#config-version=FGT60D-5.04-FW-build1064-160618:opmode=0:vdom=0:user=admin #conf_file_ver=0 #buildno=5447 #global_vdom=1 config system global set alias "FGT60D4Q16031189" set fgd-alert-subscription advisory latest-threat set gui-theme mariner set hostname "FGT60D4Q16031189" set registration-notification disable set switch-controller enable set timezone 08 end config system accprofile edit "prof_admin" set mntgrp read-write set admingrp read-write set updategrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set routegrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set wanoptgrp read-write set endpoint-control-grp read-write set wifi read-write next end config wireless-controller vap edit "Jim Wireless" set vdom "root" set ssid "none" set broadcast-ssid disable set schedule "always" set passphrase ENC 6U3ST3JtzOPDUVminxdc/Bf5MzrL5igVZijIrRA/VF8ORIxiiv/L9OdxhujQt2cPZVZnzNtblD4eEa9qdGyJ/VLIKr9nhbWgv7lx714IhR3TZ3pSiXJT45lAuwbdEA+gVYkXF8pWS3UAJgoLSJWO4t/PBkj+5s9/mbM/3IEj0Z7luMErII08rqvSsexnmSaAcqoDYQ== next end config system interface edit "dmz" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https http fgfm capwap set status down set type physical set snmp-index 1 next edit "wan1" set vdom "root" set mode dhcp set type physical set role wan set snmp-index 2 next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm set status down set type physical set snmp-index 3 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 4 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 7 next edit "Jim Wireless" set vdom "root" set ip 192.168.30.1 255.255.255.0 set status down set type vap-switch set snmp-index 5 next edit "internal" set vdom "root" set ip 192.168.10.1 255.255.255.0 set allowaccess ping https ssh http fgfm capwap set type hard-switch set device-identification enable set fortiheartbeat enable set role lan set snmp-index 8 next end config system physical-switch edit "sw0" set age-val 0 next end config system virtual-switch edit "internal" set physical-switch "sw0" config port edit "internal1" next edit "internal2" next edit "internal3" next edit "internal4" next edit "internal5" next edit "internal6" next edit "internal7" next end next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config dashboard edit 7 set widget-type analytics set column 1 next edit 1 set column 1 next edit 2 set widget-type licinfo set column 1 next edit 3 set widget-type jsconsole set column 1 next edit 4 set widget-type sysres set column 2 next edit 6 set widget-type alert set column 2 set top-n 10 next end set password ENC AK1PDlemLTpcC8M4x324uBfJvFouUpHvKVhQyomycRKr4c= next end config system ha set override disable end config system storage edit "Internal" set partition "658C24B95B213757" set media-type "scsi" set device "/dev/sdb1" set size 7604 next end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system replacemsg-image edit "logo_fnet" set image-type gif set image-base64 '' next edit "logo_fguard_wf" set image-type gif set image-base64 '' next edit "logo_fw_auth" set image-type png set image-base64 '' next edit "logo_v2_fnet" set image-type png set image-base64 '' next edit "logo_v2_fguard_wf" set image-type png set image-base64 '' next edit "logo_v2_fguard_app" set image-type png set image-base64 '' next end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-authorization-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg ec "endpt-download-portal" end config system replacemsg ec "endpt-download-portal-mac" end config system replacemsg ec "endpt-download-portal-ios" end config system replacemsg ec "endpt-download-portal-aos" end config system replacemsg ec "endpt-download-portal-other" end config system replacemsg ec "endpt-quarantine-portal" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system central-management set type fortiguard end config user device-category edit "android-phone" next edit "android-tablet" next edit "blackberry-phone" next edit "blackberry-playbook" next edit "forticam" next edit "fortifone" next edit "fortinet-device" next edit "gaming-console" next edit "ip-phone" next edit "ipad" next edit "iphone" next edit "linux-pc" next edit "mac" next edit "media-streaming" next edit "printer" next edit "router-nat-device" next edit "windows-pc" next edit "windows-phone" next edit "windows-tablet" next edit "other-network-device" next edit "collected-emails" next edit "all" next end config system cluster-sync end config system fortiguard set service-account-id "jimbo@lsbn.net" set sdns-server-ip "208.91.112.220" end config ips global set default-app-cat-mask 18446744073474670591 end config ips dbinfo set version 1 end config log fortiguard setting set status enable end config gui console unset preferences end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set syncinterval 60 end config system settings set gui-vpn disable set gui-wireless-controller disable set gui-wan-load-balancing disable end config system dhcp server