#config-version=FGT60E-6.4.1-FW-build1637-200604:opmode=0:vdom=0:user=admin #conf_file_ver=169771467315594 #buildno=1637 #global_vdom=1 config system global set alias "FortiGate-60E" set hostname "FortiGate-60E" set switch-controller enable set timezone 04 end config system accprofile edit "prof_admin" set secfabgrp read-write set ftviewgrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set wifi read-write next end config system npu end config system switch-interface edit "VXLAN-HQ2" set vdom "root" set member "internal2" "to_HQ2" set intra-switch-policy explicit next end config system interface edit "wan1" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 1 next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 2 next edit "dmz" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https fgfm fabric set type physical set role dmz set snmp-index 3 next edit "internal1" set vdom "root" set ip 172.16.200.1 255.255.255.0 set type physical set snmp-index 8 next edit "internal2" set vdom "root" set type physical set snmp-index 9 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 4 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 5 next edit "internal" set vdom "root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping https ssh fgfm fabric set type hard-switch set stp enable set role lan set snmp-index 6 next edit "fortilink" set vdom "root" set fortilink enable set ip 169.254.1.1 255.255.255.0 set allowaccess ping fabric set type aggregate set lldp-reception enable set lldp-transmission enable set snmp-index 7 next edit "to_HQ2" set vdom "root" set type tunnel set snmp-index 10 set interface "internal1" next edit "VXLAN-HQ2" set vdom "root" set type switch set snmp-index 11 next end config system physical-switch edit "sw0" set age-val 0 next end config system virtual-switch edit "internal" set physical-switch "sw0" config port edit "internal3" next edit "internal4" next edit "internal5" next edit "internal6" next edit "internal7" next end next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Status" set vdom "root" set permanent enable config widget edit 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 2 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 3 set width 1 set height 1 next edit 5 set type admins set x-pos 4 set width 1 set height 1 next edit 6 set type cpu-usage set x-pos 5 set width 2 set height 1 next edit 7 set type memory-usage set x-pos 6 set width 2 set height 1 next edit 8 set type sessions set x-pos 7 set width 2 set height 1 next end next edit 2 set name "Security" set vdom "root" config widget edit 1 set type fortiview set width 2 set height 1 set fortiview-type "compromisedHosts" set fortiview-sort-by "verdict" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 2 set height 1 set fortiview-type "threats" set fortiview-sort-by "threatLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type vulnerability-summary set x-pos 2 set width 2 set height 1 next edit 4 set type host-scan-summary set x-pos 3 set width 1 set height 1 next edit 5 set type fortiview set x-pos 4 set width 2 set height 1 set fortiview-type "endpointDevices" set fortiview-sort-by "vulnerabilities" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 3 set name "Network" set vdom "root" config widget edit 1 set type routing set width 2 set height 1 set router-view-type "staticdynamic" next edit 2 set type dhcp set x-pos 1 set width 2 set height 1 next edit 3 set type virtual-wan set x-pos 2 set width 2 set height 1 next edit 4 set type ipsec-vpn set x-pos 3 set width 2 set height 1 next edit 5 set type ssl-vpn set x-pos 4 set width 2 set height 1 next end next edit 4 set name "Users & Devices" set vdom "root" config widget edit 1 set type device-inventory set width 2 set height 1 set table-visualization "charts" set device-list-view-type "hardware_vendor" next edit 2 set type forticlient set x-pos 1 set width 2 set height 1 set table-visualization "charts" set device-list-online "online" set device-list-telemetry "sending" set device-list-view-type "interface" next edit 3 set type firewall-user set x-pos 2 set width 2 set height 1 next edit 4 set type quarantine set x-pos 3 set width 2 set height 1 next end next edit 5 set name "WiFi" set vdom "root" config widget edit 1 set type ap-status set width 2 set height 1 next edit 2 set type channel-utilization set x-pos 1 set width 2 set height 1 set wifi-band "both" next edit 3 set type clients-by-ap set x-pos 2 set width 2 set height 1 set wifi-band "both" next edit 4 set type client-signal-strength set x-pos 3 set width 2 set height 1 set wifi-band "both" next edit 5 set type rogue-ap set x-pos 4 set width 2 set height 1 next edit 6 set type historical-clients set x-pos 5 set width 2 set height 1 set wifi-band "both" next edit 7 set type interfering-ssids set x-pos 6 set width 2 set height 1 set wifi-band "both" next edit 8 set type wifi-login-failures set x-pos 7 set width 2 set height 1 next end next edit 6 set name "FortiView Sources" set vdom "root" set layout-type standalone set csf disable config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "source" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 7 set name "FortiView Destinations" set vdom "root" set layout-type standalone set csf disable config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "destination" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 8 set name "FortiView Applications" set vdom "root" set layout-type standalone set csf disable config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "application" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 9 set name "FortiView Web Sites" set vdom "root" set layout-type standalone set csf disable config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "website" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 10 set name "FortiView Policies" set vdom "root" set layout-type standalone set csf disable config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "policy" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 11 set name "FortiView Sessions" set vdom "root" set layout-type standalone set csf disable config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "sessions" set fortiview-sort-by "bytes" set fortiview-timeframe "realtime" set fortiview-visualization "table" next end next end set gui-ignore-release-overview-version "6.4.1" set password ENC snip-snip next end config system sso-admin end config system ha set override disable