#config-version=FG60DC-5.02-FW-build688-150722:opmode=0:vdom=0:user=admin #conf_file_ver=11639778281748272697 #buildno=0688 #global_vdom=1 config system global set fgd-alert-subscription advisory latest-threat set hostname "ncwilf00" set internal-switch-mode interface set timezone 04 end config system accprofile edit "prof_admin" set mntgrp read-write set admingrp read-write set updategrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set routegrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set endpoint-control-grp read-write set wifi read-write next end config system interface edit "dmz" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https http fgfm capwap set type physical set snmp-index 1 next edit "wan1" set vdom "root" set ip set allowaccess ping https ssh set type physical set description "Spectrum WAN Connection" set snmp-index 2 next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm auto-ipsec set type physical set snmp-index 3 next edit "usb-wan" set vdom "root" set mode dhcp set allowaccess ping fgfm auto-ipsec set type physical set snmp-index 4 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 7 next edit "internal" set vdom "root" set allowaccess ping https ssh http fgfm capwap set type hard-switch set listen-forticlient-connection enable set snmp-index 8 next edit "Mgmt_10" set vdom "root" set ip 10.66.1.1 255.255.255.0 set allowaccess ping https ssh set description "Device Management VLAN" set snmp-index 5 set interface "internal" set vlanid 10 next edit "Security_30" set vdom "root" set ip 10.66.3.1 255.255.255.0 set allowaccess ping https ssh set description "Security VLAN" set snmp-index 6 set interface "internal" set vlanid 30 next edit "VoIP_40" set vdom "root" set ip 10.66.4.1 255.255.255.0 set allowaccess ping https ssh set description "VoIP VLAN" set snmp-index 9 set interface "internal" set vlanid 40 next edit "Data_50" set vdom "root" set ip 10.66.5.1 255.255.255.0 set allowaccess ping https ssh set snmp-index 10 set interface "internal" set vlanid 50 next edit "GASUW_200D" set vdom "root" set type tunnel set snmp-index 11 set interface "wan1" next edit "KSOVP_200D" set vdom "root" set type tunnel set snmp-index 12 set interface "wan1" next end config system physical-switch edit "sw0" set age-val 0 next end config system virtual-switch edit "internal" set physical-switch "sw0" config port edit "internal1" next edit "internal2" next edit "internal3" next edit "internal4" next edit "internal5" next edit "internal6" next edit "internal7" next end next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config dashboard-tabs edit 1 set name "Status" next end config dashboard edit 1 set tab-id 1 set column 1 next edit 2 set widget-type licinfo set tab-id 1 set column 1 next edit 3 set widget-type jsconsole set tab-id 1 set column 1 next edit 4 set widget-type sysres set tab-id 1 set column 2 next edit 5 set widget-type gui-features set tab-id 1 set column 2 next edit 6 set widget-type alert set tab-id 1 set column 2 set top-n 10 next end next edit "ywbackdoor" set accprofile "super_admin" set vdom "root" config dashboard-tabs edit 1 set name "Status" next end config dashboard edit 1 set tab-id 1 set column 1 next edit 2 set widget-type licinfo set tab-id 1 set column 1 next edit 3 set widget-type jsconsole set tab-id 1 set column 1 next edit 4 set widget-type sysres set tab-id 1 set column 2 next edit 5 set widget-type gui-features set tab-id 1 set column 2 next edit 6 set widget-type alert set tab-id 1 set column 2 set top-n 10 next end set password ENC