FGT30B (10:37-02.27.2008) Ver:04000002 Serial number:FGT30B3G08017074 RAM activation Total RAM: 128MB Enabling cache...Done. Scanning PCI bus...Done. Allocating PCI resources...Done. Enabling PCI resources...Done. Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Enabling Interrupts...Done. Boot up, boot device capacity: 64MB. Press any key to display configuration menu... ...... Reading boot image 1318147 bytes. Initializing firewall... System is started. License is bad! GMON01 login: admin Password: ********** Welcome ! GMON01 # san identifiable IP Unknown action 0 GMON01 # network info Unknown action 0 GMON01 # show #config-version=FGT30B-4.00-FW-build178-090820:opmode=0:vdom=0 #conf_file_ver=0 #buildno=0178 config system global set hostname "GMON01" set timezone 26 end config system accprofile edit "prof_admin" set admingrp read-write set authgrp read-write set endpoint-control-grp read-write set fwgrp read-write set loggrp read-write unset menu-file set mntgrp read-write set netgrp read-write set routegrp read-write set sysgrp read-write set updategrp read-write set utmgrp read-write set vpngrp read-write next end config system interface edit "internal" set ip 192.168.24.254 255.255.255.0 set allowaccess ping https ssh set dns-query recursive set type physical next edit "wan" set ip 172.22.60.1 255.255.0.0 set allowaccess ping https ssh set type physical next edit "modem" next end config system admin edit "admin" set accprofile "super_admin" config dashboard edit "sysinfo" set column 1 next edit "licinfo" set column 1 next edit "jsconsole" set column 1 next edit "sysres" set column 1 next edit "sysop" set column 2 next edit "alert" set column 2 next edit "statistics" set column 2 next end set password ENC AK1uFqjymAx5QYqDbvBwJ72roQ1vIZosTYSkVlmd9Euxmk= next end config system dns set primary 172.28.103.1 set secondary 172.28.103.2 end config system replacemsg mail "email-block" set buffer "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been blocked. File quarantined as: \"%%QUARFILENAME%%\"." set header 8bit set format text end config system replacemsg mail "email-virus" set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"." set header 8bit set format text end config system replacemsg mail "email-dlp" set buffer "This email has been blocked. The email message appeared to contain a data leak." set header 8bit set format text end config system replacemsg mail "email-dlp-subject" set buffer "Data leak detected!" set header 8bit set format text end config system replacemsg mail "email-dlp-ban" set buffer "This email has been blocked because a data leak was detected. Please contact your admin to be re-enabled." set header 8bit set format text end config system replacemsg mail "email-dlp-ban-sender" set buffer "This email has been blocked because the sender has sent a data leak. Please contact your admin to be re-enabled." set header 8bit set format text end config system replacemsg mail "email-filesize" set buffer "This email has been blocked. The email message is larger than the configured file size limit." set header 8bit set format text end config system replacemsg mail "partial" set buffer "Fragmented emails are blocked." set header 8bit set format text end config system replacemsg mail "smtp-block" set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%" set header none set format text end config system replacemsg mail "smtp-virus" set buffer "The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined as %%QUARFILENAME%%" set header none set format text end config system replacemsg mail "smtp-filesize" set buffer "This message is larger than the configured limit and has been blocked." set header none set format text end config system replacemsg http "bannedword" set buffer "The page you requested has been blocked because it contains a banned word. URL = http://%%URL%%" set header http set format html end config system replacemsg http "url-block" set buffer "The URL you requested has been blocked. URL = %%URL%%" set header http set format html end config system replacemsg http "infcache-block" set buffer "

High security alert!!!

The URL you requested was previously found to be infected.

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-block" set buffer "

High security alert!!!

You are not permitted to download the file \"%%FILE%%\".

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-virus" set buffer "

High security alert!!!

You are not permitted to download the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".

URL = http://%%URL%%

File quarantined as: %%QUARFILENAME%%.

" set header http set format html end config system replacemsg http "http-filesize" set buffer "

Attention!!!

The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-dlp" set buffer "

Attention!!!

The transfer attempted appeared to contain a data leak!

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-dlp-ban" set buffer "

Attention!!!

Your user authentication or IP address has been banned due to a detected data leak. You need an admin to re-enable your computer

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-contenttypeblock" set buffer "

Attention!!!

Content-type not permitted." set header http set format html end config system replacemsg http "http-client-block" set buffer "

High security alert!!!