end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system replacemsg-image edit "logo_fnet" set image-type gif next edit "logo_fguard_wf" set image-type gif next edit "logo_fw_auth" next edit "logo_v2_fnet" next edit "logo_v2_fguard_wf" next edit "logo_v2_fguard_app" next end config system replacemsg mail "email-av-fail" end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "email-file-filter" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg mail "email-decompress-limit" end config system replacemsg mail "smtp-decompress-limit" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "https-untrusted-cert-block" end config system replacemsg http "https-blacklisted-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg http "http-antiphish-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-group-info-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-av-fail" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg ftp "ftp-file-filter-block" end config system replacemsg nntp "nntp-av-fail" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg nntp "email-decompress-limit" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg auth "auth-quarantine-page" end config system replacemsg auth "auth-qtn-reject-page" end config system replacemsg auth "auth-saml-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "ipsfail-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system replacemsg utm "outbreak-prevention-html" end config system replacemsg utm "outbreak-prevention-text" end config system replacemsg utm "file-filter-html" end config system replacemsg utm "file-filter-text" end config system replacemsg utm "file-size-text" end config system replacemsg utm "internal-error-text" end config system replacemsg icap "icap-req-resp" end config system snmp sysinfo end config system central-management set type fortiguard end config firewall internet-service-name edit "Google-Others" set internet-service-id 65536 next edit "Google-Web" set internet-service-id 65537 next edit "Google-DNS" set internet-service-id 65539 next edit "Google-SMTP(S)" set internet-service-id 65540 next edit "Google-SSH" set internet-service-id 65542 next edit "Google-FTP(S)" set internet-service-id 65543 next edit "Google-NTP" set internet-service-id 65544 next edit "Google-IMAP(S)" set internet-service-id 65545 next edit "Google-POP3(S)" set internet-service-id 65547 next edit "Google-SNMP" set internet-service-id 65549 next edit "Google-LDAP(S)" set internet-service-id 65550 next edit "Google-NetBIOS.Session.Service" set internet-service-id 65551 next edit "Google-RTMP" set internet-service-id 65552 next edit "Google-NetBIOS.Name.Service" set internet-service-id 65560 next edit "Google-Gmail" set internet-service-id 65646 next edit "Facebook-Others" set internet-service-id 131072 next edit "Facebook-Web" set internet-service-id 131073 next edit "Facebook-DNS" set internet-service-id 131075 next edit "Facebook-SMTP(S)" set internet-service-id 131076 next edit "Facebook-FTP(S)" set internet-service-id 131079 next edit "Facebook-NetBIOS.Session.Service" set internet-service-id 131087 next edit "Facebook-NetBIOS.Name.Service" set internet-service-id 131096 next edit "Apple-Others" set internet-service-id 196608 next edit "Apple-Web" set internet-service-id 196609 next edit "Apple-DNS" set internet-service-id 196611 next edit "Apple-SMTP(S)" set internet-service-id 196612 next edit "Apple-SSH" set internet-service-id 196614 next edit "Apple-FTP(S)" set internet-service-id 196615 next edit "Apple-NTP" set internet-service-id 196616 next edit "Apple-IMAP(S)" set internet-service-id 196617 next edit "Apple-NetBIOS.Session.Service" set internet-service-id 196623 next edit "Apple-NetBIOS.Name.Service" set internet-service-id 196632 next edit "Yahoo-Others" set internet-service-id 262144 next edit "Yahoo-Web" set internet-service-id 262145 next edit "Yahoo-DNS" set internet-service-id 262147 next edit "Yahoo-SMTP(S)" set internet-service-id 262148 next edit "Yahoo-SSH" set internet-service-id 262150 next edit "Yahoo-FTP(S)" set internet-service-id 262151 next edit "Yahoo-NTP" set internet-service-id 262152 next edit "Yahoo-IMAP(S)" set internet-service-id 262153 next edit "Yahoo-POP3(S)" set internet-service-id 262155 next edit "Yahoo-SNMP" set internet-service-id 262157 next edit "Yahoo-LDAP(S)" set internet-service-id 262158 next edit "Yahoo-NetBIOS.Session.Service" set internet-service-id 262159 next edit "Yahoo-RTMP" set internet-service-id 262160 next edit "Yahoo-NetBIOS.Name.Service" set internet-service-id 262168 next edit "Microsoft-Others" set internet-service-id 327680 next edit "Microsoft-Web" set internet-service-id 327681 next edit "Microsoft-DNS" set internet-service-id 327683 next edit "Microsoft-SMTP(S)" set internet-service-id 327684 next edit "Microsoft-SSH" set internet-service-id 327686 next edit "Microsoft-FTP(S)" set internet-service-id 327687 next edit "Microsoft-NTP" set internet-service-id 327688 next edit "Microsoft-IMAP(S)" set internet-service-id 327689 next edit "Microsoft-POP3(S)" set internet-service-id 327691 next edit "Microsoft-SNMP" set internet-service-id 327693 next edit "Microsoft-NetBIOS.Session.Service" set internet-service-id 327695 next edit "Microsoft-RTMP" set internet-service-id 327696 next edit "Microsoft-NetBIOS.Name.Service" set internet-service-id 327704 next edit "Microsoft-Skype" set internet-service-id 327781 next edit "Microsoft-Office365" set internet-service-id 327782 next edit "Amazon-Others" set internet-service-id 393216 next edit "Amazon-Web" set internet-service-id 393217 next edit "Amazon-DNS" set internet-service-id 393219 next edit "Amazon-SMTP(S)" set internet-service-id 393220 next edit "Amazon-SSH" set internet-service-id 393222 next edit "Amazon-FTP(S)" set internet-service-id 393223 next edit "Amazon-NTP" set internet-service-id 393224 next edit "Amazon-IMAP(S)" set internet-service-id 393225 next edit "Amazon-POP3(S)" set internet-service-id 393227 next edit "Amazon-SNMP" set internet-service-id 393229 next edit "Amazon-LDAP(S)" set internet-service-id 393230 next edit "Amazon-NetBIOS.Session.Service" set internet-service-id 393231 next edit "Amazon-RTMP" set internet-service-id 393232 next edit "Amazon-NetBIOS.Name.Service" set internet-service-id 393240 next edit "eBay-Web" set internet-service-id 458753 next edit "eBay-DNS" set internet-service-id 458755 next edit "eBay-SMTP(S)" set internet-service-id 458756 next edit "eBay-NetBIOS.Name.Service" set