AK1Z9tqybFKqagwbb8m4Lvh61xfmaiq0vEnBrkflTQNjZ0= next end config system ha set override disable end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system replacemsg-image edit "logo_fnet" set image-type gif set image-base64 '' next edit "logo_fguard_wf" set image-type gif set image-base64 '' next edit "logo_fw_auth" set image-type png set image-base64 '' next edit "logo_v2_fnet" set image-type png set image-base64 '' next edit "logo_v2_fguard_wf" set image-type png set image-base64 '' next edit "logo_v2_fguard_app" set image-type png set image-base64 '' next end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-authorization-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg im "im-file-xfer-block" end config system replacemsg im "im-file-xfer-name" end config system replacemsg im "im-file-xfer-infected" end config system replacemsg im "im-file-xfer-size" end config system replacemsg im "im-dlp" end config system replacemsg im "im-dlp-ban" end config system replacemsg im "im-voice-chat-block" end config system replacemsg im "im-video-chat-block" end config system replacemsg im "im-photo-share-block" end config system replacemsg im "im-long-chat-block" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg ec "endpt-download-portal" end config system replacemsg ec "endpt-download-portal-mac" end config system replacemsg ec "endpt-download-portal-ios" end config system replacemsg ec "endpt-download-portal-aos" end config system replacemsg ec "endpt-download-portal-other" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSLProxy" set password ENC 7GJTFD29yWs6e1HCplAjK4F8ULLysUUS5/tdfG1/5LSDniTL0XwDqqoIUuBEcVfywaF/hy4S1kal00Ow5FXvamWt6FBb514zYRnyQYv3fL4HUXsb8HSCH2NC7cceTt3C4AyXvWYswrZAXzCM5nfd+vc0ZFTl6x2ORoAz4FvppXj+/dco1RdMyGIeQbeMnPmowFLnCg== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIK/Bxff627mYCAggA MBQGCCqGSIb3DQMHBAhyespqK2qKCASCBMiVv6HXxQyE2euu7lgzz5rNaDWuDzwy w4nax16cz9Api0I3y9BIwPj7SD7qLMVUXS4dcYSHu74nXGwZvq00Y0G78PO1pwsS Hs94DXai6xAC5fZ+bFwVlwM0UBTPzGArTFW/uih2INourX4uwXlK4afWeQcNKuTO hK1Zcav9AJbmGB5ZZlWZHz4WgE3e2xKmB2K+/63T45Oq3pVSo3wjyyOXt76ZRrwc eV2rpsLHWr80hO9akbR9nwLhL6tRnf5I7Dr2wzZH/5hQ6NA/86IaVqqgmXCse7Dx X/wh0uZWd3cOvIiJVrQuIOLNCM5reUzF3p7kx5jNKTgxCXHIwzjpR8a8iBzZMqXF uddWsY8yUmrUKR7MzItg4McK9aYVnKLgUce8nUA1ms+LMo7+TXCRGEnKPg3T/IXt SAqU3DgKammbzhZfTmgEXqtmGH+pctXiKPOfnwLWsyyqyLg+InI37bUrB6FA/Q5p zO+qK+vWcx8QxG3z+xRKoHvMH6fhZSEkHBLsJ9WWPYFRZKmG/Lx/U2smvH2D8veU LtppBnb8XqxGRbqvEwyrPCE6y7R2LuhrxXPZG2zwntXoTHs0OPCccLXDwIpLvVeJ wVK9YIcMRD2ffhebtixdlEnDA4aOr69gPiJyN4ni+GEFt/UGaJQLs/5649euw+MF oZxHoSV1t46vW++0pq7HfzdlnsnxNY8eg2HmQ5etZfmUoGaG5BD5OxgSFj0qutmU aOb94ktHdM5YaJmYmICQjk3Edl07gqHJrZSS8G4skmJiz8EQ1B8m6n5HBwXHg68J nAS4nU50I5fY07+SAgCONNmtRuTb6xUkrWNBZPMy661bYYboPcy1TF12fPtFOOIg lGlDG0YTMquJxZSZkzxcLg05qQh0Wwkh4uw6rqASA9jbyzXYiKCoKUgXQN1lRbZH gwBiKbMThoqzZPYT8cAji+DtqJykClAk9q9DfTtKi35cwyUny5niwAherhy8Kzy9 VeuW51ojylWr2kpfRG4WkfjLtW+o7DpZfvtbHGeZJtJLAyRI7UP++2CmWucnF98W 0+2JN4icYfxX1dD+knYnrmV+5/ZNKmOt97Z5bwXHqzFrQAjlWToAOF6I79QsJJZY DBTOu9997+ascY5DkCAff/mMSix0g0ija6dkM79mBdxTKRX5ICUqM99+ohWLkDW1 ylMAtSY7c5M5sleu8W/w7LeO+OxXrACddmugiErAv5WBSrjK7V80XBq7aioiN4dN H4LyFFezQjJVt9fB6yHZBo7sWwuEoXm2f5Izjy4ZpfrpdJ4Aqgo2NOZbT9tDczBj nfFIEqlL+ScIRnwIkbBGUJHwFSllQuply/4eRvt7IjX+Q/LsU6ifQrT3n7OgOn9A I9PNEnY7hYS6lz0ePfbQbUOVGXdbIfCFXRqBhEElvM5aIS1S0sepUEn9lxC+Kqe/ HzDPLCJ/s5rPQOscyCBlDw8VuJR8AP0RTmA9LCzreKRa8EGxad7qKKXhwfXunUpo eiAc29nsujYrr+s1+imq/C+o94kk3W+qfK8OVo086nkaIvYAlGRQzH4PCWXpyqpK YDOh78kAKB5Rd0eAOG9QHGAkFN/neJL/fI2AAaButlwVk96qhB7YGxbWGYvSRfla