edit 1 set default-gateway 192.168.10.1 set netmask 255.255.255.0 set interface "internal" config ip-range edit 1 set start-ip 192.168.10.2 set end-ip 192.168.10.99 next end set timezone-option default config reserved-address edit 1 set ip 192.168.10.15 set mac 10:c3:7b:6e:7b:7d next edit 2 set ip 192.168.10.5 set mac 34:fc:ef:ee:ff:8e set description "Nicks Phone" next edit 3 set ip 192.168.10.16 set mac 00:90:a9:e0:87:44 next edit 4 set ip 192.168.10.4 set mac 78:24:af:46:e6:b2 next edit 5 set ip 192.168.10.10 set mac 18:a9:05:fd:42:f5 next edit 6 set ip 192.168.10.2 set mac 40:16:7e:77:cf:51 next edit 7 set ip 192.168.10.3 set mac 10:bf:48:e1:0b:2c next end set dns-server1 205.171.2.65 next end config firewall address edit "SSLVPN_TUNNEL_ADDR1" set uuid 0b365eae-2d6a-51e6-544f-349b204b88a9 set type iprange set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "all" set uuid 0b3395ca-2d6a-51e6-ddc1-e2c528d9221a next edit "none" set uuid 0a670050-2d6a-51e6-2f92-ce2419d51493 set subnet 0.0.0.0 255.255.255.255 next edit "apple" set uuid 0a6742ae-2d6a-51e6-6495-f870781f75b0 set type wildcard-fqdn set wildcard-fqdn "*.apple.com" next edit "dropbox.com" set uuid 0a676c48-2d6a-51e6-a47b-4ed3f8dbceb2 set type wildcard-fqdn set wildcard-fqdn "*.dropbox.com" next edit "Gotomeeting" set uuid 0a679eac-2d6a-51e6-ab16-7e6e154a1d17 set type wildcard-fqdn set wildcard-fqdn "*.gotomeeting.com" next edit "icloud" set uuid 0a67cf12-2d6a-51e6-b105-013d8486848b set type wildcard-fqdn set wildcard-fqdn "*.icloud.com" next edit "itunes" set uuid 0a67ff0a-2d6a-51e6-106e-3ed3d4226459 set type wildcard-fqdn set wildcard-fqdn "*itunes.apple.com" next edit "android" set uuid 0a682eb2-2d6a-51e6-8821-d6a75c00b423 set type wildcard-fqdn set wildcard-fqdn "*.android.com" next edit "skype" set uuid 0a685e50-2d6a-51e6-4f2b-469876e6e292 set type wildcard-fqdn set wildcard-fqdn "*.messenger.live.com" next edit "swscan.apple.com" set uuid 0a688e02-2d6a-51e6-ab9f-160d3e368688 set type fqdn set fqdn "swscan.apple.com" next edit "update.microsoft.com" set uuid 0a68bddc-2d6a-51e6-7d25-cea4583425af set type fqdn set fqdn "update.microsoft.com" next edit "appstore" set uuid 0a68e01e-2d6a-51e6-6991-7560f89d8a56 set type wildcard-fqdn set wildcard-fqdn "*.appstore.com" next edit "eease" set uuid 0a69105c-2d6a-51e6-01a7-1d32c9357e2d set type wildcard-fqdn set wildcard-fqdn "*.eease.com" next edit "google-drive" set uuid 0a693fdc-2d6a-51e6-18b2-d5db77e59072 set type wildcard-fqdn set wildcard-fqdn "*drive.google.com" next edit "google-play" set uuid 0a696f84-2d6a-51e6-f199-9b6e24ec0a70 set type fqdn set fqdn "play.google.com" next edit "google-play2" set uuid 0a699f72-2d6a-51e6-efd9-77a45380a75d set type wildcard-fqdn set wildcard-fqdn "*.ggpht.com" next edit "google-play3" set uuid 0a69cf42-2d6a-51e6-1375-aeac59836972 set type wildcard-fqdn set wildcard-fqdn "*.books.google.com" next edit "microsoft" set uuid 0a6a0cdc-2d6a-51e6-b569-9f7200edd378 set type wildcard-fqdn set wildcard-fqdn "*.microsoft.com" next edit "adobe" set uuid 0a6a4562-2d6a-51e6-19a8-b1b534da8b00 set type wildcard-fqdn set wildcard-fqdn "*.adobe.com" next edit "Adobe Login" set uuid 0a6a6a10-2d6a-51e6-1fb3-3963e79e92ac set type wildcard-fqdn set wildcard-fqdn "*.adobelogin.com" next edit "fortinet" set uuid 0a6a9c2e-2d6a-51e6-7e98-6183423be980 set type wildcard-fqdn set wildcard-fqdn "*.fortinet.com" next edit "googleapis.com" set uuid 0a6accda-2d6a-51e6-0156-ec97ea7a2f0e set type wildcard-fqdn set wildcard-fqdn "*.googleapis.com" next edit "citrix" set uuid 0a6afd36-2d6a-51e6-f2f4-4eebd6913819 set type wildcard-fqdn set wildcard-fqdn "*.citrixonline.com" next edit "verisign" set uuid 0a6b2d56-2d6a-51e6-c76c-51ca4556885a set type wildcard-fqdn set wildcard-fqdn "*.verisign.com" next edit "Windows update 2" set uuid 0a6b5d58-2d6a-51e6-3a07-55f797250d69 set type wildcard-fqdn set wildcard-fqdn "*.windowsupdate.com" next edit "*.live.com" set uuid 0a6b8d6e-2d6a-51e6-9aeb-732a45421fc4 set type wildcard-fqdn set wildcard-fqdn "*.live.com" next edit "auth.gfx.ms" set uuid 0a6bbd3e-2d6a-51e6-a9ea-67be6714e040 set type fqdn set fqdn "auth.gfx.ms" next edit "autoupdate.opera.com" set uuid 0a6bdec2-2d6a-51e6-7fd7-b3f5bca42b69 set type fqdn set fqdn "autoupdate.opera.com" next edit "softwareupdate.vmware.com" set uuid 0a6c0fbe-2d6a-51e6-dadf-755cadd9ba8b set type fqdn set fqdn "softwareupdate.vmware.com" next edit "firefox update server" set uuid 0a6c407e-2d6a-51e6-ccbd-e601a99de459 set type wildcard-fqdn set wildcard-fqdn "aus*.mozilla.org" next end config firewall multicast-address edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next end config firewall address6 edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid 0b366d72-2d6a-51e6-fe64-a6d2adf1506b set ip6 fdff:ffff::/120 next edit "all" set uuid 0b33a42a-2d6a-51e6-2367-bd0a12b8e346 next edit "none" set uuid 0a6c7490-2d6a-51e6-494e-32aa515c0cf3 set ip6 ::/128 