internet-service-id 458776 next edit "PayPal-Web" set internet-service-id 524289 next edit "Salesforce-Others" set internet-service-id 655360 next edit "Salesforce-Web" set internet-service-id 655361 next edit "Salesforce-DNS" set internet-service-id 655363 next edit "Salesforce-SMTP(S)" set internet-service-id 655364 next edit "Salesforce-NetBIOS.Session.Service" set internet-service-id 655375 next edit "Dropbox-Web" set internet-service-id 720897 next edit "Dropbox-DNS" set internet-service-id 720899 next edit "Dropbox-NetBIOS.Name.Service" set internet-service-id 720920 next edit "Netflix-Web" set internet-service-id 786433 next edit "Netflix-DNS" set internet-service-id 786435 next edit "LinkedIn-Others" set internet-service-id 851968 next edit "LinkedIn-Web" set internet-service-id 851969 next edit "LinkedIn-DNS" set internet-service-id 851971 next edit "LinkedIn-SMTP(S)" set internet-service-id 851972 next edit "LinkedIn-NetBIOS.Name.Service" set internet-service-id 851992 next edit "Adobe-Web" set internet-service-id 917505 next edit "Adobe-DNS" set internet-service-id 917507 next edit "Adobe-SMTP(S)" set internet-service-id 917508 next edit "Adobe-FTP(S)" set internet-service-id 917511 next edit "Adobe-NetBIOS.Session.Service" set internet-service-id 917519 next edit "Adobe-RTMP" set internet-service-id 917520 next edit "Adobe-NetBIOS.Name.Service" set internet-service-id 917528 next edit "Hulu-Web" set internet-service-id 1048577 next edit "Pinterest-Web" set internet-service-id 1114113 next edit "Pinterest-DNS" set internet-service-id 1114115 next edit "Pinterest-SMTP(S)" set internet-service-id 1114116 next edit "LogMeIn-Web" set internet-service-id 1179649 next edit "LogMeIn-SMTP(S)" set internet-service-id 1179652 next edit "Fortinet-Others" set internet-service-id 1245184 next edit "Fortinet-Web" set internet-service-id 1245185 next edit "Fortinet-DNS" set internet-service-id 1245187 next edit "Fortinet-SMTP(S)" set internet-service-id 1245188 next edit "Fortinet-FTP(S)" set internet-service-id 1245191 next edit "Fortinet-NTP" set internet-service-id 1245192 next edit "Fortinet-IMAP(S)" set internet-service-id 1245193 next edit "Fortinet-POP3(S)" set internet-service-id 1245195 next edit "Fortinet-LDAP(S)" set internet-service-id 1245198 next edit "Fortinet-NetBIOS.Name.Service" set internet-service-id 1245208 next edit "Fortinet-FortiGuard" set internet-service-id 1245324 next edit "Kaspersky-Web" set internet-service-id 1310721 next edit "Kaspersky-DNS" set internet-service-id 1310723 next edit "Kaspersky-SMTP(S)" set internet-service-id 1310724 next edit "Kaspersky-FTP(S)" set internet-service-id 1310727 next edit "McAfee-Others" set internet-service-id 1376256 next edit "McAfee-Web" set internet-service-id 1376257 next edit "McAfee-DNS" set internet-service-id 1376259 next edit "McAfee-SMTP(S)" set internet-service-id 1376260 next edit "McAfee-FTP(S)" set internet-service-id 1376263 next edit "McAfee-NTP" set internet-service-id 1376264 next edit "McAfee-NetBIOS.Name.Service" set internet-service-id 1376280 next edit "Symantec-Others" set internet-service-id 1441792 next edit "Symantec-Web" set internet-service-id 1441793 next edit "Symantec-DNS" set internet-service-id 1441795 next edit "Symantec-SMTP(S)" set internet-service-id 1441796 next edit "Symantec-SSH" set internet-service-id 1441798 next edit "Symantec-FTP(S)" set internet-service-id 1441799 next edit "Symantec-NTP" set internet-service-id 1441800 next edit "Symantec-LDAP(S)" set internet-service-id 1441806 next edit "Symantec-NetBIOS.Name.Service" set internet-service-id 1441816 next edit "AOL-Others" set internet-service-id 1572864 next edit "AOL-Web" set internet-service-id 1572865 next edit "AOL-DNS" set internet-service-id 1572867 next edit "AOL-SMTP(S)" set internet-service-id 1572868 next edit "AOL-SSH" set internet-service-id 1572870 next edit "AOL-NTP" set internet-service-id 1572872 next edit "AOL-IMAP(S)" set internet-service-id 1572873 next edit "AOL-POP3(S)" set internet-service-id 1572875 next edit "AOL-SNMP" set internet-service-id 1572877 next edit "AOL-LDAP(S)" set internet-service-id 1572878 next edit "AOL-NetBIOS.Session.Service" set internet-service-id 1572879 next edit "AOL-NetBIOS.Name.Service" set internet-service-id 1572888 next edit "RealNetworks-Web" set internet-service-id 1638401 next edit "RealNetworks-DNS" set internet-service-id 1638403 next edit "RealNetworks-SMTP(S)" set internet-service-id 1638404 next edit "Zoho-Web" set internet-service-id 1703937 next edit "Zoho-SMTP(S)" set internet-service-id 1703940 next edit "Zoho-IMAP(S)" set internet-service-id 1703945 next edit "Zoho-POP3(S)" set internet-service-id 1703947 next edit "Cisco-Web" set internet-service-id 1966081 next edit "Cisco-DNS" set internet-service-id 1966083 next edit "Cisco-SMTP(S)" set internet-service-id 1966084 next edit "Cisco-SSH" set internet-service-id 1966086 next edit "Cisco-FTP(S)" set internet-service-id 1966087 next edit "Cisco-NTP" set internet-service-id 1966088 next edit "Cisco-NetBIOS.Session.Service" set internet-service-id 1966095 next edit "IBM-Web" set internet-service-id 2031617 next edit "IBM-DNS" set internet-service-id 2031619 next edit "IBM-SMTP(S)" set internet-service-id 2031620 next edit "IBM-SSH" set internet-service-id 2031622 next edit "IBM-FTP(S)" set internet-service-id 2031623 next edit "IBM-POP3(S)" set internet-service-id 2031627 next edit "IBM-NetBIOS.Name.Service" set internet-service-id 2031640 next edit "Citrix-Web" set internet-service-id 2097153 next edit "Citrix-DNS" set internet-service-id 2097155 next edit "Citrix-SMTP(S)" set internet-service-id 2097156 next edit "Citrix-NetBIOS.Name.Service" set internet-service-id 2097176 next edit "Twitter-Others" set internet-service-id 2162688 next edit "Twitter-Web" set internet-service-id 2162689 next edit "Twitter-SMTP(S)" set internet-service-id 2162692 next edit "Twitter-NetBIOS.Name.Service" set internet-service-id 2162712 next edit "VK-Others" set internet-service-id 2424832 next edit "VK-Web" set internet-service-id 2424833 next edit "VK-DNS" set internet-service-id 2424835 next edit "VK-SMTP(S)" set internet-service-id 2424836 next edit "VK-NetBIOS.Name.Service" set internet-service-id 2424856 next edit "Ask-Web" set internet-service-id 2621441 next edit "Ask-DNS" set internet-service-id 2621443 next edit "CNN-Web" set internet-service-id 2686977 next edit "CNN-DNS" set internet-service-id 