FGT30B (10:37-02.27.2008)
Ver:04000002
Serial number:FGT30B3G08017074
RAM activation
Total RAM: 128MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Enabling Interrupts...Done.
Boot up, boot device capacity: 64MB.
Press any key to display configuration menu...
......
Reading boot image 1318147 bytes.
Initializing firewall...
System is started.
License is bad!
GMON01 login: admin
Password: **********
Welcome !
GMON01 # san identifiable IP
Unknown action 0
GMON01 # network info
Unknown action 0
GMON01 # show
#config-version=FGT30B-4.00-FW-build178-090820:opmode=0:vdom=0
#conf_file_ver=0
#buildno=0178
config system global
set hostname "GMON01"
set timezone 26
end
config system accprofile
edit "prof_admin"
set admingrp read-write
set authgrp read-write
set endpoint-control-grp read-write
set fwgrp read-write
set loggrp read-write
unset menu-file
set mntgrp read-write
set netgrp read-write
set routegrp read-write
set sysgrp read-write
set updategrp read-write
set utmgrp read-write
set vpngrp read-write
next
end
config system interface
edit "internal"
set ip 192.168.24.254 255.255.255.0
set allowaccess ping https ssh
set dns-query recursive
set type physical
next
edit "wan"
set ip 172.22.60.1 255.255.0.0
set allowaccess ping https ssh
set type physical
next
edit "modem"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
config dashboard
edit "sysinfo"
set column 1
next
edit "licinfo"
set column 1
next
edit "jsconsole"
set column 1
next
edit "sysres"
set column 1
next
edit "sysop"
set column 2
next
edit "alert"
set column 2
next
edit "statistics"
set column 2
next
end
set password ENC AK1uFqjymAx5QYqDbvBwJ72roQ1vIZosTYSkVlmd9Euxmk=
next
end
config system dns
set primary 172.28.103.1
set secondary 172.28.103.2
end
config system replacemsg mail "email-block"
set buffer "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been blocked. File quarantined as: \"%%QUARFILENAME%%\"."
set header 8bit
set format text
end
config system replacemsg mail "email-virus"
set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp"
set buffer "This email has been blocked. The email message appeared to contain a data leak."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-subject"
set buffer "Data leak detected!"
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-ban"
set buffer "This email has been blocked because a data leak was detected. Please contact your admin to be re-enabled."
set header 8bit
set format text
end
config system replacemsg mail "email-dlp-ban-sender"
set buffer "This email has been blocked because the sender has sent a data leak. Please contact your admin to be re-enabled."
set header 8bit
set format text
end
config system replacemsg mail "email-filesize"
set buffer "This email has been blocked. The email message is larger than the configured file size limit."
set header 8bit
set format text
end
config system replacemsg mail "partial"
set buffer "Fragmented emails are blocked."
set header 8bit
set format text
end
config system replacemsg mail "smtp-block"
set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%"
set header none
set format text
end
config system replacemsg mail "smtp-virus"
set buffer "The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined as %%QUARFILENAME%%"
set header none
set format text
end
config system replacemsg mail "smtp-filesize"
set buffer "This message is larger than the configured limit and has been blocked."
set header none
set format text
end
config system replacemsg http "bannedword"
set buffer "
The page you requested has been blocked because it contains a banned word. URL = http://%%URL%%"
set header http
set format html
end
config system replacemsg http "url-block"
set buffer "The URL you requested has been blocked. URL = %%URL%%"
set header http
set format html
end
config system replacemsg http "infcache-block"
set buffer "High security alert!!!
The URL you requested was previously found to be infected.
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-block"
set buffer " High security alert!!!
You are not permitted to download the file \"%%FILE%%\".
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-virus"
set buffer "High security alert!!!
You are not permitted to download the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
URL = http://%%URL%%
File quarantined as: %%QUARFILENAME%%.
"
set header http
set format html
end
config system replacemsg http "http-filesize"
set buffer " Attention!!!
The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-dlp"
set buffer " Attention!!!