You are not permitted to upload the file \"%%FILE%%\".

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-client-virus" set buffer "

High security alert!!!

You are not permitted to upload the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".

URL = http://%%URL%%

File quarantined as: %%QUARFILENAME%%.

" set header http set format html end config system replacemsg http "http-client-filesize" set buffer "

Attention!!!

Your request has been blocked. The request is larger than the configured file size limit.

URL = http://%%URL%%

" set header http set format html end config system replacemsg http "http-client-bannedword" set buffer "The page you uploaded has been blocked because it contains a banned word. URL = http://%%URL%%" set header http set format html end config system replacemsg http "http-post-block" set buffer "HTTP POST action is not allowed for policy reasons." set header http set format html end config system replacemsg ftp "ftp-dl-infected" set buffer "Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%." set header none set format text end config system replacemsg ftp "ftp-dl-blocked" set buffer "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." set header none set format text end config system replacemsg ftp "ftp-dl-filesize" set buffer "File size limit exceeded." set header none set format text end config system replacemsg ftp "ftp-dl-dlp" set buffer "Transfer failed. Data leak detected \"%%FILE%%\"." set header none set format text end config system replacemsg ftp "ftp-dl-dlp-ban" set buffer "Transfer failed. You are banned from transmitting due to a detected data leak. Contact your admin to be re-enabled." set header none set format text end config system replacemsg nntp "nntp-dl-infected" set buffer "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"." set header none set format text end config system replacemsg nntp "nntp-dl-blocked" set buffer "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%" set header none set format text end config system replacemsg nntp "nntp-dl-filesize" set buffer "This article has been blocked. The article is larger than the configured file size limit." set header none set format text end config system replacemsg nntp "nntp-dlp" set buffer "This article has been blocked. It appears to contain a data leak." set header none set format text end config system replacemsg nntp "nntp-dlp-subject" set buffer "Data leak detected!" set header none set format text end config system replacemsg nntp "nntp-dlp-ban" set buffer "this article has been blocked. The user is banned for sending a data leak. Please contact your admin to be re-enabled." set header none set format text end config system replacemsg fortiguard-wf "ftgd-block" set buffer "Web Filter Violation
%%FORTIGUARD_WF%%%%FORTINET%%
Web Page Blocked


You have tried to access a web page which is in violation of your internet usage policy.

URL: %%URL%%
Category: %%CATEGORY%%

To have the rating of this web page re-evaluated please click here.
%%OVERRIDE%%

Powered by %%SERVICE%%." set header http set format html end config system replacemsg fortiguard-wf "http-err" set buffer "%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%
%%FORTIGUARD_WF%%%%FORTINET%%
%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%


The webserver for %%URL%% reported that an error occurred while trying to access the website. Please click here to return to the previous page.


Powered by %%SERVICE%%." set header http set format html end config system replacemsg fortiguard-wf "ftgd-ovrd" set buffer "Web Filter Block Override
%%FORTIGUARD_WF%%%%FORTINET%%
Web Filter Block Override


If you have been granted override creation privileges by your administrator, you can enter your username and password here to gain immediate access to the blocked web-page. If you do not have these privileges, please contact your administrator to gain access to the web-page.