2686979 next edit "CNN-SMTP(S)" set internet-service-id 2686980 next edit "CNN-FTP(S)" set internet-service-id 2686983 next edit "CNN-NetBIOS.Name.Service" set internet-service-id 2687000 next edit "Myspace-Web" set internet-service-id 2752513 next edit "Myspace-DNS" set internet-service-id 2752515 next edit "Myspace-NetBIOS.Name.Service" set internet-service-id 2752536 next edit "Tor-Tor.Proxy" set internet-service-id 2818238 next edit "MaliciousIP-Botnet" set internet-service-id 3276991 next end config system cluster-sync end config system email-server set server "notification.fortinet.net" set port 465 set security smtps end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set server-mode enable set interface "fortilink" end config system ftm-push set server-cert "Fortinet_Factory" end config system automation-trigger edit "Network Down" set event-type event-log set logid 20099 config fields edit 1 set name "status" set value "DOWN" next end next edit "HA Failover" set event-type ha-failover next edit "Reboot" set event-type reboot next edit "FortiAnalyzer Connection Down" set event-type event-log set logid 22902 next edit "License Expired Notification" set event-type license-near-expiry set license-type any next edit "Compromised Host Quarantine" next edit "Incoming Webhook Call" set event-type incoming-webhook next edit "Security Rating Notification" set event-type security-rating-summary next end config system automation-action edit "Network Down_email" set action-type email set email-subject "Network Down" next edit "HA Failover_email" set action-type email set email-subject "HA Failover" next edit "Reboot_email" set action-type email set email-subject "Reboot" next edit "FortiAnalyzer Connection Down_ios-notification" set action-type ios-notification next edit "License Expired Notification_ios-notification" set action-type ios-notification next edit "Compromised Host Quarantine_quarantine" set action-type quarantine next edit "Compromised Host Quarantine_quarantine-forticlient" set action-type quarantine-forticlient next edit "Security Rating Notification_ios-notification" set action-type ios-notification next end config system automation-stitch edit "Network Down" set status disable set trigger "Network Down" set action "Network Down_email" next edit "HA Failover" set status disable set trigger "HA Failover" set action "HA Failover_email" next edit "Reboot" set status disable set trigger "Reboot" set action "Reboot_email" next edit "FortiAnalyzer Connection Down" set trigger "FortiAnalyzer Connection Down" set action "FortiAnalyzer Connection Down_ios-notification" next edit "License Expired Notification" set trigger "License Expired Notification" set action "License Expired Notification_ios-notification" next edit "Compromised Host Quarantine" set status disable set trigger "Compromised Host Quarantine" set action "Compromised Host Quarantine_quarantine" "Compromised Host Quarantine_quarantine-forticlient" next edit "Incoming Webhook Quarantine" set status disable set trigger "Incoming Webhook Call" set action "Compromised Host Quarantine_quarantine" "Compromised Host Quarantine_quarantine-forticlient" next edit "Security Rating Notification" set trigger "Security Rating Notification" set action "Security Rating Notification_ios-notification" next end config system object-tagging edit "default" next end config switch-controller traffic-policy edit "quarantine" set description "Rate control for quarantined traffic" set guaranteed-bandwidth 163840 set guaranteed-burst 8192 set maximum-burst 163840 set cos-queue 0 set id 1 next edit "sniffer" set description "Rate control for sniffer mirrored traffic" set guaranteed-bandwidth 50000 set guaranteed-burst 8192 set maximum-burst 163840 set cos-queue 0 set id 2 next end config system settings end config system dhcp server edit 1 set dns-service default set default-gateway 192.168.1.99 set netmask 255.255.255.0 set interface "internal" config ip-range edit 1 set start-ip 192.168.1.110 set end-ip 192.168.1.210 next end next edit 2 set ntp-service local set default-gateway 169.254.1.1 set netmask 255.255.255.0 set interface "fortilink" config ip-range edit 1 set start-ip 169.254.1.2 set end-ip 169.254.1.254 next end set vci-match enable set vci-string "FortiSwitch" "FortiExtender" next end config firewall address edit "none" set uuid a808babe-b63d-51ea-9783-fdd6d6af47b9 set subnet 0.0.0.0 255.255.255.255 next edit "login.microsoftonline.com" set uuid a808e890-b63d-51ea-7cbd-b29a9e91dcfb set type fqdn set fqdn "login.microsoftonline.com" next edit "login.microsoft.com" set uuid a80910cc-b63d-51ea-1e9e-1bb1c6219870 set type fqdn set fqdn "login.microsoft.com" next edit "login.windows.net" set uuid a809346c-b63d-51ea-039d-1296f399ab36 set type fqdn set fqdn "login.windows.net" next edit "gmail.com" set uuid a80958e8-b63d-51ea-b513-19873cef2e39 set type fqdn set fqdn "gmail.com" next edit "wildcard.google.com" set uuid a8097bde-b63d-51ea-07ae-87cdbeccb9ed set type fqdn set fqdn "*.google.com" next edit "wildcard.dropbox.com" set uuid a809be82-b63d-51ea-d2bc-e666fe5f3275 set type fqdn set fqdn "*.dropbox.com" next edit "all" set uuid a823f590-b63d-51ea-3cd5-82fd986dc30f next edit "FIREWALL_AUTH_PORTAL_ADDRESS" set uuid a82405da-b63d-51ea-c7f0-0f160292c728 next edit "FABRIC_DEVICE" set uuid a82413fe-b63d-51ea-563a-2b7bb81247c0 set comment "IPv4 addresses of Fabric Devices." next edit "SSLVPN_TUNNEL_ADDR1" set uuid a82765c2-b63d-51ea-db2e-a1b24950a6f3 set type iprange set associated-interface "ssl.root" set start-ip 10.212.134.200 set end-ip 10.212.134.210 next edit "dmz" set uuid b4805518-b63d-51ea-e456-a3c422bbe50f set type interface-subnet set subnet 10.10.10.1 255.255.255.0 set interface "dmz" next edit "internal" set uuid b4811584-b63d-51ea-38c2-5b9e4a9cf219 set type interface-subnet set subnet 192.168.1.99 255.255.255.0 set interface "internal" next end config firewall multicast-address edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next end config firewall address6 edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid a82780de-b63d-51ea-597a-5f58d07e945d set ip6 fdff:ffff::/120 next edit "all" set uuid a80aa540-b63d-51ea-aa1e-a3ac29f6a6f1 next edit "none" set uuid a80ac520-b63d-51ea-7629-1f4bde8e78aa set ip6 ::/128 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall addrgrp edit "G Suite" set uuid a809f14a-b63d-51ea-2dad-6b4a92d76136 set member "gmail.com" "wildcard.google.com" next edit "Microsoft