The transfer attempted appeared to contain a data leak!
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-dlp-ban"
set buffer " Attention!!!
Your user authentication or IP address has been banned due to a detected data leak. You need an admin to re-enable your computer
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-contenttypeblock"
set buffer " Attention!!!
Content-type not permitted."
set header http
set format html
end
config system replacemsg http "http-client-block"
set buffer "
High security alert!!!
You are not permitted to upload the file \"%%FILE%%\".
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-client-virus"
set buffer "High security alert!!!
You are not permitted to upload the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
URL = http://%%URL%%
File quarantined as: %%QUARFILENAME%%.
"
set header http
set format html
end
config system replacemsg http "http-client-filesize"
set buffer " Attention!!!
Your request has been blocked. The request is larger than the configured file size limit.
URL = http://%%URL%%
"
set header http
set format html
end
config system replacemsg http "http-client-bannedword"
set buffer "The page you uploaded has been blocked because it contains a banned word. URL = http://%%URL%%"
set header http
set format html
end
config system replacemsg http "http-post-block"
set buffer "HTTP POST action is not allowed for policy reasons."
set header http
set format html
end
config system replacemsg ftp "ftp-dl-infected"
set buffer "Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-blocked"
set buffer "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-filesize"
set buffer "File size limit exceeded."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-dlp"
set buffer "Transfer failed. Data leak detected \"%%FILE%%\"."
set header none
set format text
end
config system replacemsg ftp "ftp-dl-dlp-ban"
set buffer "Transfer failed. You are banned from transmitting due to a detected data leak. Contact your admin to be re-enabled."
set header none
set format text
end
config system replacemsg nntp "nntp-dl-infected"
set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"."
set header none
set format text
end
config system replacemsg nntp "nntp-dl-blocked"
set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%"
set header none
set format text
end
config system replacemsg nntp "nntp-dl-filesize"
set buffer "This article has been blocked. The article is larger than the configured file size limit."
set header none
set format text
end
config system replacemsg nntp "nntp-dlp"
set buffer "This article has been blocked. It appears to contain a data leak."
set header none
set format text
end
config system replacemsg nntp "nntp-dlp-subject"
set buffer "Data leak detected!"
set header none
set format text
end
config system replacemsg nntp "nntp-dlp-ban"
set buffer "this article has been blocked. The user is banned for sending a data leak. Please contact your admin to be re-enabled."
set header none
set format text
end
config system replacemsg fortiguard-wf "ftgd-block"
set buffer "Web Filter Violation%%FORTIGUARD_WF%% | %%FORTINET%% |
Web Page Blocked |
You have tried to access a web page which is in violation of your internet usage policy.
URL: %%URL%%
Category: %%CATEGORY%%
To have the rating of this web page re-evaluated please click here.
%%OVERRIDE%%
Powered by %%SERVICE%%."
set header http
set format html
end
config system replacemsg fortiguard-wf "http-err"
set buffer "%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%%%FORTIGUARD_WF%% | %%FORTINET%% |
%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%% |
The webserver for %%URL%% reported that an error occurred while trying to access the website. Please click here to return to the previous page.
Powered by %%SERVICE%%."
set header http
set format html
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
set buffer "Web Filter Block Override%%FORTIGUARD_WF%% | %%FORTINET%% |
Web Filter Block Override |
If you have been granted override creation privileges by your administrator, you can enter your username and password here to gain immediate access to the blocked web-page. If you do not have these privileges, please contact your administrator to gain access to the web-page.
|
%%OVRD_FORM%% |
Powered by %%SERVICE%%."
set header http
set format html
end
config system replacemsg spam "ipblocklist"
set buffer "Mail from this IP address is not allowed and has been blocked."
set header none
set format text
end
config system replacemsg spam "smtp-spam-dnsbl"
set buffer "This message has been blocked because it is from a DNSBL/ORDBL IP address."
set header none
set format text
end
config system replacemsg spam "smtp-spam-feip"
set buffer "This message has been blocked because it is from a FortiGuard - AntiSpam black IP address."
