#config-version=FG200D-5.04-FW-build1165-171018:opmode=0:vdom=1:user=dnickel #conf_file_ver=194647917895987 #buildno=1165 #global_vdom=0:vd_name=VDOM-A config system interface edit "ssl.VDOM-A" set vdom "VDOM-A" set type tunnel set alias "SSL VPN interface" set snmp-index 9 next edit "port1" set vdom "VDOM-A" set ip 210.4.106.136 255.255.255.240 set allowaccess ping https ssh fgfm set type physical set alias "ConvergeWAN" set role wan set snmp-index 11 next edit "port2" set vdom "VDOM-A" set ip 10.41.5.254 255.255.255.0 set allowaccess ping https ssh fgfm set type physical set alias "ConvergeLan" set role lan set snmp-index 12 next edit "port6" set vdom "VDOM-A" set ip 122.55.223.18 255.255.255.248 set type physical set alias "IGateBackupWAN" set role wan set snmp-index 16 next edit "AWS VPN" set vdom "VDOM-A" set ip 169.254.47.2 255.255.255.255 set allowaccess ping set type tunnel set remote-ip 169.254.47.1 set snmp-index 19 set interface "port1" next end config system admin end config system settings end config system replacemsg-group edit "default" set comment "Default replacement message group." next end config firewall address edit "none" set uuid fd523206-321e-51e9-b154-caf2d97ccebf set subnet 0.0.0.0 255.255.255.255 next edit "adobe" set uuid fd523bca-321e-51e9-4e3b-48fbc56090e6 set type wildcard-fqdn set wildcard-fqdn "*.adobe.com" next edit "Adobe Login" set uuid fd52444e-321e-51e9-f750-58b978de45b9 set type wildcard-fqdn set wildcard-fqdn "*.adobelogin.com" next edit "android" set uuid fd524c8c-321e-51e9-0441-694ecd68bb11 set type wildcard-fqdn set wildcard-fqdn "*.android.com" next edit "apple" set uuid fd5254c0-321e-51e9-819f-211815177d5d set type wildcard-fqdn set wildcard-fqdn "*.apple.com" next edit "appstore" set uuid fd525ce0-321e-51e9-09e8-3717d94cc2e6 set type wildcard-fqdn set wildcard-fqdn "*.appstore.com" next edit "auth.gfx.ms" set uuid fd5264f6-321e-51e9-ed00-40dfd14c4626 set type fqdn set fqdn "auth.gfx.ms" next edit "autoupdate.opera.com" set uuid fd526d7a-321e-51e9-c14d-65f23f43dc54 set type fqdn set fqdn "autoupdate.opera.com" next edit "citrix" set uuid fd5275b8-321e-51e9-3dad-b2fa62b624d2 set type wildcard-fqdn set wildcard-fqdn "*.citrixonline.com" next edit "dropbox.com" set uuid fd527dc4-321e-51e9-d97e-d628f0806bb7 set type wildcard-fqdn set wildcard-fqdn "*.dropbox.com" next edit "eease" set uuid fd5285c6-321e-51e9-12c5-0b308a36e4f3 set type wildcard-fqdn set wildcard-fqdn "*.eease.com" next edit "firefox update server" set uuid fd528dd2-321e-51e9-c031-822ed1a52ba5 set type wildcard-fqdn set wildcard-fqdn "aus*.mozilla.org" next edit "fortinet" set uuid fd5295e8-321e-51e9-c1f1-475e7f3f80cc set type wildcard-fqdn set wildcard-fqdn "*.fortinet.com" next edit "googleapis.com" set uuid fd529dea-321e-51e9-4019-158a3c5207ef set type wildcard-fqdn set wildcard-fqdn "*.googleapis.com" next edit "google-drive" set uuid fd52a600-321e-51e9-11a7-3cdcbc9adb4a set type wildcard-fqdn set wildcard-fqdn "*drive.google.com" next edit "google-play" set uuid fd52ae02-321e-51e9-d416-812c4c938cf0 set type fqdn set fqdn "play.google.com" next edit "google-play2" set uuid fd52b6c2-321e-51e9-e621-678e304f98f6 set type wildcard-fqdn set wildcard-fqdn "*.ggpht.com" next edit "google-play3" set uuid fd52bf00-321e-51e9-d87d-6b01518b2c02 set type wildcard-fqdn set wildcard-fqdn "*.books.google.com" next edit "Gotomeeting" set uuid fd52c70c-321e-51e9-22a8-22b24f5966f7 set type wildcard-fqdn set wildcard-fqdn "*.gotomeeting.com" next edit "icloud" set uuid fd52cf0e-321e-51e9-d975-b5789016d67b set type wildcard-fqdn set wildcard-fqdn "*.icloud.com" next edit "itunes" set uuid fd52d710-321e-51e9-550c-8450891bbdd1 set type wildcard-fqdn set wildcard-fqdn "*itunes.apple.com" next edit "microsoft" set uuid fd52df26-321e-51e9-e60d-9ab730c52e2a set type wildcard-fqdn set wildcard-fqdn "*.microsoft.com" next edit "skype" set uuid fd52e732-321e-51e9-c884-7bb234c0457e set type wildcard-fqdn set wildcard-fqdn "*.messenger.live.com" next edit "softwareupdate.vmware.com" set uuid fd52ef3e-321e-51e9-aea0-16272da47642 set type fqdn set fqdn "softwareupdate.vmware.com" next edit "swscan.apple.com" set uuid fd52f790-321e-51e9-c65e-1cab6113af96 set type fqdn set fqdn "swscan.apple.com" next edit "update.microsoft.com" set uuid fd52ffec-321e-51e9-4ea4-1f96d242acf7 set type fqdn set fqdn "update.microsoft.com" next