Office 365" set uuid a80a3dda-b63d-51ea-4a0d-34b087d86d15 set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net" next end config firewall wildcard-fqdn custom edit "adobe" set uuid a83f47fa-b63d-51ea-536f-621404fd2bfd set wildcard-fqdn "*.adobe.com" next edit "Adobe Login" set uuid a83f5290-b63d-51ea-5737-271db214f9b7 set wildcard-fqdn "*.adobelogin.com" next edit "android" set uuid a83f5c68-b63d-51ea-dffd-5762369b23bf set wildcard-fqdn "*.android.com" next edit "apple" set uuid a83f662c-b63d-51ea-7bd6-9578935612ef set wildcard-fqdn "*.apple.com" next edit "appstore" set uuid a83f6fe6-b63d-51ea-6514-5984e76b8505 set wildcard-fqdn "*.appstore.com" next edit "auth.gfx.ms" set uuid a83f7a7c-b63d-51ea-7208-f678caab3041 set wildcard-fqdn "*.auth.gfx.ms" next edit "citrix" set uuid a83f845e-b63d-51ea-b4b7-d18721b6b216 set wildcard-fqdn "*.citrixonline.com" next edit "dropbox.com" set uuid a83f8e36-b63d-51ea-8a7e-038b53b3f6fc set wildcard-fqdn "*.dropbox.com" next edit "eease" set uuid a83f9804-b63d-51ea-e4c8-aba22a98e3f1 set wildcard-fqdn "*.eease.com" next edit "firefox update server" set uuid a83fa1e6-b63d-51ea-0aa2-a4642b479a61 set wildcard-fqdn "aus*.mozilla.org" next edit "fortinet" set uuid a83fac90-b63d-51ea-fe31-24e11f82327b set wildcard-fqdn "*.fortinet.com" next edit "googleapis.com" set uuid a83fb686-b63d-51ea-2048-19d91f5dcc92 set wildcard-fqdn "*.googleapis.com" next edit "google-drive" set uuid a83fc068-b63d-51ea-0829-c75448e7be16 set wildcard-fqdn "*drive.google.com" next edit "google-play2" set uuid a83fca54-b63d-51ea-8795-90475774e758 set wildcard-fqdn "*.ggpht.com" next edit "google-play3" set uuid a83fd51c-b63d-51ea-ad7b-5809d413a31c set wildcard-fqdn "*.books.google.com" next edit "Gotomeeting" set uuid a83fdf26-b63d-51ea-6c23-82902dae99aa set wildcard-fqdn "*.gotomeeting.com" next edit "icloud" set uuid a83fee08-b63d-51ea-936a-bbc28c1ca537 set wildcard-fqdn "*.icloud.com" next edit "itunes" set uuid a83ff902-b63d-51ea-5e47-68225c9a2171 set wildcard-fqdn "*itunes.apple.com" next edit "microsoft" set uuid a840030c-b63d-51ea-372d-ac29ff4e4d08 set wildcard-fqdn "*.microsoft.com" next edit "skype" set uuid a8400d0c-b63d-51ea-dde7-e1528503084b set wildcard-fqdn "*.messenger.live.com" next edit "softwareupdate.vmware.com" set uuid a840170c-b63d-51ea-22b7-2b88f21eeeb9 set wildcard-fqdn "*.softwareupdate.vmware.com" next edit "verisign" set uuid a8402116-b63d-51ea-50f9-824ff3451e5d set wildcard-fqdn "*.verisign.com" next edit "Windows update 2" set uuid a8402b16-b63d-51ea-0d79-ca5d1b1c3884 set wildcard-fqdn "*.windowsupdate.com" next edit "live.com" set uuid a8403520-b63d-51ea-62c1-076b05e10f1b set wildcard-fqdn "*.live.com" next edit "google-play" set uuid a8403ff2-b63d-51ea-c5aa-b8474371b425 set wildcard-fqdn "*play.google.com" next edit "update.microsoft.com" set uuid a8404a1a-b63d-51ea-89cb-4deaa3a53c1c set wildcard-fqdn "*update.microsoft.com" next edit "swscan.apple.com" set uuid a840542e-b63d-51ea-00cd-8e6e9fcdad3e set wildcard-fqdn "*swscan.apple.com" next edit "autoupdate.opera.com" set uuid a8405e42-b63d-51ea-3979-aafe7e629128 set wildcard-fqdn "*autoupdate.opera.com" next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set password ENC set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIQiiHuRTTjHoCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFNZH+BTmzqkBIIEyCVN9/oh+4Yb R0Z5qIQ11sLAv4TZvZlT+R5qzSV3+9oGObiCjsGr33ePjyhv6bb+I/bdPt7CS067 KlxxA8c28ISXk8pk+DnpqyCBdmCrj6wnUmGQkmhQpvyk1XhxJ0bPOkNWY5qwNc34 OLA3pLgdYK25adMpd3+MoHkHAzZPcLfDUzWmZvqcxi1Iu3LG++g+pDKxC/Ofp9io 0aM8pADt0Aq9hqAJ654Y82Sy3x/HqLDZCFG4pYcpoXzcuhwUgErilxq4q1B9ED5h l5LTUMjh+OsbIKP6x+BqVqztPwXiVaChEN6VnTE2P9k4KOKRs+ZsX/TV5PqgVRu/ nN51kX9M0ZAiGxWpg96z2yxEZJn124jBa5zxiJ5P/DJd1PAXQ0hAyZ8HpgSgGIYd 5MoiGBu5DXP/bPHpnyyKsmE5kgkx6oUXiTAFOKgOUuxhj4mQdpc9HiMHxBpc63th 6yFJh+KTsc75EpmiMfrNEyHoWsX0wWmlHXYoqc9qyW5KWeEl/YAs1xKrvv7wWrLb 0BlZ4OvzOd116a0w3PD2/lroAeORs1gjZTjq0/ZY7kEThtbjk0L2j/fj9cFAmo1f tFkf8XoM82/F425ocqL3y8ZMXZOTr1Hm4ye7PLFs4blpGCrV9c4KHp6fNIe4mHAd ZaIhWEeJZn4dEkJr3ElYGN3dC3YNoqGwb6iZqP+qq/BgsAtf6GfuHMR2Pq/z2NA8 TNuGHu9m4AP0uhskrM3ViJNh2QmBq3eZhp/tgbkGIQRTrrdlffdcpnoE0y4Zkr0Y 5lfC3h0AOXiDWp1GKBdOT7tJ5WImXLdcvwU0Se3FBeXsOsCj1Xtxw/UH+tA+KJqu UGBTR3WISS1ZU91W9DkkNwNeYNQnpUgKi5tVvcbfYNklt1Vl0kqjvQjJaTE2W18D ZiNPI9nDMdLP6e6akKCFMpFOUIL7OQZeSokrws6bO3g6NMDhuaOQmACZqAdkkr7h 34XDMhBwd1OlCO6QX9UAAn+zPAObxgj8Z0TBpx8vz/z6KYJCAz1lNSWMt5mbRTYg 4FHDPBkgfZsNP1+SgCETdgGQL+cEdiIn7mdmE1orlpbunWFHMQb9F2z+tN/vzy5F M5aIMoU4NPEmKFWWeVOEcwIHvQhrmqbKwbjqr2HmJfavUodb5tgb/XWC281f7i4z BgRb+hovVyMFkUge/mrs7NpvcYeooauT7WVbsN5pPnDvqzfFtClrl6WeXBGaxst3 PNVwt3M/bjLvvsGZT00YxH3EpVroEA46wbkZY2C9fB/coips7eafVT7wcBDz1y+S +rf59RtmM1EdI4rkZ9E22QIo4BoaA0QfJ96vwrr0Pnez0PQT0tpUOav5Y5JNI3Bl +6YZQxkaBlvWKae2dvtjTbBaJmSuJ6mOa6CYZB6V+rGqqBFtBuujzBH7Y8IWkFmb qER+yafZ/yhcLxFZPaI3hDHWG/pDlouhXZiZJ/1j/0LvEH+XyFcAwX9qu4VnK49y hmhEM1YdtCiEQ9dVREvosz8JKd23iEn8a4qjj0MGdP5s/vDmgce6HCO8ORiCTY36 a9A2lUQHe4OSrsiSVp11STRMCsNmA4hMw4HEw+K8vGwAUWi80y5k46T0u/tA4S/i ozpmiys2XNp6kBE2iJ4FUA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID4jCCAsqgAwIBAgIEAmbONTANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ MBcGA1UEAwwQRkdUNjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9y dEBmb3J0aW5ldC5jb20wHhcNMjAwNjI0MTcwOTIxWhcNMzAwNjI1MTcwOTIxWjCB qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1 bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl IEF1dGhvcml0eTEZMBcGA1UEAwwQRkdUNjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3 DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCrUl2WtTi10A9LU5TdgzVZ5PyFhakyc6Y69S01KrL8D318oSZ9 i3InUYIq54rU5OC9DytcBL05d9DcbYP9cYWCxMqk5oF+JvdRJdm838KqYPlzzBTB RsOPq5khD+MCI+7P7jMK0sso/K8toNtq5LB92XlPiijYRbyDRY4cgGC8gYGnHwAu mjNIj2LXlngsgIR61K0hn0cz/ULtTC5ejUJZ+sd/eDwRIwQ4VKqarSaeiHCPNCnW hXTDSvmpn6aKv4mWv2I9JYeW1WzCu4cK93o6KLx1HLqCOUf0FuuzERMmePdTxBcU A1qWaVod5FT8gqvHFxtmJ0LJZ/YN11IaULiFAgMBAAGjEDAOMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggEBAKo67+3A4chT6m2v4lB6DO/v/Re4MDrD3jK8 R2N/MP8e/b4b3dpVCCejzdN3011Jc38NFBNbNVyBq6L8lDqxc/CAouf6NMAkjnFa I6rtjBdqlg3EJpBkQ04Ak+UOq7mxCF41ChLR0SmtT6cl3UowDNiiW+j5T72oGUIU UJCHQJ8v1OGTxOnPboiNACmz+2+i0RqABJueDBCzC7RCE00valdchZKxOnEzI2Zq 0KoVlJgJL3HsQiJEdslWePCasp823gVyIkkB8xavW0Zs7utFxVONRVWcUknQ/mXI IqZK3eF8eCj8uILrKIKF0NyPuHTyaznfpvvk/4cUjcoggi9hAzU= -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_CA_Untrusted" set password ENC set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQISWI71hv5cxoCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCs/5R18ZznmBIIEyHYlgin1ABQ+ F0fRijPT4YMbmMb/GTy2u1Pa7rmm7qd3Z9JleqR/26pkeE8HKrArZO9HrH8SngDT NdpPqdvUNcin7AHZP+QYzMrfa9qagmumkeDV/RpGO3WLB1um4bu+mk1nAyE5DK9L Ssp+HY1pptwrnFx17Uh/jzrDIl7oNz1RRDgPOgP630OzRVeHAyWX8NupXqGJ/O+n EJZQ8RBnNX6qTOhBRdAea2kl6j4JuOBH2AKBifCo2RVpmSCUdhNvHg2w8uPN3qjD CpKaEi0GxwvcQyllz4CIaJVwDsE7xr+V/lbG7u1O4vO5XwQOD7o5v7rOlOgM/1MW 5IP9R2sGnK8r7Q/AdApMokS/usQCVDP/QLGV2V4nFWq+hEE789UYzDzFEKNzYwao 5IRjlzyuEEEWm7IIRBrd1qImZL9pVOO9Ad6DTfiQjOvtztBjJQ3pDlSQ8Rvbikx8 LfEgnfUMIiQpvSq1x6PZIhk9j2fJA2c+y1yENyzbvi8vbGSyH7SYvE5abUccU/UI b8hFn+0DbEdWouLc9trV5a8R8hjq+BaCkR3PRYAgwx/zSxoRW3B3HacpZRwVCn5y dRzcOuQ5CYYtkd82pwYd+HYR6ptRzuL3F9TIhi33CpSNulK7m+oafF2Tonyv41qY ba0Cbjn5H8fhqbzRYCljSEDxaaz53OQTx/OLN8tl95TfNE7xuQY7HiGv3Pljvl5K tLp9ncyUT2XGBHIsjikY7ljyrvnAPdjadhgqmbc2j8OUMrkbLdunUnBv/xiOJCXU D/Or0f7rJLzkfnuti4kyfmyOQ+lIdSnZ3jo3h1x7d1I0zI26pym4auDAJReWxyuS BRsaiQJKISf4hqdR7jTVOKFRVqBjEwakogRFXqNyF45u1CNk3rkpgqrWBtz46ZMX HHQ65trNdYDMzhikW3lda+H68R3jNbDIkjK1mRM4gfLpN0BzRsJ/4Vx7UjDQFiAn pAi89NZ5Tt38KOPpkIyBGMVMES6VmaulCOzRm5aLvMHidmGSxVB0jJDxwO7YtgGf R5itic6o8zX/BOItWPAe93ULBjkNL/C3IGt0S72MA86pW4CBWKpR+msU4oCijvZd 3OVTCs0mSji8/GMtdQ0j/FyYGHTnF3pRP142sD1D16yRgSJQmyX9kVwht4K2khDA OS0wQzI2Xrw5F69+Xrj1Komeqy6XByr25fWTK6kgqX8eGra3HHfPoslCtvShWhiY 0I6uNWRyhON8GWaZ+mYjwWbRr4IGhhbNIW7xrsVVPKug4XmrofshxQ0WkBkenHFq /LVVjEx3aw14/lXI6EzKaKloptTbiXyClj2Beiktuwgstv88bEKZKqQ6qNmBfy45 3GV8vv7nsnt6/3LkShQoepY2/IGkv8XGJ/Hre+tueyqXJfRsVn658NzS3aHBFqbu g80VkIylqzF8FwI7Vof9qs350pSbETjHjLKsJqU8PU6FDiySSTaYTrFTmOZ9nUj7 yBHJHM09Ls2GdZlyqH7y4bOIhkdnMBtD9J6GOSKo2rS6jDKk48qWJ/vrU6W1iOpS bTsYayTobcNOlXqhX11YrU5y3bkBEQzpmLL6yigA6X3RDmJe50cPYKxL7VMoR2KU FmJSlW8hlb0CJM1VSSc2jw== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID7DCCAtSgAwIBAgIEOU8luTANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0yMDA2MjQxNzA5MjdaFw0zMDA2MjUxNzA5 MjdaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Zdy3sah56hiarJYkBAWE8R/13ytlOMwRGQO +omHH0YqY87WBebYiNnVtHfNNEVWmLifeGD8og468+UlbVuHxNz2z0LdDRXrBOld SJyoHndtaWXIp0aYPE9Q5G8M0hxjwvSLmHvqoeXkCYYerNeX4tNuwYPE+7FJF7vI 7P3pdmwV23xZf/8RWQLpPVVH/8ZesbLK4Eu3ROxmn3d8oYD9tdGkVmWr0kEq4Y2o k5/xydEFD89WfSK26dhnPmaa27c6A7xLjB4hbWBYZUfn3WbaMHkuFetZJgEPCCWY OwEY5og14Mq2ANG4Ks1coZHLHDPPr1e8C6RMFCCI4zXsifQTsQIDAQABoxAwDjAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBvVNd/ceUYlBzqvJNh9JI0 8HXT1LUv6Eg+EqA7ozUq7K26bxjvDVpSubQ9fuOvgDbUPAV29kZfBmvMBtWpLzSN yFzABGcHhsI6cNO9sNYnWFBwkf1UOLtRQjl9YvEKaGuTjcwSBs6qRldABMpamioF 5gBAkduhySBewBjux/SsighYMYdQVQKEAC6QuFIXMsz4AF88+e5OdhTuqqbX3/zj DYsVkc+jNL6gc1aRO/twwdEtFZ7qOeUNMSmflNLO+vfifXsG2ZvTQJpSB3tvFXs0 LG5f1c30i9M7H8p/JuVyBhOLdv1QA+cULnLU5YU+lpvE7afPZJFhrKyY9PZXUpDH -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInNmcLpTbn9ICAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPLW3gSSfh4XBIIEyL44hrG37mkC n53WtGhou7UYhUHBoJis+eS+YoccMUz/QivPY+Syi32kfrn8YEaqmYj1N1/snmLI PgeZK3RM/gW8LK5/qKQwL/IgQl05kN6vZSK34vw/6IUEgrII1WmYEuRN3ktmh12q tvCMvrFTCLi6wjGUi0Jn658a3Vjs3LBY4yoVOuBsh6Hqr0LXvFiowIcZZyT+6asA IQHmTaDyxeWGuVZwOjtS/yRbZ6YjykvOZMdrslml30GVVRs4u4MikHHA73m1tuDS 24RV6csotDKOeS7vkpdxDahe8JRUYMddkJ+w1BvwQSCQ/GSkXyByXlFW32rcyJ1L ZuDySAGIlND/w3ddR8Gf8An961mffZKemRpbw/tz2iaZ4qj6iewAleJKljCya5Z7 1zZF+8U/5uT+rzgOF9ww1f7nlQ8ll0KygptsGCKUe/SjAxGAoyRfMXoFXxV1IkpM 0NDArVhtLXmh++V6rrcZurnLOtcUDs093+Z+/ypna+S9N8gNizALft/PxwIJWvkU 0AGbVLFAJTubIJzpHdlu9K2wR9+NeCm9RAdqw8LoVzqLBZDfeVJcDDT1ty9Zjea8 qftO/yjkk3KJDq9vaZLHqzAC7AM3h+sTdpoKMbakAvL2q/gHWdgVRR4SdctLErHv UlcM7lMDcY9qOrlJGAQmcpFJBg22Ry2VILOGg6t/iFNlFV+XTxQfSpCsh1oWz3Do WgZBaNwt1jrf65+7pf0d7JFgBUvp3tJIGPB4fOa+bbw0BEgkP9stcW69Q5CZ5HQG 2V00RCUVFndT6Ax8m9E44ufFmeBHh0XT6fv5CHBWoRkQsD3YBLIgT8xRENlNuEXP w1pmVuUguYrSkbqnljp3vYCrQvP45qP8lMu3xl7nN8ml92oPz9MNrBV/RIOUyB50 e15WY7uCU5gDSqifeOO8nnOUina7wgf9WrAWfRhdX4Puys/Eml1cvOTo2ggSm5a2 s0J2BnLGeMEuDYEMacIENY3N9pXxxxnWIRkLG53WuM/YBB/sOacg1EtNbFKKc1Pg s9I2dOtXMzIW4+fbT/+BXM0XwAKTnPyuzgm2vz01xQvvVJkwPtZGxCBXFLcfTDZA pc3cX44Iivo95Ca4ztwyAG74tMWiqdpBoTHb33zKvBDNx2j2DLx760FuptJjw4l8 LmaP1zrQBkbBd4VvsfqUzDqKrpguumbZyJMbYZDFfNzIuwOrjyNRlDMPgdo0mJK5 D8kmdrpbWvGycq8pJ1QDn8bHs30fcgQf03TAnSTWgROPKli1RitaR8SRzt/C6EL6 XtP1nJr8WOG/fzsyCv16097V5g64SJzOsOw4EWUNolh6mYQtVZDXFYo94ZAYiEsO NWHvwLg3iH2MqFad0cyFz3nc6VYhs3mvjLtdvAJD6zG7nXFu7JlrkdGvMN7lT9tn ZXSlDLJimO9+/LJE2IPLrPmLkeLwpk1CVqQKF+gisj07fIeYC7Xw+DnWTcHf3jzi 1stSPHd5yPCyoXkauCSXJyRs8gAlJatRIHtR+QiPZeTHZjjFXjTEzcS0JS9KXoYn yeAPlMBy/dpG4deiI708l2uRB84aA49iNb3nqEXEbNIO/TthPchIlW9nH21kIvBz /E+KMPFWhmS3pLbSAdyZ2A== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID3DCCAsSgAwIBAgIEVixqcDANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjAwNjI0MTcwOTM0WhcNMjIwOTI3MTcwOTM0WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYfzz7920NCq/PYyAN xAcA6SkR/aRXEQUJEa2lccRleEkJEQsHj+Y04fvlZPoPf8hNO03qnVuVGhIs2eMH vGqAHwssTfDX88LfuNss7boLoTtC3S3d12WHbyRpLQCyedW2wEc/wCYKPkwqycxA 8/FclxvYjxVEM0gneuzMfCnDj9YojVmxLLY7qSUGrEpiSfjNCSHSxHgTsBbwqwVd LUXc/k/y+8s1D2CxKdTm3mT8SGlyu3GQ2Az5QrpCQRCGgu4UNTf66ld579rZ7aL1 8zP7D9LdD9LfJxSiQIvz0e1D84Yfw71Cnat4k77F9kTQOBdk2V4dbahh/LG2irMc ku51AgMBAAGjIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ KoZIhvcNAQELBQADggEBAHOh4swAud5Nny92vyA7kHOFYSuuNy2cmfSe4A0ekIc+ 7IfiPcFzM6rEenscchiOY+8yzo/QzePCfCxrCQJ1iaR2y6kyNksc9rnVhJLI3sEM 2j2AYLmxUBYqd90Wg9JG6KJ+PIU/MSIuzJmNk0KzfwjuFwGS1rNXPvFSftxv4R90 93QKJxRs5RMdmDnPFt+osSXkf6Vsw/7olSBkvQgCXYGJiEvCklXlC2sKq48ZlAV1 phgFaOfbjsi183B9NpP6XZ6SFk5MDqMfADCLoFKwTt5NR/AMSPrpn3hgtaHxNQnn eAlYK5pFqGn6O03cwccUxFf/UdCuXCun2Sa5AowJQwc= -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_RSA1024" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIS1Iozo4n7vACAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPHkNpsDqvJLBIICgMlbnqpCjmNg BIZqEWRvYb9EoJkBdpj3xnoC6qDU20oRJ99gPAzBskfXVBCVI7gJ4K9CuEvyMXAq pOPr2oRfrzpAaM/frsa6k4jwqfxP2kkNtADtkU8jPI5iMmz03LmeBWpFhrjEJgo9 IPoX9TTwIkUWfzmzMMz66H4brRQcUxWVimGa2Eqg8gDa3/6bUtbIdMLTHSWjEY/B kuorcHcLfT0/lHjA4/PYzkUCEDqI+CjgUuibZxzP91MS7o2v++lM3TnaerPB6zkV O9DaiWJXqRyI8SxpI2p6rNMBE8k+ZvGfgW3q2KAHNdp8aLmCOqmVPLZDyJWvMXGz qdhBzgMcz+IA2EP2BhFzeO5HxSN1zJRfh83gu0d171juPjpumkiRWHTH81mnP3BX 31C+BeQQ0cxsYMx3oEjIJw5sGMLsCTutcgtNr7l+uZdmPVw79ymu9PQac1F/sKIm 3FH4l8QaTnciV3UKxngFdODwx1DDr53dBWMR9w443UWT49pDbQOprAbEWousPql9 KdWzcQdHV7oHA5kjXM1KyR8z3msC7Z87k/cxtXFNXnYXvUv3BDF0a17Ldzhq1eEz kOFMIhUO5+u9v91A5xcb+Dxm9nROCziTerBVPTAUbXUU2/wGXm/pt469CbwII7d/ gHPwlkmzPL3Og5H+u8PUKibiYclTuSL/YmuGc0POJjNfAdhy1EJ8PxE1aiHrGx9+ lFDrpQYgvA6EaUHNXipEF+KEx87mC561rT4+OpoUA/gpqje1UJRRBMHCPqac6ypC