2bFDbybokPUA1UQquIZGTg6
9rkiPYBdIMibrD4XU7Tjm8rr6Xr/Sl4/hUPeYXd1mEWmDAuAe64=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICOjCCAeGgAwIBAgIEH2GBazAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMTkwODI5MTM1MTM1WhcNMjkwODI5MTM1MTM1WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAROe/hbwK+af/L24nM4C78a7DTiV4wY
L7ecMdRWoInaYM0A/M+J9mOawqKQIIJwYEwbLvzbjmCeIaopottVVE4Jow0wCzAJ
BgNVHRMEAjAAMAoGCCqGSM49BAMCA0cAMEQCICOoauJ3gtOnoHnop8H3JgYVw+ck
/lS/ahCGGKyBtxPRAiB7cBSBlLkCIyXLrnh35RrAhocuJsGWodTb/NVfjsMJ3A==
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086695
next
edit "Fortinet_SSL_ECDSA384"
set password ENC TAY487pG5529IXJn9sAqXYtuA00wXSKcucnRmnconoN6LLyJ+5EINm0sQg1cU/I+4yLkM22zdL8BMFfzdNZpDxQrc/FdbBFZoyiQh3NyT+2azmPN+dFhIkHXEZZFdGlF3LYEm1tll4bTHIOKvHDDQMR22GmHBbHVFbcS6a6ob89l3AfLJ8PS60B/Sb1kNQ298K2oWw==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI5nFsaYYotsgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDQwCT2wAGrPBIHAXLbJCdte6/HU
ZhY8TsH4OG2STlqaf3CoTjBW07pp9ZppIUzdgRc79hBUM9iVcg1IzJC/AAKIyDlh
eqh4A0fmbTBQtQ2fI8OR+ds9zmOmQwM2Q21v5P4nCZbWXMDiMszmuoFpi/xOHsmd
qi+2QdP1sCC2bn76reGzKgnOe0nJMvHF8YeUytqWssXpFbi3uq9cvTWat+UjG2Bf
FwxEvt419WGrmAZ4SQKx2XiaKkFMugo+r3UIPs1rCOjwfJffJa7F
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICeTCCAf6gAwIBAgIENd3zEzAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMTkwODI5MTM1MTM1WhcNMjkwODI5MTM1MTM1WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkcxMDBF
VEsxOTAwOTQzOTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
djAQBgcqhkjOPQIBBgUrgQQAIgNiAARrXOxI+pJeVdes3s4uRbv6uwP2B0QcIBlA
FB+aDS4l4RVjyF3zOtFikIUcL5FyjCOXjrYDhJuBjY+EzCBlGWiuI5TB3E4SIflp
PQ2kMcbqAujj3kvTDX6jlEUdZ0jLjlmjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0E
AwIDaQAwZgIxAN41T7fecPMoJmo/QB9WZIz1QKBVqcALhgtymvbzi5OZPGiDYXX9
sqHFa16g7OPobwIxAPX9XC09GyolWCuna48lyw0qpzbnxOh6WyaDVAhoJCJFoj69
3VyvLk//QdKoVh9jeQ==
-----END CERTIFICATE-----"
set source factory
set last-updated 1567086695
next
end
config user device-category
edit "android-phone"
next
edit "android-tablet"
next
edit "blackberry-phone"
next
edit "blackberry-playbook"
next
edit "forticam"
next
edit "fortifone"
next
edit "fortinet"
next
edit "gaming-console"
next
edit "ip-phone"
next
edit "ipad"
next
edit "iphone"
next
edit "linux-pc"
next
edit "mac"
next
edit "media-streaming"
next
edit "printer"
next
edit "router-nat-device"
next
edit "windows-pc"
next
edit "windows-phone"
next
edit "windows-tablet"
next
edit "other-network-device"
next
edit "collected-emails"
next
edit "amazon-device"
next
edit "android-device"
next
edit "blackberry-device"
next
edit "fortinet-device"
next
edit "ios-device"
next
edit "windows-device"
next
edit "all"
next
end
config webfilter profile
edit "g-default"
set comment "Default web filtering."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 2
set action block
next
edit 2
set category 7
set action block
next
edit 3
set category 8
set action block
next
edit 4
set category 9
set action block
next
edit 5
set category 11
set action block
next
edit 6
set category 12
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
edit 11
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 63
set action block
next
edit 14
set category 64
set action block
next
edit 15
set category 65
set action block
next
edit 16
set category 66
set action block
next
edit 17
set category 67
set action block
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
edit "g-sniffer-profile"
set comment "Monitor web traffic."