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 set udp-portrange 88 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set explicit-proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity high critical next end next edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "block-p2p" config entries edit 1 set category 2 next end next edit "monitor-p2p-and-media" config entries edit 1 set category 2 set action pass next edit 2 set category 5 set action pass next end next edit "block-high-risk" config entries edit 1 set category 2 6 19 next edit 2 set action pass next end next end config application casi profile edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." config entries edit 1 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "sniffer-profile" set comment "Log a summary of email and web traffic." set flow-based enable set summary-proto smtp pop3 imap http-get http-post next edit "Content_Summary" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Content_Archive" set full-archive-proto smtp pop3 imap http-get http-post ftp nntp mapi set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Large-File" config filter edit 1 set name "Large-File-Filter" set proto smtp pop3 imap http-get http-post mapi set filter-by file-size set file-size 5120 set action log-only next end next edit "Credit-Card" config filter edit 1 set name "Credit-Card-Filter" set severity high set proto smtp pop3 imap http-get http-post mapi set action log-only next edit 2 set name "Credit-Card-Filter" set severity high set type message set proto smtp pop3 imap http-post mapi set action log-only next end next edit "SSN-Sensor" set comment "Match SSN numbers but NOT WebEx invite emails." config filter edit 1 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by regexp set regexp "WebEx" next edit 2 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by ssn set action log-only next edit 3 set name "SSN-Sensor-Filter" set severity high set proto smtp pop3 imap http-get http-post ftp mapi set filter-by ssn set action log-only next end next edit "default" set comment "Log a summary of email and web traffic." set summary-proto smtp pop3 imap http-get http-post next end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next edit 3 set category 19 set level critical next end end config icap profile edit "default" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set password ENC C/3v/yX/r1N8suznWNEsdiVa5VizibC8eC9xzz52WYnL+/nmMs0xyDvf0sPenWKCSSS1AIrSFCohkFW3CjzX8o3nMs2vVL2n2jPcF/fMYHgPW/Znp4zi8gP7LY0xhzGIuiI88G+2DQwufHu9ROtH6B02IMl5ZRmqE1XUjjxXXn/ohFLgmEG723bII/5sHnkPmpIORw== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIJwh73vAZpVwCAggA MBQGCCqGSIb3DQMHBAhNPzPwfpMnsASCBMhx/LDrH7+VkxGPWpdbJTEZXPu9/C+E S4+qJwKTT6VvEJ86KzFFiNauDiHkBmKYNhEFmC1GnGlJlV+pe3koti+bOyDbY6ws 7SHVBamC45cbm58ZOif1tSX1b6LcYIyyKsDm53UCtlDzvdt21WxsXFNg5opPM4oX JOYdYtUr2qt91GQb3yKYBYtGkHbpQm3GcpPQVbAzmtRaltn46ctxfSUg8MH3G429 s1XSfTDX6/xJVggXJFf/uKDmJDw9wJVZXm/AWfP8nEQA8nm3pz1/ULyG8LNOjVVN 025ycifg5WM8sy7p+anhNzUylDASAVOYPfr80eCrgOdzRays5fFGwNDItK6EkRKb mILxgxlbS+SoYNu6kalrGVVw15CzyvMmOBtzdQ6NW55loHng7/dVfGgueT15gOJc eQLLcKImpigiyg9EY2M7izz4pipyKQzzx7JMz76gyIEQ8exJkzZloEBjF7s/PMg6 N0StX4BIhaqlZ5HygQB+UarI4Rw9b6A3fT96yhFpMWPJZGH+AlFdclj7fyyGdQNB oVp8aL85L5j4ht7qj527vNS7+BDrOQ5tiSe5v46I4c0p29cbli6lNuwg+PlR1Ltt IhfnZ7yPWQcb3+be3wBvDh6Qmy3xvyiTlqk7+xI0O+tR+CAXAnl5X4sZoBCrBIe3 HFAGyR/UKQdc2iE54J2EGlaSluXTNddHyAWlAd3eiidS5XcYFSc2C0/aQ3QICYLA OoyLqBBX4G9hhEDFvo8rWr2HH5A4te34rl4BDq0Q8DtL/qfaM373GDSE28HfRfey d/2rEsLnUDr9ohrFLSDRqyniJf9C2WUW4Jh9jxRxccFU4OiamQWok4cMpvSpOrIE fwSkswC/RdPYKgNZJUsRShGo7wxna/r9R7nfB3wEQ9bYqhSBSkJtUpqbzI1UV1Ls dOi3E5f+OP7cpID5CQM8UdBmSjjgZi2+amOAy59kC1/aRBOD6GAWU1xjD+3YLqIO h1Zl8ixrm5EuxT3D0peeXC6N9nNUNUUUva9GCMrAon4SPhyMPEJBrSND4h705TSg dQ+DqEqvZR/veFuNtdXnUEAhbaRgD6Ep5GXaqSpdihuR/wmLQsOwuSmEaKlJJsqy Bs+klctdBb//BNFG662eDG4spmD2Sxzx2WpLvevROUFJJxWXOP5vgbA2SWfB4ikG eRvfUsLEokKiUtdnd18XkLJ95hS26tOSuEXc9ePJTASI3FUMVwJ4k6T2NBsqjICp bTYnQpi9xkSr3Xe8E/2aTa9TVlEtjQcxOTmLnlMFpe4b5vV/eGCt/+8qJLFSX2+r 8xTOSIqWh+ENcAtEjqS6F9C7goCB+udtOCgGm6oH43f+Nbhv2Vk9UvvktMUpN4wi 9nz3RE2FqVPCyd5RcEqibNHM0MP9WpWnx3Tzq03HNuVjmjVRRmYiXEjuvx0swBX2 DcP9BKp/3fm18Hx5UqRSAN5Mvn1E72G0yi4fGvaBGrBeLw8VaT3btw5YePFNwYbf rQ9mQpoREUmbN5bzwUqBDOSugs60oDSW/rQLLCGepXEBYOtEX5/WDKVTu7gw5T94 x9Cb/2S28P+4/KxdxSjPrGSCd8HTXKdITLRAAlPk2y7dutgB4XrLNc1MMXnDlz2I TFc= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID4jCCAsqgAwIBAgIEXHsjJTANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ MBcGA1UEAwwQRkdUNjBENFExNjAzMTE4OTEjMCEGCSqGSIb3DQEJARYUc3VwcG9y dEBmb3J0aW5ldC5jb20wHhcNMTYwODA2MTc0ODExWhcNMjYwODA3MTc0ODExWjCB qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1 bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl IEF1dGhvcml0eTEZMBcGA1UEAwwQRkdUNjBENFExNjAzMTE4OTEjMCEGCSqGSIb3 DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDhpQni9Mx7wrFGlhlH2NUsJWhpgDD+IL711USOJDUVYOnuUrHz