#config-version=FG100F-6.0.6-FW-build0272-190716:opmode=0:vdom=0:user=admin #conf_file_ver=445551317456181 #buildno=6319 #global_vdom=1 config system global set alias "FG100FTK19002580" set gui-certificates enable set hostname "FG100FTK19002580" set switch-controller enable set timezone 43 end config system accprofile edit "prof_admin" set secfabgrp read-write set ftviewgrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set wifi read-write next end config system np6xlite edit "np6xlite_0" next end config system interface edit "dmz" set vdom "root" set mode dhcp set allowaccess ping https http fgfm capwap set type physical set role dmz set snmp-index 1 next edit "mgmt" set vdom "root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set dedicated-to management set role lan set snmp-index 2 next edit "wan1" set vdom "root" set ip 10.89.11.4 255.255.255.240 set allowaccess ping https ssh http fgfm set type physical set role wan set snmp-index 3 next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 4 next edit "ha1" set vdom "root" set type physical set snmp-index 5 next edit "ha2" set vdom "root" set type physical set snmp-index 6 next edit "x1" set vdom "root" set type physical set snmp-index 7 next edit "x2" set vdom "root" set type physical set snmp-index 8 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 9 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 10 next edit "lan" set vdom "root" set ip 192.168.100.99 255.255.255.0 set allowaccess ping https http fgfm capwap set type hard-switch set stp enable set role lan set snmp-index 11 next edit "fortilink" set vdom "root" set fortilink enable set ip 169.254.1.1 255.255.255.0 set allowaccess ping capwap set type aggregate set member "x1" "x2" set snmp-index 12 set fortilink-split-interface enable set lacp-mode static next end config system physical-switch edit "sw0" set age-val 0 next end config system virtual-switch edit "lan" set physical-switch "sw0" config port edit "port1" next edit "port2" next edit "port3" next edit "port4" next edit "port5" next edit "port6" next edit "port7" next edit "port8" next edit "port9" next edit "port10" next edit "port11" next edit "port12" next edit "port13" next edit "port14" next edit "port15" next edit "port16" next edit "port17" next edit "port18" next edit "port19" next edit "port20" next end next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Main" config widget edit 1 set x-pos 1 set y-pos 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 2 set y-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 3 set y-pos 1 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 4 set y-pos 1 set width 1 set height 1 next edit 5 set type security-fabric-ranking set x-pos 5 set y-pos 1 set width 1 set height 1 next edit 6 set type admins set x-pos 6 set y-pos 1 set width 1 set height 1 next edit 7 set type cpu-usage set x-pos 7 set y-pos 1 set width 2 set height 1 next edit 8 set type memory-usage set x-pos 8 set y-pos 1 set width 2 set height 1 next edit 9 set type sessions set x-pos 9 set y-pos 1 set width 2 set height 1 next end next end set password ENC SH22OV1k/vDUurl/NqvO4mUpjtJjjSEYpQwwRoKEf9cl8Z2GFaI5hn2kuUUV90= next end config system ha set override disable end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system replacemsg-image edit "logo_fnet" set image-type gif set image-base64 '' next edit "logo_fguard_wf" set image-type gif set image-base64 '' next edit "logo_fw_auth" set image-base64 '' next edit "logo_v2_fnet" set image-base64 '' next edit "logo_v2_fguard_wf" set image-base64 '' next edit "logo_v2_fguard_app" set image-base64 '' next end config system replacemsg mail "email-av-fail" end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg mail "email-decompress-limit" end config system replacemsg mail "smtp-decompress-limit" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-group-info-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-av-fail" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg nntp "nntp-av-fail" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg nntp "email-decompress-limit" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg auth "auth-quarantine-page" end config system replacemsg auth "auth-qtn-reject-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg ec "endpt-download-portal" end config system replacemsg ec "endpt-download-portal-mac" end config system replacemsg ec "endpt-download-portal-linux" end config system replacemsg ec "endpt-download-portal-ios" end config system replacemsg ec "endpt-download-portal-aos" end config system replacemsg ec "endpt-download-portal-other" end config system replacemsg ec "endpt-warning-portal" end config system replacemsg ec "endpt-warning-portal-mac" end config system replacemsg ec "endpt-warning-portal-linux" end config system replacemsg ec "endpt-remedy-inst" end config system replacemsg ec "endpt-remedy-reg" end config system replacemsg ec "endpt-remedy-ftcl-autofix" end config system replacemsg ec "endpt-remedy-av-3rdp" end config system replacemsg ec "endpt-remedy-ver" end config system replacemsg ec "endpt-remedy-os-ver" end config system replacemsg ec "endpt-remedy-vuln" end config system replacemsg ec "endpt-remedy-sig-ids" end config system replacemsg ec "endpt-remedy-ems-online" end config system replacemsg ec "endpt-ftcl-incompat" end config system replacemsg ec "endpt-download-ftcl" end config system replacemsg ec "endpt-quarantine-portal" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "ipsfail-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system replacemsg utm "outbreak-prevention-html" end config system replacemsg utm "outbreak-prevention-text" end config system replacemsg icap "icap-req-resp" end config system snmp sysinfo end config system central-management set type fortiguard end config user device-category edit "android-phone" next edit "android-tablet" next edit "blackberry-phone" next edit "blackberry-playbook" next edit "forticam" next edit "fortifone" next edit "fortinet" next edit "gaming-console" next edit "ip-phone" next edit "ipad" next edit "iphone" next edit "linux-pc" next edit "mac" next edit "media-streaming" next edit "printer" next edit "router-nat-device" next edit "windows-pc" next edit "windows-phone" next edit "windows-tablet" next edit "other-network-device" next edit "collected-emails" next edit "amazon-device" next edit "android-device" next edit "blackberry-device" next edit "fortinet-device" next edit "ios-device" next edit "windows-device" next edit "all" next end config system cluster-sync end config system fortiguard set service-account-id "ijorbenadze@solvit.ge" set sdns-server-ip "208.91.112.220" end config ips global end config system email-server set server "notification.fortinet.net" set port 465 set security smtps end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set server-mode enable set interface "fortilink" end config system object-tagging edit "default" next end config system settings set inspection-mode flow set gui-dns-database enable set gui-dos-policy enable set gui-dynamic-routing enable set gui-sslvpn-personal-bookmarks enable set gui-sslvpn-realms enable set gui-multiple-utm-profiles enable set gui-ips enable set gui-allow-unnamed-policy enable set gui-domain-ip-reputation enable set gui-multiple-interface-policy enable end config system dhcp server edit 1 set dns-service default set default-gateway 192.168.100.99 set netmask 255.255.255.0 set interface "lan" config ip-range edit 1 set start-ip 192.168.100.110 set end-ip 192.168.100.210 next end next edit 2 set dns-service default set default-gateway 192.168.1.99 set netmask 255.255.255.0 set interface "mgmt" config ip-range edit 1 set start-ip 192.168.1.110 set end-ip 192.168.1.210 next end next edit 3 set ntp-service local set default-gateway 169.254.1.1 set netmask 255.255.255.0 set interface "fortilink" config ip-range edit 1 set start-ip 169.254.1.2 set end-ip 169.254.1.254 next end set vci-match enable set vci-string "FortiSwitch" "FortiExtender" next end config firewall address edit "none" set uuid 68141eee-a527-51e9-382b-343be2109817 set subnet 0.0.0.0 255.255.255.255 next edit "all" set uuid 68d3d3ba-a527-51e9-dba0-1999bc863ae8 next edit "FIREWALL_AUTH_PORTAL_ADDRESS" set uuid 68d3dab8-a527-51e9-02a3-2f86d949c3dd set visibility disable next edit "SSLVPN_TUNNEL_ADDR1" set uuid 68d59600-a527-51e9-1ca3-9a712fca38af set type iprange set associated-interface "ssl.root" set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "SERVER_NET" set uuid 96960544-e040-51e9-1bb3-50b162bb0c66 set subnet 192.168.20.0 255.255.255.0 next edit "ALTA_NET" set uuid ae5ee998-e040-51e9-71f1-025b8afae8da set subnet 172.16.48.0 255.255.255.0 next end config firewall multicast-address edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next end config firewall address6 edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid 68d5a172-a527-51e9-8ca9-ffa2445658ca set ip6 fdff:ffff::/120 next edit "all" set uuid 6d27acd4-a527-51e9-e5e9-d0204fcd1e86 next edit "none" set uuid 6d27d038-a527-51e9-f30c-df221f3252be set ip6 ::/128 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall wildcard-fqdn custom edit "google-play" set uuid 588ed7de-df6f-51e9-1498-bd7adbff46eb set wildcard-fqdn "*play.google.com" next edit "update.microsoft.com" set uuid 588edb3a-df6f-51e9-917c-d59e2aebc5eb set wildcard-fqdn "*update.microsoft.com" next edit "swscan.apple.com" set uuid 588edf04-df6f-51e9-dbab-2dd949842b97 set wildcard-fqdn "*swscan.apple.com" next edit "autoupdate.opera.com" set uuid 588ee260-df6f-51e9-2dc1-fea016cce408 set wildcard-fqdn "*autoupdate.opera.com" next edit "adobe" set uuid 68d97432-a527-51e9-cf23-b5a599cb02fc set wildcard-fqdn "*.adobe.com" next edit "Adobe Login" set uuid 68d97928-a527-51e9-d1bd-4b9012b814c6 set wildcard-fqdn "*.adobelogin.com" next edit "android" set uuid 68d97dba-a527-51e9-66a3-7537ef38f155 set wildcard-fqdn "*.android.com" next edit "apple" set uuid 68d9824c-a527-51e9-2b10-93861932e58b set wildcard-fqdn "*.apple.com" next edit "appstore" set uuid 68d986d4-a527-51e9-ab81-dd0da99fbe90 set wildcard-fqdn "*.appstore.com" next edit "auth.gfx.ms" set uuid 68d98b98-a527-51e9-9cf7-42ed3fa19010 set wildcard-fqdn "*.auth.gfx.ms" next edit "citrix" set uuid 68d99034-a527-51e9-a45d-89195c443b16 set wildcard-fqdn "*.citrixonline.com" next edit "dropbox.com" set uuid 68d994bc-a527-51e9-cf60-6860219a8d1e set wildcard-fqdn "*.dropbox.com" next edit "eease" set uuid 68d99958-a527-51e9-14fc-fc11dc8c0ba9 set wildcard-fqdn "*.eease.com" next edit "firefox update server" set uuid 68d99dea-a527-51e9-dbbe-ecf6b1b67f88 set wildcard-fqdn "aus*.mozilla.org" next edit "fortinet" set uuid 68d9a286-a527-51e9-9fa1-d4e0144643f6 set wildcard-fqdn "*.fortinet.com" next edit "googleapis.com" set uuid 68d9a75e-a527-51e9-2410-f89519815a94 set wildcard-fqdn "*.googleapis.com" next edit "google-drive" set uuid 68d9abfa-a527-51e9-d1a1-8beae44fbf00 set wildcard-fqdn "*drive.google.com" next edit "google-play2" set uuid 68d9b0a0-a527-51e9-7c9a-47628b1e344f set wildcard-fqdn "*.ggpht.com" next edit "google-play3" set uuid 68d9b546-a527-51e9-5cd7-593c869b6b29 set wildcard-fqdn "*.books.google.com" next edit "Gotomeeting" set uuid 68d9b9ec-a527-51e9-2b81-2c5da8d71258 set wildcard-fqdn "*.gotomeeting.com" next edit "icloud" set uuid 68d9c13a-a527-51e9-d9e1-c06007f416f8 set wildcard-fqdn "*.icloud.com" next edit "itunes" set uuid 68d9c626-a527-51e9-dfc1-436e29e1abfe set wildcard-fqdn "*itunes.apple.com" next edit "microsoft" set uuid 68d9cad6-a527-51e9-24b8-7ca273459898 set wildcard-fqdn "*.microsoft.com" next edit "skype" set uuid 68d9cf86-a527-51e9-4500-be5c6798a851 set wildcard-fqdn "*.messenger.live.com" next edit "softwareupdate.vmware.com" set uuid 68d9d436-a527-51e9-516e-4046cca869e2 set wildcard-fqdn "*.softwareupdate.vmware.com" next edit "verisign" set uuid 68d9d8e6-a527-51e9-14d6-9307209cb661 set wildcard-fqdn "*.verisign.com" next edit "Windows update 2" set uuid 68d9dd96-a527-51e9-259b-ac68bf7f6cda set wildcard-fqdn "*.windowsupdate.com" next edit "live.com" set uuid 68d9e246-a527-51e9-7d5b-2cb284921f7f set wildcard-fqdn "*.live.com" next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity medium high critical next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" set block-malicious-url enable config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set deep-app-inspection disable config entries edit 1 set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 30 31 set action pass set log disable next end next edit "block-high-risk" config entries edit 1 set category 2 6 next edit 2 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "default" set comment "Default sensor." next edit "sniffer-profile" set comment "Log a summary of email and web traffic." set flow-based enable set summary-proto smtp pop3 imap http-get http-post next edit "Content_Summary" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Content_Archive" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Large-File" config filter edit 1 set name "Large-File-Filter" set proto smtp pop3 imap http-get http-post mapi set filter-by file-size set file-size 5120 set action log-only next end next edit "Credit-Card" config filter edit 1 set name "Credit-Card-Filter" set severity high set proto smtp pop3 imap http-get http-post mapi set action log-only next edit 2 set name "Credit-Card-Filter" set severity high set type message set proto smtp pop3 imap http-post mapi set action log-only next end next edit "SSN-Sensor" set comment "Match SSN numbers but NOT WebEx invite emails." config filter edit 1 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by regexp set regexp "WebEx" next edit 2 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by ssn set action log-only next edit 3 set name "SSN-Sensor-Filter" set severity high set proto smtp pop3 imap http-get http-post ftp mapi set filter-by ssn set action log-only next end next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next end end config icap profile edit "default" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set password ENC znANxZAvY2+GtB+2zmPkNY9myADtnpNBSS4N/BmovCyzuol20d+tZSwZvaYFSDSTtYjUo9zgiwRgs6Yzf2sxXtYDCs49KtXl8lSwQTKHTOl7ZBGSkYe0DSP6DsZaIQVKehhvz0l+mYTQuToibJyFuWk/wGgXORpA8ImOqo/7or3EzuS8t5l2QOXEltmNIYnohCld7w== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIk+HN9CUHMcoCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNcCaJ3NJ+QbBIIEyO2FtsDBWV3a yRBbCx3TVI69vD310OgbwcL2p67UzgsZAngJQzozQTLbdNcdzRrgz6czelnWZnsx WCTpD5ZODEYLajwJFWAv1k5k15MT2Obq/hvzHpwNdFxp2AYZaCmNOuFns/6oZbTI rNc3twgKGwolQTagWkLE1AkeoQ4mwvMcNDGi9zd9iihGRJvSkhAxDX+tYaSC7c5M FU3DnOVEzXzGLaWsAJCuGGDlaamrOFhX08sb6Ae87ehucvTsJIB+JEvODulFsSRi 3goggLN3nbcXevvuFYjtCJu3cZQggI2ZIlZo0MliM1XHFGibZMeQ2z/sq1IpuzRi 8VkbZ349JToAptKSp5hz+0H6yxUvKQS7owSMazV90V1PUuW+toLnqPo0H00+hGAE Z5doaSCY1c2jOGczJjmCk3u4KK2z+T4nR1lEEX9I2DW126rF7IcslvTtGuNjgzxb hyGjIOo4uPfntIGV5+OuqYyWdSfTS+sCJnEY+GcIpVq2AqUZwXfrhgMOr3bDATfN aww1ihqxAtv82kgFQ5jf5sIbNPRReR3dTe5wRpny3sxuqTO6dO1GkApveaQh4J98 h5Lx+nhq4H7aczwKlrWO5Pxm6RqeThM4iQGKPXuBc2/LxIKBWVXozZwUlXrF86kA Hx7RUezU+UsA3dhp38HUzEDojSIDJ0L3eLJIOnyKAL6sClh311rbyssMZhiXaVBU NdZ0O4hIFzzcm2X8JKT5QynKI1urf0vwYzYZlbYHEADCjdrLpgmsPQFzhwotLW+t lYihWsqciaNQP7Vovaq5ZXtXZxGR4HHVfs+yL0qx0D7xLaj4n57Njb50tnYoPLF8 Oes93sKnTP27h5tOWlYNPk45rFLHewm0gDXjbI+IiivPj9QhS857sx+8AFwZ2+N7 cfcLidbIcxcwX4Iz6hQJoinEmKHyLXXLj/5mfQOFAy3b9diEefLDuKBHSXvMOmia rvz7pgkiVCZmskAwPGi/yk26NqBhNCdckMJqkmWhQwcXgsFOp3Y7QCr4wsm5AhK8 