set header none
set format text
end
config system replacemsg spam "smtp-spam-helo"
set buffer "This message has been blocked because the HELO/EHLO domain is invalid."
set header none
set format text
end
config system replacemsg spam "smtp-spam-emailblack"
set buffer "Mail from this email address is not allowed and has been blocked."
set header none
set format text
end
config system replacemsg spam "smtp-spam-mimeheader"
set buffer "This message has been blocked because it contains an invalid header."
set header none
set format text
end
config system replacemsg spam "reversedns"
set buffer "This message has been blocked because the return email domain is invalid."
set header none
set format text
end
config system replacemsg spam "smtp-spam-bannedword"
set buffer "This message has been blocked because it contains a banned word."
set header none
set format text
end
config system replacemsg spam "smtp-spam-ase"
set buffer "This message has been blocked because ASE reports it as spam. "
set header none
set format text
end
config system replacemsg spam "submit"
set buffer "If this email is not spam, click here to submit the signatures to FortiGuard - AntiSpam Service."
set header none
set format text
end
config system replacemsg im "im-file-xfer-block"
set buffer "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
set header none
set format text
end
config system replacemsg im "im-file-xfer-name"
set buffer "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the configured file name block list."
set header none
set format text
end
config system replacemsg im "im-file-xfer-infected"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%."
set header none
set format text
end
config system replacemsg im "im-file-xfer-size"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the configured limit."
set header none
set format text
end
config system replacemsg im "im-dlp"
set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" contains a data leak."
set header none
set format text
end
config system replacemsg im "im-dlp-ban"
set buffer "Transfer %%ACTION%%. The user is banned because of a detected data leak."
set header none
set format text
end
config system replacemsg im "im-voice-chat-block"
set buffer "Connection failed. You are not permitted to use voice chat."
set header none
set format text
end
config system replacemsg im "im-photo-share-block"
set buffer "Photo sharing failed. You are not permitted to share photo."
set header none
set format text
end
config system replacemsg im "im-long-chat-block"
set buffer "Message blocked. The message is longer than the configured limit."
set header none
set format text
end
config system replacemsg alertmail "alertmail-virus"
set buffer "Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% "
set header none
set format text
end
config system replacemsg alertmail "alertmail-block"
set buffer "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% "
set header none
set format text
end
config system replacemsg alertmail "alertmail-nids-event"
set buffer "The following intrusion was observed: %%NIDS_EVENT%%."
set header none
set format text
end
config system replacemsg alertmail "alertmail-crit-event"
set buffer "The following critical firewall event was detected: %%CRITICAL_EVENT%%."
set header none
set format text
end
config system replacemsg alertmail "alertmail-disk-full"
set buffer "The log disk is Full."
set header none
set format text
end
config system replacemsg admin "admin-disclaimer-text"
set buffer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G
This is a private computer system. Unauthorized access or use
is prohibited and subject to prosecution and/or disciplinary
action. All use of this system constitutes consent to
monitoring at all times and users are not entitled to any
expectation of privacy. If monitoring reveals possible evidence
of violation of criminal statutes, this evidence and any other
related information, including identification information about
the user, may be provided to law enforcement officials.
If monitoring reveals violations of security regulations or
unauthorized use, employees who violate security regulations or
make unauthorized use of this system are subject to appropriate
disciplinary action.
W A R N I N G W A R N I N G W A R N I N G W A R N I N G
"
set header none
set format text
end
config system replacemsg auth "auth-disclaimer-page-1"
set buffer "Firewall Disclaimer"
set header http
set format html
end
config system replacemsg auth "auth-disclaimer-page-2"
set buffer ''
set header http
set format html
end
config system replacemsg auth "auth-disclaimer-page-3"
set buffer ''
set header http
set format html
end
config system replacemsg auth "auth-reject-page"
set buffer "Firewall Disclaimer Declined"
set header http
set format html
end
config system replacemsg auth "auth-login-page"
set buffer "Firewall Authentication"
set header http
set format html
end
config system replacemsg auth "auth-login-failed-page"
set buffer "Firewall Authentication"
set header http
set format html
end
config system replacemsg auth "auth-challenge-page"
set buffer "Firewall Authentication"
set header http
set format html
end
config system replacemsg auth "auth-keepalive-page"
set buffer "
Firewall Authentication Keepalive Window
This browser window is used to keep your authentication session active.