%%OVRD_FORM%%



Powered by %%SERVICE%%." set header http set format html end config system replacemsg spam "ipblocklist" set buffer "Mail from this IP address is not allowed and has been blocked." set header none set format text end config system replacemsg spam "smtp-spam-dnsbl" set buffer "This message has been blocked because it is from a DNSBL/ORDBL IP address." set header none set format text end config system replacemsg spam "smtp-spam-feip" set buffer "This message has been blocked because it is from a FortiGuard - AntiSpam black IP address." set header none set format text end config system replacemsg spam "smtp-spam-helo" set buffer "This message has been blocked because the HELO/EHLO domain is invalid." set header none set format text end config system replacemsg spam "smtp-spam-emailblack" set buffer "Mail from this email address is not allowed and has been blocked." set header none set format text end config system replacemsg spam "smtp-spam-mimeheader" set buffer "This message has been blocked because it contains an invalid header." set header none set format text end config system replacemsg spam "reversedns" set buffer "This message has been blocked because the return email domain is invalid." set header none set format text end config system replacemsg spam "smtp-spam-bannedword" set buffer "This message has been blocked because it contains a banned word." set header none set format text end config system replacemsg spam "smtp-spam-ase" set buffer "This message has been blocked because ASE reports it as spam. " set header none set format text end config system replacemsg spam "submit" set buffer "If this email is not spam, click here to submit the signatures to FortiGuard - AntiSpam Service." set header none set format text end config system replacemsg im "im-file-xfer-block" set buffer "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." set header none set format text end config system replacemsg im "im-file-xfer-name" set buffer "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the configured file name block list." set header none set format text end config system replacemsg im "im-file-xfer-infected" set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%." set header none set format text end config system replacemsg im "im-file-xfer-size" set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the configured limit." set header none set format text end config system replacemsg im "im-dlp" set buffer "Transfer %%ACTION%%. The file \"%%FILE%%\" contains a data leak." set header none set format text end config system replacemsg im "im-dlp-ban" set buffer "Transfer %%ACTION%%. The user is banned because of a detected data leak." set header none set format text end config system replacemsg im "im-voice-chat-block" set buffer "Connection failed. You are not permitted to use voice chat." set header none set format text end config system replacemsg im "im-photo-share-block" set buffer "Photo sharing failed. You are not permitted to share photo." set header none set format text end config system replacemsg im "im-long-chat-block" set buffer "Message blocked. The message is longer than the configured limit." set header none set format text end config system replacemsg alertmail "alertmail-virus" set buffer "Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " set header none set format text end config system replacemsg alertmail "alertmail-block" set buffer "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " set header none set format text end config system replacemsg alertmail "alertmail-nids-event" set buffer "The following intrusion was observed: %%NIDS_EVENT%%." set header none set format text end config system replacemsg alertmail "alertmail-crit-event" set buffer "The following critical firewall event was detected: %%CRITICAL_EVENT%%." set header none set format text end config system replacemsg alertmail "alertmail-disk-full" set buffer "The log disk is Full." set header none set format text end config system replacemsg admin "admin-disclaimer-text" set buffer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G This is a private computer system. Unauthorized access or use is prohibited and subject to prosecution and/or disciplinary action. All use of this system constitutes consent to monitoring at all times and users are not entitled to any expectation of privacy. If monitoring reveals possible evidence of violation of criminal statutes, this evidence and any other related information, including identification information about the user, may be provided to law enforcement officials. If monitoring reveals violations of security regulations or unauthorized use, employees who violate security regulations or make unauthorized use of this system are subject to appropriate disciplinary action. W A R N I N G W A R N I N G W A R N I N G W A R N I N G " set header none set format text end config system replacemsg auth "auth-disclaimer-page-1" set buffer "Firewall Disclaimer
Disclaimer Agreement
You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.
Do you agree to the above terms?
" set header http set format html end config system replacemsg auth "auth-disclaimer-page-2" set buffer '' set header http set format html end config system replacemsg auth "auth-disclaimer-page-3" set buffer '' set header http set format html end config system replacemsg auth "auth-reject-page" set buffer "Firewall Disclaimer Declined
Disclaimer Declined
Sorry, network access cannot be granted unless you agree to the disclaimer.
" set header http set format html end config system replacemsg auth "auth-login-page" set buffer "Firewall Authentication
Authentication Required
%%QUESTION%%
Username:
Password:
" set header http set format html end config system replacemsg auth "auth-login-failed-page" set buffer "Firewall Authentication
Authentication Failed
%%FAILED_MESSAGE%%
Username:
Password:
" set header http set format html end config system replacemsg auth "auth-challenge-page" set buffer "Firewall Authentication
Authentication Required
%%QUESTION%%
Answer:
" set header http set format html end config system replacemsg auth "auth-keepalive-page" set buffer " Firewall Authentication Keepalive Window

This browser window is used to keep your authentication session active.

Please leave it open in the background and open a new window to continue.

Authentication Refresh in %%TIMEOUT%% seconds

logout

" set header http set format html end config system replacemsg ec "endpt-download-portal" set buffer "Endpoint Security Required
Endpoint Security Required
The security policy requires the latest FortiClient Endpoint Security software and antivirus signature package to be installed.

Installing FortiClient requires that you have administrator privileges on your computer. If you do not, please contact your network administrator to have FortiClient installed.

The installer may be downloaded using the following link:
%%LINK%%
Installation instructions:
  • For Internet Explorer:
    1. Click the above link to download the installer
    2. When Internet Explorer asks what action you would like to take, click \"Run\"

  • For Firefox:
    1. Click the above link to download the installer
    2. Save the installer and note the location it is saved to
    3. Open the folder containing the installer and run it
FortiClient installation may take a few minutes. Thank you for your patience.