set inspection-mode flow-based
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set inspection-mode flow-based
set options block-invalid-url
config ftgd-wf
unset options
config filters
edit 1
next
edit 2
set category 2
set action block
next
edit 3
set category 7
set action block
next
edit 4
set category 8
set action block
next
edit 5
set category 9
set action block
next
edit 6
set category 11
set action block
next
edit 7
set category 12
set action block
next
edit 8
set category 13
set action block
next
edit 9
set category 14
set action block
next
edit 10
set category 15
set action block
next
edit 11
set category 16
set action block
next
edit 12
set category 26
set action block
next
edit 13
set category 57
set action block
next
edit 14
set category 61
set action block
next
edit 15
set category 63
set action block
next
edit 16
set category 64
set action block
next
edit 17
set category 65
set action block
next
edit 18
set category 66
set action block
next
edit 19
set category 67
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
end
config antivirus profile
edit "g-default"
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "g-sniffer-profile"
set comment "Scan files and monitor viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
end
config system resource-limits
end
config system vdom-property
edit "root"
set description "property limits for vdom root"
set snmp-index 1
next
edit "VDOM_Public"
set description "property limits for vdom VDOM_Public"
set snmp-index 2
next
edit "VDOM_Secure"
set description "property limits for vdom VDOM_Secure"
set snmp-index 3
next
end
config firewall ssh local-key
edit "g-Fortinet_SSH_RSA2048"
set password ENC B7Z+V2gwgdwfaHZLAa2/QHDvNmuYNRTGFS5UGccT5xhdAlcn/r6E7A9AM7wGF/oR+y3nlgC6sJuA4UyIgZQk5KI9hftNAOdls3RzKa+9XiEONvUUbvYcBEdRYNQ/Red25RrH3FYtJ4POwm3qdsuxesMLR1PH1F+ynrRt7KIqO9b02lPKtbNwDkCkJdE5/TglHcxIeA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAC4BiOSZ
48M3M+R+onKbKwAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC21MHnlo16
kjPHWXE49BPpEUGU9DtkkJzZ8EfGFACdZbwrTMpXiOmjR9iOzmFBbFJ2lVm6DO20KRaLmp
Y4E5BXMPrgnfSbV242ZL0m5IeLm6pctT3Io5WCCbD/1wy342CBWfERFtF4VvJe5HT2t2T+
9+TzM/NuIFvUCXHGjXRsweeV/qWvPFyRkbjkD2I/57vuzZHaB5cGAMeez9keRMnMfT726R
KPHVvT9YT4xxhlP4cNmhjyNXNOf+qM5VU2uAJcOiZXfrrlneCtt49JdP6WzvLkwsB9r60s
HLvEYtfSeN2ncsmoYAIknYSq/R+nl/rBhgTB1ugQSRU6/SbTafCfAAADwDEI858UlpKwi2
TzPP6KmbiW00ZEalaoX2A5Y//Zsz3dks9au927eSkNKWB74q1QhglZyqgrJH4Nx47mRAnD
wbn5HWpuCIh332kCx7D0hKnnWrUeJ1mutL4qutEOdU0FEvaCXF1ICClNoyXWBJq3XwAd7y
3hk4fEG4iTqkFSxBTfFLa30bWLnHGSpzyKiXu3mLQU59D1XmhkQJ2C4YLyrB/6w3AhcLPI
y+SlJqEhxS21qVsbIVB36bjqCoOAgCrkrezREPfEmHmX4ASIcVZJ4PQ6HfJmvn5IgstDeK
M27zBEs9n7kH+pPfNLKQ4klPVgqeGx53tc3TdgdbIGOaRDoQEzKJGRtYitWXIVbjv3PG14
ErpZTzU3yRpcb3HJcYG4J2lbt37zhgG0oU711Evd3cQc78dIIqUTlW2KUUi4xL+3Az+/NJ
cIyu2oCwI+VtR6UxZcBArtoVejxphEzKjP8AyW4qhpci/SftLWBbKOofbm2FyT3fv7Gu+9
yIeyHgjnieFMg1nH7NDjmYIQvyBzwUSqSa+vjyHXX9q2GFICXSL2dB39TApAUvv9XjkFfd
bqLclrL2cn4o2m6ZUdy2nveOLy/lE1i/KZvbLsq44gSi7qMW+OAZBA3r1vYgA3N0Dw34ZX
MdMRHe4C1pJUfxz5qOdeBikim1uE2Ynl/cPTHOXMoqw59H3iKRGWuYECoAwHFRtKid2iBM
hxluN7SKTYXdZiom6qaVhGqciCxfz/S9EIXrc7q9BeAsqcljJFUa5DxmM91Cq8b1UvgSTn
VdadhFivxflAe1o9aRzFLKhHax2UdUoNQEN6lVn9+t+gOf1pHEiP+2+XqRcazXd/GgJ3O0