Q99VRhh2UoFMaiV9utNXKqfRHxsAjMXFGz9YtwuljVuLuZZYv5uxTcs4Fi+DpzaP Sxtkeh0DbtC6xeliwBih9lur0+0pK5ej4XeJ95Q4mmVGvShvI3w5nyzwToMEkTI5 CAz+3y8671bgseF1QPK9amrSB13WJ90hvM0OR5Dx1VHDOevlFUkUNomhYlYE8+kn 9cKevvece42N+4WPRpDVKZ/cI1eF7qkcrVxcnBadVFSIODhX51mJbcGD1m0zTaZS AANdZEBv1LahyWZWff4aW7xa4CF6qlLFuoDbGMVT874xb7oOZkWh6NQ6fwPdJCR5 B2t1j7gxZiAAmNKOzLaq0i2hTts9ffRWyo6MMcXbuTTyoX6wP9tGUcEGb8k5hEIE laI9HKzbgfLpdP9RvkFvwv4o3t5GXCoYVnn+7Hih6irAdvR/+HAbVMWoKb1OmAuM QM/63JGGPxtkWBE7Ypr/qQDtSNGzGt+3brG6Oi6ON0K3QOl52BO01iFi+ggZGZFl Ns1ZYmqgzw93i9hdGrOFyJdvkiYFmOmCsuOjYMUytIgTxJdhX9M5xK5lpJgj/UKI paXEXaqcFdnqhOT2NM+yxg== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID5jCCAs6gAwIBAgIIRuNCcMQn6FYwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkxGTAXBgNVBAMMEEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1 cHBvcnRAZm9ydGluZXQuY29tMB4XDTE5MDcxMzA0MzM0MVoXDTI5MDcxMzA0MzM0 MVowgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkq hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA2OeJVr0Swp0Q9Qi8AOg/oViYu/4OePLkwWwKWuxDokse LcamEiW9WPAqzTDnnJkqHosVCN+2jEUSPbhP6Fe5DlCOdPz+fvlckmtWFxCqUsil jNE7n4tuqEOIisdcw5Wwl2+xFD2wG5CAcvmBOm28cB/clPh14WWxmYZ9RRB+1+PT L8jg2cAtb3WZuQIQm+aaH9tJ5B+jvLn7KkVGRg0H7pxnUiiNkM9qxaliI7J99gZC S7gGJiPuU1Ivq1NqE47V10mrrD5Bw8+l7zCcT4AisKVQGOXpoqRFAzlcP3RSUBKK PRjB8GVTdZtxEjy94wtE7MV/DDyyPPbHFjkrPnqjBQIDAQABoxAwDjAMBgNVHRME BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC7DGBRtTouJjOrp0OfFWLwMFWdRI7q 4J30A9LjroQhN9ZKrsaSTkFn85Qqst7CrT0Nna3ubgNMarBZCknH86QsZNtrEpyo Z3skLDZg45pDmm3NRV9+jOSiOufRKK8en4K3g1xTEKjtOUdMpeiYYGSsa6zVM44c VX6CXP6otFONS2nrxrPk0TXWioDtecQxymwNYrybgctRcmywecHs4wNbIuJTOY7d fgnOfh0lQ9YjqfUszVQpEPJh++5XnCez4PBHEBSC/EaLa70Km72wQtPpZZwuRfZW Ba+TwnMfvjyHwoWLYP12HVglOpA7lbb5nfZWcCS40R7nBGkXBW3pAwen -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_CA_Untrusted" set password ENC j/mJSacDjLdPLu4PXHhczYNh1h6vHVnyHZYwmiHCBa91dSaIy1rh2uRYyGFUOx1blXumH9PKQdJNunrhN9yzN4QQdBi8KwzoVp4og/+rO1kJNskEMb30Yci7+50clK1EmhXrp/8q7V+wwfHUeL53K+2q2TOF3Vj0tkucAPPdpOIsZY9fH1IT+wBymnasX042oV90IQ== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIctbxxnlm4A4CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJohDY9hxk8pBIIEyBwOMSz0DXSC TtgD31i7i7JQhWPRRHasIButFXe0M3+yghqeLYyjxB12UaJNCJVuNh9kes87LXpK 2JE8IwqLqvSHZT9Y0Fhsac2LjHoy/FTpOj6/6PVDiM5QWDX0WC5Sgia56AgH85mU HxH6JyuRW4APBHRxO+sTsSF8pwRy6GRTLOQLgjymkrT9aCpPjUy8DeoRPwfZyxcP vC/B+3Wrhr5lN1+lPUVjfX5webbnkyEdx2HyL6hZtCLCiA93GXD7E3HnTYVXHovr eIGpKHHAK3pWjcDEN5nMtnu+J8f2OUiuQIYYMuv9hInsPiB7f6hFxUzvNb8RxfLM Qrsn88Kk2QXERV5x/F1p7wWLF76dk+AIQwRkeBUgJ1gB4+2RX8hHcGAyasggmkGM Oalo/ExH1NmS5zECJAbFMkZSdWbHx78Vowwaazhvr5fRU/Kt29hSU+/Vopk36S0I tS5KY2LnHoBJEXSPngh8/uSRTlxbKTsRaMTM1b9lPtDM3uHVdRgVJa0n3Vd/f0n2 RUWV9UNwqwbIH7VI1+SJiym4NL3FAqThDexLBkCO6tAR0TAdv4ofKioCeavkJe8A 0pD3k8p+poTUrXYtX/8HjUVMQoEn9j8cpggdLusKlhuRZqQRwMJzRq1IEUYWNnX4 7NLACHE0s8agsKLN8MNg/2PWnDbiIN3EJzAjv8OtVBYyvucJJlZYDsnEA3FjTaQC zTxW0677IMnBfohVCqEiaf+g/h3wELrgfz6pHqpKhOvdpiPAO1E76T4O/wEQF0ND pfb7f3esmgCryOdU72Tu6fbXVfAuEwCpfIrLWBUFwgPysuU9xLTDVVunv2MOfdeJ LX5ENZ6ypHdtxB2LzdYTSOtBHcjtCrNT6lc4EZQaxYpCaJZqYQYhWYulVbYDaX3w hJE0FauJjJt3fRFRn84soQa50tbDnieX4zjRqFZX5Zi6JeF6R9wqbQr4GABnYsE9 4h5kwcuycbM03RxwuBDoF/p7VT6vhrZKDM3mdy7IfFkFl7PMBW+4MebVQ21IgpLM Z3mrbUH+OZZtFV34mp+ZHDNrY1wX057VW7GMHMU5XZPSDiBCiVL9Tlpuruvmh8+E VIEoRFV2FvLA9qy35HZDZlzdc/eqJ5E5A4unaff8TYBUCkpZ4XO5c9NtVqGwHeIo twLIyLnbuI4M0LXw2BUyFb9S6kqGGqvyIjxSCIlo39ZA5WLESJMujCq69Xo33pKA 6pgc1q2qN35bkse59d1pv+Y4LOE4ZYj58ow2dENyxtih0iRCHv9Eu0odt3bBWjtM VOJjp26Xko1eaYS9ScJcje1k3u5M6/tdEJl4aC+H4bKLNIxWY72vgIYeBwveSOsE RLtHyhMv7jy555aXrwx5cCiaYAnCDpuLRVvzSJ9kMeBCC71BYEu/gmYDw5sobgTs +jXEzqc44Gz7AaJ4qPy2kKTTUnnWEbqvU8MYGLYReLYauk/Ebfdgt9eNgBI7q0V2 FqH1s9iHh3ZecJFimCpHLGUeQpjTYSCgqSVGtIEu/LeqCj1zyPHu5pYcD6VYagXC ESxOTBqdWD19yfKmzzHUvio9jhTGEfat7wIZh9El6Y6e0o8G+v9tZHPk+e3ZcrN3 z+1NYUtfmN0pPoeeiFjwSA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID8DCCAtigAwIBAgIIZ9vDafdIHpgwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTkwNzEzMDQzMzQyWhcNMjkwNzEz MDQzMzQyWjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHYkh1QFQWRpnzo6JVA+Va6lqW20vNL 7HSmY54ckKLYGQebYxq1n24+bQiSadpOU/i2DOb2d771sByZXKhHnr25L2et03pb ohiXD7uJPvpJhjsyEHaGC+s5XmJ2eavK2to5rfXd/RczJMxnheT3sSoI8xjg6jnl xhL7ET3nhZAc6t9w5h3NjXLXO2etcMRFK20opBG+ZodNF6C9ZpPKW9I+SG5XRQ/p MSZ0Z5spZ0nYzxDomD3Ln4xnr4RWK+jzNxvVWAAXiBCWlEmnvNR87bnmyRl7bVA8 EVsmFGiePanvCxTAq9LnH485P0zwSCafLDHp9UyHlI3HvdUyunof71MCAwEAAaMQ MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAIYR0fAH8984ZPWmz El54TwreGiJFIcPqM+G14XUNZ/i5kL1wX3E6hL3VTpxJa9VRP9opGpYHyFB0uNTQ ue8aSoGbC6IDS6D7iMeVUq8EWzo5PjQjSUY3cOZs5ENyJ7WbwVFgaCJV9zEFs4qf zzDDMC1Q9kG9VcI2APIR6nRmHT6xes0KwSkTrBrfkbdcQbrqvl9cOPQkz4NKzfzr 81hYleK6pdqIjZxK0kaj7rDaJHGZqBBDwMe0SuY6dUtO06B7itFOkGcPg3sAbCa5 OlKFwaf6qJOh/WXKcpyOO/L2zS+GXqJSGui8aqmQNMSbDj5DryVZ6lO9WxUAbM5U 5mvyZA== -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL" set password ENC wHyGjesgfVAKBZj+QtBJ4mnr3CUHdawPWzrlYnWqALNHvaqMFTIgLRtiUBXtcxXOr0JTBpmk4Q4GiHYlDjGJ1FzEQjCR9aRB19FuyEpACz8jExC63tbATrP3iU2DkKv0W7WLqj5dQRLw6mSpNmWmcMFVkNbF0jDxSVAWDAuxqUgt9l95O2TEKG0/QFj6SWMboVd3rw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInue7pr2tK0oCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECI6anvCuHeAQBIIEyCpqZT4Km+U0 snGkjHraIXTvN5ILjl+uHRLi5m/RAxf7U4wGNMGZfl21XiP2oPziFPBnh1XQMCYh BBPVucbgOLtQI8lBEP123iMNMShT53E7eNKU2evo8CmMyiONg8oy8Tzqmbu/ahxQ XehqzHBEgOLs6qWzXovmXZeVZkdw3sqBleJNoJqR12q/ghJoZJvtyEwI6NKkqEcg HY74KGmciSGQp38BX2f7nnIZrSQnoFHCpYslshXIX+XBzyRK2AK22V1y9d8VPHYV 6gMsuKFTjNaYL0fHBi//ChU/MdbiyCB+lqcB1qIXv/k1OAgUpKQ5q5QyoHBFZtGs kYxBQhf9+SLYAa1QxiQKxXyEi8gOOfaYwX62Rj1Ll1nRyD2CHGAYKe6NWth9TEhd 9caqBmvFHlTkLVPnrVwPD+tYGpu3Hour2dUC7Ix/C+wB0BVRX1xk09wm3k2syjyS Ehfi7ybFPN+3p5Ptn09KlPDnnqUyJQ8ZfpuhRIXBTtkFNRFxRfy1UYKLbmiawcH1 pg/2jdDfrX3xRI0Ek09IWEqPleQBxyMltNQ2PA65BarCDTqPYgfC+RHtJubCRKJA HaHvMFTRvsPFfuOn7yW6t4FvYmOvHlp0Fr5G4/JLGek4P4iEVSYTUlVtYRUJnIsy XOQsn/72gVUEMpdczpRMYrKl6q9E5k7KJY6x7FkT3zGLMLosczR3fqwwLYsYshRH 24Qn20OfBKGWf+Nta1s3Mz9E/HGfiLCcX5t+RmwQsovT7MelYD31PLAb/yUy4rXz 2a7LT0Dj0fLHrsz7vors69y8+qxJeDfQn7leJCjlyvBd+/kVsBQjXu4CSx6Lms4b /78Ukzm+Ek8ig1fB9HGCrRupHjO9uva9WE+sSXgeEYU2o3HSRnToqYTzF9cGL4v+ mi3Dsz2CIIPD0C3pRBoUHLr2LBE1ftv34yE7aWl0qY9rHsdcj0QG7GFGQ/PKL2QR 5f3+Uwy9LA0pv4fvIfRVtmdfFiLPzLo4MDrmw7TfU3FV27z4kNSRV9UgxtbB/LB7 DZ8k649ZTuxQzd9sWYuUZzWBVUFnk5EKG06NfcXn22DBHjHeFpP+L9BL8TNkZVzB VAX2YM2ak1kOnoyD148nWSAVw+EObQcPAUFBwOPiUYfe8yZLAPzMH+vtUW+UF/9e /HwvM7XBaVOXal1mYh4PkRrapQSyae38VMdsvVjjpssV4WpYq+EYza6Jzt3ekvhf wDn+J/fCRLXr3fGkzqXXsMUVAgnQFgb6J88JXqwM5aH+p7RfbhAiEHVVlWDv7p0b ENOHlh7i5crDYjxGInTYGA+caNJkpsQqi4XYAXZvS8DL3tOtDEpXCJ5BaFfFpg0W BLtvi5I0kDE6eRDHsvqkl5G7URx+0jBOg6TWRc3d31Pg8GnsNF9X2EixpgS1vzTw QouPau+crOI+0bxSYOlThvZAcDZ+lLt6Zl95mM3b0n50YMCSCcTFRKHi6OFMauxo ASkvDPhiB6tsPPGUPeFx/LtUuZqQMoUQAj59P3+EG3zODQ+o/I10ecqrBITisCTJ 8io89ffioPsJNotgjkEVfjILLcz9d9R+7eFC8ugDTEh0mG4L18ZnE/6axcsUwXD3 BFdNoVqGWV38xCuagE48aA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDyzCCArOgAwIBAgIIBf6JtCI/pskwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMB4XDTE5MDcxMzA0MzM0MloXDTI5MDcxMzA0MzM0MlowgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH/Tm3NjC+ip /ypMZXakP66jwzSROQlyxzrOCrR+BHXu8blFJOZyLaFIpGEeK99WcylUvL/faNvy 0VyvgPSn1BWEQLxsq5dagBMBvH2DcgEt5tlfczHInAYKQczvn+2qd8p2x5MUm0fo Mdx2lKkjGJrcsFaXbuS5myps0dAO1NE3t/zhTdClUg8fMSwOXUxsmTXDLN3mlCrK rRPwO0Wu4YQ2vdsLgr5nWrHFdVNV2OOAMG4fNut22JQNw4Zq8ZKCzUsvPj4aBZUJ qy88TbV6juYXl7vQ/+DfeqLRVDAYTONhflBsrLFP2J6GcH5tUI8cGNuqZcq2ZBQt wCch8N8qgwIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAK IGR9f4KxiTlCS4TBGdxyXYQ4nJF7tT8iT5wu1Q4420ysJDZ4oxRZf0usRUM/Wc/3 aI+pNmOyWzK2tD/IUo38+7eXECvhzljG6uR9GLMj5qMmbOCh0ZMMwGMotzEOqL0V yI7qArqxb7WiwnjGRs43BVhg7wRIpn980ZbpSVB33JARInxN4pSc96XBIMWEj7WQ edAtCzmx5RNWGYs3qvubRA4IkGu5jPx/Bz73SqNyZA4XEXSAFVYBejhbIe+5buQG