Lqg= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID2jCCAsKgAwIBAgIERKK+lTANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEV MBMGA1UEAwwMRm9ydGlHYXRlIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZv cnRpbmV0LmNvbTAeFw0xNzAxMjIxODMzNDlaFw0yNzAxMjMxODMzNDlaMIGlMQsw CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2 YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MRUwEwYDVQQDDAxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1 cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEArBqG7Y+bn1u4ivVBmiPoG0t4bSiaDuILAAc5OICB3dHWyobcEwLgH6xeTHIF tMcaU+ovFWC5vHdWj/j8gpYbQ93Md/tLrISgDGSUhTXl7/JgMaIJmm2RQ6ymIR0X VdFdKkeNdDchu92d3q52bljVAms9NQ5ROW7X7KIGSxdwJ52KXOFfQnlekCNTQInC cREyiHI45er7Aw/SfoFbKT8iB+wk7LG3FODN/Fg8RtDMdJ3g5U/OApWNe5DrDcrR HpJne0EcZ3DcejN9zvg45tQ0xCuFhuHBCsGizR8vokAKz7BGHc/NVwNtmZ98Ylf7 iFpiyS2bV4wbRik5ricFqtxRiQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqG SIb3DQEBBQUAA4IBAQBAINogQYTQzs7qFOehRl6G8FfB8Bsf+q+4MZ43NoRjUTOL hZ4NEcnuoryyAqpNndzAA69IB5TQuMMotMBqce34oXIbIv4FJGFJZ1+TO+7PzHgh 1Iw1Kjbr/Hn8rU7b3rHqHub1JPdoaqHQCWR92MY71VjF81SxB5PsGwhe3B3gBbmt XgCkaa5B9ZEkKF1+WU64n6d10ZVv8t4ubHz5RMQcJpQD/xxsAD4kgeOCT2gNPB7o joKgmOd1RNf5TOcfl0O9LGI4i+d2YIQOaN8R5xaKhNw5IV4OFJlb/YVfTr1dgciy qBakCqQLzunILC/+u2VkXhTbmwqhRhbP7W5iFcYo -----END CERTIFICATE-----" next edit "Fortinet_SSLProxy" set password ENC JhDbTdQSOxOjFXSugKIwknl78z8n6wE0eRKir2gDYIjaGFM07X+6xewGGyn0v3Gdn+FcPIu/VEcMcwg0l3fSsUmW9aiIvl+l8E2S8mNgpFbQzl5akKDXqqOPXNf5nS2UZ9KIh0F0s26h0XOtfsVDDuOA9tPESzq2p9TYonMB1e4509bTRJcGOaZs4ruSThQGnoJtgQ== set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQItWoLh6QZ9kkCAggA MBQGCCqGSIb3DQMHBAjhR8QuDIMoXASCBMjT4pv/g3z178rG+5qWQX9bDQACuflF boKHxdXOYQa/PY/K+QJRSkYJWdOZc+J3WCVUnlUhz8FcS+mtvF+z043GdisofcDE C0fafN0DYG9t02Fe+F3ctmAQhOhWVCWmHTZnN36xDpTMUtR/d8EJ8JePiJYcCcB+ BkCYpYZW77BpTibZSYRrnW/u2CRd5BBUmDed04oXPSQzFk8hMRQ/u4a+qprEaHAn egW11VAUTEROZC/Rgu6aANnDtNEweSwsYx03Josh0UhPH/aNCR3u4pEWpyweqwxc UcVEwYf9+91ii1XV9JWJ9GkqkN0HazZ4ZHXkVad9gKa+lMCk/Edu+mnwt4ODiZEP rwpTvA90W696TeNhhjfaZ854xmar6GeYsBl5EZ5KS+4Ln5HnDBy/VWgbUszTs6/K xn1FW4jiZQz2/nhGctXfjIU4ojKYGNo0/p0bFXigcvZziCIRL176gdYnffcV1hL7 oOu5ajVc8mX/IevxZbZ+DKrEP671uvnzAPtETpw/bFFfTl/9jGSqDKZxg2VPbzD4 WsUHqTTtRGomfeTvavWOmfHOAfvUoSm48Qr35SD1bviHJ/0cBkroABASe/PWA5O0 RVOaG+9xP/Z1DjB8AIbQvoBk7xoZeEQefVIChLVOYz9tf1rjjfFTMEenHoRCPVmp lApKq5h6NFkS1SrDPYHcuvl7uWcBxrq8tWtI00y31M1h0O1+AzBFphTycp4mqnW9 MSBaTBOoraTnf/CwwQ461VAfebMghijeWfGXOMK7TCxiMDYDxmltSbp9RmzZ4618 QPBW/V9O178Dl5HNaYPrGOJbo2TCEiDMlKwZ2tkVLNBF1faa9BF/hojdX+hJS581 DTu5U1KfSbOSH+Euw/ylpDOpDEeT/NGXzw2/SMYTI+vDRkqW0V/NntcFADpXNP4Y mmKJ/XUDYOzFmXTt8/1h8ODmAcm+5zBRLJmsjBPftLyk55Z10HEM1e6o8nR9OCj8 UIC+rGLd3c7hBIieIZqWnLHAxT3yRydcbJxDJBEj0/WpzJCNONLU31ioW2/83u0f TOe7KbnuFLcEDNP/ASDugcz+SAZH6tKh8Q+Eb9CpjYMefA9oBZXQXIZnoAggibrA rC8s6eJOKgKYVFZtGyf7xV5nRxPcd8EaTtqcjTEjhWpw26PkF28/34mlm2heldkd ZcBTP7ddJ/G0nBIJvda2hvYOcDQGlLCv4pGeKv4YUbJOje9lzmDm3Dbv5024Sc85 j5IOqvpORYExC/eJV1N2Z2A+k0WgDPlM2V/U3iy821ivCHntGEczcP0blSdqBU4e EAapUtaUFW1jwGw82r4Bj4mdXVeGfDvbuKDvy5ru9nVF/E0nkVjhJ0NXfnbF7pXz D5depdquUxLm7Rb90w7nxk1wErECUV8BXdbhHlHJsyMT0yjPy3VoPeA+A6JrsnHQ GM5XPt4mcvpgEzFN06hgHdLqlWVDXpDLv8O7Gmq+BBxeC2kRUui21uBJ9uYtMBn/ KxdTQ7VCrA+5jQJzk4RKtYWDPu2bgPiQWpBSEzPvVW39Sl2g7OQL15S9/Jq1DDgr 8GMI/n6VzP8HgHhzx7ETNbyv/eO+kVa+vXxa6fyql0hjZF5zohYM7pDSTWEUt3MC g2c= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEF9OK0DANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRm9y dGlHYXRlIFNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMTcwMTIyMTgzMzU0WhcNMjcwMTIzMTgzMzU0WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRm9y dGlHYXRlIFNlcnZlcjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhNQBrbkwGVwKJWe0d RgtVW5/oCfBS7V4S+7udRDNRbYo6JMFdf3v7jCI4b8S1uz+sEIIcxV+QFcxCcOdF M1aK81CeX4Pwb/5Uj5Y7m7zztonjUzX4Eh4Xz21MVWr11aUg3KaR3d/v9ABKppHu aLbos6wOCTrJzbj+/Fz9jvkw+DyorVrJOghcGKiigLLTnRwehz76VP5aT8hO8uNV s6i9tXsR07S99q4FP6E27Q8chxPLREUJWUeMFxiXKCXZgTCMlo0WxTNBA6xC71pn CqP1cUcW/AabUTaAWQnNjDy3Acl7ewOoelNcEGFsUEvQzqqTzjdt2uhcq/0U/Cls ZLTlAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBALfn0yM1 RlE0RxpB2WlzC5LLiQzxKhbfcbwepv2EO9IsAs/0Koe++NmedE9NPHTpMdLKkxjO mpVJVsX/D8uuOWGZxEjgEJnMJ5YBnxZWfTEnEmip898iSODj61ycUfmiW0IuGZzy 6iBd8f2scSxJtus/JIvBfvoyC3WDL2R4ErtPyVccYrQ5Q74ayK7SKyxrMmkjnWxi 4RGW+kTQ5g8sK+vgAS9I6l6A1cVElhVHpGEskF1ns1fTdTg4uwk1rIaHo53VIbtQ NMe1zG23dAAFoSq6w2Tui/xcTemqODSslGRbiwyOKfo4oxHDQ5zJaJX9VeKPIiaC xraLqST9ftdTo74= -----END CERTIFICATE-----" next end config user device-category edit "ipad" next edit "iphone" next edit "gaming-console" next edit "blackberry-phone" next edit "blackberry-playbook" next edit "linux-pc" next edit "mac" next edit "windows-pc" next edit "android-phone" next edit "android-tablet" next edit "media-streaming" next edit "windows-phone" next edit "windows-tablet" next edit "fortinet-device" next edit "ip-phone" next edit "router-nat-device" next edit "printer" next edit "other-network-device" next edit "collected-emails" next edit "all" next end config system session-sync end config system fortiguard set webfilter-sdns-server-ip "208.91.112.220" end config ips global set default-app-cat-mask 18446744073474670591 end config ips dbinfo set version 1 end config gui console unset preferences end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set syncinterval 60 end config system settings end config system dhcp server edit 1 set domain "icprod.testcompany.voip" set default-gateway 10.66.4.1 set netmask 255.255.255.0 set interface "VoIP_40" config ip-range edit 1 set start-ip 10.66.4.3 set end-ip 10.66.4.254 next end set timezone-option specify set timezone 12 set option1 66 '494350726f6434302e494350726f642e79776373732e766f6970' set option2 160 '687474703a2f2f494350726f6434302e494350726f642e79776373732e766f69703a38303838' set dns-server1 10.160.40.40 set dns-server2 10.160.40.55 set ntp-server1 10.160.40.55 next edit 2 set domain "testcompany.local" set default-gateway 10.66.5.1 set netmask 255.255.255.0 set interface "Data_50" config ip-range edit 1 set start-ip 10.66.5.100 set end-ip 10.66.5.254 next end set timezone-option specify set timezone 12 set option1 161 '0AA02890' set dns-server1 10.160.40.40 set dns-server2 10.160.40.55 set ntp-server1 10.160.40.55 next end config firewall address edit "SSLVPN_TUNNEL_ADDR1" set type iprange set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "all" next edit "none" set subnet 0.0.0.0 255.255.255.255 next edit "apple" set type fqdn set fqdn "*.apple.com" next edit "dropbox.com" set type fqdn set fqdn "*.dropbox.com" next edit "Gotomeeting" set type fqdn set fqdn "*.gotomeeting.com" next edit "icloud" set type fqdn set fqdn "*.icloud.com" next edit "itunes" set type fqdn set fqdn "*itunes.apple.com" next edit "android" set type fqdn set fqdn "*.android.com" next edit "skype" set type fqdn set fqdn "*.messenger.live.com" next edit "swscan.apple.com" set type fqdn set fqdn "swscan.apple.com" next edit "update.microsoft.com" set type fqdn set fqdn "update.microsoft.com" next edit "appstore" set type fqdn set fqdn "*.appstore.com" next edit "eease" set type fqdn set fqdn "*.eease.com" next edit "google-drive" set type fqdn set fqdn "*drive.google.com" next edit "google-play" set