efumfAKxuzF4lL5nO+BQw1aIr9ek1Sn6sI+a2uw8UrQHydgHqBmlPDh7ZdehtqCB R47ielDsdJYI9vzf2FSiN9KhPhO6h/u0pQGjr/asg4p25304DoR4a6rcTLomF0JM P6yAkiM+u2bDIiXXq0ctuT8o0+oneOAuCIw9HOEn9pMTgoIH54iD2QRd4mWoxNRB ZoK36Ek0pufp+EEH0hraiUSTcyWz0hcSt4LssTGMFqe667U2Msn4N3+A9MAzkCz6 x4gDwrUaOIgbGG/qAEj280LHwgb8E1jsIo6/AgMBAAGjEDAOMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggEBAFBjP1uAEYgTpsM9XRHHpBwUyVeoRoXU3Ejw /W5/EAmLJ/vUGh64YSH3cf3bcFTZzykjbNCnPJQZGBQPrXEhgV+AJaC3dAfm+ziT LjtTgZnQLLTCY8r4CU9FQLijMLnPitcArl7+j+x/vu4AC55NBibHixwHxHMv2Fjv 6JDNZThGlwV+X8fSDGjrMZRDoDbGf4sbD6Szg7fD/8Hjp1LALPgIRpJ19BiBVbWb PSB7kxzZSFOckpGFopb6tXRQYN/J1oa4AH63kMDWhg/ij8JG1ey2kN8GFp7Sx39S olKvp4s12aTptxfG6xW91X/eDuNA6lsVsYbzSKXxUvRMH3zlHIA= -----END CERTIFICATE-----" set range global set source factory next edit "Fortinet_CA_Untrusted" set password ENC LPswErRH7KK75sSYFl6pDW+eeZK3DZcDRHy8IuRAxySyeI5rtqRlOYDoYlbCe6ekpDj2swNOr/RlBgKxeua82UeQWZZAn4gSVE18nZ6LVS/+56PS1u2wM8T+GYTZSFxtpzm5/fcBJJwkOdVAws7/KkpJJgixBQfk79w7nBtUHqYLdHZs+8LFo66Bovrod7OeiXAGIg== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6sBcdtmbvoQCAggA MBQGCCqGSIb3DQMHBAiO33QfSR7OYgSCBMhH1I00p1XjLRxmf917p++HooppXj4+ +mvMGNPECWOPYr1fXP/VLp0/+q2Q1MaGfsdaYbMBqGIM7FxMKOndshssxVbJuWCF yHK8qT0w7e01npyxIfFYZJ+rgmmOWJBfNGC03BlOqliZKqyuF9Iv6fmqzsgWbfRa fC6eO+qzfGqd7Z8QLoQgILwPXtp1tzDjouVcLSEbg6CKc6HAo7kinOXJXVfsKpvN qgjjSHr81dECpt8sl7NTNsydmR/MkwtyDwOaMhd5DRMHCyNkNpGG6iCULwCv0d7/ w7Ld0co44IRUWuTWBvMZniu6mPP2gmmOl9O1p+VmbDzu9IUP+DjA1kDSiyvSj+ox IsLL+WdB5ea9zYGPSO8HDFFEQWgkN9grirU6i5ggO9yaCyTQYtHrDDt2M4YIUiDU 1EC9VFS658BtFXvcxNd+LTKXFz/g5H5XLQ6faetO4kHimqSPR/FWylLeoKfwfbfz s/FOHrcDYxOjpqNMZhSM2Fubn/kdThMKPAe5Bino84hQi1YuxBW7ksGqv3tX7WRr evGBFXASNqGA0p7vNMVxIOp57+Brzo4+t49LRPfRQPKCfeLzHWy07SZWoVfnpFgC BA7ONc7ZrZJR5hrBAGuFq4WCcd6AoypyKBDzPHzA2TNPtv7BvXI7UTv3LsGqTpTZ 8Jnm+Fs9dSoqIbyRHGQKWWiCHrtxVN8lTyHIWHo4tl2p2Aod+TRhbNx0IwagjSfU DctwZtGEks36DLlAux+IIQ0FdPJAgA25wdi/SmP8AqMwKur/rASjtRxFLnmzMypt utDQFw+3zVmAcxSbHoWewE/lMZ4xtfFxl348irJlPN16jdRmMNOYR/Zkdo+8Arjl Nrz5l860v1Ppa+oWdhH21FyvMflWZ/GQVdC/fxE3pn6pM6Us7cxaMoQL/KfaMmf2 B4bXp4DBaFB4zKW3rHQDs80Gl19va1TOrsI/LBKlbHu4+deMevS6jpKPz8npHj6U zoPYiNOJybZUm5KZDT3L76XwGD+PbULZbQ+8YVri4nqEW9vvfKyvYs6PRv9F5/DH icYu96fgbUSGftEumBDPX2v0dp1WBc1Ov1Bo4NqAKdrvHnnosctw94ePlE+AEK+f /R/L8Jn+G2X3yCSZJqwk6pMw/MVDi+GlUGIJau4XrEYYaF7+jc9XBMPUMjLo5ARg miNOza/X8VfcoJ+9Cd2bNMRI4j8jPCEslOi5Ju2ABZeNgiOi3eOVcL4I1psIN1qs pJfGhh+8wtcptj1Wf+WA8QfnsqwH97b8PmFwxvho4HLzrHqD4OCccmezcaAw3rjj g7ERG9GEFUZ9ZOMlHgEwe8n+DgLZNKx/mW62k7gdNOB/5QzipjVJ8bS8iGBAe83D FWeb1c1qwe0HIdsEs6JOjpT7cFsQLXvHa9xsDn9B+HHd26uc3vaZVR4IAPbmrshr knxGAKtr4qYp2xEcsjLdN+BaJNW6ggr7KWcUhh0CYoIUgFo56Y482jjBH/Z78fh1 ZisbW2f0BOqpgPKvq5eo99htMfFO+oXNEipkj9dEDJoGnLfpbUS90oVKdcQRQTz0 r7RWDMC4OKj+bUM83xyeIF+2SKfCJ4+mZCS+ub1JxLpz/aeg6/bLgR5sArO1HJsy G8k= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID7DCCAtSgAwIBAgIEO0sD4zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNjA4MDYxNzQ4MjFaFw0yNjA4MDcxNzQ4 MjFaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSAzbjntcaCahmWZlj6YhGQ8LHpSmFpR3Ohk IzhqlKFx+pvpddrKvqGXLJ8I3jjthOcxQaqGefFalMejsNec5a4VsUowssxQ+Afw iLLe5Jo+CwLiC6YuJYCjEz+Nwb9K1brqcevO1uiTcHvrI4q/bMvHOCFv3/4LHsSZ IUui283ONMmA64vOvjpHP4zLhfhgHAbKq+UOdnKxk85kioFcKq9Golvn3WSV5Lun HdjBMbnuOl5bh+j1xKYbXmGXSDzMOrI++yF2bWCtXqFWqBv4/Jc5EvcN+BYUiHt1 Jtv0P3+4imi/dHIfgslMA482ny/Owc6CVIJliHiaOx4t7YJrzQIDAQABoxAwDjAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCpYRZb/y4SfgP3bcTUQpoA pewpiqpeCs1vjrpAXgviKgn8Z0/9zXdobtObAn4bn31MOiQRXq1Eqsowhz3GYaIV 2lrB0DGwdNwsdeSXlSIhXYzgxuYV2SJ/zCwoGD04Q07mvA0UUldrkVRw3c9S4Mh3 W8hzPHvUaQHWg46y3qA9VP8qU2ERry6LXCP1l2PnhezmZ9jSa9V22EMt/ahwQS+q oPX6pSe8JYkhHqXT7FrCV3k7r4XpXPqI/d/5S3rovpQOE0FHE3LeDN7ZC/qYjDUx +9UNG2rluTvB8VTaMC5a0nq3gWxbfzJ0ta1PHorjay7VzRn5gWOq/uiSUXPuVDGU -----END CERTIFICATE-----" set range global set source factory next edit "Fortinet_SSL" set password ENC a2jO2bEaRBEsBeuv6nk6EOE2pfuIbZEAr1sFEeMbUghn0EyEMDOSWJt1QAmKLF1wSplQ7WuXZTPTfvYCQlfQJa1lavJolkQw7GKpXJUMpvCcA3PVHrqoyyPZlPGh59/x4W5Wy6+p+uAKOi7kjwdJisdNQ8EZVNzlxn9E0mrRsUcLQNccGGczTHhutaMJn1tn71pimw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI51jd9giJzAECAggA MBQGCCqGSIb3DQMHBAhSSFZigbSV3gSCBMjrNgRcfy33dpomCU3uL1lPG14/r6oa WNmVPK/4Y+1odVVVoZ5SvomHs2b/SmoL/RDhThEBpUSdUmNPkGAou0pxtuOYgQ48 lyekMd3YGDZ6/yLdLX53XImnMcJdhiElp1XoBG/C8kguO63GUPBqpMoyJPAXY5x5 5gjJIywz0Xu79Kb9b0hyxz4wKqDkOu5oieZCUOOaPB4TsY6UjxqifT2JbvmZuIFL PWkdqxUNLeVqCfrW25/86H4ZY4WHRPpkOOmn2+RNgdvurRtbDm3kDsxEHgv5zvmB 3lC18aCIwGD+7/NRPQcIzDpXKk/LdtzIzfqChd9V/UsyjazXUxe1/AyAshuP7EMW pb+QdaVcBZT1rG0Tn1HKHZdZzKqE2itGNpaKri5FR9g5/HafvbAaaFQWLWLpOnF5 ALn/S/SWn0xPcKHHYu+C5dOjPvQmrZJesU022JmPLoCSu/E07UvMHw/GL0tjuvO4 KsbEzveB8AyETTtgOBvy7KeCpb78++g16dA4OU/OjXodMmjZXQBkfc6cZ04wiH6c ILN2Wz3e4/Cw2jGw1W1XxV8R79Nj6bFjhb4Q6be4yKw43+gGjGxr5xFM40FYs04l jmdF3bPwxUSvW+FwhUjJzVmVymiA9gUbWzd0Wy+TnFGxjsXum0Kcc0PdQFe/rF8w f9C0h7FxmX7aaNBBySMzc0qYRRQBG7q+K7ZspJ4iZdsroiMYeRQlJIAmH0A2TtOg LcFfvF+Qk1VeqFULcGcMlQYhNJwzuQknsxnISChtiJpgLkiFAJBDIyRkme/Avkny 