NiJaAiUUxCAiszH25R/uaSHtjJfzprMXArQf8IV5xf5ZPMml2OO5WfzNGmOOL7WJjaQNA/
HphnVR0hLM1bZs52E+t/HQg8ciEK//S+Uz783+Y3W3fZXqs4pFJIqgQfGjCQbpYZ/1C90U
icEWC4noR7UuPkgvEMWZuvwQFt54OOJVTXlDnYVFlfc3lxldPYjaeBTMO6DeX9/ZGpGiBH
B/XRuHjGlvU6cW6UEu0wlgh5eK89Y/1VuGFkxRxYIHBt7ojNGvM+LetbaSxaN/ULR0N7KX
+F7HG3aeo/pH7YHIODdYLjXF/WkRACZKvzC2ynpEFCUoeHTLDI8Yrsur3PMbbcTz7LAAoM
a2ODu/UfpZXaQnmguDaI13hJCU1ttoLzQ25IE/2dCM2/Ix0W/zAye9UwfoeIxupYxHTQ8N
TnWPbWAQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC21MHnlo16kjPHWXE49BPpEUGU9DtkkJzZ8EfGFACdZbwrTMpXiOmjR9iOzmFBbFJ2lVm6DO20KRaLmpY4E5BXMPrgnfSbV242ZL0m5IeLm6pctT3Io5WCCbD/1wy342CBWfERFtF4VvJe5HT2t2T+9+TzM/NuIFvUCXHGjXRsweeV/qWvPFyRkbjkD2I/57vuzZHaB5cGAMeez9keRMnMfT726RKPHVvT9YT4xxhlP4cNmhjyNXNOf+qM5VU2uAJcOiZXfrrlneCtt49JdP6WzvLkwsB9r60sHLvEYtfSeN2ncsmoYAIknYSq/R+nl/rBhgTB1ugQSRU6/SbTafCf"
set source built-in
next
edit "g-Fortinet_SSH_DSA1024"
set password ENC KF7GZEVtLvEr0Fu7+gHTiWKnT85ubyq1/h300svwaWOY0N60yUQTrLDd4hvpk4u5sIr1Z4v7pyct93GQ9vTw7VrJUBhwnTitKoHY2AVC+1x8gTkofrPoIXgZzDtA/J/CL61DXZaG5WhdqdGubtcGOWReTxagsbRKGhtR3VUU6XSi7izAuJlCijQLfNZT1RxPSizhJw==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAJCH+8jS
Q8OZWYtZ7UkvVrAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAKAzK1Vhy39cuigXsm6c
Nma+61Z3TewAUGgDXhFUbyEKRpF5o+EWANl2ZA3fhe//P422GHZMlGIGF9VeiUXVN7KazX
cFiQZXB9yWKzeIFszjCiM+63sU3k2+ek9NuEi5rpqRaSjfgctjd0VPNQ1nphVfYTx37s8C
I6NoZFmsadGVAAAAFQDGKiBiawGUZWhD8F7PRG/0MXJkQwAAAIBkGjE7GXdg8Ma1Nn/BaN
aMMcw3Dh5/U+LnCywrHrVpJG0JXAO178JMFM9BjyoPGAzWz//gdQJijNNRGofRawrzH0jr
TOKUjFoGYglugLVLTsguTYJH9J3DRlcPKWhSTF98MS20VC3xWcOefkqHFi75p7kZdAMbu5
XwTr8yMWzXkAAAAIBY+dkysLnHm7rBq6J4FNIAiIWGtzxLhkSP6TYsczhWVzzs4VJ7BxcV
B4p9ACIlYjpOC9ueljWQ3+V/4pPklA+c6nUYWliqksum/rPQ1Jl8CnMEn0FWtwmy3onZI+
9Lg2/SOrxkr6uCwEnPlazQeQNRY0Ed+63pgkKAGf0AwmEUagAAAeAxUoHqPEJI8egbJPyS
P2P3/fJB9hfdzEN6zTPEvHPMBv8QF0zTSeuHQOskE+ut4zWz4YvvrZF1raLFPiXBC5dEk/
4FyHL7GaVe4Xy0goO+vqN3yEjCj7Yr9gg3bY3aQvr7Y9W37CUDBtNdZPAhrPPcLpn/c8Gx
cJFo/8IJvVYudUobFvWB0u+5q2wFwrLaDTtEOwvZy5sGSxfOKRXq28u404lo26+os6sRd9
uWSgNsvUaxBfhAz2PT5UZm2/IKaoGgsHgplPaMagQsZewJCeC0I0KInlACNV4ytv91i+zz
nN/Q+jJKfIZydCpb/YsGvCp+9THy+AbsZiWiUi7P5ASgJbBKYehYXsn3NPuHSBDW8hsEfo
2egQ2Qp5JvNurlQECT5vSFGQmn1IqsnierEduCD5YLDks5xIu8Je92PesCLHoOo28WPak4
9cVc/IZBSKKDXX8oCDjxeXMiBDcLijkhAeERD6zivLQeXq6fPVdUocobel+tjnPQ/tKuNE
Eb/RQ7eze58vIFCwEonoKtwn3YbXityhijvmt6G705/o3Lc6we1XexXdZTeIBC4sZrXFVa
g56K1eQ4Z0/E+/CQejmF64ov74faohDhtmpqVs62dpc+t8z+AiPVa0DTTqpZAxA=
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAKAzK1Vhy39cuigXsm6cNma+61Z3TewAUGgDXhFUbyEKRpF5o+EWANl2ZA3fhe//P422GHZMlGIGF9VeiUXVN7KazXcFiQZXB9yWKzeIFszjCiM+63sU3k2+ek9NuEi5rpqRaSjfgctjd0VPNQ1nphVfYTx37s8CI6NoZFmsadGVAAAAFQDGKiBiawGUZWhD8F7PRG/0MXJkQwAAAIBkGjE7GXdg8Ma1Nn/BaNaMMcw3Dh5/U+LnCywrHrVpJG0JXAO178JMFM9BjyoPGAzWz//gdQJijNNRGofRawrzH0jrTOKUjFoGYglugLVLTsguTYJH9J3DRlcPKWhSTF98MS20VC3xWcOefkqHFi75p7kZdAMbu5XwTr8yMWzXkAAAAIBY+dkysLnHm7rBq6J4FNIAiIWGtzxLhkSP6TYsczhWVzzs4VJ7BxcVB4p9ACIlYjpOC9ueljWQ3+V/4pPklA+c6nUYWliqksum/rPQ1Jl8CnMEn0FWtwmy3onZI+9Lg2/SOrxkr6uCwEnPlazQeQNRY0Ed+63pgkKAGf0AwmEUag=="
set source built-in
next
edit "g-Fortinet_SSH_ECDSA256"