" set header http set format html end config system replacemsg ec "endpt-recommendation-portal" set buffer "Endpoint Security Required
Endpoint Security Required
The use of this security policy recommends that the latest FortiClient Endpoint Security software and antivirus signature package are installed.

Installing FortiClient requires that you have administrator privileges on your computer. If you do not, please contact your network administrator to have FortiClient installed.

The installer may be downloaded using the following link:
%%LINK%%
Installation instructions:
  • For Internet Explorer:
    1. Click the above link to download the installer
    2. When Internet Explorer asks what action you would like to take, click \"Run\"

  • For Firefox:
    1. Click the above link to download the installer
    2. Save the installer and note the location it is saved to
    3. Open the folder containing the installer and run it
FortiClient installation may take a few minutes. Thank you for your patience.

Continue to %%DST_ADDR_LABEL%%
" set header http set format html end config system replacemsg nac-quar "nac-quar-virus" set buffer "Virus Quarantine
Blocked because of virus


A virus was detected, originating from your system. Please contact the system administrator.

" set header http set format html end config system replacemsg nac-quar "nac-quar-dos" set buffer "Attack Detected
Blocked because of DoS Attack


A DoS attack was detected, originating from your system. Please contact the system administrator.

" set header http set format html end config system replacemsg nac-quar "nac-quar-ips" set buffer "Attack Detected
Blocked because of IPS attack


An attack was detected, originating from your system. Please contact the system administrator.

" set header http set format html end config system replacemsg nac-quar "nac-quar-dlp" set buffer "Data Leak Detected
Blocked because of data leak


A data leak was detected, originating from your system. Please contact the system administrator.

" set header http set format html end config system replacemsg traffic-quota "per-ip-shaper-block" set buffer "Traffic Quota Control
Traffic blocked because of exceed quota


Traffic blocked because of exceed per IP traffic shaper quota. Please contact the system administrator.
%%QUOTA_INFO%%

" set header http set format html end config system replacemsg traffic-quota "traffic-shaper-block" set buffer "Traffic Quota Control
Traffic blocked because of exceed quota


Traffic blocked because of exceed shared traffic shaper quota. Please contact the system administrator.
%%QUOTA_INFO%%