FhrvgpDNwDaPs5rZkrK3+XiOa+jrA9Hd2Fiv2J3yRN1sgdj7wED+GFZFUjT6eBT0 VGykZH329GCslEW9HIcZ -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL_RSA1024" set password ENC vCaKzYIlGUueL6STSnyD0beYr6IMWx4avObtyWdBKjHCn/n6gwv6C0y+racRX+boF5pmTdMz+6ZAXArfJ/9SsgQYhyG9ahxatvRVCvDaMx8T9eoD9oD9n3TlcDjGl3jjeXCl3Wc3a35O3jjROhqs7yo7gC2yKL5iqf8qJrW04ZwRGfMijSV3wO4363N7Ue//hfSt8A== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcJs4ORt9zyUCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIJ7682+lp+GBIICgEb0IvdkQNyO +9QhcXuXaH3X1beythB7GBUbsWVf99lp//+W1fOoLaJYDUOah8pT/Oc99TGNIG2s atoYdz1ET9QEY23BfTryNBmrNVJqmaEKj372NsV6WsY2YXnG9Oxtp4V1YwE9obgE AP+1bgGnsDWukT31nJYslb1DQAYx7Y2KunU7sDRnkg/YqQ/9rALMBaDjRwyfFGNu e/nWCHCaAey/7eDGzyNJNm99PGvB/i770n59xNwbFfqLIYrWZXRIYz2MzTTpWQry gmTbHnD5gcA0bNxVjk6hxPFWTNAMs2g6c2ca0++948tOZwMvtzmAkHMbsQ+j4kC+ HvhcoanxPRQ3PXTxEbwoDKUfsT7qcPUfpHgtyQLe9z3WCVWRdbrB795r2rsNfN7J Uf1W/Ku8ORziY3kxikDTOQA45K2STVU80utun1FVcLTTRcvoEJp+rvZ1z6VtfV4i yDU9/m4si0KcYRizQIdWHEmGvaph9Y3z6uQoomQcuP+Fd/CSQap0i7UTe83w/pgz HdSl3sb+0rqaAL0YeDsAWW9LSOO4IVJFbtTC5dMuq4q7uzmYwQ/hDFurx/H1iVeo E3WSO6xlBxDZT5yaFOx73e644t9sOK1fvYG8rt1ehB5VURH1uqzWuZfiSvX5PiyJ R/XeJaeB+9OZxOdpLlrV9ya8E5dDLFx8Us+cBJP33SYsfIqbu0EbztVKd3MPGGhQ wO0XP/jTXSgeZt//3xvNyDSbxJ//96P40iwojkuE7UHto3rGv/Uhio8oInqONwJi IFuVuD2oMMNawNbJGWs17pXwbEq3bw/q27Sw+am85E+kn4wDyqhBfdA3CGRcC1ki huIY1PLe7ZY= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICxjCCAi+gAwIBAgIIBAAU9OoX6L4wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMB4XDTE5MDcxMzA0MzM0M1oXDTI5MDcxMzA0MzM0M1owgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC85d3pD45YrcyRMNH3 Vl4LRfR+OCX3jfwVxh3ZtKir0MhD38JfsYsAThKKv+tjkyFcCRwj9qWmNY0hU+9I clvwqpex4Q5pdTuTOKUND/kOUu1odgcPEwfKoA55ez2ta0kA8H4ObUp0Aj7XPSt5 JGwvLBJ8Gfv1Lv4AYvkanO+tAQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3 DQEBCwUAA4GBAFYkCrEAV6UkZuT80TPFQru3yW5HAh2mV03hWea/YdzLB9CcgQaj 3Soi5y5Ykdubciaa6zgtL7ig/aOCvggcsjerDfncRYTkEYHj0o2MnOIvNyL8HwUf 4D+z0Ta1J7LTbtvVFGlV66PtW+oclhTH3MJs8PfzDYw4HKSqsV7zgtXr -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL_RSA2048" set password ENC ROQ6mj+fm8pOHydb+QuRwoFBglKtO3lka3KPVG7l2Zwn5zCR1/XTDr+VrgroE2cDfPkd/OMFzowCVsLEY7BplNXY07ffk8khA36tOZ6TeXaLc4B45BNTB63PhoUlVtPY5LWaMRUgI7YiFw/8Ovyczo3nyRa/+gNGr17ctS2aK658VbC7YbAzQfSOoxIot1MRxWZM6A== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIae/JxTq3duYCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIp0GGbxJmy+BIIEyKCYZPnXynp4 7EndXGTpXdYPVEYdZaa/m/1ePjEQ8nymRudtodzHTcBb03tBQxjQil5NQ05o2XHT cAC08kzbWpzh01OLhaKGncycVOBY0Liwv6DcegjdOP3Ztgq3gaYZXWsYTFH1Hi3X CbCJXK32c3Qp7i9g22jeCGEglNz4sSU3xP1sz+GR/E16biUitn+oI8ZCX6BIGB42 +mtaKAW5Z8KTXxAGhI3Z+w4vIEQf+502EUvJVkbpGQFz8ZvyBOeaKWs+Cp0bQtSN Cx93bYjBjREVsKPqLibsyDd6XZ58QmPJkhdwB958DAJn3kioELmCtXeOVyJAQ5J+ 4SvyEWHAqZaoQPl8mEhUmjlDNcbeVR1k3nSSbLC1sR9FfwRbgE9HdyeQxslnis19 +yFZfObIKLsKf8aQi0Bf4pq0gGf6Vcr3x4hxo4TcUzJQQXFJsILXsEO16dLthm+0 yjrN1Flk/g97dBXQVCpqMQ5U+yZF1mt3nElOduZo9lMcDLvGswzMCMah7kJL8So/ /YfV9nVOKdC+9WPYJv/vulA2XNY3j8cbzCx1PhJ5ySb6I6f65bxt/QWEO1JylWQb CFoPfg8B3VbeUFS28B3PrHKH/mqHMJbzOHlDF3yjhGlypnapI+uJaXakKbFuRtDH s7miHxF20qrUhteaousZtLM5TB3koFtSsoc0rYOy9E6wd1VXpMHTm10VYxyALCzW RbWR+/aba30YufLwW1ahbuL0tcqXZ3qr/TrS9O8KdKJfIuzWUxOo4tkKjdUQo2u8 ijBJbJuzvKZMJzB1fEvAG0D54Tadc679GiMQZ8FmEuBQGSQCJYSAWeqjmNP3KCpL 7BJk1fbMI6NBJdPSJrR473KYiWe75G0jimKfmYenzrwAT9dbLi/0/hTysVSbBvBk xR4tdWmZ6zK5VJbbo9B+mueXCx1XldKIVxNCDl+0TY5gjkrf2EdCD2sBPaH4Qx9R 0MozEn2/2bTOLJu6I059aFhSwhaNv1U7EfPwGLAWBfnMtsYhZd5FuyTGLy5M34Dr tXCsxdzFUnpeb5WX6+6yqO0W0AcXX1rMprzVG1YUvkln73cpEyq3je/gFV2xI6KI WmevhrvGnvc9jSfe7RjT2DY0tBolyW3A48cW9GjH5Pyu7zH/vmLXOwunlZttBTgF /nz2FkSCCocGq3+zTfO8/rSRf8x2KbxfgaUWo0Pbb6gZJ+qX9+leumdAHrNMj/Up lza2TsCezU5o0hPdVbSILosDDYdhTNZr1dL9GMTLs2eft2l/P/IZGV0bFziq8D6T mRTUG3V4iuKQEM966w8fpRFyfI4bpJoFZlVzWViOp5/GXT1r/Cm10tjs3RhX3coN ya4lVEbjbI9Qiz5DcpZp8pNU5TLZ6e2Q/cJhALZCDJa+3HU638QmyWJvEzgw3abz xD2/eiys6LrpqEdtF4xkSwGYcGE4dgdIAtMcxd/x8eW7OMpsT+ihqN34FARj9AbX 2QifC4RWmzsA5ePMVX0nswYeFgHUHIHT6E+ILEKhpUvbLe6iA+dc+iAFYDRMSkLq 4+qsYH4niDXF1MlUpyjUbyCkxkP/5SZwmOl/yfQBwj9fUJs8iuYyPtqce9bsi54C DcUPWZlVwclTaYkeUdXQJw== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDyzCCArOgAwIBAgIIXyInAdvD894wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMB4XDTE5MDcxMzA0MzM0M1oXDTI5MDcxMzA0MzM0M1owgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHMTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5jrtUGbaMI7 iDlOL2VwsTSSgOisKEJKauaGHMq9bB/LihNM3Y8Uq+cVNIiOyZ1Z465vQVdX0+MD 1D4brccyBko8oFRJciTewz+u6c2Uu3G8oNSBt5ELLtQtxN/ymW7eQliZhSyk6Vm3 RsRr0j43lDsJIBhUuctGvKXn/DnHo/n9Nqcam20BLrOM8fBwUi8+/oHI5nGvwe+v HykjfLAXCK3CM41i4CrDzj297yWDvTF3REwBz2KvaEVw6/lIWiioMg6lSbqzl8+S IHf+rAt7ZND00op7brGRYv0l+TMQvWAHYXgrn0+UOGcrnQeZT03h9js8wbl08cZI oWCUM8rqLQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQC1 BwdA+3iCXS4BQycgjp6U/Tmu34Y6TmRGpqnrxy7lsGVwPdNUTeKfapl8WESXhP7G 7nHV+nnPt2628LFowWnMeTwLl5JRD3bGgioO9TNFwaMvUftk6FqLENw+fEHnaeEu uuavLsiF8N2WzSv+6NIRvcisp8CY2q3MsUzBuUmNOOyjRGiUo39J2x4GizkKWpXJ i5zc6YQ1x1eZtFgJuSEWC40ratCSo8cjYQuOUfgV/PYEBG/jnWPDN9Pnb399L27n JVcSws7qgsLVxhXowSeic0d9egu0tWz69emS/5WVtTWZnLgknXH7DmIKouOoQpVL GKVJCTQyJFuUg/FCWeh7 -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL_DSA1024" set password ENC INxzhFSB+zn+Y8AM+++xyPryy9vxY5ipdLzX3ImiKrIu/LR7L9i2DdAv1Kf2eO23uIl+uwcfQWiWrrhQOQ9lCQPCTa/2AaqtlALxaYqyMcKpXHgybKMQXdD+IcTo8daJZefh9YzfOHMIWZEkU6lxaivOQ8e04LxbmJK5EAZvCFJzL8FGFGiUtBuORILMbXCF80a41Q== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBrDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRrIIvYv5vh8CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOMF1uyz/6NKBIIBWLARIEIHRf1g yt9Up6c/NDQ/xM37POJpTGtzjJsT7p8HXSaQhtb0v74Su5LRhlq2EPvBmj6+CnK2 gZ3wC1H4WQyfz7laoD3kqQpWYtIutPvgjYInv7WCJJ/tRr32N7K2LpAMLrFHFIob euiYSfQI3iW6s3Cg43TZ7NxGiW71t5M+OYuizqftqfG/RlHlDXPEF1sam9EfqC9B /5Dev8RRS4+c6ntufcA5A0Cq+Dlza9q9jxQMAXyAXIqgxnipA2DnKAYq4Rw4Hyc2 /oOrlOdrhOKt9S7GNwgzA6sae1g+3ti3gcK0sqzCP/CKyh7wz9JAUYKViRQWnVY1 OSEVQcsUihc5PBhoXbz6cHF9ba92NjEW9sy7EnQN1mBuLs9bg+cdwLJJBTf1IfrF KBoBzRpMpt0l007R3dCaA1xxQUtwZy2AAaHBJN0qDady4y57pQtvUbwneAMFg9Yu -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDijCCA0agAwIBAgIICoTVwbsOyTcwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG RzEwMEZUSzE5MDAyNTgwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTAeFw0xOTA3MTMwNDMzNDRaFw0yOTA3MTMwNDMzNDRaMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG RzEwMEZUSzE5MDAyNTgwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDCfQhGgrHd+x+qy4EHWwEMGfAv OgmFeDwmwQe1td/1Xv6SgCLJItmtaKZRCtr5BHJ155Il4YS9CHceV1/zyoJRVD7m mHc4mshiUq/Wpjydrw0KOVf+NxQNo5b8ORooQGMX168lur9Bk2T5atsl+44VnBZh 1TQx8HgNcB55P1NDJwIVAPScSHV6rXlTuNaSIG/bLHewyx0XAoGBAJs5Moe2gO5A wAm1nr/sf7k+dcOLr+UPgQuOSzD2RpmDPRKzsKZbJFQ/dyn5s0DhCnC7TlG6+5lS 0U/INBnmQeDcZ6utSz6juwo3QN+syPg2Oq2nTRM2KHc3kCSPFLJx7xxCdG1v5qJb AlhWxHorI3HAM8OgDta+Od3OKpnVcOrSA4GEAAKBgCj8gkTvJHIiszETdN+L6hEQ d+xMDWC1f+aN5TucryMU8Q+xjEBFT9cKApYKl4A1ZDik6FYqHp8YfkfCJjA1beHm 5HSYxnfIb5JvVTsA2EbqLuDGupHEWgFWwb2+YmsapzrjegVATvXo8T78UwT5ccai 5LR9wsrHbSPA0Tkt9xK1ow0wCzAJBgNVHRMEAjAAMAsGCWCGSAFlAwQDAgMxADAu AhUA6y3S48Bac15UBrQm2315Rq1nWxACFQC9NVQA4VWi5opF99FvfH8wfgJ0Mw== -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL_DSA2048" set password ENC 9t6Xoh1EqS/gMibnwKg7bkyyaSksWUWN0R4RQt8t3OUIMhH1/wRhbdkh4VqBWemLpAqpDmt88pWJUK+QKgUAJtGFuuPAN7RzpufOCcvlIZoEFxbvDhRyhyDttK/hrvVdjjrI15rkXHmrSKQoTtSVtH171NII+vYj+RYRQMHGLdfD9GuKMq8rsL5sS8Jh+En9TLZ8RQ== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3pO+04OqqVoCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJKwsy9K/ZIrBIICcMfzXfpoClS7 e0EEMQKX2bHt3WEVdoLpRhPQGulxBLVOWXReyn4JfAetkEBwXh30SmDPO5yqV6XG W7qpEtD6R1B0/6/qI6sWX06eXn+U2dYtC3V7PLr++yrYgywQdD/DWPO9ZPXnQ5Fb KyqWxGwJT1B/GlC9RuZZdVj6bSAxkeJdcG2cyHmYeI1Oj1IK49tni39YHDC1PHWU