edit "verisign" set uuid fd53082a-321e-51e9-5827-de294221080c set type wildcard-fqdn set wildcard-fqdn "*.verisign.com" next edit "Windows update 2" set uuid fd53105e-321e-51e9-1bae-da2770f72f9d set type wildcard-fqdn set wildcard-fqdn "*.windowsupdate.com" next edit "live.com" set uuid fd53187e-321e-51e9-735e-1d80116ca034 set type wildcard-fqdn set wildcard-fqdn "*.live.com" next edit "SSLVPN_TUNNEL_ADDR1" set uuid fd8c24b6-321e-51e9-2fea-6547a241ae8c set type iprange set associated-interface "ssl.VDOM-A" set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "all" set uuid fd8c38d4-321e-51e9-4a0a-8b569e045c79 next edit "VLAN5" set uuid b1028cfe-3221-51e9-e4fd-4ac334e56a0b set subnet 10.41.5.0 255.255.255.0 next edit "VLAN6" set uuid c79f42fe-3221-51e9-4908-55e31579c0f7 set subnet 10.41.6.0 255.255.255.0 next edit "VLAN7" set uuid 3870153a-3222-51e9-177b-1f5bcf393317 set subnet 10.41.7.0 255.255.255.0 next edit "VLAN8" set uuid 46962212-3222-51e9-1e96-9b09775013fa set subnet 10.41.8.0 255.255.255.0 next edit "AWS Network" set uuid 59bfbe0e-7217-51e9-fa7f-c9ea6ac220a9 set subnet 10.250.2.0 255.255.255.0 next end config firewall multicast-address edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next end config firewall address6 edit "all" set uuid fd532260-321e-51e9-ff9b-60df00d039ae next edit "none" set uuid fd532986-321e-51e9-4012-0e45ee7ea188 set ip6 ::/128 next edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid fd8c27fe-321e-51e9-ecb5-22430503be5a set ip6 fdff:ffff::/120 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 set visibility disable next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set explicit-proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity high critical next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next end config application casi profile edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." config entries edit 1 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "default" set comment "Default sensor." next edit "sniffer-profile" set comment "Log a summary of email and web traffic." set flow-based enable set summary-proto smtp pop3 imap http-get http-post next end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next edit 3 set category 19 set level critical next end end config icap profile edit "default" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory next edit "Fortinet_CA_Untrusted" set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set range global set source factory next edit "Fortinet_SSL" set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set range global set source factory next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" set comment "Other devices." next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista-Win7" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista-Win7" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next edit "web-access" set web-mode enable next edit "tunnel-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end config vpn ssl settings set servercert "Fortinet_Factory" set port 443 end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter profile edit "default" set comment "Default web filtering." config ftgd-wf unset options config filters edit 1 set category 2 set action warning next edit 2 set category 7 set action warning next edit 3 set category 8 set action warning next edit 4 set category 9 set action warning next edit 5 set category 11 set action warning next edit 6 set category 12 set action warning next edit 7 set category 13 set action warning next edit 8 set category 14 set action warning next edit 9 set category 15 set action warning next edit 10 set category 16 set action warning next edit 11 set action warning next edit 12 set category 57 set action warning next edit 13 set category 63 set action warning next edit 14 set category 64 set action warning next edit 15 set category 65 set action warning next edit 16 set category 66 set action warning next edit 17 set category 67 set action warning next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next end end next edit "sniffer-profile" set comment "Monitor web traffic." set inspection-mode flow-based config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 140 next edit 83 set category 141 next end end next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*\\.youtube\\..