" set header http set format html end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSLProxy" set password ENC 0iC+FuzvRhthqgNoUgY7H/51nh2zV2vVxkxJt8jBCwQR/ro5hvGxvpo+9eWSOVGYtiNhjOjgymDHWmCpoSW48Hpf401KIOWc0ocTjzyJvx+fHBqk set comments "This certificate is embedded in the firmware and is the same on every unit (not unique). This is the default CA certificate the SSL Inspection will use when generating new server certificates." next end config gui console unset preferences end config system session-helper edit 1 set name pptp set port 1723 set protocol 6 next edit 2 set name h323 set port 1720 set protocol 6 next edit 3 set name ras set port 1719 set protocol 17 next edit 4 set name tns set port 1521 set protocol 6 next edit 5 set name tftp set port 69 set protocol 17 next edit 6 set name rtsp set port 554 set protocol 6 next edit 7 set name rtsp set port 7070 set protocol 6 next edit 8 set name rtsp set port 8554 set protocol 6 next edit 9 set name ftp set port 21 set protocol 6 next edit 10 set name mms set port 1863 set protocol 6 next edit 11 set name pmap set port 111 set protocol 6 next edit 12 set name pmap set port 111 set protocol 17 next edit 13 set name sip set port 5060 set protocol 17 next edit 14 set name dns-udp set port 53 set protocol 1 7 next edit 15 set name rsh set port 514 set protocol 6 next edit 16 set name rsh set port 512 set protocol 6 next edit 17 set name dcerpc set port 135 set protocol 6 next edit 18 set name dcerpc set port 135 set protocol 17 next edit 19 set name mgcp set port 2427 set protocol 17 next edit 20 set name mgcp set port 2727 set protocol 17 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp config ntpserver edit 1 set server "pool.ntp.org" next end set syncinterval 60 end config antivirus service "http" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "https" end config antivirus service "ftp" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "pop3" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "imap" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "smtp" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "nntp" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end config antivirus service "im" set scan-bzip2 disable set uncompnestlimit 12 set uncompsizelimit 10 end #config-version=FGT30B-4.00-FW-build178-090820:opmode=1:vdom=0 #conf_file_ver=0 #buildno=0178 config firewall address edit "all" next edit "Telemetrie" set associated-interface "internal" set subnet 192.168.24.0 255.255.255.0 next edit "wnts25" set subnet 10.203.80.25 255.255.255.255 next edit "GH" set subnet 172.22.0.0 255.255.0.0 next edit "GH Fat" set subnet 172.22.0.0 255.255.0.0 next edit "GW" set subnet 172.22.254.254 255.255.255.255 next edit "10.28.128.102" set subnet 10.28.128.102 255.255.255.255 next edit "wnb062" set subnet 172.22.161.195 255.255.255.255 next end config firewall address6 edit "all" next end config ips sensor edit "all_default" set comment "all predefined signatures with default setting" config filter edit "1" next end next edit "all_default_pass" set comment "all predefined signatures with PASS action" config filter edit "1" set action pass next end next edit "protect_http_server" set comment "protect against HTTP server-side vulnerabilities" config filter edit "1" set location server set protocol HTTP next end next edit "protect_email_server" set comment "protect against EMail server-side vulnerabilities" config filter edit "1" set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "protect against client-side vulnerabilities" config filter edit "1" set location cl ient next end next end config ips DoS edit "all_default" config anomaly edit "tcp_syn_flood" set status enable set threshold 2000 next edit "tcp_port_scan" set status enable set threshold 1000 next edit "tcp_src_session" set status enable set threshold 5000 next edit "tcp_dst_session" set status enable set threshold 5000 next edit "udp_flood" set status enable set threshold 2000 next edit "udp_scan" set status enable set threshold 2000 next edit "udp_src_session" set status enable set threshold 5000 next edit "udp_dst_session" set status enable set threshold 5000 next edit "icmp_flood" set status enable set threshold 250 next edit "icmp_sweep" set status enable set threshold 100 next edit "icmp_src_session" set status enable set threshold 300 next edit "icmp_dst_session" set status enable set threshold 1000 next end next edit "block_flood" config anomaly edit "tcp_syn_flood" set status enable set action block set threshold 2000 next edit "tcp_port_scan" set threshold 1000 next edit "tcp_src_session" set threshold 5000 next edit "tcp_dst_session" set threshold 5000 next edit "udp_flood" set status enable set action block set threshold 2000 next edit "udp_scan" set threshold 2000 next edit "udp_src_session" set threshold 5000 next edit "udp_dst_session" set threshold 5000 next edit "icmp_flood" set status enable set action block set threshold 250 next edit "icmp_sweep" set threshold 100 next edit "icmp_src_session" set threshold 300 next edit "icmp_dst_session" set threshold 1000 next end next end config antivirus filepattern edit 1 config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" n ext edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end set name "builtin-patterns" next end config dlp rule edit "All-Email" set protocol email set sub-protocol smtp pop3 imap set field always next edit "All-HTTP" set protocol http set sub-protocol http-get http-post set field always next edit "All-FTP" set protocol ftp set sub-protocol ftp-get ftp-put set field always next edit "All-NNTP" set protocol nntp set field always next edit "All-IM" set protocol im set sub-protocol aim icq msn ym set field always next edit "All-Session-Control" set protocol session-ctrl set sub-protocol sip simple sccp set field always next edit "HTTP-Visa-Mastercard" set protocol http set sub-protocol http-post set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\b)" next edit "HTTP-AmEx" set protocol http set sub-protocol http-post set regexp "(\\W|\\b)3[47]\\d{2}([ \\-]?)