set password ENC BA2wnmWGwdj6kpuWRLIB8rY7WNCX8itewioHTvVcnb3Ah4m4MymIAi+OF2xazvpVgvhPSjootTVLcEDYqN2Ty3zx4TP8kMV1CmzpYElj+ybyT1pJmgwhbgpG0UxcL2jJSMwH+V2J96to12/haoH4Daem3HT+PDRWN4E91kd8GlwrsvJ3RFspxJl8QwP+O/BungSVNA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDwRPPye2
xBxl574JEqq3YLAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
dHAyNTYAAABBBD+FJ7QjqnL3edapR+QEXedT3W3WzkVmYFN/JOIAMuZWvlb5yS4NQhAtZ8
fY4WK445W1WTIhUXU3u8O2SKcqZYcAAACgrJhRB7tQQqVp4cl8BEfhk6Sr+UKcADrlsltd
MK5+aHpZ9q60ZKF4vwJummUaF7UR3/TDyafcIa6/RkiWPlJS//fK7cAoSlHiGLFPD/dEWP
3Jt6/Sy4coGKQo0jvG17KXARkNtb/d/Ygi/HOstBKKCHvBHwIyLXLV9taA21jMruK1zvq5
6xVPK0PRxqdZK/k0FtWG9+uFhZctvY73MABCcA==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD+FJ7QjqnL3edapR+QEXedT3W3WzkVmYFN/JOIAMuZWvlb5yS4NQhAtZ8fY4WK445W1WTIhUXU3u8O2SKcqZYc="
set source built-in
next
edit "g-Fortinet_SSH_ECDSA384"
set password ENC CIsZlyGGGmX0nu8lbeVFDph6y2DoINbByC1axhdcdDCEYXw9+zo96vNPyZ14Gdk5YHYIwNFV5600hYzK3rLoUjYXH73f40tQ/2KndkAvcjTUua/RX8XIn9/bzZCBfi6OvDz0gkdZgYel4iAi3QMOfC4z7EXXby+UXbgLkPIOIRcru8dcJiAjSXEORFjIuqNzEW27XQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB24j8535
JcG/211e74wQf6AAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
dHAzODQAAABhBEI2avzWF/JsNv1Of4J9xNt74kcnK5q0KulI6SdvEaEyj+/7PF+9S5dh24
73HJVmPsg1jgpHu2IQFgiGQYXa//LM6chc6DWk89Lbh0R6EyiGytveVUG13p5rU5hB6LmJ
4gAAANCk4ryuTpxMCbl0l7G16+vqw8OCdlAOXC5Tk3x9SMe/4ivQiiE3YTddlKzQF4iPqc
lR0geW+8cjmxlRt8YH9PWDBGGc1ftUDPuqqZG2vL/eAddJGhyI/CnkSkuZgl87dDzDEweT
LXVnMlk3nb0V5p1iTlufyyytU/bupayr47qBOlMoOgUWAgDB9EHrh0nFmMPFgKWKwVwUVb
WEDaoTIdzm17Z4GZTPSeU0z9zIpDixyk4nunYU+Bl0zJrKbNWM3CizaJsls+xQczd28zN4
L122
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEI2avzWF/JsNv1Of4J9xNt74kcnK5q0KulI6SdvEaEyj+/7PF+9S5dh2473HJVmPsg1jgpHu2IQFgiGQYXa//LM6chc6DWk89Lbh0R6EyiGytveVUG13p5rU5hB6LmJ4g=="
set source built-in
next
edit "g-Fortinet_SSH_ECDSA521"
set password ENC F4ZRA4tVCYxc/bomZyuXY/lm9k9E8urnnHJggc7H+LwRk2s8MbXTo9quVqADlXs83U0TylR4ocqQ8T9S3ELaXGCp3RvQFQ95XgVW/Y3CaxZVY32XYld1JNuMZTUSzQD5xOBsekTYJcUEfxLWXo4qBuF02NE7qAtABH/xGhDXM1Ho/NxOLw7aW6M4ndi6LqVEWp/66Q==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD9xJMPsF
B7rKEOZzZ7W9V6AAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
dHA1MjEAAACFBAFn9sGvYeT4ApcqlJE54Eq3qhfzi8/N50DqMQ5zSzpkRmOSmpJy/i4ZWj
uxXLMwUobv1DUrS2bR0ogfdda6oWY3VQHcITZXS/jTbfyrgeqe3OH+r3QukZDiAbgVHpx3
S3bvbq+BkrsUKIOKMSruB7y/pB/RLsfNIMzjmWOIBrqYPuX0pwAAAQCdqaihdsqRXTJX1w
nYQvSLEU3CoBLISnEr3BgtTNCos6HR7/oqJM4AFCrB6D5YF4mzzrHO96H9DZP3144FmwET
V7C2zhEKDW44vq4uoO4l4y7y/B7jPIDTSi0WRiTOPrmv7Rz/UYB8ihGRGig4kmtKy6FEHZ
IeWWdpQzoWLCVVZ0TyEjahVc6xElxTXz+AdzKL3dy0Ywe0mMP6eJxSBkmHfie9pQYViFxP
jCAmiXUyuSzTUGShVwDUVlpDWflOk07shxlUu4bF6+5akKwaEoSMsqEqm4WR6jY7/7uyo8
K88YQ84Xx4OS8YYoXPzFpcSnJzFlzl6va/K0EVmynOe7fg
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFn9sGvYeT4ApcqlJE54Eq3qhfzi8/N50DqMQ5zSzpkRmOSmpJy/i4ZWjuxXLMwUobv1DUrS2bR0ogfdda6oWY3VQHcITZXS/jTbfyrgeqe3OH+r3QukZDiAbgVHpx3S3bvbq+BkrsUKIOKMSruB7y/pB/RLsfNIMzjmWOIBrqYPuX0pw=="
set source built-in
next
edit "g-Fortinet_SSH_ED25519"
set password ENC ooBx9jh7hFHuWvka3sirPFYf/zEPsVDrCC/DShr/FGbB+ubGdeLn2uqW8Mk3THZZe6Xnb0WqlmC/ZTAJ+YvJYgr60yJv/X5/Bp4iN81bRjw7JWycLncooBtqbUj8RdTvwpAOUm9Rgtv4yhr7+qFW2bqSGr8UhvJ9X2cDewx09CGkI1HuLZJOigqrPPlh4G56QOdNHw==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAOWp788N