*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config vpn ipsec phase1-interface edit "AWS VPN" set interface "port1" set keylife 28800 set peertype any set proposal aes128-sha1 set dpd on-idle set comments "vpn-000d67ec1731e43ca-0" set dhgrp 2 set nattraversal disable set remote-gw 3.214.248.182 set psksecret ENC gIBsPComixiApF+yu/rXVgAD8DpFwk3H2/7QxY/Jze1++5PlWZXKCHgBEoq3Z6byW3iTZu5JCd8TQdv2OpMP/z3GK1Jf60yZYXTLk8dBwX+LDYHgSBHpPc6A81Xkt7wuIO4WwbyO0MsFq1YkmTPiIjReOZZNow2JIF0PCIGO5hYaC+kTNofrouwrQlg4uw6tv3dpeg== next end config vpn ipsec phase2-interface edit "AWS VPN" set phase1name "AWS VPN" set proposal aes128-sha1 set dhgrp 2 set keepalive enable set keylifeseconds 3600 next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next end end set block-botnet enable next end config antivirus profile edit "default" set comment "Scan files and block viruses." set inspection-mode proxy config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next end config spamfilter profile edit "default" set comment "Malware and phishing URL filtering." next edit "sniffer-profile" set comment "Malware and phishing URL monitoring." set flow-based enable next end config report layout edit "default" set title "FortiGate System Analysis Report" set style-theme "default-report" set options include-table-of-content view-chart-as-heading set format pdf config page set paper letter set page-break-before heading1 config header config header-item edit 1 set type image set style "header-image" set img-src "fortinet_logo_small.png" next end end config footer config footer-item edit 1 set style "footer-text" set content "FortiGate ${schedule_type} Security Report - Host Name: ${hostname}" next edit 2 set style "footer-pageno" next end end end config body-item edit 101 set type image set style "report-cover1" set img-src "fortigate_log.png" next edit 103 set style "report-cover2" set content "FortiGate ${schedule_type} Security Report" next edit 105 set style "report-cover3" set content "Report Date: ${started_time}" next edit 107 set style "report-cover3" set content "Data Range: ${report_data_range} (${hostname})" next edit 109 set style "report-cover3" set content "${vdom}" next edit 111 set type image set style "report-cover4" set img-src "fortinet_logo_small.png" next edit 121 set type misc set misc-component page-break next edit 301 set text-component heading1 set content "Bandwidth and Applications" next edit 311 set type chart set chart "traffic.bandwidth.history_c" next edit 321 set type chart set chart "traffic.sessions.history_c" next edit 331 set type chart set chart "traffic.statistics" next edit 411 set type chart set chart "traffic.bandwidth.apps_c" next edit 421 set type chart set chart "traffic.bandwidth.cats_c" next edit 511 set type chart set chart "traffic.bandwidth.users_c" next edit 521 set type chart set chart "traffic.users.history.hour_c" next edit 611 set type chart set chart "traffic.bandwidth.destinations_tab" next edit 1001 set text-component heading1 set content "Web Usage" next edit 1011 set type chart set chart "web.allowed-request.sites_c" next edit 1021 set type chart set chart "web.bandwidth.sites_c" next edit 1031 set type chart set chart "web.blocked-request.sites_c" next edit 1041 set type chart set chart "web.blocked-request.users_c" next edit 1051 set type chart set chart "web.requests.users_c" next edit 1061 set type chart set chart "web.bandwidth.users_c" next edit 1071 set type chart set chart "web.bandwidth.stream-sites_c" next edit 1301 set text-component heading1 set content "Emails" next edit 1311 set type chart set chart "email.request.senders_c" next edit 1321 set type chart set chart "email.bandwidth.senders_c" next edit 1331 set type chart set chart "email.request.recipients_c" next edit 1341 set type chart set chart "email.bandwidth.recipients_c" next edit 1501 set text-component heading1 set content "Threats" next edit 1511 set type chart set top-n 80 set chart "virus.count.viruses_c" next edit 1531 set type chart set top-n 80 set chart "virus.count.users_c" next edit 1541 set type chart set top-n 80 set chart "virus.count.sources_c" next edit 1551 set type chart set chart "virus.count.history_c" next edit 1561 set type chart set top-n 80 set chart "botnet.count_c" next edit 1571 set type chart set top-n 80 set chart "botnet.count.users_c" next edit 1581 set type chart set top-n 80 set chart "botnet.count.sources_c" next edit 1591 set type chart set chart "botnet.count.history_c" next edit 1601 set type chart set top-n 80 set chart "attack.count.attacks_c" next edit 1611 set type chart set top-n 80 set chart "attack.count.victims_c" next edit 1621 set type chart set top-n 80 set chart "attack.count.source_bar_c" next edit 1631 set type chart set chart "attack.count.blocked_attacks_c" next edit 1641 set type chart set chart "attack.count.severity_c" next edit 1651 set type chart set chart "attack.count.history_c" next edit 1701 set text-component heading1 set content "VPN Usage" next edit 1711 set type chart set top-n 80 set chart "vpn.bandwidth.static-tunnels_c" next edit 1721 set type chart set top-n 80 set chart "vpn.bandwidth.dynamic-tunnels_c" next edit 1731 set type chart set top-n 80 set chart "vpn.bandwidth.ssl-tunnel.users_c" next edit 1741 set type chart set top-n 80 set chart "vpn.bandwidth.ssl-web.users_c" next edit 1901 set text-component heading1 set content "Admin Login and System Events" next edit 1911 set type chart set top-n 80 set chart "event.login.summary_c" next edit 1931 set type chart set top-n 80 set chart "event.failed.login_c" next edit 1961 set type chart set top-n 80 set chart "event.system.group_events_c" next end next end config wanopt settings set host-id "default-id" end config wanopt profile edit "default" set comments "Default WANopt profile." next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Deep inspection." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "android" next edit 4 set type address set address "apple" next edit 5 set type address set address "appstore" next edit 6 set type address set address "citrix" next edit 7 set type address set address "eease" next edit 8 set type address set address "google-drive" next edit 9 set type address set address "google-play" next edit 10 set type address set address "google-play2" next edit 11 set type address set address "google-play3" next edit 12 set type address set address "Gotomeeting" next edit 13 set type address set address "microsoft" next edit 14 set type address set address "update.microsoft.com" next edit 15 set type address set address "adobe" next edit 16 set type address set address "Adobe Login" next edit 17 set type address set address "dropbox.com" next edit 18 set type address set address "fortinet" next edit 19 set type address set address "googleapis.com" next edit 20 set type address set address "icloud" next edit 21 set type address set address "itunes" next edit 22 set type address set address "skype" next edit 23 set type address set address "swscan.apple.com" next edit 24 set type address set address "verisign" next edit 25 set type address set address "Windows update 2" next edit 26 set type address set address "auth.gfx.ms" next edit 27 set type address set address "autoupdate.opera.com" next edit 28 set type address set address "softwareupdate.vmware.com" next edit 29 set type address set address "firefox update server" next end next edit "certificate-inspection" set comment "SSL handshake inspection." config https set ports 443 set status certificate-inspection end config ftps set ports 990 set status disable end config imaps set ports 993 set status disable end config pop3s set ports 995 set status disable end config smtps set ports 465 set status disable end config ssh set ports 22 set status disable end next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall policy edit 4 set name "Yodel Agent" set uuid 9fd8b920-3222-51e9-2c0f-2835f7e6ba4b set srcintf "port2" set dstintf "port1" set srcaddr "VLAN8" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next edit 3 set name "OPS/SAVE" set uuid 8573994c-3222-51e9-e095-da0e9bff85a6 set srcintf "port2" set dstintf "port1" set srcaddr "VLAN7" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next edit 2 set name "Voice Agents" set uuid 726dc07a-3222-51e9-927e-38c63cf4f381 set srcintf "port2" set dstintf "port1" set srcaddr "VLAN6" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next edit 5 set name "VPN IN" set uuid a6e22410-7203-51e9-09d7-0de6cdf64c9a set srcintf "AWS VPN" set dstintf "port2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next edit 6 set name "VPN OUT" set uuid bbc520e4-7203-51e9-4d66-ce80d2366a9a set srcintf "port2" set dstintf "AWS VPN" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set