CU4ApVy/9MhLGmSMqIS661EdPZ1VjGeYcxSKSdKvEDGXRfIaKUGd0LciEJtjcqkY Q1Mp1ijlOSqaEsRkDGtgJBKg0cMs7c2XsJI6qaSLyyNN0g+H/YJ9mXxn7b0BaPtO FgeRoiRo/bcLI8QRgOHna4bJJvG2hDpYowgs6P1TAPyfUE3r0mECXAIpywLH+ERF 6xeeZ1CmGEmvzkrQVhgFgaD99NV/DnS7lDi+Kkb7ownKRIdHDcJgZ8ZKZV2HYcui W68ZnYZk0kqdXoShjcjpTPYVvqk26g5HWrVq3mLW+NtbdSk/Ed3xicijB2dHwkhE svSml47rZrIP7uoQoUTFQVBGg8dBwnRkkV3N7aJIC/TiKOZhxZpacPmbQhpcVyON 8vxwQvx32JXX2HBfq8OU4UpTlzqfROV1j6e3sq5ae7d2cQFdMQEaUFMUeeYyYKse 5kchB3835m/ZVpZzKs75jEnoRESkMSfSu5dq1sfOObH7OCp0usMQ3Dwm+BSBQRXX q8wJ8HJ+PMngsE9CsuwnBCOq9Ky/bi/5wz49NXTScRNlncYTWOnzxdwtGongJDRv kgCooQXb8VCnINYR5BbjWyoVyARueuLKS48GakPyQQ1TJa8eOSdmUA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIFMTCCBNagAwIBAgIIZaeCVdiaBDUwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG RzEwMEZUSzE5MDAyNTgwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTAeFw0xOTA3MTMwNDMzNDZaFw0yOTA3MTMwNDMzNDZaMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG RzEwMEZUSzE5MDAyNTgwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTCCA0cwggI5BgcqhkjOOAQBMIICLAKCAQEAxKBt1NwgAXEIKLnWABU0xvta 219/37mIgiY8Nx6Icz+aOa5Osx5q+WZwro0f+EXgS45kblkv85woBswTIB7pyx2N eXR2xhTlv6+OD0MJy/t/jHDX4+83qfWDu0lc3zJVyItgZsnFVnjGJyheUyWLL21T Qnr0hmiwro3N2dPbPlAVOIb825y/+1vXBjAvQgwvALJtelX+w/oclnG9kLY4WYdf P1J4CVYVU7EHLT22iQGkUO2mOVQ09Wf9NGD56iMSUPLtPQf3JXH/0OKLFgsdaAoq ff3Bprp9GeFjjWQrBHvF+FZPFhSLr6MwZ677HJ8VsLeVOdquBfaSGb42oaKhkQIh APNmr0TQfm9umKzLuj0KQ7xLkajb37RPqO0qX4y98IZ5AoIBAGhd5T6vFaMF83MQ HxgOwMhouA1PG/yBERSbli65/LjuBNTjPEr3WTJUm7y2ugmmAsTbaHvmuizLZQlx qvfxPl/lrr7jqZkdZA7XHgxnvFx6ZajqEsJ65zxunEys9/1tOpb+1FVEDKGOPsKs sGAooVXgNhweh+BQFftKpLJPpycL+mvyTRbpGt/9BttoFhS+OzrZrP89DztXrxrx 2sSP7/6MK6PVIN+QrmKk7HYq7JdQnpSxgz9zK56W2y2dPTij8QbL3x7YrnmKf5qG filA/kG2gYppXOiuOzXWdLMi9LvQTOmkL7RfVjcFrhQQ0j2sWMA4c/RcRDd6qYYU EZq8BDwDggEGAAKCAQEAk3TtLGMORA+UuecmXbmCfaMIPKWjGOBywztPvZ3NZU7O Nufo4RzC7W/XAC/d2wQcAw1OJJN0AFAbERHRPGP/NBPHbJTPburwAApKU3fcBf1F muDCJSf/zaMTC8QshqDhSlwe8RqGe+s1wG/zp3iTqFtWsLbtbxXUZhT5LK40El6C t4TDegCni6gjMD/ObntDHiWkYEOezPJoLaLopykJqCztGRA755ihDO4AhLIDTA94 6Q3gBraSxuO4n5Al3JHczO9lmcHwN3IMMEIgYoL3egHinAg1B4azDlnuYDQp2wxV doPxqvxLKFihLmh7y5uqoxhf6hAJUcCNyyaeDjxz6KMNMAswCQYDVR0TBAIwADAL BglghkgBZQMEAwIDSAAwRQIhAN+D1xxr3jf5ZaiGWwmILa0wcGzbumRCMacFt/jR Ut4dAiAUf3Mg0X++ePM5AedotqOdwsWMGBKgSYPDQb7P3OThBQ== -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL_ECDSA256" set password ENC Gg2DbFOC7//bIA6j9Wg/vMJ//HrB73/9PcMjHWOfOErn6wrHfrWTC/l3RpqTAmsgacsGxSZyvB0V4VF91b4CXbdj1oLleZD4A8LBk0utU33DKVJs/lI6CXrm3IhnTu+F2E/F+MRLspA3NneeHET7Vtn9qnGenqICC7aGOpB4dDcLlknAohz/pobaqGa3ua5iBeoL0w== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAiHj+RJvrWF4wICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIgNQmhseH5N0EgZBQiHE8R9CU6/xp B07kixW5YYKd+H4mevQnL5uGpMk6NeXbTSfzVQG7nupidqiAcC9Qmuo68J5UShc7 3uJmUlg95RihxD0mtJm1y/mhKKl7i4hr00PIRxPZJc2TDuq6ov4+6BuhyITDtVmt CPgM527AZjUBJbrp0LDlyZ87IFZDxklBOcaHbbjOlSVVejrYbC8= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICQDCCAeWgAwIBAgIIZJPakgKy+D8wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH MTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMB4XDTE5MDcxMzA0MzM0NloXDTI5MDcxMzA0MzM0NlowgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH MTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHUsWgmFTJ8OkFQAmzMRF3OeD 5iQYLK20iAyvm8GsNxzy0QIIjMFwP1B/FmP1Irp6bWFG0Vrn82O4kG28UNt5aaMN MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNJADBGAiEAgiyoNaO6eJFL7jydE2In GPF5emR/jFkWGY4r+UCTySACIQCSPXwJKIGAUVsWi1/16zEWEMNN/IupJtxvVCnn bdCfLw== -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next edit "Fortinet_SSL_ECDSA384" set password ENC TernfXrpC+82+z8i4MYFFj/9gzaZrbqhMDx8UkRFGFRsiVN7k57PMaQRlLAwEKSSmKTw2W9NbZgTogN3dAUqK2urTHxxPnHxsQmvufkAaiW1plAq9599gU56Okw7mgW6OauxfO595rIAnUaffiPPeogTk4NiKB5qdg6hWqKJa43guhFogQhNyldyFmnBhUcH1/dWaA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI7dG2EqD2+18CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHkM8abXuX4vBIHAwNYkLT1FsdCs 45m0k7tfNOth9n5KD2JDvqHApWViyvVFkKLbWo+jk4DgS4LB1UHVArXvWw4WenN4 5JI/tqm+xB7hOAtUZnRGmvJoCDKxjnxtQGYornrAxJKEI+i5JtWAuaXiizdgOhv5 7T0698ecFmfg5QqCgbXL7lhMS7LwPZiCwYUbIyqTI6+ySIld6Ep7zZd0X8sieWrO WdeWZnB1if5IyTv3IRSamRHG86DOJVlOYFQeFMaGqU0ga72OL6M4 -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICfTCCAgKgAwIBAgIIYpuxhHL0haMwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH MTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMB4XDTE5MDcxMzA0MzM0NloXDTI5MDcxMzA0MzM0NlowgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH MTAwRlRLMTkwMDI1ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ1kNr0qckRLYBwmYxHWlCqwt3CoC WcuNBPSkiHdpmEtobf8Xt2AFll8aUi3xUcDOHOqNw/eXQz6qeCL0f1HrghlIGuAw KgVasIvrqXyuk0A12YYnSza1az0vyGMqpaPmow0wCzAJBgNVHRMEAjAAMAoGCCqG SM49BAMCA2kAMGYCMQCE38RRH7m/IUc7JdS5rcaA2qDZvHpyFEM78NDxmslJjG8M sA+l0MXym/SqNSZ1gZMCMQD8uLbnQkrEtdwrJpLJCkFIWnKmWR4gOX94dM6UXH6z SaPXuhk69u4dXpJfolTF4sY= -----END CERTIFICATE-----" set range global set source factory set last-updated 1562992427 next end config user fortitoken edit "FTKMOB99D9726813" set license "FTMTRIAL0566D521" next edit "FTKMOB993F1955B5" set license "FTMTRIAL0566D521" next end config user local edit "guest" set type password set passwd ENC C4Yc8616cj96yEuv2+mvWf/lMvq5v3GT0WQm+GEOfjb9FQkdYWsdpmRAriS/xgHRpKPKvgtl1cjA0k2/0UukfLsgq70Naqb0jAVsPRwp+wc3v095I83apF2j4f9OeQi/XeDKK8ieab2AH9jvcYuKVITxVofDBgRA4fhlU9EYjLlmxCi5H4oj/xLqr5KAFvgYmrgBwQ== next edit "solvit" set type password set passwd-time 2019-09-26 13:31:41 set passwd ENC eTKHHHP2Z9tmErGbS+1tk/a+26KdhtmrEPdAhO1/aZfQ83k/ahA3L9qqEpaADF34jjyzVMu3AQRTI26/ovg1bwqpfUcbgMvna3T0b7CKsP/UWeMKUT+6NZiFyzBc+nCNGQdIEWj7MFC4ECi8LIHu2S4RONU4VFu6tN2IRBrvEgQyoxc23yuXtPObDfxOSmBtY6t82A== next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" set comment "Other devices." next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "FortiClient-AV-Win7" set guid "71629DC5-BE6F-CCD3-C5A5-014980643264" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next edit "web-access" set web-mode enable next edit "tunnel-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set split-tunneling-routing-address "ALTA_NET" "SERVER_NET" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end config vpn ssl settings set servercert "Fortinet_Factory" set idle-timeout 7200 set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set dns-server1 192.168.20.32 set dns-server2 8.8.8.8 set port 443 set source-interface "wan1" set source-address "all" set source-address6 "all" set default-portal "web-access" config authentication-rule edit 1 set users "solvit" set portal "full-access" next end end config vpn ssl web user-bookmark edit "solvit#" next end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter profile edit "default" set comment "Default web filtering." set inspection-mode flow-based config ftgd-wf unset options config filters edit 1 set category 2 set action block next edit 2 set category 7 set action block next edit 3 set category 8 set action block next edit 4 set category 9 set action block next edit 5 set category 11 set action block next edit 6 set category 12 set action block next edit 7 set category 13 set action block next edit 8 set category 14 set action block next edit 9 set category 15 set action block next edit 10 set category 16 set action block next edit 11 set action block next edit 12 set category 57 set action block next edit 13 set category 63 set action block next edit 14 set category 64 set action block next edit 15 set category 65 set action block next edit 16 set category 66 set action block next edit 17 set category 67 set action block next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "sniffer-profile" set comment "Monitor web traffic." set inspection-mode flow-based config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set inspection-mode flow-based set options block-invalid-url set post-action block config ftgd-wf unset options config filters edit 1 next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 13 set action block next edit 8 set category 14 set action block next edit 9 set category 15 set action block next edit 10 set category 16 set action block next edit 11 set category 26 set action block next edit 12 set category 57 set action block next edit 13 set category 61 set action block next edit 14 set category 63 set action block next edit 15 set category 64 set action block next edit 16 set category 65 set action block next edit 17 set category 66 set action block next edit 18 set category 67 set action block next edit 19 set category 86 set action block next edit 20 set category 88 set action block next edit 21 set category 90 set action block next edit 22 set category 91 set action block next end end next edit "monitor-all" set comment "Monitor and log all visited URLs, flow-based." set inspection-mode flow-based config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*youtube.