E+s/DLGBhMLT7jAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIOiBpSD+jGf+Ffqt
z4ETtj/mnjSlOHAHXEUod23UfVaWAAAAkNmzWYnkkSyjRTyNmai6mhXqaxMlpkhM4fL2ZN
ATczn6UtLHZ6/kFPIa6S64AkEApZNw+0MKzI53edacpH8/nuKb/FhOXsAmJkQJgJUp1woG
rYbBGh6PLd00HO6ffP/WINjUZg+/ckl3qz2A91OqM1hmKGaSnU/Fi7R5Nwr2ppTQ2rvlo5
Gb4fjWr19ZBAu5gQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiBpSD+jGf+Ffqtz4ETtj/mnjSlOHAHXEUod23UfVaW"
set source built-in
next
end
config firewall ssh local-ca
edit "g-Fortinet_SSH_CA"
set password ENC hljNXMvZyrqP4OIXjhXWPw31aq9zf7Z+45rCkygK2mUS8B9VkP28lrpfiBG9JefhRSPlfmWeKtGAHEJ2UP9zs/ztdK9DDWIquSX6HFQO5W9ua7NqY1wdF10WPWZ9VFyGU54X8cq5q47zfv1o6Ys/Ypq8n+sI4OZ+AUmhmFq/nuRkcDBul7iHXJ/0P1EyfEd5oASQVQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCrrVCqCb
4Eb7onlNd8bPnCAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDFUrqRaRw0
WXeRvUuJ4GYuLJ2ntWdRIuTbIsy4aNAOTZcmX31WYEVNAWEWvbaAayApce/Wf7+5Un9nFS
tXzTDMSIi3kf6jMLLmrGViqr2DzklbaCqYEujwfvdMuyAR6xA0lVNF3Txsa5j61MN+1g0w
U03llKbRr0zSS+v3ugCab2vhsLfWLRthF4wnoUTAUGVYE9eMToSi3sIpvw0wfnnBX2RU0Z
r9sPrhHP64JhKi2yiMOgVnfvx3UGxyeYuPpIgkkJPaF7/ASQkRRWnBmpXumSZXcUD2/FVc
FgtODyYgYmWZ93bQogfxFhlkE4lPol4d28kiNOORjy1DiihtfHRRAAADwO+uWJ8zEFGnep
aTUN0Cc1Soz51WHm7ER5WGXUmWPKX8xONKCfN4EUJ2+IYYvpbLJXyvohAYMJIZrnuVi+oD
uwfCfZD/aYS7uP9CtWBEaHc2J/9Gi2/PUGKICZeSv6rGZoBtTnK5dCBFtDoju1nKPlxT9V
00DDhTqnZi17DkO5LPPkZ7ZmfBSdF31UIaocV7cD0knRfX5dxT/GNzgnyX3qXwTdZ6DRs7
06wG4WoMqN/wgxVHlV3snL24zfg8hJ6zDz2zMCIqdJMIhbi8MN+TPYWYIf1Epz8uEXS2tI
TZhJKLl18zIcvreCTTfBiHimjsX0g9RDL4okWMs27xhNdU0FFHmjvNmx6aFe/4Bal/2goQ
eAaRWi1LV31I/6+76R1r4xeXTJADfAm4RJl1z/NKS5GS5LQHeW2AR4FlCdkgf0fbnP6Boz
6Cn4ETfqVkfHpa+BakI7r6ckBRchTdrVdf6kBWk4oUbokAYv6r/6elF4C5ulCbU0KpzB58
42B4irLvTqp+k3l2MBpEJ5jYaQn9eWJQa/X95BOSmsMjMQtSzYBmle3ckj/PbP1T2k4NCh
wFMRymFam6tel0QzWZh4gdISUf5ptueO5x25sS1J91NScgXkeRK4eSLjUKVvpA88mcfitU
pGZW36UM/Fhd19Mdp5N+uokIDZ1hJacMIBtBvCuMgB999DqDNd5EOuwWiXTmXlqrgkwLO4
DhAacr5+F9mbPg5VEpC3rAlzpVfoOOtjjj9wpVAyowEtmGQPUEg3G6jYW7ojZyIKE4kZVc
vvh8wirr1aXx8Wa8NUcJBglqPHY7d/KkLHl6OUZF5H+lTywFfkZHrPdQo7uiT0yF4Fxw9T
Kwzg/HAWVVNc2Oy584R7phnQQsjWzHlJJDWhmtDw89ndwxWz39f5ei5jPN6kBXW07dODBZ
sqITNKaCShp1Zlq62oVLtlCVB2jXF/d61qmYGPyRnBALLDln6ZnPoN8z3zHRnnjAH7PoQ6
opEq6c/XijqSYbE6iXunALv+hTiX5Z29ZUQ78R242KFv4NZBg8eYVRMi0SU2HUAx+5u69Q
e2J0v0jWfDXZIrHkgFbbrFmyy2yIiLgLDSTkicwXtbeUROP0Yea5UQ6+oTYrmUQtKC+gsJ
xhdwnMzjBeApn3khDDzG+5PKODXlxD1J9dtBXLa4xXA9pId52g1fiBqvqYJ53pIrttvDrm
/W9V5hA8/JcKHtFo3EpZCigOVsTs1k5+DKyGf1Xj/BXwJ0KoOZTEBo3YHYSyHJkGj29Yo4
OZtg3dEw==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFUrqRaRw0WXeRvUuJ4GYuLJ2ntWdRIuTbIsy4aNAOTZcmX31WYEVNAWEWvbaAayApce/Wf7+5Un9nFStXzTDMSIi3kf6jMLLmrGViqr2DzklbaCqYEujwfvdMuyAR6xA0lVNF3Txsa5j61MN+1g0wU03llKbRr0zSS+v3ugCab2vhsLfWLRthF4wnoUTAUGVYE9eMToSi3sIpvw0wfnnBX2RU0Zr9sPrhHP64JhKi2yiMOgVnfvx3UGxyeYuPpIgkkJPaF7/ASQkRRWnBmpXumSZXcUD2/FVcFgtODyYgYmWZ93bQogfxFhlkE4lPol4d28kiNOORjy1DiihtfHRR"
set source built-in
next
edit "g-Fortinet_SSH_CA_Untrusted"
set password ENC rRmTG7+KsxMGM5BuhZyvR0IqxtD1/vzl2mYEhUJpqU+7ZSZ41PsWrW3L9875wFao39zmUn6VpgwvX0KVwTrJY8usu8nj7YVIte9ocO9Ui3XGWNPlFVOXDn5OMgs1ZJRhQ4B6ArHjEaP2Jv/9GITdn925rgcsTZD+b06mrEGXOIZLwqv6aDbh0C3polrzVmor84XhCQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCWJRIh3d