capture-packet enable set auto-asic-offload disable next edit 7 set name "VPN2WAN" set uuid 6a755fa8-721a-51e9-40d5-68e16196b7c2 set srcintf "AWS VPN" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next edit 8 set name "WAN2VPN" set uuid 85087a94-721a-51e9-31cf-6d6cd552624e set srcintf "port1" set dstintf "AWS VPN" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config switch-controller switch-profile edit "default" next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "FAPU423E-default" config platform set type U423E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU421E-default" config platform set type U421E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP423E-default" config platform set type 423E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP421E-default" config platform set type 421E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS423E-default" config platform set type S423E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set ap-country US config radio-1 set band 802.11ac end config radio-2 set mode disabled end next edit "FAPS311C-default" config platform set type S311C end set ap-country US config radio-1 set band 802.11ac end config radio-2 set mode disabled end next edit "FAPS323C-default" config platform set type S323C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP223C-default" config platform set type 223C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP112D-default" config platform set type 112D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP24D-default" config platform set type 24D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP21D-default" config platform set type 21D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FK214B-default" config platform set type 214B end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP224D-default" config platform set type 224D end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FAP222C-default" config platform set type 222C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP221C-default" config platform set type 221C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP320C-default" config platform set type 320C end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAP28C-default" config platform set type 28C end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP223B-default" config platform set type 223B end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FAP14C-default" config platform set type 14C end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP11C-default" config platform set type 11C end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP320B-default" config platform set type 320B end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "FAP112B-default" config platform set type 112B end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP222B-default" config platform set type 222B end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11n-5G end next edit "FAP210B-default" config platform set type 210B end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit "FAP220B-default" set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit "AP-11N-default" config platform set type AP-11N end set ap-country US config radio-1 set band 802.11n end config radio-2 set mode disabled end next end config log memory setting set status disable end config log disk setting set status enable end config log null-device setting set status disable end config log setting set fwpolicy-implicit-log enable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set gateway 210.4.106.129 set device "port1" set comment "Converge Gateway" next edit 2 set dst 10.41.6.0 255.255.255.0 set gateway 10.41.5.1 set device "port2" set comment "Voice Agent Route" next edit 3 set dst 10.41.7.0 255.255.255.0 set gateway 10.41.5.1 set device "port2" set comment "OPS/SAVE Route" next edit 4 set dst 10.41.8.0 255.255.255.0 set gateway 10.41.5.1 set device "port2" set comment "Yodel Agent Route" next edit 5 set gateway 122.55.223.17 set device "port6" set comment "IGate Gateway" next edit 6 set distance 15 set priority 5 set device "AWS VPN" next end config router policy edit 1 set input-device "port2" set src "10.41.0.0/255.255.0.0" set dst "0.0.0.0/0.0.0.0" set gateway 169.254.47.1 set output-device "AWS VPN" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end end config router multicast end