*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end set block-botnet enable next end config antivirus settings set grayware enable end config antivirus profile edit "default" set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next end config spamfilter profile edit "sniffer-profile" set comment "Malware and phishing URL monitoring." set flow-based enable next edit "default" set comment "Malware and phishing URL filtering." next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "google-play" next edit 4 set type wildcard-fqdn set wildcard-fqdn "update.microsoft.com" next edit 5 set type wildcard-fqdn set wildcard-fqdn "swscan.apple.com" next edit 6 set type wildcard-fqdn set wildcard-fqdn "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "live.com" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "google-play" next edit 4 set type wildcard-fqdn set wildcard-fqdn "update.microsoft.com" next edit 5 set type wildcard-fqdn set wildcard-fqdn "swscan.apple.com" next edit 6 set type wildcard-fqdn set wildcard-fqdn "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "live.com" next end next edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall policy edit 1 set name "Permit ANY" set uuid 6e0ce57e-a527-51e9-acbd-b5a9ddcc56a8 set srcintf "any" set dstintf "any" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set fsso disable next edit 2 set name "SSL_VPN_IN" set uuid 0bd710aa-e041-51e9-a197-a2cb69d7395f set srcintf "ssl.root" set dstintf "any" set srcaddr "SSLVPN_TUNNEL_ADDR1" set dstaddr "ALTA_NET" "SERVER_NET" set action accept set schedule "always" set service "ALL" set users "solvit" next edit 3 set name "SSL_VPN_OUT" set uuid 2bd964fc-e041-51e9-33f7-9cde1d95d387 set srcintf "any" set dstintf "ssl.root" set srcaddr "ALTA_NET" "SERVER_NET" set dstaddr "SSLVPN_TUNNEL_ADDR1" set action accept set schedule "always" set service "ALL" set fsso disable next end config firewall ssh local-key edit "Fortinet_SSH_RSA2048" set password ENC zTwwl9wrpJr43LWrhQ8Gfaxe/N8BdvXq3HrGz8uLAbKWzcu4VsgD+7uhZkEeu+za3KJ6PZ0dbenupDK34y7dpZt+1VeVt5S7y/Dof9aVhdOA4CZxjsDakUx0RQzzQ9xt/vwBbDsIFGHOFS5dElNnnWhDDDfmvBjI8QG6G7Bj8qxGcwaOCmBItsenkjh6l/m2meitTA== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBSu+Gyd2 ZGvc9GBVzQHLliAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC3W3L/yvcz NByBQTRHxbcP43Ano8xteSNpkBrGOfxxTdkt2Cv4UZTrj/f88qZEDKj4X9WWmgttQR3T2M aizLP/ZwleaXEbgmQzxIKeatvT2PoSx02H82O2r32msIbHwVylzZv/GnPEgfgr8pQ29W9E sqYyGxj5scURfK58YNBHHyTpikCAVYoJBRBzDk1S1OJgjUyvWLp200IMtX4fd9ygAoOX8h VDrFJRoYSf6ct5XHh09NO2fIL6j6Bimr5q5RT0czaA5gNBSZDfgYrH6ZggGcAmsNs0EXNS Fs+SOHP1+IXQ9KuizXBcwP2ajhPDZVAyqGdcp/Cq4QpZE1W2Yj+bAAADwEWBMiNtjLYN0T c6Kw2i6RAngHex6xrQuuQ5gQTvmqkSnjZNY7EFHOKKa4c2XAbDXUCqNvScYZDAr77Q5Mid cmdh17oRt1CvuX6oXFxuF1+DsFZHlaO9ohGJm30pubBBK0ijh2aF1s+1FIlVsDGeMiScng F3GygS0xDFMtyhj81XMBoo/AcjusFX0a5aJ/vyEQ+oqm53hzm0isphrqLE/SfirbONpPtW 456HkDw4Pd5SxPxFZ6A5ofjcRlqmg0bC6Rqmvw+5FfyTSRvjC7Pv/6aMh1A5tNWY/4cMbg lqFnxlH9b9Cf6GiXYu9zv7d8mjOdunvehxjHDpGWLtmtq2EyVYCsQtD4QNkKs784ITsaOm Z+UO0sH142o9ds5G1VsDypBzG0QLEFfYdpknWX9SoSQlxv/mSkHFF/FXitoacTiGIqH4jF /sd9bveLM1mc0MrLci8/UkKxRnWgBJLkX5SCuc6o7mpie44FiqfR/OyveyLOAxVljK6xjc 22KSFBhRJNbSkuU9uYqXe4Y/2+5ZLIkREoxBRlzPrC0bvbWxovBikAsAhS+alD4sBJSC7k 6Me5nhl8KeqLZoLWLz9JIOvhUXL7scKmqfnb2097UU4vI+rHulou99N5G4BPFGA1HEJHhd b8kIS+ZWQfzasIOcoj7EMoF0y8oYqb/Cx6MIbPk6WwLq8wHMeKc4br6GampkvpO1quu6oZ ZF3C+2RJzIY1nRySmm5VFiTvMXJ0LYTWqfoPRvxSmev+tcwpDz2WxXyaicUbyetxRB1pQH PPCD25QICYOWQlcCvP3W3Uhi3syTc8nQ/c9hLPj9nC+M/0GMnJNBdhZQHfp9vxujJ4EFdq I3rkAGIyT9bPr/ybMXgFWZWqS9mnHnyRGWtKktCJE2EN/S/3Wel3iDL4EwxoVDIR+wo7+w F3KP8eufb+jHf4W5O8HNyRyz8tygpWRhkwfKilP77NuYfTsSo1xnLfC3XH2Da+YBRcBY3K FJ3EyLu8zNsDtQHIZMdqEe1MDbEGLHaHd3Cs6stmiDS3mKzFSFfN0soybczl/DWAHpZBGz +XJYcLnj0Jmv++cqQZ4JLNkbBJFa596msi418UdkeqFxrJwzLmNpFWdLyHZJNS6GYTwtNw FAv5uOa0jrjJPtbodxeQ0q4wxbd0KdKaVXMtEdsE7SpEszq4d09iUQNIurRr/HMRnH45nP Uj7PpGO+cpH64rjzpe4xeh91jS1IWJ1TJhnUVMNe92/pq9nYIxivaxO9+RuIMyUswaxbrg Vww8V/Lw== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3W3L/yvczNByBQTRHxbcP43Ano8xteSNpkBrGOfxxTdkt2Cv4UZTrj/f88qZEDKj4X9WWmgttQR3T2MaizLP/ZwleaXEbgmQzxIKeatvT2PoSx02H82O2r32msIbHwVylzZv/GnPEgfgr8pQ29W9EsqYyGxj5scURfK58YNBHHyTpikCAVYoJBRBzDk1S1OJgjUyvWLp200IMtX4fd9ygAoOX8hVDrFJRoYSf6ct5XHh09NO2fIL6j6Bimr5q5RT0czaA5gNBSZDfgYrH6ZggGcAmsNs0EXNSFs+SOHP1+IXQ9KuizXBcwP2ajhPDZVAyqGdcp/Cq4QpZE1W2Yj+b" set source built-in next edit "Fortinet_SSH_DSA1024" set password ENC 2WkNo/pF+08PagCYXMNmZlU808Nz7RgYhNTZrhY0kJMgLvR2zWVM4f+imLrBKgKVdGwpE6OrWqQYcPpHWZcGqmDPYzz/pJiUkdEA4LO+c1kcUhMp8bLpKY5LLKWY/z0qZ6lG3PFRwM6+wGVCXkoLaMzWgb6lynM2AgRBOOr1C3Th0xh0fPYryd/gw7sRz4EMmldLpA== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDBTj0DD5 jj2u8/7epcpXmGAAAAEAAAAAEAAAGzAAAAB3NzaC1kc3MAAACBAPLCOq2c3qmaSF/sh3np X5dDwSIEVntbFz98F0ZA6Nm19d2q1tBNQOnYikIt6S3TtZIT8jRhszN2SOdTFdoMWWLvH9 bN5xssvHv7fJiSrHhvtkxPz7uxiPjkHx2h2FAcDGFUimx4CcKdALBxy56wrDKlwpmhskP4 JstAXbtQaFuBAAAAFQCTueAbSZgGx0VMfAmDEzLJtaBfIQAAAIEAzQupWQP4I367XoQHT9 JnDT7betUtY6qvqHkYuApuNfzmbjlh1wYYqA0d7PVjcHPRlBEltiKyUqatIAuXPuhSBwKD p0ko/ThkciAOV9Gj+B414J+rQXqVMTMT3fzDVEE5exEn/PpyoHlQvLgAof5p/EWXxNDsoV eOf1+h+K/rVpAAAACBAOVXZXSh3uje5f8ofa4HSUuJYJ5rEhkEwmYzdgam2cZMVTmW2vLS 46BBrwUQzFh16VC9YQ+zWXXfKriTM7Q6yGGfP8fwLEIFwcMTU8KFxWYjqjAHlYn9EDcRpy G6TtazVGLX6Kt52znUUyVH87b/oPis88JzrJik/dl5gle+P7nGAAAB4BVUPGdUw6E9/7EC lL+EeaFqPU72YfZcrKLpqrNdGctzy4J16K3AmUkFrUYy5d4onZYMbjBt1pVOimN9Ig5/4a AbnaAjgg1Wn/ZqmW+CLl0IQY8puFzVt5NdXPvqxwX7Nq34cU5xgKzI/86J7zjyUC/xbs1y AtlF1VGWMTPkmc7wkA/STbeLp/jsCxkZ3Qld0vw6Abbp+jqm5dy8r+OTKzXv/BqtxIxyCt DNjIZxviiJUs42nwP1xaBCm202yAv+52aduZW8NKNJ73V+3UEY3ZXc0MJBFv4BMnHzX+6H rQHMEj/Yi/otMoUQqHatMnKYsfjDPnlMNx+sdQC69M2DO8t0Kzyt8nkVaJmEMMzmdrepbR ASYIw/pSjqZ9QE3MPivjaYMp0M6EdK6kmuPMhoRCMrrja9b3a0QV5P/tBiMdSyRZ0QbHV0 zY2tn/9Ny/QI5XQj4ncWpup4njusm7KXeGc/a2CzTVheMekldLhS6+iSiMQWAuZAdzeIj+ inBwL63IShpSCKD8rmQYSPV1fEpfGYOAumxJ0EMF2sDpgd7X3Va1Zj/k9hpPI6nk7VyfQq Ic1GlpNeY2Axf7j6UxzabHqgEgQBCAjjGy/Dd5WcnxhgRtsA3t1vZyh+wBKyyn1EYw== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAPLCOq2c3qmaSF/sh3npX5dDwSIEVntbFz98F0ZA6Nm19d2q1tBNQOnYikIt6S3TtZIT8jRhszN2SOdTFdoMWWLvH9bN5xssvHv7fJiSrHhvtkxPz7uxiPjkHx2h2FAcDGFUimx4CcKdALBxy56wrDKlwpmhskP4JstAXbtQaFuBAAAAFQCTueAbSZgGx0VMfAmDEzLJtaBfIQAAAIEAzQupWQP4I367XoQHT9JnDT7betUtY6qvqHkYuApuNfzmbjlh1wYYqA0d7PVjcHPRlBEltiKyUqatIAuXPuhSBwKDp0ko/ThkciAOV9Gj+B414J+rQXqVMTMT3fzDVEE5exEn/PpyoHlQvLgAof5p/EWXxNDsoVeOf1+h+K/rVpAAAACBAOVXZXSh3uje5f8ofa4HSUuJYJ5rEhkEwmYzdgam2cZMVTmW2vLS46BBrwUQzFh16VC9YQ+zWXXfKriTM7Q6yGGfP8fwLEIFwcMTU8KFxWYjqjAHlYn9EDcRpyG6TtazVGLX6Kt52znUUyVH87b/oPis88JzrJik/dl5gle+P7nG" set source built-in next edit "Fortinet_SSH_ECDSA256" set