XcPMZvu99NTHyoAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDOG+o9kU9h
bl1RepqKDOALm0svTx6O0Acls2Y4B5ifjKXy1mpBbCIlnsatIbcwMir13U03b1fAm0dy5C
6vgR9WMjbN7sWx85prbhvneo0oPxHWb5ONu1XpyJOnSn0cWSw+fTECXwz3xHrS3IsWzpGP
ZNAh8t+h/o/Spk8hzDyT8lYpAjAIu/rsE0QnFkgGdY5JGVhnO8XGBgPojqhP0wbSmahh/H
6/kEgtJNmP2pUzaLtH/mlq8mEnu7Xn1Y8iZYt8pXqGnv8ZjADXmePUUmEdd8ArOW38GREd
Zwc+yF+WxnPLH7IQEyrHjojAzY5VH5sAz4Fpbi7O81Wvj8EN1Qe9AAADwDSgVKm9JXf4bV
aiR8SM73PIwtktuw8Q3z13u2M8qaBMMAF8ENBrgSUZmszUkK/3o6FLBy/I+nMzO7ECPytW
pKCgr/puOUs0QQPjKNyxvcsibH3VLSC3jJaqdzrXuUWfm5Sa2LSzC1TQgEwHx4MLzlp9Ty
KtUhjyDYIxuKJn/zymJqyQ2ECpRFglj6Vf+P+HGyJBmIePhUt60wdFXpIYW5WahXcW3l9T
E1IVWMoZyZl1hbqN3eptT6JrgowTXlTErZqtVD8MlgKEesB9QiKY1Bf91Gs2fu4Q6cGGZW
ulseV+WYVLT13biTNDtWH7G3KCkIx5NjyFBIFQziDVy98HRD7Nj0K3fMlMrsi9Fc5MQF7d
uH5xUpl3E9gU1xvcjQHjcaALnG07y3k542AhV8hKmfkZHZAsvHGeE1oD3qbjj8/3wPf7zr
3c+mBt+4Q9qpiFPSXnLdfzfqikjYjY8HXP7EH2VazkN4hDiEuWDAWf1uYoILPG8Vylz5iB
RpPfVAwgK+IbWFWjy/bazzl/sEqZ05zPzN+McdI89o0V9oCxjOHjmqhUJ1UXit+ReJbUjP
O91Nea4XNVaYLS45xzdu7B7GJ6XXxuqvgGm3PFK1nwappAeaQI3sQMqF3TfpftrlTEYYvH
7MiIXsSGymjIaLoMZF2C0ClfNk8J0slKZ09xBBePVv3ViKViTOkyo009oqKEi2SnMMmIq3
kk12MnhcuY6L5CSjERSvb8Et9mbPYqCDj/vqoXvaovnpzgw1VgMRLQucvTQ5JpeM8RUBoQ
E71MhGIj1BfqnU2DXdMfc0lapLBkgbQza02sgHCZBQS1O5UWX/vUom09fSQ1UJbFusqgjE
xaTaSg2N3+ZzmWcONaVaSaxGhcRnFjahWtnkBgUD9PDxj0FI5xlyOgjGZW2wRL8pb8hHHV
74xOgOKPQl7OLu9lLHIZjCGqpPE4HHjCzfN+q5TouTSmhh/NNgOicL/fhfY1OsOHFWOM8s
CkoKttd4lGXa1nD8YHd2AcODTJc9l1++MsgZhautpvolzBMSBIZfScRBxZja3mhFn22jDY
sZ3AN2SeQik10IaD5PHoS1sYCcIDhABf7CFEUSJ9KQdO+Gvn6mpR2XqJmkgZja2nZredOQ
tkuQPdkufoec+gyuD7YLySzGSBb7Tz/r0oePnU5sRrvOl203386c3bbEjtP3XpQVWL2QxL
mKGu3iYbekgNrWhHHec/T7AODmThm7FkjnxXZ1xEfq4FM/8+rDz/2Vbb4BG/KzAWxhuDAy
sFvr8qvg==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOG+o9kU9hbl1RepqKDOALm0svTx6O0Acls2Y4B5ifjKXy1mpBbCIlnsatIbcwMir13U03b1fAm0dy5C6vgR9WMjbN7sWx85prbhvneo0oPxHWb5ONu1XpyJOnSn0cWSw+fTECXwz3xHrS3IsWzpGPZNAh8t+h/o/Spk8hzDyT8lYpAjAIu/rsE0QnFkgGdY5JGVhnO8XGBgPojqhP0wbSmahh/H6/kEgtJNmP2pUzaLtH/mlq8mEnu7Xn1Y8iZYt8pXqGnv8ZjADXmePUUmEdd8ArOW38GREdZwc+yF+WxnPLH7IQEyrHjojAzY5VH5sAz4Fpbi7O81Wvj8EN1Qe9"
set source built-in
next
end
config system cluster-sync
end
config system fortiguard
set sdns-server-ip "208.91.112.220"
end
config ips global
end
config wireless-controller utm-profile
edit "g-wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set ips-sensor "g-wifi-default"
set application-list "g-wifi-default"
set antivirus-profile "g-wifi-default"
set webfilter-profile "g-wifi-default"
next
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
set server-mode enable
set interface "port16"
end
end
config vdom
edit root
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
set gui-multiple-utm-profiles enable
set gui-application-control disable
set gui-endpoint-control disable
set gui-wireless-controller disable
set gui-antivirus disable
set gui-webfilter disable
set gui-dnsfilter disable
set gui-multiple-interface-policy enable
end
config system replacemsg-group
edit "default"
set comment "Default replacement message group."