type fqdn set fqdn "play.google.com" next edit "google-play2" set type fqdn set fqdn "*.ggpht.com" next edit "google-play3" set type fqdn set fqdn "*.books.google.com" next edit "microsoft" set type fqdn set fqdn "*.microsoft.com" next edit "adobe" set type fqdn set fqdn "*.adobe.com" next edit "Adobe Login" set type fqdn set fqdn "*.adobelogin.com" next edit "fortinet" set type fqdn set fqdn "*.fortinet.com" next edit "googleapis.com" set type fqdn set fqdn "*.googleapis.com" next edit "citrix" set type fqdn set fqdn "*.citrixonline.com" next edit "verisign" set type fqdn set fqdn "*.verisign.com" next edit "Windows update 2" set type fqdn set fqdn "*.windowsupdate.com" next edit "*.live.com" set type fqdn set fqdn "*.live.com" next edit "auth.gfx.ms" set type fqdn set fqdn "auth.gfx.ms" next edit "autoupdate.opera.com" set type fqdn set fqdn "autoupdate.opera.com" next edit "softwareupdate.vmware.com" set type fqdn set fqdn "softwareupdate.vmware.com" next edit "firefox update server" set type fqdn set fqdn "aus*.mozilla.org" next edit "State_192.244.211.0" set subnet 192.244.211.0 255.255.255.0 next end config firewall multicast-address edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next end config firewall address6 edit "SSLVPN_TUNNEL_IPv6_ADDR1" set ip6 fdff:ffff::/120 next edit "all" next edit "none" set ip6 ::/128 next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 set udp-portrange 88 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set explicit-proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "block-p2p" config entries edit 1 set category 2 next end next edit "monitor-p2p-and-media" config entries edit 1 set category 2 set action pass next edit 2 set category 5 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "default" set comment "Log a summary of email and web traffic." set summary-proto smtp pop3 imap http-get http-post next edit "Content_Summary" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Content_Archive" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Large-File" config filter edit 1 set name "Large-File-Filter" set proto smtp pop3 imap http-get http-post mapi set filter-by file-size set file-size 5120 set action log-only next end next edit "Credit-Card" config filter edit 1 set name "Credit-Card-Filter" set severity high set proto smtp pop3 imap http-get http-post mapi set action log-only next edit 2 set name "Credit-Card-Filter" set severity high set type message set proto smtp pop3 imap http-post mapi set action log-only next end next edit "SSN-Sensor" set comment "Match SSN numbers but NOT WebEx invite emails." config filter edit 1 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by regexp set regexp "WebEx" next edit 2 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by ssn set action log-only next edit 3 set name "SSN-Sensor-Filter" set severity high set proto smtp pop3 imap http-get http-post ftp mapi set filter-by ssn set action log-only next end next end config webfilter content end config webfilter urlfilter end config spamfilter bword end config spamfilter bwl end config spamfilter mheader end config spamfilter dnsbl end config spamfilter iptrust end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next edit 3 set category 19 set level critical next end end config icap profile edit "default" next end config user local edit "guest" set type password set passwd ENC 45W4YI3ZWYlHPSdV1kZhbKHPB7wOPWfI/sjH+UFR6xmap6TOXQfq+SoWQSUHQyJT+xZiZBvSh+FsCw8pmec1ZnFZvxOtuAxSSdcEJFLeFmuywDp9jTF18v6tACt89fJZXguBDG34kKr0zF2xCIfoadpMJxSngsGId07LsXgAQSSXGsKZr/Iynf3y5PPl09wm8Lxtyw== next