password ENC 5Jx04ghXf5q3MtDv9o8HdhNXQiUi5BnOVZxfNkFwX6EYr8Ah6hIuQwggrGNnxJZwMLkBaEXXRex4iK5lzNCsBgnjlINavjJZDe6RAdKwEW/eZ8I5Q+EZ2rgfA0jqxpkty8IR0qughWoLFtNrI0FcFDCu7ajDV3+lqTWdy2v1IWwz9lbkMl0nCFJOzWulpZkpsDTXUw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBKm7g/At 206r2m62oHkevfAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz dHAyNTYAAABBBJ83sfaH2oQ+l0DoWmA1S38wNMRmQ+v1oqbAg/GlMEiIAbC1ZXY3rvYfQs Oth5ZvFRcRfKCsR/wAEr8pj5JA+iAAAACgqaEyQnSKhB0OWxD5nnnZQhoC/gSVwUACNlEc xl8edRD8YCl6JGsG+GtIwXdae7uazhccJ9m2WYD7ojg+eT9cVNJ2TvHfhIwaWIL5KM04MJ 9XH2ke3S1JBJnDd1BLgBKW7UDeku8I7ZnE9Er5fFvbYX0v/czwLnmGIh8T2oLY1qepUij6 MQWXnTHlaHRF9wUmEj5MDMi5BSgc10Wed/F+Fg== -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ83sfaH2oQ+l0DoWmA1S38wNMRmQ+v1oqbAg/GlMEiIAbC1ZXY3rvYfQsOth5ZvFRcRfKCsR/wAEr8pj5JA+iA=" set source built-in next edit "Fortinet_SSH_ECDSA384" set password ENC gGQCZBP3hQFd14YMCNHZlhOvRwvmENd8AhgdOx3XHSwF2iW4ucv9KrXJoJeEn5HKlG8WT417hxPJaGtm14o9NcT9VBMGLuCfFeD3Lyg2iWq9kdUFSvBRs9w5m3Pnv7OBJkYJW7xYQcclVE8EoYKBku0tm0qfXXwnH5SK8sqlS34G7UcZx/fnRBep98h4Z0Y7epn2jQ== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC1A34ybV TCquC9ecSXu8KOAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz dHAzODQAAABhBMgQc+EMAMGoV9gMOLFFtzrJi7ypfIJNYIivMY8AQaoXvlykRec1N9o+bd w13WFqgLaIEbEn8Vba+RR9fpvx7pPQzTwKPwtxf/VBhP8NCbMnleK8nrJy5l7LSA0LQawK eQAAANAHhQGXextouV3uaRmGdwW/ZOlAGgqBwSl2Ti9x9dMFydEbj6E9AsWOBCM+Cx+Euv /EmdiPNcpkoebAqK8jopiQ9WzZXCXwMADjUWfHRTXINZU8rUdM85A40e9WYOkhpXCEUDC+ Dz3N54juY1lRhgrXXyfEMZprmfWJ6oVPZhruu3xSuxdDzFWwjcbEH5KKTAadDTAsKksbvF p+BM7wOrFj3F7/niy2IH+XJ+iIhZdbwvKyyyjlFc8QjRzbGcPD7glL2IhIwubbk0f0Fc+F eqQL -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMgQc+EMAMGoV9gMOLFFtzrJi7ypfIJNYIivMY8AQaoXvlykRec1N9o+bdw13WFqgLaIEbEn8Vba+RR9fpvx7pPQzTwKPwtxf/VBhP8NCbMnleK8nrJy5l7LSA0LQawKeQ==" set source built-in next edit "Fortinet_SSH_ECDSA521" set password ENC 4E6Xce0Fs04qJwKx93d14XDSn0PS8kDZS0YoiYAYZoqEQGAcGKaWlQrBq2FN6EeiL7Bo5YF62wHsd+iovYHRTzitIRl8KsU6Cnm6z1bSXOYxjSHBD0AXiR8sIlrWKNmQR/lhKRZdrSTDT5Sz08q/vqNC3hFucCbE3hjCJMqd+Y346MnLO0eYcke0PtyZvSeiQXYJ+w== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBugXRppK BBI3i6zqbsu73XAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz dHA1MjEAAACFBADETMWOxoGdo7z0xcnB9QpolLflZC+qWhaYaUWcVVrUquAFq5efdc0/IP oUgzsoH4CMMR/EcCnC5XOI8UDuKvH9TQGZUi281Fu3B3wuTzmExF0GK7qi2Fvolm5EkyL6 cTNRo2IGonUNFM8S46YJQgnxhnSY4L881lxpmGY/DYRKwjzieQAAAQCdXT8pnBlD6Lmfzc OSYmq5sMVV9q1onsjAUZAqP5heBqqchI59nbLH1JXmor2j1nEzpVsYb78wjJfmF0XNnayg nYADjBUkNr9AFlJfuyOdZP90A+/q5iGMplZ3bux4SQ93kqCCRLCKYWQuUr+aItiH+aixsn 38XPNx/mj2H/jiOiJ8Dz1ZpLLWqPoZZ+YfF7YqJr4g+S1NDRFIf6Nl3nNQk/6GC0p2lAxF 5i3YZbw0XThVqjkjupAQI3Kj1DCTGW/x0gwTKQDgfvd1B16E9VGx2Ily1Tllts2Sz9noYn vjC9mJ9qbWQ961p0nRxH/2LR2HhAQPaGKBnIC713DVHck3 -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADETMWOxoGdo7z0xcnB9QpolLflZC+qWhaYaUWcVVrUquAFq5efdc0/IPoUgzsoH4CMMR/EcCnC5XOI8UDuKvH9TQGZUi281Fu3B3wuTzmExF0GK7qi2Fvolm5EkyL6cTNRo2IGonUNFM8S46YJQgnxhnSY4L881lxpmGY/DYRKwjzieQ==" set source built-in next edit "Fortinet_SSH_ED25519" set password ENC Eq26VrtnMnLCZaPMiNwl4AzDCHBbQmJZOxW81iLiikxjvEiiMcZkFdIl2bSyJClZqcNTSrInOAUJC1xxOd6e2KORITrg6sDLYYZin3ajHA1SSziAlRrw/yuk09uO/ZPCKAKlWgwpAWNMPftQXKHKHVJzCUYsOJGwjbm1bwVPTYemUtXRIf0V5lCWGyRdRF3Sia9xXw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDiHB+/pM ri4eoBX95rUzKfAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFVPm0dMOWBNO3La yxLLykel95pAGaG+M5l8ZM5deZumAAAAkE2Cvd+NDVyj2OQ1DSX2jPVnna2v8VrX+/TFHV Kel9gSSR0Mw0XpmW5RETW+LmcmQaDJ0AK8aHfcPXM1PImwiq6XRev9BFVnJCCFI6Rs+JpR 149I3M54hJrSKLeSUw8D8ekN2mNk+CoIBS11VLFNAnXLMgOgg2TrtTZuD1BdP1gYks2MHg KaKy9i6bHinFx4eg== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFVPm0dMOWBNO3LayxLLykel95pAGaG+M5l8ZM5deZum" set source built-in next end config firewall ssh local-ca edit "Fortinet_SSH_CA" set password ENC 4B/WLp+fs6ywMBWSHe8MqussjKgFqYu7LeTdNjjTHe7glU+zEi7AKjtzzVNL6bCbgl1TYZu5Vjqcj8o9XQTTSRWThsbSFes07EBrefOFCtfqBsAjYH6+sHArB9io8uXD1Woh3EmQJjbZIlVQ+Q/3ktXsnp0PG5eV99qTgBygkY3GfEkXJx5bJHv6wYdtGtJy5UhAQg== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCC+LkBRG QnYvwIO9wHoemnAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC6llY0uwdF US3wByKXqDhJOfq42gXX8tarBL5QQExLNjNx/sgcVF2cr05/0XwSNI73qZv9P1pOp6vhFE wQaUrLEL1OlKFuDAsvSivXtHTbU9ec6eiDXCo01SoCgZq9OFg+c9KiZ3FEtnoVEc89Zg5F D7ECOWwg5HFAya8imoqgLw7kx9FF+0T1KIkj1pLaGxHhlU7Vf6ElnbXHbzRjDpnq2LqJGI 2kdll98qXHpEgXIB+b6hr8ZBg44NpHxKn27/AQ0satcDDNW+7tYCkm5ldV1OtKVm7Dbksp cqyG9JCZ2ab3U3+2MUUqEaKcRqkS/+OqkYA82h+IndW3/e6TKmKBAAADwEYR3xLQQ6vZVm 38YOhEFve0MOx4stgc6cY9gf0rZhcS5iql9H2GvvC3YaweZsO6qW6F2RQbRunveAzAsx98 rrCC0ZGdW05L9DYYjrd85CQ+5kRouHLMm8npv0HgVMdVaglf7LwfcoIJBte9p8oVGbudm/ MBfYeO3AzR+fNdpPSv6SmQqs0X1poGqTsrklB2vHbIv1iiToAYNhmoPg0mXZDe+cTE8hyu XVFe1+kKkgkBnGMXcnypRFOs0Zn7+kpOTjn4N/6wMcWa2lNKHaUKmj3M1iQfqvf6HhBP6C koP2AutJi1qXWIgokQKmPRpbOVPGBmVAqbTLBFqNUOR7JM2+FkuCXo0u30X19EPNy2SZsi 7u8rSJ+AidI9oJC2q2+UZHLmZTUTLTYc+2LdulhXdbniBL2H5BeW/8g6NtG5EQTzKKwpY2 ThtXOIgOmcUnGsG/O/ZocDO4X/A/bKETQAzdgnoE4cPP19WKAzRawgUmpig70wtVoqzlqM ONw9nO3YzwQ+zEvEwjuqfNiVzDssI/l3fNxfPZ8I9+c1DpgDLS7OfQVtlSa573ffYa3gGK sbynwwaVlckK8wEWYqY9ZwtwRru/ahK2tMTXRPqDzg3Ip64w82WslEq1ZiL4u8slnuNgzw evSKyIQ8GSVtgXWFEDHQJFRmcV1F18OG5phGKdebzOJuvKlANNLgOR62qBrQJoRbJQy0lW AfOon4wB+xluU3Jcni6NWztuWrlxOseJxn8Rq2OoWEzmVAw/PyOa6DTqxpKCWMgIabGTtn kbt2O/NVa7QtouPtIB2waP1JArBfYQq4CjP12xCbmj3jVyOnuGIXrf54Mppa5DGES0zlDO EMIrVOLRxFf/gCIBLUGCbC2OwdkSi96jr+8aA9vId0s66HUR9ZSw32wYId5+mNvjIAJ2nc k4C+NRcKFqgiPxx8PFZF2sV4XE20AFEFA99WXq34zcGPpKB+Vz3rVnKaXLr3ScGuRdxzEr Quwiboij+R1Wt/Aesgyj4YweJlSbX14cNZ0TFM8a8f6sOCdQ0zfIg6TgFghNoyc9QBH9r2 avmyl+3KnDEEZIEHg6HMW+G1MHp8JG77tb9HoDeQwdcSfJILgPfXouV9KPeug1NyqSJ9zo cFCmCZGgwexS/+4yF4jfB92LvAPiqBz3qi9vSP7VAvNOAkNS8sCaW7qy6RMNSsqhllug8S 0uD1qB6N2WKZs5FDtncoeqRAjz3xBDI1F8R0yTAjZdbh8K5muTeJFUHKmMGT9tpQq5mwuU D7Db5YBA== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6llY0uwdFUS3wByKXqDhJOfq42gXX8tarBL5QQExLNjNx/sgcVF2cr05/0XwSNI73qZv9P1pOp6vhFEwQaUrLEL1OlKFuDAsvSivXtHTbU9ec6eiDXCo01SoCgZq9OFg+c9KiZ3FEtnoVEc89Zg5FD7ECOWwg5HFAya8imoqgLw7kx9FF+0T1KIkj1pLaGxHhlU7Vf6ElnbXHbzRjDpnq2LqJGI2kdll98qXHpEgXIB+b6hr8ZBg44NpHxKn27/AQ0satcDDNW+7tYCkm5ldV1OtKVm7DbkspcqyG9JCZ2ab3U3+2MUUqEaKcRqkS/+OqkYA82h+IndW3/e6TKmKB" set source built-in next edit "Fortinet_SSH_CA_Untrusted" set password ENC XQ5lHnsdwihowaKT8STq7+z63g2FlMxkQPl1jqziLLW0/CmJewyYS6fyP6HLcRj0azdEALrZwXRRisCI0X655rwcgWFOmbv8qznaHxTaq1ggH7sioJPSNylN/zPvuEHS4nZK4txk3vFpdcYytgWr0x919HOIjdghmKlBMAnqWDaili51EusfnMIlAOI85AHluNIvGg== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDiElqlnO COxlLVgPZuan2hAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDN2JYtsgIA d6eJchBQGmtjntW1dOdFG07dJSP8PGi31FwQ3TqC4I426lr8A9cAHOHtRtuKeDi5RoZqqm 9ON6rW/2sqc4+O5te7gGCaw0KERyTvmnBWOKwPUoUFWZDbhaQnbRtKXh3aqGpNfOSwYUre EVm2mGZYWPJNMGPYGozAzTAEWrP+48KgfQ1dpUdFviyMX5IE5b6p97GpUhMBASsXqFKRFf IFLe8JHVmq2uL8gLKwZFXc3w3ke3LrJsAfalTOVdhVwzNpE5qc+RVdVnCz0nHU/FNAkGfS dz62Ekxh3yof/XDOqJYUOlmPLTm50PEkbNkasQE6z9sdyGfdA5kjAAADwE7/fvaXwl5a+t /xllD8URMkzWrBB10jhYMY1KepT6KVpVuo4whf+r5GcmYEOrihHMH2gqgyn12zqlU9zTR2 NdKBUgNwOJrp1LlVCaaz8zRvmeKnQSe4zkAR/Be550fNr0lqdWfMP/8PF02nfvxEDU25Du 0JIHb7QTYzdnC/oMgefh4tAa/B8Nd1JmbuU78V1Rlevm1KS8tnY9sDXtwl9AsU+eqMewKb Z219pe3/DzKO7oypbImJFSXY98GyAQ79Z2p5gbGYpUpyj+fZ4y5CYNaI9F2x86XfXLV7no VWpH+qUM9egwYxBL/0nJkP1VKXw/51FxGVbdQ/CR6N/bszcGxMllrZElcv8YFUPj1ckSH6 7vdhQF0V4or5HJBnHWumeuk9/7IX7ihhpvVBJwmIVkc1ChYRmEeQrJoNJ2FDh0pJlgSEUF 1AN8FmSWciloJUvYQ8KLDg1fER0ZyrjO/bcj+gPN1vIedb8SUCIaBemdzR6YzNGTEkD6Dv ik7kLKRFyaxIdRSwCdNAIYmGskbNI4xAftln6FYnBI+pAy6xjIZYUjWk+52CBOF1dmFaWh Vo4KSPbkT3JQnZdmzm/+AywcPBp/wkayxImqn6SDMrIQEHDAJ9msNkNf218/fM73bQFdKw m22WzieluCMV5dByUCHbgZhLqYOvVjIQBlWK75agkRDwpCet2VSQf9b94oScqm9ofhh/7r 4X+7MqLX+xBaDBV52fjp1mAiA3eBG0QoCTnJwTk5hwY/7yLINt3SkJGkQXzcl7oYD99Bkx