35bQjwPGZTU8owm+86ydAEiNdOo5hjeJ59KFGNj9uC0jsMRxxrTo9/6qBk00UxAw vYG94yxdVEvzXo0xWoUC5rYmDfQQpOE3CztFrfing+2zXZN51cW6IReHpLWbm/8f EUmWGUS/pscy9P94KKZzsPQTDY/HfhJ+OQKQBi4IZDkuyQNBdPwQiWVJLjHVieWO MYwfqavqLdxAb4GyFoB7p6qLp5/KUxpt+tmpuABVaoVGeX1tziUDFFgi1UodzVfo WzSAMUJEdN0ulS7Kksw+DX/RbmW3HClLThHhEnSXtts3ffpZrVrf098E58ABZdQd YnYD+AYHYMbOMJ+iutAAEVIvanKMphNbN5HfBQ//O0PSrz9w5HvDXI/aHIDoRhte QqlzGYeckjt9aqdmM/QDWlSToo3P0nK310kPFQy3bJjyHaayhHP7LxQICfmXNqy8 z6mYnXQf0fnxAqzWI5N24K/Vnd9++8JSh4bC6jEP9SuVtmxW7t2Wg+VR/ilmsr0e 8iwdX8SmV5HaKqty9bWabWecf7HeC5l6VmEPyM6nXCiI6FgzJoY0Ppm7qr4xHIAg EB5il97fIdNregxkMhJgw4sEf5AGaCzZmRwDto5NMGIJkapB7gammjfRIGKVZ4Jh vWAvHD0Fv/EKq1onX7wZaIZ4My0jgz/Y5f/tqXl6xIzYz23LYJ6hcq+hqBPumKtF wrAKEJ58Qik0ljdokYyXlp32TTw9bTkiHp8tKsT0MNSMbudWNlJfOQWICcS+PJPc H62cqZ0tKYxDZrrbZl000gzpR2Z2Dgh+5n2DkiPykpkFQOMJjFBKWIJHSAwn+q5q 8o8= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEU9edrTANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBENFExNjAzMTE4OTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTYwODA2MTc0ODI2WhcNMjYwODA3MTc0ODI2WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBENFExNjAzMTE4OTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSTWDMMQUPVcoA+V7P ikF9E9QzndHJFtgbuJ/Zj2afRYMWsC3AEgEL3T4/ibUfiJ+P9ggrFEmFprnSbFAD 2BFJxGPA36zreQqa5yAsRPVH3TvSs2zig28vH8cVDuxhMeKL2bLNxjeADj2t/T1s Q50KdcNTb4WupvCClEu/J835p5JDawbK2YWxXiq6gK/iSacUngftrA4sNb39UEku zCmri2+f1aI1WaM+44h8kisiXHLelVzV7N7SscgpOQ1EAXPGVbC0beu8CI5Jai73 qN2yme29XxOczv6jLKz0PeJjY1fp0oq6mM/KuZlDcweScdH1VGQeBAIJJyl43Ewj mUdRAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAH65VCdV APC/z+c34o1lkLw50FOfT4twNHaUF5cdZP/BPibkd7X8acHPFHTcNbw+8s6AapFx 05rj6wek58cjN8MH62MNeKRXTs5mm1eLY/BfNZsqeBgjMjD7ZxgrzIADahXhIviU a22nTdBiNWJJDA3TmP04scR+KHRlyNtrBqAYFVTiISxqa8rzfJdu3Bukqz/qsGk9 0DbuZBv0buzA9o9bC2tjsH8yoFupzE0gI3ffitd1LZS9raX5B5ByB0v/RA4k2VR7 sz0RxnO6buYFb8evZHMOKBo1fcKhrjattJFnj2xCybDzGoYUvvKqhn5pGwz+GFHw oZLRKcgRurxZToc= -----END CERTIFICATE-----" set range global set source factory next edit "Fortinet_CA_SSLProxy" set password ENC kKf2ypbi9bJLCGEd4kl5pLLbr7uvjBroAQeP1whW5zz7Dm2q+GPVenx1K1sY0O0A0V9v2ypGJUsSoghXA4NNfpplPlyHW/ltRgBvdSzJ5U9qX4To5MeUQ3haxgoJeCaI7GH2ViYusfU2H7rE8eh4OBiOe869XthpcordITBuavINdD+ET8viiMuyzlh7WXax27Bo8w== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7kPNY0Da87kCAggA MBQGCCqGSIb3DQMHBAi4DhbQB1Jn/gSCBMjoE1fCVI6XUx/p+Z0ixpDaqEXAAZDc OMDIe1gdXZyvVp96cQ0ZVz8Awb0WXzbgrK+U3/q204e0kYFEOFQHoL0c5UNJDEVs TOrLnyBer29iQUTD2rJ3ZHk4T0WYC7k2UyxLIBryh7p/urrW0zzMU5wD/WxIIP9y +vP2MH1otsY1N0uWhvI8qeHjwZi8QTD0u2KPe9lDxslE3AI2HcbNdIWuU8hWXomo eFFDGSAMOdkVl3LO7lRwE7784QqJHLb2TS0p4NUpkEjVJ3bTdzhcs2qbYuGVXkwj meTSUq++r5zkaSj7FkQCsZaMbu2f+e3phWmPdG6rgO9fbazs052OoLSBwXlQt5d3 fqkacJT5cSu7m5fr1Fekk+XF8ZjtEEnhbvxAKLsXza57FvAMJlHVLek9zyAeywTm jurBIY2VrXssRlQMJbdlLcRMyUAeM8rXqe6pWU3QvNQkJs/o2UTwjxP520wELoT9 Z9J9mM6w/FdIu+IBKK1vkDt3Lcov680TE+KFNsz30wLAnD0XVQ6gJ/Wn2K0zJ7mi S7SliECjUu7rN05t/R7s6w6NI8rgT+YooFSPzJ7xziEfzBXy995QR1wEtMw8U1/A qOjqtRwU3s+cz/mVE5b/TiaYDsd0jqfESf+X1VUU32tEub39rMPQASm5K8wwQ/TB Dhuev+6WJ9pRUVknmY6BIBHrcav919wDlbxihL4I+9PDiK3vat9IBkZyTG1jw6eY ttU+HriC/WY9Mg3UE1xw6YtzU8TCYcVUDbCqHRxWE1S5pjg56EjOa3N4RYech3fP LlnxH0oX6VUtGblpcngYs5anuqxxAIfRj4if8GnTMBhNP0RHGjbsJMSSsOTdyGZy mJKM1JMMb/DHJHp16mGKRqlTnibQLnFcZwUkb2nOcQTGa/6Xji8ydT4OFkaxLBGV kzZwuLA4bodjs2+pv0P6vw4gXqOk29OTqyCfPPkKWsWfLKDL+GSfNZZnMZS1C4HZ ZtcWzM7OguMJs3jfv/1g+9vArlYjrv1hNyn+QPsm8AfJo+Y9AN6EzGDGV4HTuYPx dzWPxMXea+wsRlyYskj5O1FozXuZGIFGrackrl61NrGr4mp0o+QOSRcpWUjWMg6Q CinMa8vY+GrxICeqK6Wu2DUZnrgtGnRjwzfMo7RTC/gSJoSVdDxP5wP/ATlKj7+x 16n2bpc5SF7sPOQ0ns3+4B3Fr33aYt2PhxHmPN74lAmNyKf/m3hOdwJZvafR7Liw IcBMUPwOc14ouR75D7Cu/K9yW2u2/6SNRDvfs8a6xjU3hTwwfHRAtoMO3//EiESa 8eYtPDbIG2T0BzuRuctchiMvVZj8X7oJFcEBFNAVLGHLW+jmp1mnHQeQMS1PcJVG g8GTZl6W3ykz5HiLVvia8JqW5FeSlJoBdBgJcBqEoRdiqDdB81MAwlf9GtN+Ut0M tmHeZWu2hgseiy4dZ1/OY7UhL3dJ9KCpX4fIyIBQCVfjPG8psoW956STLtia1Cnv +/NGpUlpPPIBy/THoUbV0Q1q3NVBl2gRXA4tUSOZHdJCehvkpaQLniRDQ1E2LrMt N2LwscSxGIXPWrOJ+8wBHJKAatZ7jMa1dqNGS+H3NjOurrgpH1FlgKOyO+wuRh+r xyQ= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID2jCCAsKgAwIBAgIEDvGTFzANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEV MBMGA1UEAwwMRm9ydGlHYXRlIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZv cnRpbmV0LmNvbTAeFw0xNjA2MDgxMTEzNTNaFw0yNjA2MDkxMTEzNTNaMIGlMQsw CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2 YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MRUwEwYDVQQDDAxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAyiSjmpSrrjhL3x7KnZDUYzTDjGIg093UcAdbtmKktLSYNQPaOyz+TjFU94hz TpqGl/Y94SYdeW+82cjFN8fxhW7UcutIrIXRQp4qfKv34MVFIzawpiAE73WWMDGs BbTPc2mCr1jTMi6piefBC6/wLPKaRmgheLrf78HVYdXeU4ctR0uKZolcLGdJkY7a X6nJ/0Wi3YN7F6Y4UCwarJ4SS0LdARKkprRHFSDCSCwinT1dTuoNzX2a7KKBp1A2 J4iZO0EhkE8fkpMRRbKJAxvrHPeboVBNQnwgTOOCd3lEiiyAp5hMEXWTPoEugkpv 2xxXCEsIzQMVcDw6SmVJaDDqNwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqG SIb3DQEBBQUAA4IBAQC5JXNS/yWUBEtxNKeaFtGlip30/gZivkeSi71FgYAnWinl 