Please leave it open in the background and open a new window to continue.
Authentication Refresh in %%TIMEOUT%% seconds
logout
|
"
set header http
set format html
end
config system replacemsg ec "endpt-download-portal"
set buffer "Endpoint Security RequiredEndpoint Security Required | |
The security policy requires the latest FortiClient Endpoint Security software and antivirus signature package to be installed.
Installing FortiClient requires that you have administrator privileges on your computer. If you do not, please contact your network administrator to have FortiClient installed.
The installer may be downloaded using the following link: %%LINK%% Installation instructions:
- For Internet Explorer:
- Click the above link to download the installer
- When Internet Explorer asks what action you would like to take, click \"Run\"
- For Firefox:
- Click the above link to download the installer
- Save the installer and note the location it is saved to
- Open the folder containing the installer and run it
FortiClient installation may take a few minutes. Thank you for your patience.
| |
|
|
"
set header http
set format html
end
config system replacemsg ec "endpt-recommendation-portal"
set buffer "Endpoint Security RequiredEndpoint Security Required | |
The use of this security policy recommends that the latest FortiClient Endpoint Security software and antivirus signature package are installed.
Installing FortiClient requires that you have administrator privileges on your computer. If you do not, please contact your network administrator to have FortiClient installed.
The installer may be downloaded using the following link: %%LINK%% Installation instructions:
- For Internet Explorer:
- Click the above link to download the installer
- When Internet Explorer asks what action you would like to take, click \"Run\"
- For Firefox:
- Click the above link to download the installer
- Save the installer and note the location it is saved to
- Open the folder containing the installer and run it
FortiClient installation may take a few minutes. Thank you for your patience.
| |
| Continue to %%DST_ADDR_LABEL%% | |
|
"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-virus"
set buffer "Virus Quarantine
A virus was detected, originating from your system. Please contact the system administrator.
"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-dos"
set buffer "Attack DetectedBlocked because of DoS Attack |
A DoS attack was detected, originating from your system. Please contact the system administrator.
"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-ips"
set buffer "Attack DetectedBlocked because of IPS attack |
An attack was detected, originating from your system. Please contact the system administrator.
"
set header http
set format html
end
config system replacemsg nac-quar "nac-quar-dlp"
set buffer "Data Leak DetectedBlocked because of data leak |
A data leak was detected, originating from your system. Please contact the system administrator.
"
set header http
set format html
end
config system replacemsg traffic-quota "per-ip-shaper-block"
set buffer "Traffic Quota ControlTraffic blocked because of exceed quota |
Traffic blocked because of exceed per IP traffic shaper quota. Please contact the system administrator.
%%QUOTA_INFO%%
"
set header http
set format html
end
config system replacemsg traffic-quota "traffic-shaper-block"
set buffer "Traffic Quota ControlTraffic blocked because of exceed quota |
Traffic blocked because of exceed shared traffic shaper quota. Please contact the system administrator.