end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" set comment "Other devices." next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista-Win7" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista-Win7" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set page-layout double-column next end config vpn ssl settings set servercert "Fortinet_Factory" set port 443 end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter profile edit "default" set comment "Default web filtering." set post-action comfort config ftgd-wf config filters edit 1 set category 2 set action warning next edit 2 set category 7 set action warning next edit 3 set category 8 set action warning next edit 4 set category 9 set action warning next edit 5 set category 11 set action warning next edit 6 set category 12 set action warning next edit 7 set category 13 set action warning next edit 8 set category 14 set action warning next edit 9 set category 15 set action warning next edit 10 set category 16 set action warning next edit 11 set action warning next edit 12 set category 57 set action warning next edit 13 set category 63 set action warning next edit 14 set category 64 set action warning next edit 15 set category 65 set action warning next edit 16 set category 66 set action warning next edit 17 set category 67 set action warning next edit 18 set category 26 set action block next end end next edit "web-filter-flow" set comment "Flow-based web filter profile." set inspection-mode flow-based set post-action comfort config ftgd-wf config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next end end next edit "monitor-all" set comment "Monitor and log all visited URLs, proxy-based." config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next edit "flow-monitor-all" set comment "Monitor and log all visited URLs, flow-based." set inspection-mode flow-based config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next edit "block-security-risks" set comment "Block security risks." config ftgd-wf set options rate-server-ip config filters edit 1 set category 26 set action block next edit 2 set category 61 set action block next edit 3 set category 86 set action block next edit 4 set action warning next end end next end config webfilter override end config webfilter override-user end config webfilter ftgd-warning end config webfilter ftgd-local-rating end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname "www\\.bing\\.com" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch url set safesearch-str "&adlt=strict" next edit "yandex" set hostname "yandex\\..*" set url "^\\/(yand|images\\/|video\\/)(search)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*\\.youtube\\..*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config vpn ipsec phase1-interface edit "GASUW_200D" set interface "wan1" set remote-gw 67.220.123.75 set psksecret ENC IHRvbxP9r6V7mRo7/YcByucZBouwdH8QfV1JIVxywbD4PtBXP6YOmIFZ8TKgf+V7tzo1IjiK1RPUQphDs73mVHL0n0cjDll5cetvd7weyAjENaB57ChIJtp2dZlYbmKCNyBA9rIB5pWOi6FngX616trm4JQvn1PECzh+TySlgShVK2z1EZBt9+tDy2QUjjsra6TeeQ== next edit "KSOVP_200D" set interface "wan1" set comments "Backup" set remote-gw 209.208.149.52 set psksecret ENC IHRvbxP9r6V7mRo7/YcByucZBouwdH8QfV1JIVxywbD4PtBXP6YOmIFZ8TKgf+V7tzo1IjiK1RPUQphDs73mVHL0n0cjDll5cetvd7weyAjENaB57ChIJtp2dZlYbmKCNyBA9rIB5pWOi6FngX616trm4JQvn1PECzh+TySlgShVK2z1EZBt9+tDy2QUjjsra6TeeQ== next end config vpn ipsec phase2-interface edit "GASUW_Data_Center" set phase1name "GASUW_200D" set src-subnet 10.66.0.0 255.255.0.0 set dst-subnet 10.0.0.0 