43nz8tLJAnEUgnbZ/qlcSeOHiN0Y7+Z71eSAWMnREy46/6IWcU7wT6cFmfbq0LyP idhcGGnIffUp2Jn6yoHQL3ILoBJIY4DkunI4cHtrcSaEq6+0Tp9rkc2ziFoXfaoy frMpsIEb+/lfnfzkEqt1mqMeLSHf7YH2Glf8X1Ja/h9ZHb6Yaep6bZ+eg86QRHF6 n36LuRTWvY/nNvIA6QryozpTCPUB9EpnyfJmUNWt0ZsWlUPxfpdXsp4BNUwmX/h1 BzSlxK6dYvB5NqPkE45XzI9/3QVnBX1/0TnQSsCT -----END CERTIFICATE-----" set range global next edit "Fortinet_SSLProxy" set password ENC DIqxeyvOTRLjIZcgnl0TSMU1UMVGkCaTEwpHEM8KAgJJnwZzpiNU+f8MMPJVVke3XPWNNQ9X8W6vt+H16Hf2YSDmI/D2IAHecmFbjxVyT5+XYoIPqtba99d3LX3hyysAG93Fk9s3cWMpccwjZzxKZKlCOJpzVeA25RpI07SmaANbmkuVxIP8HuFm4ClRQG3MWH8vPw== set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQImzK2/YAh610CAggA MBQGCCqGSIb3DQMHBAgy08RJk3q/6QSCBMiccTUTujqv9tZ+9r7TcCUK7fdteeDN LmDmn5LAM/5to9qCu6Tx3ydKHkOZAFVDAvrwGhBEnQ8CTKW4R6xlUeqkwd//Aw1f deWvCNFFpzeCMrQzGSpkQN4nzKIAUa43WJBt6X5Y5TgDZRttUkEWHhJTMpwRrBeQ IUpkaU30z8elkSTKENaERjPdI0+Do9gtGLAEsXejgRcHA6bHCv+oxZOp4cSGEMSq TUZTypejGqiN3YPAm5NzPdIb7bb8XkGGvv4ruWcRpG/oISZNfXQGsBAO3Obm9M37 B6kEnuYqoY4adaXXT1ixNR7OZuXP1BuwpFtopMti3OVfOutakKyAy2owUOZnpfev WmUKBTcpmWjUD8Y0g/dDnyLc9d9cxXYP3HYJcmMnX5b0vejGv6+0vAhf+AzHEhKo zwe9g77rY7cldEQEMiqqAnmb1F9+cVtc4FK+Se24gLa0q0NcytlEoNCUxuzLtf0H VrHvzxDwS3h6V5Lx4InT7SglopfuI2+b2P0tg87unIcB91WUuSFe8mb9PhhrJM0E j2ZlM3/0FKgWMVMCeJCQUCZLP15FYPqvI4vJtHm1f0CRm+zTYYTLkVihF4pheOBc 1907ZYUIS4OjqNJ9fHDjptwrzt0yPfiriHt8bVSJrtAzH3maWZBiog6COnChc3dY YRHcgHvl9SFGT3FGlTwQGmP3hN5GwqjuUC3lhF8V9LOarF4OAWkOS20G8ekuCX65 BQ+kyGPyUmONlaS+ww0oqp0oreJj15pZNOkESnPPy2gspWzqq6s4GyhaazwyP4ty Ji3wV0ReMBcHyAQSyvJ32XnM0IDovry6n5PKCDGvWyfq74/hqX38hdY8lLeDBErm g0oySQ7yf/1kABQOGCPxXI0fZrG5bDLFT8rTQZBf2Xg6JSp4Hqm3r/YpY5Qj6WwJ USuqFKGz25i/Gx8e5loqkwrnfuRtrYBknITT8FIjn+byZZZcy4ZKtIXIJzo9ySdR 43CEr5dso7GJPgyWKrC7HvIzNOlG07fM/S2srLrITwc7+ZyKhfkQf+KarFYfkBEo JnxsGw4lDN0kHs6kRDZccQjVSLQSsetRo9XS/fAkX567iL11JSLWoP4e+j+1cswp WYW7IODevQbrJjhMg2UDg0xKp9P2Hrvmu5AANI77lfP9S6x4nFccnzwLDqQe/OCU w/QEaIgosrR8/KybceUQgI6XuQ143RLTZmrqfujJSDWGKRlja3fWlE93lgEz6QPR HXTdpMx3lPQGHyPz/z5p3ETp2xAYNmcmNBFyXtjyg0JwXrkO1Iv4KWWdhk0cPxnh Thofq3wrQnOu1qW1DsAUGrkSZM7DYLwsn6Ix+ymjQ7Mb9HXaXNsyFNBm6QxRU4wE zg+ovwGyE9mr1toim5KF2v4/I97tM/s5Bw2VjNtUYw6R5T8bL9j072zXaIByBQbP yONx9InzWvN9NjgGuXxZHzGdACYphzNykvEEVGduXZ+tdB4e27YEAQYxul47GUT0 8DbW5z9wOOYxivvMcsf5Qn2nRzqHMzHBpZJKxvPRZ0cpxFfMSk2Nvon8BFMTYdQv 91+gFlTcIBEba1ooUp0htqzM83ShaYrhYOsm7+WDDvhLiM3PX8Ah8ZNjWBTMnKnS fEM= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIESmF6DDANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRm9y dGlHYXRlIFNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTYwNjA4MTExMzU4WhcNMjYwNjA5MTExMzU4WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRm9y dGlHYXRlIFNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr2shzaAZ+kD11qcRV zfq5YdbzRoCsEHzlrxi+YW6ftlq9pm5aHV8lUkLlOOYOEe5/S9mVRMJ/1DUWMBZz lLzDFZYLOe0v43eSTRaepHPVKWUtti9O9n5ZBV/cbBxLK8/FLQ+Ex0Q80rbqw1Yn 7lnUChwkZhDCORMOd9dtfQtJ/7CSdXGiDpxykyRAtgIV9uc/I8gBUoe5Jh4Jy40U okkgyn4AKYRTeLFf2WoGISHnGASYOtDWZcBRwdpXARryWpmX1yjMgOZtu8xy8hgK 0wMXDd3dE7dL0JWAEPWHloZL7OXB74q/SNE66qZosi2OMhn5LzTzJWyEBXWM4xOH hGfzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAGrzFUd5 IWLX37wDyHWqLtEP3QK2fMWfCme6nBMCBiYEcYYqb/dyzInxMZywf7uzA0ydggKP 2Nq9q0UWdKaar9dMOWQmQKF+KRXLdgb0n3zRqWAXkE+azJJN+3/2KbkSTthCsRGk oeQetbEH4uIm8Vt1zmGydyC+SVy17JFaNsB8ny4V24kHwBuu954FfR1UEnOH9fAK PcdhGtRDaakhDm4xgBgYxv1BejtwejUr1NK/zLCI4jo7RW+I6xa41ms6BB69yovV cgJvcJvQng1e7spYkAV6vfGXvuo+jZ8VsmqZrc6arMkVayS4f+z2IfJxxikzXdvN 0+G5NhfhjzL9N+Q= -----END CERTIFICATE-----" set range global next end config user local edit "guest" set type password set passwd ENC PVR9ygsM6zjSa6mqDaI3YoLZMSrW8jYB/WEOP7bjHT3Y41yAt5SgbMbmwSx8Bybgzi0BzrS/odQWna5VLlOdI3Yuhwdcad8ubZm6PSfmPM3Q0p302A6+23b4lyf5xgTGfRCLy52yHlAktPs7oBBg/TEZ+B/vhe6DzBATxAQQ9+LFsXlRc9YcmUWPyofO1b8PSKsbcQ== next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next end config user device edit "Main-PC" set mac 40:16:7e:77:cf:51 set type windows-pc next edit "Wifi AP" set mac 94:10:3e:0e:69:f7 set type linux-pc next edit "iPhone" set mac c0:1a:da:b4:25:5e set type iphone next edit "HP Printer" set mac 18:a9:05:fd:42:f5 set type printer next edit "Tivo" set mac 00:11:d9:43:bb:d2 set type linux-pc next edit "????????" set mac 00:23:a7:3e:e2:a1 set type linux-pc next edit "Tivo - Bedroom" set mac 00:11:d9:5c:38:d8 next edit "WDTV" set mac 00:90:a9:e0:87:44 next edit "Target Laptop - WIFI" set mac f8:16:54:f2:cd:7b set type windows-pc next edit "Downloader" set mac 10:bf:48:e1:0b:2c next edit "Tivo -WIFI" set mac 00:11:d9:5c:38:d9 set type linux-pc next edit "NAS" set mac 10:c3:7b:6e:7b:7d set type linux-pc next edit "?????????????" set mac 34:23:ba:b6:49:1e next edit "Nicks Phone" set mac 34:fc:ef:ee:ff:8e set type router-nat-device next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" "iPhone" "?????????????" "Nicks Phone" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" "Wifi AP" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" "HP