%%QUOTA_INFO%%
"
set header http
set format html
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSLProxy"
set password ENC 0iC+FuzvRhthqgNoUgY7H/51nh2zV2vVxkxJt8jBCwQR/ro5hvGxvpo+9eWSOVGYtiNhjOjgymDHWmCpoSW48Hpf401KIOWc0ocTjzyJvx+fHBqk
set comments "This certificate is embedded in the firmware and is the same on every unit (not unique). This is the default CA certificate the SSL Inspection will use when generating new server certificates."
next
end
config gui console
unset preferences
end
config system session-helper
edit 1
set name pptp
set port 1723
set protocol 6
next
edit 2
set name h323
set port 1720
set protocol 6
next
edit 3
set name ras
set port 1719
set protocol 17
next
edit 4
set name tns
set port 1521
set protocol 6
next
edit 5
set name tftp
set port 69
set protocol 17
next
edit 6
set name rtsp
set port 554
set protocol 6
next
edit 7
set name rtsp
set port 7070
set protocol 6
next
edit 8
set name rtsp
set port 8554
set protocol 6
next
edit 9
set name ftp
set port 21
set protocol 6
next
edit 10
set name mms
set port 1863
set protocol 6
next
edit 11
set name pmap
set port 111
set protocol 6
next
edit 12
set name pmap
set port 111
set protocol 17
next
edit 13
set name sip
set port 5060
set protocol 17
next
edit 14
set name dns-udp
set port 53
set protocol 1 7
next
edit 15
set name rsh
set port 514
set protocol 6
next
edit 16
set name rsh
set port 512
set protocol 6
next
edit 17
set name dcerpc
set port 135
set protocol 6
next
edit 18
set name dcerpc
set port 135
set protocol 17
next
edit 19
set name mgcp
set port 2427
set protocol 17
next
edit 20
set name mgcp
set port 2727
set protocol 17
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
config ntpserver
edit 1
set server "pool.ntp.org"
next
end
set syncinterval 60
end
config antivirus service "http"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "https"
end
config antivirus service "ftp"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "pop3"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "imap"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "smtp"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "nntp"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
config antivirus service "im"
set scan-bzip2 disable
set uncompnestlimit 12
set uncompsizelimit 10
end
#config-version=FGT30B-4.00-FW-build178-090820:opmode=1:vdom=0
#conf_file_ver=0
#buildno=0178
config firewall address
edit "all"
next
edit "Telemetrie"
set associated-interface "internal"
set subnet 192.168.24.0 255.255.255.0
next
edit "wnts25"
set subnet 10.203.80.25 255.255.255.255
next
edit "GH"
set subnet 172.22.0.0 255.255.0.0
next
edit "GH Fat"
set subnet 172.22.0.0 255.255.0.0
next
edit "GW"
set subnet 172.22.254.254 255.255.255.255
next
edit "10.28.128.102"
set subnet 10.28.128.102 255.255.255.255
next
edit "wnb062"
set subnet 172.22.161.195 255.255.255.255
next
end
config firewall address6
edit "all"
next
end
config ips sensor
edit "all_default"
set comment "all predefined signatures with default setting"
config filter
edit "1"
next
end
next
edit "all_default_pass"
set comment "all predefined signatures with PASS action"
config filter
edit "1"
set action pass
next
end
next
edit "protect_http_server"
set comment "protect against HTTP server-side vulnerabilities"
config filter
edit "1"
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "protect against EMail server-side vulnerabilities"
config filter
edit "1"
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "protect against client-side vulnerabilities"
config filter
edit "1"
set location cl ient
next
end
next
end
config ips DoS
edit "all_default"
config anomaly
edit "tcp_syn_flood"
set status enable
set threshold 2000
next
edit "tcp_port_scan"
set status enable
set threshold 1000
next
edit "tcp_src_session"
set status enable
set threshold 5000
next
edit "tcp_dst_session"
set status enable
set threshold 5000
next
edit "udp_flood"
set status enable
set threshold 2000
next
edit "udp_scan"
set status enable