next
edit "auth-intf-qtn.port16"
set comment "This is quarantine notification replacement message for quarantine VLAN interface"
set group-type auth
config auth
edit "auth-disclaimer-page-1"
set buffer "
Firewall Quarantine Notification"
set header http
set format html
next
edit "auth-disclaimer-page-2"
set buffer ''
set header http
set format html
next
edit "auth-disclaimer-page-3"
set buffer ''
set header http
set format html
next
edit "auth-reject-page"
set buffer "
Firewall Quarantine Declined"
set header http
set format html
next
end
next
end
config system dhcp server
edit 3
set ntp-service local
set default-gateway 169.254.1.1
set netmask 255.255.255.0
set interface "port16"
config ip-range
edit 1
set start-ip 169.254.1.2
set end-ip 169.254.1.254
next
end
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
edit 4
set dns-service default
set default-gateway 10.254.254.254
set netmask 255.255.255.0
set interface "qtn.port16"
config ip-range
edit 1
set start-ip 10.254.254.192
set end-ip 10.254.254.253
next
end
set timezone-option default
next
end
config firewall address
edit "none"
set uuid 1f8a6bd0-ca64-51e9-f15b-a345856f4d94
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid 1f8a8a7a-ca64-51e9-7fa3-d6ab09fa9ed9
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid 1f8aa758-ca64-51e9-2fc5-f1e72a74889e
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid 1f8ac026-ca64-51e9-e756-100b1dc5f5d4
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid 1f8addc2-ca64-51e9-62a9-19804749cc16
set type fqdn
set fqdn "update.microsoft.com"
next
edit "all"
set uuid 20bd0558-ca64-51e9-2bb9-3e9beef30c2b
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid 20bd10fc-ca64-51e9-3dd1-62434e41963d
set visibility disable
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid 20c04b78-ca64-51e9-6696-edf28496b9e7
set type iprange
set associated-interface "ssl.root"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
end
config firewall multicast-address
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
end
config firewall address6
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid 20c05fdc-ca64-51e9-7240-c3b50343c724
set ip6 fdff:ffff::/120
next
edit "all"
set uuid 3030897e-ca64-51e9-3fcf-a89ca6640cdb
next
edit "none"
set uuid 3030c844-ca64-51e9-7b0d-448c6ee8d551
set ip6 ::/128
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config ips sensor
edit "all_default"
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
set block-malicious-url enable
config entries
edit 1
set severity medium high critical
set status enable
set action block
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "Content_Summary"
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Content_Archive"
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Large-File"
config filter
edit 1
set name "Large-File-Filter"
set proto smtp pop3 imap http-get http-post mapi
set filter-by file-size
set file-size 5120
set action log-only
next
end
next
edit "Credit-Card"
config filter
edit 1
set name "Credit-Card-Filter"
set severity high
set proto smtp pop3 imap http-get http-post mapi
set action log-only
next
edit 2
set name "Credit-Card-Filter"
set severity high
set type message
set proto smtp pop3 imap http-post mapi
set action log-only
next
end
next
edit "SSN-Sensor"
set comment "Match SSN numbers but NOT WebEx invite emails."
config filter
edit 1
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by regexp
set regexp "WebEx"
next
edit 2
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by ssn
set action log-only
next
edit 3
set name "SSN-Sensor-Filter"
set severity high
set proto smtp pop3 imap http-get http-post ftp mapi
set filter-by ssn
set action log-only
next
end
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567086698
next
end
config user local
edit "guest"
set type password
set passwd ENC e4HsoPZcCfXwVhJf6nLIiSKgJIZfMV19t/wef9u4AmsG/7FnX3LMdkEasrZRqwzsRA7vGlnkJZj1FNUwoTNnQU73sL78M29nC2k7Sx+r/ysAxhRovYnZbvU7yLQKde1fHTkDYjtRa9eqH8lxE0hrNEat9ErD5ZtlxYFYp3ghQWz6+JLrm+YgaqzjEFo2WewmN8PWdA==
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "Fortinet_Factory"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter profile
edit "monitor-all"
set comment "Monitor and log all visited URLs, flow-based."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
set log-all-url enable
set web-content-log disable
set web-filter-activex-log disable
set web-filter-command-block-log disable
set web-filter-cookie-log disable
set web-filter-applet-log disable
set web-filter-jscript-log disable
set web-filter-js-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-referer-log disable
set web-filter-cookie-removal-log disable
set web-url-log disable
set web-invalid-domain-log disable
set web-ftgd-err-log disable
set web-ftgd-quota-usage disable
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config antivirus settings
set grayware enable
end
config spamfilter profile
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
edit "default"
set comment "Malware and phishing URL filtering."