gBgyBAXT+55BP05QMxpmJZB4i7u6h+2nhZ6IT4TFEmsic07A4ooayu6qnMGAJxkpBBHc+n n/F93EsP2ZCoQWonc2CXuYHRVxXEgZUO+BNF287Ht1zXuA5nGz9kOzTK//XLysugWWbqOs bbWvWJ5SIBsek2PrqQARovM/QYmWcIzkcI3WCRtKgMF7yxVc8N96ydDG5pOFxAWnG/tp/7 lD1wDrGe9oGrP5T6n53to+ihS7gcOPPbny972N79ln37XtXfekKiEvROUhckmEnbdZzfPT pcNGGkBGxXSSygFao37TMBditcuROB1+r4oAHETYSvuxcuhCQh7xn8R5VgcJEzDF4GCw5x WnC/r6PEgwaU6o421trT8kSHbNwgwvj9JJIuo7VxcQKtd2PuYELSKM1/R5W7dVd0W8sua3 qYE4jBecDVUOcHAAZSAMqceg5WD/fyYVuX9fQ4l6bCeESkjqirSpNiateEv5BithwS88lW PzGKlqCg== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN2JYtsgIAd6eJchBQGmtjntW1dOdFG07dJSP8PGi31FwQ3TqC4I426lr8A9cAHOHtRtuKeDi5RoZqqm9ON6rW/2sqc4+O5te7gGCaw0KERyTvmnBWOKwPUoUFWZDbhaQnbRtKXh3aqGpNfOSwYUreEVm2mGZYWPJNMGPYGozAzTAEWrP+48KgfQ1dpUdFviyMX5IE5b6p97GpUhMBASsXqFKRFfIFLe8JHVmq2uL8gLKwZFXc3w3ke3LrJsAfalTOVdhVwzNpE5qc+RVdVnCz0nHU/FNAkGfSdz62Ekxh3yof/XDOqJYUOlmPLTm50PEkbNkasQE6z9sdyGfdA5kj" set source built-in next end config firewall ssh setting set caname "Fortinet_SSH_CA" set untrusted-caname "Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "Fortinet_SSH_RSA2048" set hostkey-dsa1024 "Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521" set hostkey-ed25519 "Fortinet_SSH_ED25519" end config switch-controller security-policy 802-1X edit "802-1X-policy-default" set user-group "SSO_Guest_Users" set mac-auth-bypass disable set open-auth disable set eap-passthru enable set guest-vlan disable set auth-fail-vlan disable set radius-timeout-overwrite disable next end config switch-controller lldp-profile edit "default" set med-tlvs inventory-management network-policy set auto-isl disable config med-network-policy edit "voice" next edit "voice-signaling" next edit "guest-voice" next edit "guest-voice-signaling" next edit "softphone-voice" next edit "video-conferencing" next edit "streaming-video" next edit "video-signaling" next end next edit "default-auto-isl" next end config switch-controller qos dot1p-map edit "voice-dot1p" set priority-0 queue-4 set priority-1 queue-4 set priority-2 queue-3 set priority-3 queue-2 set priority-4 queue-3 set priority-5 queue-1 set priority-6 queue-2 set priority-7 queue-2 next end config switch-controller qos ip-dscp-map edit "voice-dscp" config map edit "1" set cos-queue 1 set value 46 next edit "2" set cos-queue 2 set value 24,26,48,56 next edit "5" set cos-queue 3 set value 34 next end next end config switch-controller qos queue-policy edit "default" set schedule round-robin config cos-queue edit "queue-0" next edit "queue-1" next edit "queue-2" next edit "queue-3" next edit "queue-4" next edit "queue-5" next edit "queue-6" next edit "queue-7" next end next edit "voice-egress" set schedule weighted config cos-queue edit "queue-0" next edit "queue-1" set weight 0 next edit "queue-2" set weight 6 next edit "queue-3" set weight 37 next edit "queue-4" set weight 12 next edit "queue-5" next edit "queue-6" next edit "queue-7" next end next end config switch-controller qos qos-policy edit "default" next edit "voice-qos" set trust-dot1p-map "voice-dot1p" set trust-ip-dscp-map "voice-dscp" set queue-policy "voice-egress" next end config switch-controller switch-profile edit "default" next end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "FAPU323EV-default" config platform set type U323EV end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU321EV-default" config platform set type U321EV end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU24JEV-default" config platform set type U24JEV end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU223EV-default" config platform set type U223EV end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU221EV-default" config platform set type U221EV end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU423E-default" config platform set type U423E end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU422EV-default" config platform set type U422EV end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU421E-default" config platform set type U421E end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS223E-default" config platform set type S223E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS221E-default" config platform set type S221E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP224E-default" config platform set type 224E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223E-default" config platform set type 223E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP222E-default" config platform set type 222E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP221E-default" config platform set type 221E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP423E-default" config platform set type 423E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP421E-default" config platform set type 421E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS423E-default" config platform set type S423E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set handoff-sta-thresh 55 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11ac end next edit "FAPS311C-default" config platform set type S311C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11ac end next edit "FAPS323C-default" config platform set type S323C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223C-default" config platform set type 223C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP112D-default" config platform set type 112D end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP24D-default" config platform set type 24D end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP21D-default" config platform set type 21D end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FK214B-default" config platform set type 214B end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP224D-default" config platform set type 224D end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP222C-default" config platform set type 222C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP221C-default" config platform set type 221C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP320C-default" config platform set type 320C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP28C-default" config platform set type 28C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP223B-default" config platform set type 223B end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP14C-default" config platform set type 14C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP11C-default" config platform set type 11C end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP320B-default" config platform set type 320B end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP112B-default" config platform set type 112B end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP222B-default" config platform set type 222B end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11n-5G end next edit "FAP210B-default" config platform set type 210B end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP220B-default" set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "AP-11N-default" config platform set type AP-11N end set handoff-sta-thresh 30 set ap-country US config radio-1 set band 802.11n,g-only end next end config wireless-controller utm-profile edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set ips-sensor "wifi-default" set application-list "wifi-default" set antivirus-profile "wifi-default" set webfilter-profile "wifi-default" next end config log memory setting set status enable end config log null-device setting set status disable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set gateway 10.89.11.1 set device "wan1" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "bgp" end config redistribute6 "static" end end config router multicast end