set threshold 2000
next
edit "udp_src_session"
set status enable
set threshold 5000
next
edit "udp_dst_session"
set status enable
set threshold 5000
next
edit "icmp_flood"
set status enable
set threshold 250
next
edit "icmp_sweep"
set status enable
set threshold 100
next
edit "icmp_src_session"
set status enable
set threshold 300
next
edit "icmp_dst_session"
set status enable
set threshold 1000
next
end
next
edit "block_flood"
config anomaly
edit "tcp_syn_flood"
set status enable
set action block
set threshold 2000
next
edit "tcp_port_scan"
set threshold 1000
next
edit "tcp_src_session"
set threshold 5000
next
edit "tcp_dst_session"
set threshold 5000
next
edit "udp_flood"
set status enable
set action block
set threshold 2000
next
edit "udp_scan"
set threshold 2000
next
edit "udp_src_session"
set threshold 5000
next
edit "udp_dst_session"
set threshold 5000
next
edit "icmp_flood"
set status enable
set action block
set threshold 250
next
edit "icmp_sweep"
set threshold 100
next
edit "icmp_src_session"
set threshold 300
next
edit "icmp_dst_session"
set threshold 1000
next
end
next
end
config antivirus filepattern
edit 1
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
n ext
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
set name "builtin-patterns"
next
end
config dlp rule
edit "All-Email"
set protocol email
set sub-protocol smtp pop3 imap
set field always
next
edit "All-HTTP"
set protocol http
set sub-protocol http-get http-post
set field always
next
edit "All-FTP"
set protocol ftp
set sub-protocol ftp-get ftp-put
set field always
next
edit "All-NNTP"
set protocol nntp
set field always
next
edit "All-IM"
set protocol im
set sub-protocol aim icq msn ym
set field always
next
edit "All-Session-Control"
set protocol session-ctrl
set sub-protocol sip simple sccp
set field always
next
edit "HTTP-Visa-Mastercard"
set protocol http
set sub-protocol http-post
set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\b)"
next
edit "HTTP-AmEx"
set protocol http
set sub-protocol http-post
set regexp "(\\W|\\b)3[47]\\d{2}([ \\-]?)\\d{6}\\2\\d{5}(\\W|\\b)"
next
edit "HTTP-Canada-SIN"
set protocol http
set sub-protocol http-post
set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)"
next
edit "HTTP-US-SSN"
set protocol http
set sub-protocol http-post
set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}(\\b|\\W)"
next
edit "HTTP-Post-Not-Webex"
set protocol http
set sub-protocol http-post
set regexp "WebEx"
set regexp-negated enable
set regexp-wildcard enable
next
edit "Email-AmEx"
set protocol email
set sub-protocol smtp pop3 imap
set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\b)"
next
edit "Email-Visa-Mastercard"
set protocol email
set sub-protocol smtp pop3 imap
set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?)\\d{4}(\\3\\d{4}){2}(\\W|\\b)"
next
edit "Email-Canada-SIN"
set protocol email
set sub-protocol smtp pop3 imap
set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)"
next
edit "Email-US-SSN"
set protocol email
set sub-protocol smtp pop3 imap
set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}(\\b|\\W)"
next
edit "Email-Not-Webex"
set protocol email
set sub-protocol smtp pop3 imap
set regexp "WebEx"
set regexp-negated enable
set regexp-wildcard enable
next
edit "Large-Attachment"
set protocol email
set sub-protocol smtp pop3 imap
set field attachment-size
set value 5120
set operator greater-equal
next
edit "Large-FTP-Put"
set protocol ftp
set sub-protocol ftp-put
set field transfer-size
set value 5120
set operator greater-equal
next
edit "Large-HTTP-Post"
set protocol http
set sub-protocol http-post
set field transfer-size
set value 5120
set operator greater-equal
next
end
config dlp compound
edit "Email-SIN"
set comment "Emails containing canadian SIN but are not WebEx invites"
set protocol email
set sub-protocol smtp pop3 imap
set member "Email-Canada-SIN" "Email-Not-Webex"
next
edit "HTTP-Post-SIN"
set comment "Posts containing canadian SIN but are not WebEx invites"
set protocol http