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config switch-controller managed-switch
edit "S124EN5919001593"
set fsw-wan1-peer "port16"
set fsw-wan1-admin enable
set version 1
set max-allowed-trunk-members 8
set dynamic-capability 30868
config ports
edit "port1"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port2"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port3"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port4"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port5"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port6"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port7"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port8"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port9"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port10"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port11"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port12"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port13"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port14"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port15"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port16"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port17"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port18"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port19"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port20"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port21"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port22"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port23"
set speed-mask 207
set vlan "VLAN_Public"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port24"
set speed-mask 207
set vlan "VLAN_Secure"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port25"
set speed-mask 220
set vlan "vsw.port16"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port26"
set speed-mask 220
set vlan "vsw.port16"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port27"
set speed-mask 220
set vlan "vsw.port16"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
edit "port28"
set speed-mask 220
set vlan "vsw.port16"
set allowed-vlans "qtn.port16"
set untagged-vlans "qtn.port16"
set export-to "root"
next
end
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
config platform
set type 221E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
end
config vdom
edit VDOM_Public
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
end
config system replacemsg-group
edit "default"
set comment "Default replacement message group."
next
end
config firewall address
edit "none"
set uuid e3fe23ce-ca66-51e9-db92-4eaa668dba9f
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid e3fe5a2e-ca66-51e9-49d6-d88cc508f31e
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid e3fe98c2-ca66-51e9-33c3-24ac14181fe4
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid e3fed2ec-ca66-51e9-7ada-b7e57214ebb8
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid e3ff0ca8-ca66-51e9-9b5d-9fe678f5c97d
set type fqdn
set fqdn "update.microsoft.com"
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid e669a0d4-ca66-51e9-4f8f-8945d8225cd8
set type iprange
set associated-interface "ssl.VDOM_Public"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "all"
set uuid e66a3c6a-ca66-51e9-525f-60704e693de0
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid e66a48a4-ca66-51e9-6427-e7432d6901ed
set visibility disable
next
end
config firewall multicast-address
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
end
config firewall address6
edit "all"
set uuid e3ff4bf0-ca66-51e9-dcb5-cca559397f5b
next
edit "none"
set uuid e3ff7abc-ca66-51e9-7a39-84d312aa1a11
set ip6 ::/128
next
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid e669b77c-ca66-51e9-3ca6-c79a37dba7a8
set ip6 fdff:ffff::/120
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087887
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "Fortinet_Factory"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config spamfilter profile
edit "default"
set comment "Malware and phishing URL filtering."
next
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "vlink0-VLAN_Public"
set uuid 4f950ba4-ca6a-51e9-b03b-1da6108e31e7
set srcintf "cust0_vlink0"
set dstintf "VLAN_Public"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
edit 2
set name "VLAN_Public-vlink0"
set uuid 548df2c4-ca6a-51e9-c975-20785bceb15c
set srcintf "VLAN_Public"
set dstintf "cust0_vlink0"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
edit 3
set name "VLAN_Public-wan1"
set uuid 53b774ce-ca6f-51e9-4daf-995a6b1a0128
set srcintf "VLAN_Public"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
config platform
set type 221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router static
edit 1
set dst 172.4.255.0 255.255.255.0
set gateway 172.3.255.1
set device "cust0_vlink0"
next
edit 2
set gateway 192.168.255.254
set device "wan1"
next
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
end
config vdom
edit VDOM_Secure
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
end
config system replacemsg-group
edit "default"
set comment "Default replacement message group."
next
end
config firewall address
edit "none"
set uuid ea80cea4-ca66-51e9-dabf-8c6fe0316a4c
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid ea811be8-ca66-51e9-6b7b-82ad8e54db23
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid ea816f62-ca66-51e9-e51d-f7bc7f5a3652
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid ea81c0ac-ca66-51e9-82a7-bedb0280b950
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid ea820b66-ca66-51e9-73cd-cac86c49d840
set type fqdn
set fqdn "update.microsoft.com"
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid ece59f58-ca66-51e9-fc55-69abeee2e8fe
set type iprange
set associated-interface "ssl.VDOM_Secure"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "all"
set uuid ece638d2-ca66-51e9-11da-a0532ceb3790
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid ece64548-ca66-51e9-c236-495850c3d795
set visibility disable
next
end
config firewall multicast-address
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
end
config firewall address6
edit "all"
set uuid ea824b44-ca66-51e9-d2d4-7e0e65c8883c
next
edit "none"
set uuid ea827dc6-ca66-51e9-9b11-54db76a462cd
set ip6 ::/128
next
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid ece5b5e2-ca66-51e9-3d5a-970e4be64675
set ip6 fdff:ffff::/120
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_CA_Untrusted"
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL_RSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL_RSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL_DSA1024"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL_DSA2048"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL_ECDSA256"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
edit "Fortinet_SSL_ECDSA384"
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set range global
set source factory
set last-updated 1567087898
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "Fortinet_Factory"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config spamfilter profile
edit "default"
set comment "Malware and phishing URL filtering."
next
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "g-android"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "g-apple"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "g-appstore"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "g-citrix"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "g-eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "g-google-drive"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "g-google-play2"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "g-google-play3"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "g-Gotomeeting"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "g-microsoft"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "g-adobe"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "g-Adobe Login"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "g-dropbox.com"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "g-fortinet"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "g-googleapis.com"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "g-icloud"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "g-itunes"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "g-skype"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "g-verisign"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "g-Windows update 2"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "g-auth.gfx.ms"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "g-softwareupdate.vmware.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "g-firefox update server"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "g-live.com"
next
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "vlink1-VLAN_Secure"
set uuid 7e18887a-ca6a-51e9-9715-70c4e59823b5
set srcintf "cust0_vlink1"
set dstintf "VLAN_Secure"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
edit 2
set name "VLAN_Secure-vlink1"
set uuid 818fc6da-ca6a-51e9-7a04-2ab026f089a1
set srcintf "VLAN_Secure"
set dstintf "cust0_vlink1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set nat enable
next
end
config firewall ssh setting
set caname "g-Fortinet_SSH_CA"
set untrusted-caname "g-Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "g-Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "g-Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "g-Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "g-Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "g-Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "g-Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller switch-profile
edit "default"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
config platform
set type 221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router static
edit 1
set dst 172.3.255.0 255.255.255.0
set device "cust0_vlink1"
next
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
end