\\d{6}\\2\\d{5}(\\W|\\b)" next edit "HTTP-Canada-SIN" set protocol http set sub-protocol http-post set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)" next edit "HTTP-US-SSN" set protocol http set sub-protocol http-post set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}(\\b|\\W)" next edit "HTTP-Post-Not-Webex" set protocol http set sub-protocol http-post set regexp "WebEx" set regexp-negated enable set regexp-wildcard enable next edit "Email-AmEx" set protocol email set sub-protocol smtp pop3 imap set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?\\d{4}[ \\-]?){3}(\\W|\\b)" next edit "Email-Visa-Mastercard" set protocol email set sub-protocol smtp pop3 imap set regexp "(\\W|\\b)(4\\d|5[1-5])\\d{2}([ \\-]?)\\d{4}(\\3\\d{4}){2}(\\W|\\b)" next edit "Email-Canada-SIN" set protocol email set sub-protocol smtp pop3 imap set regexp "(\\b|\\W)[1-79]\\d{2}([ \\-]?)\\d{3}\\2\\d{3}(\\b|\\W)" next edit "Email-US-SSN" set protocol email set sub-protocol smtp pop3 imap set regexp "\\b(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}(\\b|\\W)" next edit "Email-Not-Webex" set protocol email set sub-protocol smtp pop3 imap set regexp "WebEx" set regexp-negated enable set regexp-wildcard enable next edit "Large-Attachment" set protocol email set sub-protocol smtp pop3 imap set field attachment-size set value 5120 set operator greater-equal next edit "Large-FTP-Put" set protocol ftp set sub-protocol ftp-put set field transfer-size set value 5120 set operator greater-equal next edit "Large-HTTP-Post" set protocol http set sub-protocol http-post set field transfer-size set value 5120 set operator greater-equal next end config dlp compound edit "Email-SIN" set comment "Emails containing canadian SIN but are not WebEx invites" set protocol email set sub-protocol smtp pop3 imap set member "Email-Canada-SIN" "Email-Not-Webex" next edit "HTTP-Post-SIN" set comment "Posts containing canadian SIN but are not WebEx invites" set protocol http set sub-protocol http-post set member "HTTP-Canada-SIN" "HTTP-Post-Not-Webex" next end config dlp sensor edit "Content_Summary" config rule edit "All-Email" next edit "All-FTP" next edit "All-HTTP" next edit "All-IM" next edit "All-NNTP" next end next edit "Content_Archive" config rule edit "All-Email" set archive enable next edit "All-FTP" set archive enable next edit "All-HTTP" set archive enable next edit "All-IM" set archive enable next end next edit "Large-File" config rule edit "Large-Attachment" next edit "Large-FTP-Put" next edit "Large-HTTP-Post" next end next edit "Credit-Card" config rule edit "Email-AmEx" next edit "Email-Visa-Mastercard" next edit "HTTP-AmEx" next edit "HTTP-Visa-Mastercard" next end next edit "SSN-Sensor" config rule edit "Email-US-SSN" next edit "HTTP-US-SSN" next end config compound-rule edit "Email-SIN" set status enable next edit "HTTP-Post-SIN" set status enable next end next end config webfilter content end config webfilter urlfilter end config spamfilter bword end config spamfilter emailbwl end config spamfilter ipbwl end config spamfilter mheader end config spamfilter dnsbl end config spamfilter iptrust end config firewall profile edit "strict" config log set log-web-ftgd-err enable end set ftp block oversize scan splice set http block oversize scan activexfilter bannedword cookiefilter javafilter rangeblock urlfilter unset https set imap block oversize scan bannedword spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl spamhdrcheck spamraddrdns set pop3 block oversize scan bannedword spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl spamhdrcheck spamraddrdns set smtp block oversize scan bannedword spamemailbwl spamfsip spamfschksum spamfssubmit spamfsurl spamhdrcheck spamhelodns spamipbwl spamraddrdns spamrbl splice set nntp block oversize scan config app-recognition edit "http" set port 80 next edit "https" set port 443 next edit "smtp" set port 25 next edit "pop3" set port 110 next edit "imap" set port 143 next edit "nntp" set port 119 next edit "ftp" set port 21 next end set im block oversize scan unset http-post-lang set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking next edit "scan" config log set log-web-ftgd-err enable end set ftp scan splice set http scan rangeblock unset https set imap scan set pop3 scan set smtp scan splice set nntp scan config app-recognition edit "http" set port 80 next edit "https" set port 443 next edit "smtp" set port 25 next edit "pop3" set port 110 next edit "imap" set port 143 next edit "nntp" set port 119 next edit "ftp" set port 21 next end set im scan unset http-post-lang set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking next edit "web" config log set