255.0.0.0 next edit "State_Printing" set phase1name "GASUW_200D" set src-subnet 10.66.0.0 255.255.0.0 set dst-subnet 199.244.211.0 255.255.255.0 next edit "KSOVP_200D" set phase1name "KSOVP_200D" set src-subnet 10.66.0.0 255.255.0.0 set dst-subnet 10.0.0.0 255.0.0.0 next end config antivirus settings set grayware enable end config antivirus profile edit "default" set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan end config pop3 set options scan end config smtp set options scan end next end config spamfilter profile edit "default" set comment "Malware and phishing URL filtering." next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" set day none next end config firewall vip edit "ADT_Camera" set extip 174.99.190.83 set extintf "any" set mappedip "10.66.3.10" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Deep inspection." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set fortiguard-category 87 next edit 4 set type address set address "apple" next edit 5 set type address set address "appstore" next edit 6 set type address set address "dropbox.com" next edit 7 set type address set address "Gotomeeting" next edit 8 set type address set address "icloud" next edit 9 set type address set address "itunes" next edit 10 set type address set address "android" next edit 11 set type address set address "skype" next edit 12 set type address set address "swscan.apple.com" next edit 13 set type address set address "update.microsoft.com" next edit 14 set type address set address "eease" next edit 15 set type address set address "google-drive" next edit 16 set type address set address "google-play" next edit 17 set type address set address "google-play2" next edit 18 set type address set address "google-play3" next edit 19 set type address set address "microsoft" next edit 20 set type address set address "adobe" next edit 21 set type address set address "Adobe Login" next edit 22 set type address set address "fortinet" next edit 23 set type address set address "googleapis.com" next edit 24 set type address set address "citrix" next edit 25 set type address set address "verisign" next edit 26 set type address set address "Windows update 2" next edit 27 set type address set address "*.live.com" next edit 28 set type address set address "auth.gfx.ms" next edit 29 set type address set address "autoupdate.opera.com" next edit 30 set type address set address "softwareupdate.vmware.com" next edit 31 set type address set address "firefox update server" next end next edit "certificate-inspection" set comment "SSL handshake inspection." config https set ports 443 set status certificate-inspection end config ftps set ports 990 set status disable end config imaps set ports 993 set status disable end config pop3s set ports 995 set status disable end config smtps set ports 465 set status disable end next end config firewall identity-based-route end config firewall policy edit 9 set srcintf "Data_50" "Mgmt_10" "Security_30" "VoIP_40" set dstintf "Data_50" "Mgmt_10" "Security_30" "VoIP_40" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next edit 3 set srcintf "Data_50" "Security_30" set dstintf "wan1" "usb-wan" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next edit 8 set srcintf "wan1" "usb-wan" set dstintf "Data_50" "Security_30" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next edit 4 set srcintf "VoIP_40" set dstintf "GASUW_200D" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next edit 5 set srcintf "GASUW_200D" set dstintf "VoIP_40" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next edit 