set sub-protocol http-post
set member "HTTP-Canada-SIN" "HTTP-Post-Not-Webex"
next
end
config dlp sensor
edit "Content_Summary"
config rule
edit "All-Email"
next
edit "All-FTP"
next
edit "All-HTTP"
next
edit "All-IM"
next
edit "All-NNTP"
next
end
next
edit "Content_Archive"
config rule
edit "All-Email"
set archive enable
next
edit "All-FTP"
set archive enable
next
edit "All-HTTP"
set archive enable
next
edit "All-IM"
set archive enable
next
end
next
edit "Large-File"
config rule
edit "Large-Attachment"
next
edit "Large-FTP-Put"
next
edit "Large-HTTP-Post"
next
end
next
edit "Credit-Card"
config rule
edit "Email-AmEx"
next
edit "Email-Visa-Mastercard"
next
edit "HTTP-AmEx"
next
edit "HTTP-Visa-Mastercard"
next
end
next
edit "SSN-Sensor"
config rule
edit "Email-US-SSN"
next
edit "HTTP-US-SSN"
next
end
config compound-rule
edit "Email-SIN"
set status enable
next
edit "HTTP-Post-SIN"
set status enable
next
end
next
end
config webfilter content
end
config webfilter urlfilter
end
config spamfilter bword
end
config spamfilter emailbwl
end
config spamfilter ipbwl
end
config spamfilter mheader
end
config spamfilter dnsbl
end
config spamfilter iptrust
end
config firewall profile
edit "strict"
config log
set log-web-ftgd-err enable
end
set ftp block oversize scan splice
set http block oversize scan activexfilter bannedword cookiefilter javafilter rangeblock urlfilter
unset https
set imap block oversize scan bannedword spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl spamhdrcheck spamraddrdns
set pop3 block oversize scan bannedword spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl spamhdrcheck spamraddrdns
set smtp block oversize scan bannedword spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl spamhdrcheck spamhelodns spamipbwl spamraddrdns spamrbl splice
set nntp block oversize scan
config app-recognition
edit "http"
set port 80
next
edit "https"
set port 443
next
edit "smtp"
set port 25
next
edit "pop3"
set port 110
next
edit "imap"
set port 143
next
edit "nntp"
set port 119
next
edit "ftp"
set port 21
next
end
set im block oversize scan
unset http-post-lang
set ftgd-wf-options strict-blocking
set ftgd-wf-https-options strict-blocking
next
edit "scan"
config log
set log-web-ftgd-err enable
end
set ftp scan splice
set http scan rangeblock
unset https
set imap scan
set pop3 scan
set smtp scan splice
set nntp scan
config app-recognition
edit "http"
set port 80
next
edit "https"
set port 443
next
edit "smtp"
set port 25
next
edit "pop3"
set port 110
next
edit "imap"
set port 143
next
edit "nntp"
set port 119
next
edit "ftp"
set port 21
next
end
set im scan
unset http-post-lang
set ftgd-wf-options strict-blocking
set ftgd-wf-https-options strict-blocking
next
edit "web"
config log
set log-web-ftgd-err enable
end
set ftp splice
set http scan bannedword rangeblock urlfilter
unset https
set imap fragmail
set pop3 fragmail
set smtp fragmail splice
unset nntp
config app-recognition
edit "http"
set port 80
next
edit "https"
set port 443
next
edit "smtp"
set port 25
next
edit "pop3"
set port 110
next
edit "imap"
set port 143
next
edit "nntp"
set port 119
next
edit "ftp"
set port 21
next
end
unset im
unset http-post-lang
set ftgd-wf-options strict-blocking
set ftgd-wf-https-options strict-blocking
next
edit "unfiltered"
config log
set log-web-ftgd-err enable
end
set ftp no-content-summary
set http no-content-summary
set https no-content-summary
set imap fragmail no-content-summary
set pop3 fragmail no-content-summary
set smtp fragmail no-content-summary splice
set nntp no-content-summary
config app-recognition
edit "http"
set port 80
next
edit "https"
set port 443
next
edit "smtp"
set port 25
next
edit "pop3"
set port 110
next
edit "imap"
set port 143
next
edit "nntp"
set port 119
next
edit "ftp"
set port 21
next
end
unset im
unset http-post-lang
set ftgd-wf-options strict-blocking
set ftgd-wf-https-options strict-blocking
next
end
config user group
edit "FSAE_Guest_Users"
set group-type directory-service
next