Printer" "Tivo" "????????" "Tivo - Bedroom" "WDTV" set comment "Other devices." next edit "Computers" set member "Main-PC" "Downloader" "NAS" next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista-Win7" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista-Win7" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next edit "web-access" set web-mode enable next edit "tunnel-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end config vpn ssl settings set servercert "Fortinet_Factory" set port 443 end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter profile edit "sniffer-profile" set comment "Monitor web traffic." set inspection-mode flow-based config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next end end next edit "default" set comment "Default web filtering." config ftgd-wf config filters edit 1 set category 2 set action warning next edit 2 set category 7 set action warning next edit 3 set category 8 set action warning next edit 4 set category 9 set action warning next edit 5 set category 11 set action warning next edit 6 set category 12 set action warning next edit 7 set category 13 set action warning next edit 8 set category 14 set action warning next edit 9 set category 15 set action warning next edit 10 set category 16 set action warning next edit 11 set action warning next edit 12 set category 57 set action warning next edit 13 set category 63 set action warning next edit 14 set category 64 set action warning next edit 15 set category 65 set action warning next edit 16 set category 66 set action warning next edit 17 set category 67 set action warning next edit 18 set category 26 set action block next end end next edit "web-filter-flow" set comment "Flow-based web filter profile." set inspection-mode flow-based config ftgd-wf config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next end end next edit "monitor-all" set comment "Monitor and log all visited URLs, proxy-based." config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 89 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next edit "flow-monitor-all" set comment "Monitor and log all visited URLs, flow-based." set inspection-mode flow-based config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 89 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next edit "block-security-risks" set comment "Block security risks." config ftgd-wf set options rate-server-ip config filters edit 1 set category 26 set action block next edit 2 set category 61 set action block next edit 3 set category 86 set action block next edit 4 set action warning next end end next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname ".*\\.yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*\\.youtube\\..*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next end end set block-botnet enable next end config antivirus settings set grayware enable end config antivirus profile edit "sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "default" set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan end config pop3 set options scan end config smtp set options scan end next end config spamfilter profile edit "sniffer-profile" set comment "Malware and phishing URL monitoring." set flow-based enable next edit "default" set comment "Malware and phishing URL filtering." next end config wanopt settings set host-id "default-id" end config wanopt profile edit "default" set comments "Default WANopt profile." next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Deep inspection." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set fortiguard-category 87 next edit 4 set type address set address "apple" next edit 5 set type address set address "appstore" next edit 6 set type address set address "dropbox.com" next edit 7 set type address set address "Gotomeeting" next edit 8 set type address set address "icloud" next edit 9 set type address set address "itunes" next edit 10 set type address set address "android" next edit 11 set type address set address "skype" next edit 12 set type address set address "swscan.apple.com" next edit 13 set type address set address "update.microsoft.com" next edit 14 set type address set address "eease" next edit 15 set type address set address "google-drive" next edit 16 set type address set address "google-play" next edit 17 set type address set address "google-play2" next edit 18 set type address set address "google-play3" next edit 19 set type address set address "microsoft" next edit 20 set type address set address "adobe" next edit 21 set type address set address "Adobe Login" next edit 22 set type address set address "fortinet" next edit 23 set type address set address "googleapis.com" next edit 24 set type address set address "citrix" next edit 25 set type address set address "verisign" next edit 26 set type address set address "Windows update 2" next edit 27 set type address set address "*.live.com" next edit 28 set type