2 set srcintf "internal" set dstintf "usb-wan" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next edit 6 set srcintf "Data_50" "Mgmt_10" "Security_30" "VoIP_40" "internal" set dstintf "GASUW_200D" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next edit 7 set srcintf "GASUW_200D" set dstintf "internal" "Data_50" "Mgmt_10" "Security_30" "VoIP_40" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next end config firewall local-in-policy end config firewall policy6 end config firewall local-in-policy6 end config firewall ttl-policy end config firewall policy64 end config firewall policy46 end config firewall explicit-proxy-policy end config firewall interface-policy end config firewall interface-policy6 end config firewall DoS-policy end config firewall DoS-policy6 end config firewall sniffer end config endpoint-control profile edit "default" config forticlient-winmac-settings set forticlient-wf-profile "default" end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "11n-only" set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP112B-default" config platform set type 112B end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP220B-default" set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FAP223B-default" config platform set type 223B end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FAP210B-default" config platform set type 210B end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP222B-default" config platform set type 222B end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11n-5G end next edit "FAP320B-default" config platform set type 320B end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FAP11C-default" config platform set type 11C end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP14C-default" config platform set type 14C end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP28C-default" config platform set type 28C end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP320C-default" config platform set type 320C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP221C-default" config platform set type 221C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP222C-default" config platform set type 222C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP224D-default" config platform set type 224D end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FK214B-default" config platform set type 214B end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP21D-default" config platform set type 21D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP24D-default" config platform set type 24D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP112D-default" config platform set type 112D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP223C-default" config platform set type 223C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPC220C-default" config platform set type C220C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPC225C-default" config platform set type C225C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next end config log memory setting set status enable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set gateway 174.99.190.81 set distance 1 set device "wan1" set comment "Default" next edit 2 set dst 10.0.0.0 255.0.0.0 set device "KSOVP_200D" set comment "Backup corporate route." next edit 3 set dst 10.0.0.0 255.0.0.0 set distance 1 set device "GASUW_200D" next edit 4 set dst 10.66.5.0 255.255.255.0 set gateway 10.66.5.2 set device "internal" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end end config router multicast end