end
config webfilter ftgd-ovrd
end
config webfilter ftgd-ovrd-user
end
config webfilter ftgd-local-rating
end
config endpoint-control app-detect rule-list
edit "Block_P2P_application"
config entries
edit 1
set category 15
set status running
next
end
set comment "deny access from endpoints running P2P applications"
set other-application-action allow
next
edit "Monitor_Microsoft_Office"
config entries
edit 1
set category 31
set vendor 53
set action monitor
next
end
set comment "monitor installed Microsoft Office applications"
set other-application-action allow
next
edit "Monitor_game"
config entries
edit 1
set category 20
set action monitor
set status running
next
end
set comment "monitor running games"
set other-application-action allow
next
edit "Monitor_Internet_browser"
config entries
edit 1
set category 12
set action monitor
next
end
set comment "monitor installed Internet browsers"
set other-application-action allow
next
end
config endpoint-control profile
edit "Recommend_FortiClient"
next
edit "Enforce_FortiClient_AV"
set feature-enforcement enable
set recommendation-disclaimer disable
set require-av enable
next
edit "P2P_application_detection"
set application-detection enable
set application-detection-rule-list "Block_P2P_application"
next
end
config firewall service custom
edit "Telemetrie"
set protocol TCP/UDP
set tcp-portrange 137-139:1-65535 445-445:1-65535
next
edit "139"
set protocol TCP/UDP
set tcp-portrange 139-139:1-65535
next
edit "445"
set protocol TCP/UDP
set tcp-portrange 445-445:1-65535
next
edit "137"
set protocol TCP/UDP
set udp-portrange 137-138:1-65535
next
edit "8051"
set protocol TCP/UDP
set tcp-portrange 8051-8051:1-65535
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
end
config firewall policy
edit 1
set srcintf "internal"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set status disable
set schedule "always"
set service "ANY"
set nat enable
next
edit 6
set srcintf "wan"
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set status disable
set schedule "always"
set service "ANY"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 2
set srcintf "wan"
set dstintf "internal"
set srcaddr "wnts25"
set dstaddr "Telemetrie"
set action accept
set status disable
set schedule "always"
set service "PING"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 3
set srcintf "wan"
set dstintf "internal"
set srcaddr "GH"
set dstaddr "Telemetrie"
set action accept
set schedule "always"
set service "HTTPS" "PING"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 5
set srcintf "internal"
set dstintf "wan"
set srcaddr "Telemetrie"
set dstaddr "wnts25"
set action accept
set schedule "always"
set service "PING"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 4
set srcintf "internal"
set dstintf "wan"
set srcaddr "Telemetrie"
set dstaddr "GH"
set action accept
set schedule "always"
set service "PING" "MS-SQL" "139" "DNS" "8051"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 7
set srcintf "internal"
set dstintf "wan"
set srcaddr "Telemetrie"
set dstaddr "GH"
set action accept
set status disable
set schedule "always"
set service "139" "8051" "DNS"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 8
set srcintf "wan"
set dstintf "internal"
set srcaddr "wnts25"
set dstaddr "Telemetrie"
set action accept
set schedule "always"
set service "137" "139" "445" "PING"
set profile-status enable
set profile "unfiltered"
set nat enable
next
edit 9
set srcintf "wan"
set dstintf "internal"
set srcaddr "wnb062"
set dstaddr "Telemetrie"
set action accept
set status disable
set schedule "always"
set service "137" "139" "445" "PING" "HTTP"
set profile-status enable
set profile "unfiltered"
set nat enable
next
end
config firewall policy6
end
config firewall interface-policy
end
config firewall interface-policy6
end
config firewall sniff-interface-policy
end
config firewall sniff-interface-policy6
end
config router static
edit 1
set device "wan"
set gateway 172.22.254.254
set weight 50
next
end
GMON01 #