address set address "auth.gfx.ms" next edit 29 set type address set address "autoupdate.opera.com" next edit 30 set type address set address "softwareupdate.vmware.com" next edit 31 set type address set address "firefox update server" next end set caname "Fortinet_CA_SSLProxy" set certname "Fortinet_SSLProxy" next edit "certificate-inspection" set comment "SSL handshake inspection." config https set ports 443 set status certificate-inspection end config ftps set ports 990 set status disable end config imaps set ports 993 set status disable end config pop3s set ports 995 set status disable end config smtps set ports 465 set status disable end set caname "Fortinet_CA_SSLProxy" set certname "Fortinet_SSLProxy" next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall policy edit 1 set name "Modified Default" set uuid 0bb332ee-2d6a-51e6-2b8a-cd6d7e5c3e6a set srcintf "internal" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next edit 2 set name "Custom Deny All In" set uuid 7a0bc68e-7559-51e6-b6b3-6923e86d9261 set srcintf "wan1" set dstintf "internal" set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set comments "Custom Explicit Deny - WAN to Internal" next end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next edit "Slayers-House-Of-Evil" next end config wireless-controller wtp-profile edit "FAPS423E-default" config platform set type S423E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set ap-country US config radio-1 set band 802.11ac end config radio-2 set mode disabled end next edit "FAPS311C-default" config platform set type S311C end set ap-country US config radio-1 set band 802.11ac end config radio-2 set mode disabled end next edit "FAPS323C-default" config platform set type S323C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set band 802.11ac set vap-all disable end next edit "FAP223C-default" config platform set type 223C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set band 802.11ac set vap-all disable end next edit "FAP112D-default" config platform set type 112D end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP24D-default" config platform set type 24D end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP21D-default" config platform set type 21D end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FK214B-default" config platform set type 214B end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP224D-default" config platform set type 224D end set ap-country US config radio-1 set band 802.11n-5G set vap-all disable end config radio-2 set band 802.11n set vap-all disable end next edit "FAP222C-default" config platform set type 222C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set band 802.11ac set vap-all disable end next edit "FAP25D-default" config platform set type 25D end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP221C-default" config platform set type 221C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set band 802.11ac set vap-all disable end next edit "FAP320C-default" config platform set type 320C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set band 802.11ac set vap-all disable end next edit "FAP28C-default" config platform set type 28C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP223B-default" config platform set type 223B end set ap-country US config radio-1 set band 802.11n-5G set vap-all disable end config radio-2 set band 802.11n set vap-all disable end next edit "FAP14C-default" config platform set type 14C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP11C-default" config platform set type 11C end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP320B-default" config platform set type 320B end set ap-country US config radio-1 set band 802.11n-5G set vap-all disable end config radio-2 set band 802.11n set vap-all disable end next edit "FAP112B-default" config platform set type 112B end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP222B-default" config platform set type 222B end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set band 802.11n-5G set vap-all disable end next edit "FAP210B-default" config platform set type 210B end set ap-country US config radio-1 set band 802.11n set vap-all disable end config radio-2 set mode disabled end next edit "FAP220B-default" set ap-country US config radio-1 set band 802.11n-5G set vap-all disable end config radio-2 set band 802.11n set vap-all disable end next edit "AP-11N-default" config platform set type AP-11N end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next end config log memory setting set status enable end config log memory filter set severity information end config log null-device setting set status disable end config log setting set fwpolicy-implicit-log enable set local-in-allow enable set local-in-deny-unicast enable set local-in-deny-broadcast enable set local-out enable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end end config router multicast end