log-web-ftgd-err enable end set ftp splice set http scan bannedword rangeblock urlfilter unset https set imap fragmail set pop3 fragmail set smtp fragmail splice unset nntp config app-recognition edit "http" set port 80 next edit "https" set port 443 next edit "smtp" set port 25 next edit "pop3" set port 110 next edit "imap" set port 143 next edit "nntp" set port 119 next edit "ftp" set port 21 next end unset im unset http-post-lang set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking next edit "unfiltered" config log set log-web-ftgd-err enable end set ftp no-content-summary set http no-content-summary set https no-content-summary set imap fragmail no-content-summary set pop3 fragmail no-content-summary set smtp fragmail no-content-summary splice set nntp no-content-summary config app-recognition edit "http" set port 80 next edit "https" set port 443 next edit "smtp" set port 25 next edit "pop3" set port 110 next edit "imap" set port 143 next edit "nntp" set port 119 next edit "ftp" set port 21 next end unset im unset http-post-lang set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking next end config user group edit "FSAE_Guest_Users" set group-type directory-service next end config webfilter ftgd-ovrd end config webfilter ftgd-ovrd-user end config webfilter ftgd-local-rating end config endpoint-control app-detect rule-list edit "Block_P2P_application" config entries edit 1 set category 15 set status running next end set comment "deny access from endpoints running P2P applications" set other-application-action allow next edit "Monitor_Microsoft_Office" config entries edit 1 set category 31 set vendor 53 set action monitor next end set comment "monitor installed Microsoft Office applications" set other-application-action allow next edit "Monitor_game" config entries edit 1 set category 20 set action monitor set status running next end set comment "monitor running games" set other-application-action allow next edit "Monitor_Internet_browser" config entries edit 1 set category 12 set action monitor next end set comment "monitor installed Internet browsers" set other-application-action allow next end config endpoint-control profile edit "Recommend_FortiClient" next edit "Enforce_FortiClient_AV" set feature-enforcement enable set recommendation-disclaimer disable set require-av enable next edit "P2P_application_detection" set application-detection enable set application-detection-rule-list "Block_P2P_application" next end config firewall service custom edit "Telemetrie" set protocol TCP/UDP set tcp-portrange 137-139:1-65535 445-445:1-65535 next edit "139" set protocol TCP/UDP set tcp-portrange 139-139:1-65535 next edit "445" set protocol TCP/UDP set tcp-portrange 445-445:1-65535 next edit "137" set protocol TCP/UDP set udp-portrange 137-138:1-65535 next edit "8051" set protocol TCP/UDP set tcp-portrange 8051-8051:1-65535 next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next end config firewall policy edit 1 set srcintf "internal" set dstintf "wan" set srcaddr "all" set dstaddr "all" set action accept set status disable set schedule "always" set service "ANY" set nat enable next edit 6 set srcintf "wan" set dstintf "internal" set srcaddr "all" set dstaddr "all" set action accept set status disable set schedule "always" set service "ANY" set profile-status enable set profile "unfiltered" set nat enable next edit 2 set srcintf "wan" set dstintf "internal" set srcaddr "wnts25" set dstaddr "Telemetrie" set action accept set status disable set schedule "always" set service "PING" set profile-status enable set profile "unfiltered" set nat enable next edit 3 set srcintf "wan" set dstintf "internal" set srcaddr "GH" set dstaddr "Telemetrie" set action accept set schedule "always" set service "HTTPS" "PING" set profile-status enable set profile "unfiltered" set nat enable next edit 5 set srcintf "internal" set dstintf "wan" set srcaddr "Telemetrie" set dstaddr "wnts25" set action accept set schedule "always" set service "PING" set profile-status enable set profile "unfiltered" set nat enable next edit 4 set srcintf "internal" set dstintf "wan" set srcaddr "Telemetrie" set dstaddr "GH" set action accept set schedule "always" set service "PING" "MS-SQL" "139" "DNS" "8051" set profile-status enable set profile "unfiltered" set nat enable next edit 7 set srcintf "internal" set dstintf "wan" set srcaddr "Telemetrie" set dstaddr "GH" set action accept set status disable set schedule "always" set service "139" "8051" "DNS" set profile-status enable set profile "unfiltered" set nat enable next edit 8 set srcintf "wan" set dstintf "internal" set srcaddr "wnts25" set dstaddr "Telemetrie" set action accept set schedule "always" set service "137" "139" "445" "PING" set profile-status enable set profile "unfiltered" set nat enable next edit 9 set srcintf "wan" set dstintf "internal" set srcaddr "wnb062" set dstaddr "Telemetrie" set action accept set status disable set schedule "always" set service "137" "139" "445" "PING" "HTTP" set profile-status enable set profile "unfiltered" set nat enable next end config firewall policy6 end config firewall interface-policy end config firewall interface-policy6 end config firewall sniff-interface-policy end config firewall sniff-interface-policy6 end config router static edit 1 set device "wan" set gateway 172.22.254.254 set weight 50 next end GMON01 #