XC36ZsXlIW28wyljSmoWpttqKJGd11gNCDT7g9SbU/QEo//Cy92sFEZy+ha7xVG4 VETOAx6PYvI= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIC1zCCAkCgAwIBAgIEaOYWPTANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjAwNjI0MTcwOTM1WhcNMjIwOTI3MTcwOTM1WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMI/vwsRr0n75BBvUMXB+Zp0 VaIZ93W5zznPhAkYoUhf1AOrFQkEjFMfcTS35QZemC/aopJBw2EaeaPwZsr7YDyf G7o0fjaMiPmJRktdGaYbkr403GejE05j1plca0zXJyVeyEDjYaoALhZMsZmKCZkB zcocDMYPa5LaPNp9GwJLAgMBAAGjIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYI KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEArfaFge9gVmblqIvucEz1oRdL3cDk dm6fp/6tZr+9b5vgKHX0oa03wL3ZQ5yuTOjPiJ+DTiW2y18LPeF5xZyZYqg3nZFw 5gxh0N6qDnlcdNPxOnuAspk6f1QzM884MoMOTroKzR3us/0AWSL/gjm9T/5jcfST bL6XPgxbt09Vs4c= -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_RSA2048" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI+R+mKoXYO7kCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPGqpW8QQDAPBIIEyNkvRKLPTHwf zmGpJd5cV4VAS1Epu1dS9J4FnLAx+Bk64mM1NHuW5VUDw2KSNeawvJmhFh64W2Wt ocsJfUtfOksOl1+eR4bu+nc0fYEeWge8yCzT2xfdpk9dDHssZ8DBBUX0fP9vc2zR o66tSG44s09xR3tUm8cUMLer+Kdrp1HDEk/Q7UbcR/Cd3Ad/+tKbY5znD8SMlRFC L7Z/F0IePsGEqtL7i2vbYkyfsCkBWnZuqxiPs7WDv2Kiz7CJw4HzOhXWwH60b0j+ oYxnPO6A0JDTobBbgAv+QrVOdA2jImkMIs8WfEXOkw4lJYP3eRX6D37/AzZPksHF 6WlMJiRYK2v5ApBdgi7S9BfmDwyD6pVgoWKshB+zjiIPNGW7WCMqnDpTcTx+0X2g +K5Tk9NYsSU23KiZCPCMntrQ6KG5T60K2WiJG5nxaodYLQNGAt2b6LTQbUyxsj7n Hjgc+WJQoEQ/yxbuWRQU8gE8KpsQHV6ERkhKJ7wAmz7T9jSS1AO3TE7IT9XPLmBP ni8OjEOKRl31SntSQA2JFgh8eTbfBLbeD5GyNYiGLVQNVBzFr2laXcibRB06/Hfa QvXoEzdvmNyI2EeKCDC2a5J+6RY/4vOnwCKg0pMPpuTefOD16bf9oYdVcWgZrK5P GUALrCJNq7WKAmTLEytkpwfM1Py7/29k18Xv4yBSiiiyfQ8x9JdjdWynFXJ3wA+W WBz8vJvQor4uayvuDIQYsEXZ2SRKLh23/m6l8uyK+8MTxeftUEeuxDzHEGdqFhQu sPoX6YiN5TG7gpbjbUETDFR/wTuOOYicGckzMHX4smYmC86nEuqF7mE1zUaofJ9e KpR0w1/qMLfOE+F5sjOfeW8EsPULNMrZWqLUP61eEJmjYjwMi64SyyYSZbNqCY9a +gZ1wRCXsNHQyCEhakbXVyCkyrb2dQiL0bvYGvboyIBBcWO1lOycTINv+W+iE+vR x0x17goF+wTkqb6tagUatg3f+YZ4uSkxTD/nbebOMa1+ZaQ/PNPTBfFwLKBpe6/H 0Ewt0jLvbIsEyYRiS0X76mNXVcjXqzPytPCvViSlYnui7PqUYX6w/KYOytPVCWFN apjJkvpRnxyqV6KsdoboZZn4rpHgvBnzZNm+Npe233fw1nbekhnllochCKq/fgG0 GrXNaSZkmkI1XfCb+1Ky05kYx4Tx0M54LctO8LjQlxqyHZzbF/EOoygh6kPtRMGS QSBXNpdjxhSSy/GehdvkXSfguHidTlGFlTLsNJVRlPD0RJblJ4OftmdG4SDCa4Xa x6F3BaQisnbPhhSPQwiwCp1AM9w5WYLzb2UqfXOFYPmvwtQejMnj13KTI7zGLsoz bBmgp7A349tytA817ZIHfkRodcaC//z8PN7AtR3g4pdX76mrFD2y8cbyOopPi2bM m1ruTOaAPV9QBHN8cBtSJTz6r/G0O98xt3jJb72G+8Vs9kUGZkhLlz7sm9XJsyT7 8HuL7SUDfYEF0ooQaoO8IZYElKPYchflZFh8db3761c6rRFzPnDXZCLA35H5ecpf W5dGFRl5D9ulrKo5W8aY+k8pSSSys93kyKA53XsR696w14LbZfCX1NB3c436xbeB bjzbhD/D1f/97148Vauk9A== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID3DCCAsSgAwIBAgIEd4SXYzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjAwNjI0MTcwOTM5WhcNMjIwOTI3MTcwOTM5WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/HTpAb+UF2Od9SAz/ 83MPDp0IkrL4Bg2VAqoXOkKHIQ/hTAHDzy0gqyin3BqRbtMP9P65GK92s2lrWdNS fxOYIWeMcPG5njMsy8iSGjcCbg+5U8wm1pYPefo4BpFyEXScktBJK0VRkCEzI0Gh lEtSnbr4ynYebFPcCR1orNQzLRZ8ZmvtAFMqWizYR5c7Rp7D+/zeEMRmm0iS+w6a STgu/ht89IJEYfDk+OHbd0LTaIMvOKVvyngL2cI03TOTDvCHZr1RtGN43GVvDsgj xCwyOyvMpGt4d4eFZ4EvZqv9TY99WkeOLIIP/gKiyjd8ZmcYWaWuG/cj2ms5+NUZ eIq/AgMBAAGjIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ KoZIhvcNAQELBQADggEBACbT+AiClRC56hgaYhgFnZtMjblcv0PeSK0SVjpOjPgp v/Vjcgep7TRYqL2aj+qSa762h6dwD5S7NWGSgla7DanDNT0fThGltVf1SSmeJXxL nEpj2/7DnLfWT/10iFEUDgszHIXxZLDpICuz8Y+sQQNeXSxRl2vjG+2gW89b6TPV z3ACTCuoRsk2QdeLneO/am9PSjxLKcA3oML3jqv08iveihXqrKQ3jviX3qL11N+w a/kQltFWw0ylSWyKJ1I/7CDtEZnjBUt8P//6buXdlSwhHy2mOf7leSgHde/a/5HV ZqDjtnE65Wgq8z0EssAEoDkMrSL7vY1YGvenjSQkK6Y= -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_RSA4096" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKCCkn8k2gkwCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNPopTWn8BimBIIJSBO1spqtXrhI zXLmboRQYoeFjXyx1ydxOMBhzoXdxFEFyvjealKTqWsOy/z1vzKhEmcbtmU54ebW ICpciESLweeGbsFLGkliNccFh3F1eSPRSvAckoTcuPZJRte5p6Te59KoJBW+TkXE WIaYpg9fiHgk9usRhDwDy9VDgiY+VhbK1GQmJPMUbjjO05BjCOHEI+XoLxLK+eH4 V2fzOOSzlDXFKvTqWGjKOvSV5eW+VytAxT8VsQEG7Eh0a42xz4FPM7glh4whSCvT Un8mfGe2lkYFhgZtI75di/Vxho56W+FYP+hX9kJHfh0xb18u6UMlsFS2ivoAV/re xmL/EZJOb3b2z5f1WyfFxJky+T8L7J3NEfk3vrX7drrb3dV0/zZBQY8kD4w1VUQ7 27f3r48Rm7qxgn08ETnM7ca3kvAYwZbyRTStIZjOnFW1yktIGWGTpI+9VS5vyJZ+ x3KPdV0pTaXIE2FthilabjpxivvE0LVsEJZdfh+6nPDCeBc1OMIiBzrqeMJ1GCHv AOXh07HWQZN6MV+6fuBREh12Yt00gDJ5VPmGwRSV0x354B1A82QWCScyTQF+Qi/c WkVzRMeT1RyWk3Ju+zEhtOVVpxlMxsQnqsuXeJQnLWAhwl2v3Xj1V4CJPXjdttpQ b1VDkR23wYXHqCGX7YeDSQXZf+R6zsxusVJQMEG8NqrjezDOv4fkHRPOo+aH2y8P 8VtD/SLvtWNN7Gn0wVsSBI8dv3ixZPq6+//DxxEQSM5SARu+Ds7TX5owWZ2rdnh6 4c6CYrD4SMTDhvABLYhe/jvIMcDccPRFO6aS6UqMpgn5IjT9HPLvOBcfPOpmiV2r ZacNdYmBUPTYKPlByUOBWMZWd7YUCQscJ/w9aza9VVspIPfTq85aHlziaiszy3uH 0r7tAB57I1DWYgdUzRL1tva+thHjQmOTouvm4lgx/ZqlJ0gP2dMSVloHpT/wnxYL hEgiuI4IOUzIGL+WKw4xoqZ5Ec3vWIS3xzzYh6YeesUj/ZF2yofHUFWzxqJDfCAY oZF5XzQap8sOoPbFRC8j9J1t4PChDdrp+CjcLwvuOxbghTvKoFZQwCiUwIgS7ttl VPrHaz3Afuo7t24V19IkofbCwlqhKbXVqL/UP0+ym0Pk6JfeYSbctTtwprQSOhp7 rUW539kvVGpJTeBFZH3VeYYetShkykxiDUWCzXPv4X6lriALygRQFLGA884DbyiL VbxOKYr1ObkSTtM5GrCa37h/s1+SVImXh5uR1eT28saey0CYyxdB75saZeLQOfn4 5QldrSQXR/Hrr26LgvCSA+H2AjDLxcjX4xrrObJVX8kwVfHTYiGTIcDK1QcVY1Iy 05C5wHZJlrYNxFfPX4ccjuoQ15en0vMw0o+qFbX3XlKHC6P5wJzdbxqu0AXZVn/n ftNRwfw2OBAbEMGeDkZ+Rq2zxT9RqMVjOMpJdRCv3gTS+ILgIlI9mW/ahqTLCmyS LMa+SvKQ5zza2F36ZDePFC6Aybl2q6d+ACcrtu6vkJPwCQVzkgZnLbEnJ9UJXGk0 w8HpXg/ntUpO5zOczf9vWqyKeck9pPpgg8tc0yx9PZiccphXXuQcA7a/Ed6ZXNWv BHmqSIlK3JZIGNchrQ1WFtHjUMuNQVr8eiYJUc0RH/TOJ9RkP+OPAZN8jskn9cVu pfmmdij4N2gUkAymQqdwaHrzDQfVPA2iZgzCE4Xs4EFbx3rhkfujM/S1AxeD/oZ7 mNlpHmUC37NsjxpzE7hIScs6kg8i+pqOEYFM/tyMa46UGR0p2jh4j8xuRFOeWeUs xRrpxpSdoXTIgDhOBcD0CEP/mfo7hq1BqlA/fNPsVhxVpO6UI7+F29WeGxNwJsav DQ3Yp2UYxymgSLxMProjbfdrKS12Iy5Gms1G3vXhnCiLcsjelS/KNQIZ/DNzxPG5 W4i/k8eNRhojZREGpR4e+OYgh6WAelfhe4ZzkobBEg7CbyLdkM2Rp69lMeYY9vaV nqrQQ078Sj7DBs7vC4xm3EZyvLXaWw83Ir81Iz2xRrwPFy1KOuink6Gj6DTTKAmz f+R4OxUrTb+qh7hlNLejbvRPlZ+zRX3raLuGmCab/fEUogcZcLI2tUCfkt8P0vtJ bEqHhVRiYFDCmlS9I2C+fcoy8Ya8PbO9+Sni03GdPZ5SuDebOXSHTxfVvvjfJqhH P2C2Co39t3ANyNJM/Peb82fWRevxMAt9AMjtC8VqpB+UtMNJIQWID2JzLI0B5sDU K5xPd2Oh6sb9/pJx10/iJoDxdRsMb25R0AzQ+rS5jA95p+vRxCzQdIB2LTHqMz+i 3X7A2uwlMe3E4CG4fEYSMSLiYnLqTxAOseQE+qxQYtcYAN6bzxLMI/RF6X4rJJFe 2zwgsziFMscmx+MqWxjhgZiaw+IhsdJ6ynpPNmDYGcR2EgxcWcwKEKf+D65HO08p zoWl5JjkBsx9dwGpZU+Ssd/65CR3PP4MQb+ES3dYmKa1CdiD8oZGPLt+nq1MOzDJ xALFZeRkg8f81YCcJMlSARJGGlJBgr1ch49t2yOqSulNT+7IQxKeVOafUTmlmQ5m m0r/VK/3dA+DGV6annEQQ3t4gMuGobn9BgH+wBQDcrgN7SyGLP845XNW/KJhN8AQ F49fYPzrPHX9ZvYgWfGIs3bj5pM2yGCkpVKNqZ4VZrVe5bDE8OzX13UuyCGEaTgG u0JOAFY+9iN1Kea0jCuIYqMaGW3TIpIVoOboc/eiK59HTqIFYnoegCRdyttnk480 9RHrp4Pjd0R50w05yOkw7VhYYgbnHhyU5tx7vef9SjiDfZG2nIiZkE4f79pV55lN cAewa6L0kp90Ra1PyweFQ02FyywQZ0wFOfiEBTgPRzouZVRMVty4MFh+VnZYvaFp ygIRvG2h9PmCPXugcqV3C/VFXHtUcbJIou043qd2l9c3WNaSB9jjwB0oxjy782Pa ND7P6Vhfui33LCd75gxNgeFqm0k6HLqBBg+W/OqTwPViKmk4nmPWsYdEONsILmBu rKAxeypo1261JcN/6BVZe/LMK9CCC6sLgy9BWMa88SsuVlqqPATfmOjL+9RJj3eW feXJCW7D8s918VZoXy7NHRRttPVvZ5ndDNTEJeakjkxYCiOaWWj16dze7562nP7G Ul3eZus7O13Q3iiQTVFx3w== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIF3DCCA8SgAwIBAgIEUXdqzjANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjAwNjI0MTcxMDI1WhcNMjIwOTI3MTcxMDI1WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU NjBFVEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/vKEut/JPSQckueer BrqOZUUmNd3trL6344SqydKqqDHTCqqdVcDnNLvhZpJPHnxUzTUxQBqC6uFJY/v9 le/0ZkTaa20auNRXIKWcKnsRKZ4DcSr0b/VhGI7gFUkpJGBRY+fmekN/G8WVe9Gr 63ctoAF/nmZ549mTEkqL2knpCbgdiO/rGIvSDjU3f5NMAMmSG6kGgARs5/KaIUja nSJN1f0ln/lCLfuRTP7zxa5b/8b0gie3oqBOx03llAJaGqtMQq5HTUaKMcRbzgEr 4q79FCuE4KR5OBsQwGZK0AuWfZJ4HTHmmQ4P1rtHLcih+rZsQ9URhnGlSvqfOIeD FQ4tscBN0h/dwswDeCVjV2CNFlPzVhsXt5pGS4vBr7NTkqnagWEfvaKh/kcode2N J2SUusKEY0KtDUOCKSZB1D3HOOexQWxx5Mm0TZ79S/Oj2WHEfwyrWq/9q092AyLI B4wWxlzP4NhcocSeXa1KVawl0zHzYhJL3pG4OWHGAS610MCBWBt7/s/lGUGqmUuj syJwGWXFoe16m6TqhP1Dqj6OOptSYprowc3hMB4fZXHbgzLjzqajjiY9twasDNlV LwdKlOBUzcwbYdNtlU241OHjmd8I5/R4AKOa/YF7R8FzHXmL25mtCA1TAQQpe1Ph LAuTy3OCEO4NAZkT34sw8OVlJQIDAQABoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQM MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAsliNkFfWggJprK9p/2wAt cUKwZCXSR5rPuQX1QqowrtGcvsqQlczouPJRqiLiLRo99LF399SCydMewLIlAHih lokPRpOhUCmBMVoNlHvjTUg6N6LP/jcsCFjP6moN2Qm8R4OjvrUMOQ5nwQb9EUIp fKdXwI+w9j/pE1ZqWJtl2eN5pTyhzU6prtmogn4XvL7kCgkmOUxmR1GiG1NtSaIm Er2yItBo5D8c+SW/8SbE9wgfLrrC1A9Ngnp1SSlUWjlD+L9DipZ7idJ1JrIVtbZZ b5Nsdtq38lTfWrejLVEGKzJO5rDGL5tebSkw7CsSErbmUWEXgnd0MVSoly3FkO00 Ht0mDAW9WquZTaKM+zfhwyFy4nmsGeSdElfAwcBxm7OvFBiwNq7Hnd3UDtutnR+P i7nJ3Z/gOP70zwTeGwjF8B1k/mwE0jFZbo3EeF1RL5l3dye3oyMt+isYH+toGq3i XWJ/IiX6TQGnDQ2NRprZlv5TPGjMn3ALok/aeB39rT/Lbu5i0N5X57b8pVBoE2YK +sUXtgPMBLWIzvlRQpbAJclQxvHUKTrIIpuanqI2adc67yrfil0cUboHjhJ+YYxp UIkljSCwNW7xH8JoNSDG+vGGL6Vhw/xUcRANdfGjGPOeY+VWpc18MbFZhkwaDSYF /DeZpDbGSpwfzJ8rw/o4sQ== -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_DSA1024" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIbZa3BgWu7OMCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM1AnxCrneM4BIIBULeZIMitAip9 XU3gxqkn7BaNABy1CmXr5nfPdVHQGQSpO6LSG74objBAKPJOAQwa/Vr6mD90ghEa UJA4wppdanzt4GGQb2AJa7/3hKgaEoTQLcFQe+GEFrv4l2JV/TLD8FCl0pOENHHD FVAOEmjAx4mBczkIG55XpcoDajK+9VO4jmQ3lIbkoxOpNBJX03vCuTrXPpqx3WKZ WCLlZtkgqJRVzEX4JH2+J/t2R78ZgzMtDgJLQCoxGY9uNZsEHf5H4BjCtO3ZCuvI eKGto9hESOFj9118GWJb8JU5WTq/uQ6mlM+xKifyNE7PhP558jc7EqH/FaTN1oIc mhRPxHi3Yg6Q0gmaeRrxDOAv2I3+ylzCedOF56+in30/4p9uEyQHFoVXY6Cgy4Iu sqyjzRVDf50I51nYgCmi05T1EwFsfIO1uP+jFNdf0u4nOu7u864aPw== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDnDCCA1igAwIBAgIENsSTgjALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYw RVRLMTkwOTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTIwMDYyNDE3MTAyN1oXDTIyMDkyNzE3MTAyN1owgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYw RVRLMTkwOTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIBuDCCASwGByqGSM44BAEwggEfAoGBAN5E0e2rXVOBDT6EFSwviAJkzOLgTf8z J47JHQRv2Z/QOkuC6AnrA4fBiOArnPCxEyVgwY3sJOqvCame4LNld6Te0PGVvfeK sfK1alC9zl8UmM2C5BKfhn/6cYezgihFO0G4i9FdzojpC/uaC4JAtBm1vZqa3cTF fuHz5loB+ECNAhUAwqeYKPn6bXrIvdScjnHXaXauog0CgYEAs9M744q0n4LbaXxQ tJ7tyLCCJs56yoiGAIp8JRg2KB0j+GDUnlmHuk3y88p3f/RRyDubWbh+bYbRS27x IQFL+MPBy4QSHcbz8bsgjdzTvutHJQRm9RV7UiA1d7dsVo8u0QF8Br3yI7ldj0Hd jbFgUjq5LzoNCD/hT44YaSxsvksDgYUAAoGBAMMaNYjFgxcRorw+wjxehEFslVpC qI4ao64TfuX+oLaqGN9MynUJ+PnpaRzpYU/5uaIriK5FKBQxk2KfI+WA8VTW5Apk zNfNwnZO/cxRgkI8f+qTICP575BDtfQSTFslWfmberWLjZXONbs9upknEVUb36Y5 MYNyeIlF5b10VFkmoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMB MAsGCWCGSAFlAwQDAgMxADAuAhUAj+07MNGJ2H9+ldQz0sDM2O6AVUgCFQDAdnYz u6Rk1Kz9FjUvfTSWDyAvjA== -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_DSA2048" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3+uAm6XsH/oCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEr8E20a2Ge8BIICcEkb4LrxogQa 5bW7OMJ2v3/i5xYVL4Dv/rRTeHurtRT3U1pIQ9sP/ov0P0B3Z9I0e2mq0SciMUJV oOo9RcOnmFDMDwKcOuGGkdJQQ/icE3xpKYeYEVEmSBo6HuhuU2dH7lFw23uTSMSK PZ/FBGpho4aIImMTlpukQOB8fx+GzsnPWDAnRKH44wph+20y3crW3ySGzsMGRxw8 usy42HhkmN3IMOpeSpUEOaKQlLeDC4Zd4Sks9roUjYZdMT/oPWrKIiaAFv5zZV6C 0F/pVrKB84iq59sgeJ/alsJO8gr5JNoFMfk6uhOOEHRAviveSJBuqnhLR/OT7/wG Iwd5wmB4q0THShei/ju60fmpJTAlzp0nIexAJwDOxzjWLycb6f/2nuuRQILn2eFI v/THISgOQrdqs27nJBBDvatL/upOa+ddHRraDOLOZ+bDSWI8uiz1jvMNXYrp1b89 KPBiVIxYDDUpPenmsTdm1kMdJdtruNA7Yi/DKUrXFPeZ3L80J4GGjR5di+Q0ZgZ6 qjoX08hUvR/UZb7EYpaG4Gn+1mLpSIWBkr8U+UsVvHGuvk1c+83cr5Ia4WOtItbL 8C2U9HkUr3MKPLlj0G9w8qw6ZMoGJiqlpYgPqcRgiXmcW5c1bKU3MJg9FeR/qC3j Uqmuj3f25lwu4IlnNVLXLGriTrbWltRgSIAvG+wUjgznHgX0KTE0ZFBbgwqKZJUe 8jm8d/1HFWZzlUh8AkodtkxNusHt0P5yYE4v00hWSsD7qjST7LCktl8BwM5qrQyc o54xruub4hAXEY5O76UhDjkyM4m5yVoXPd8Q+/P+j8vvpEGjaynDDA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIFQjCCBOegAwIBAgIEaJqBKjALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYw RVRLMTkwOTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTIwMDYyNDE3MTA0N1oXDTIyMDkyNzE3MTA0N1owgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYw RVRLMTkwOTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIDRzCCAjkGByqGSM44BAEwggIsAoIBAQCgedflhSgepd9iNhaVXUe65+V4LlJk j5cTUXFsUbErv0cDUVWDTAX3ok5+QtPN6pErHK4+HLJr0hpox/RgSnZ8KKCBxy3x yTSAJUo0f7yoivu36KCMqh+z61eeyG9rjGwyF/oyiLMoFPwjWC//H//9NvGVL2iP UkdQDo0hboSpSGjv3Z8fVhCu6v4CfYnvXPO3xBUvcTcVhZvgGyGfZeVLLKUZEwRF HMD5zOOd+dApm8gOED1KhGf9dRNl1g4bU2hFsz4TvunPDrRft0rZqzeiqHXxM8Yo glrs3soW1wRSiaWHOu+/xHSIsV7NRL936VPDv98Lwop3k7bTFZpYDOhZAiEA/LWt 4j4aLqNEuSwLvbVLb1NxNK58uBT9Az5fn4RU67cCggEAbhoLHNumbqA7SLKhhvwB NxVfQl75pXA+9S2KoLbYUixPlhDFLIBkb270APvg0e+iESTLUXEwh5zfUI9v0YH2 kRtmb73V/xUShYh6sGvU597AHk6j5/t26V/UhbXp18Ei+xb57s3SokWH1h3MshOA 0Cgz6M9GtRn+YxlnrOkgytpsojF23voHVMjUnOew79VrbBqRH7tGqcCeNdkNL28b kWULNMx+AiWjBw+1w7YaOwdcJ2Wx8xTFHfJbMr+kOsemUHmaFdDW4Q9pRCD3Jy63 wN74VLBCzKLIKeAjOS0nCcB9/sFm5Q5RXtq29mUcX1EbDOGYZKgEQ81c6fBfnHxl MAOCAQYAAoIBAQCL2dJ04zgElBLFV4TE+0SORtIR4t0HzNRt8+NQ+g+vyD7vPNH9 4u/aMZO2VlbKtwAT+3WHSibrUZOTTaNejUx7erHjJF1YkpUQKTkwceqfoQDLGPeN V/qvuyQjy3PCRHV2cE2kcfo27yAba7YdjWIra0ogW1ADIj97JcsYCxy1bB3OKsVz NhlqVEu5D0m0TqJgyck4Im/igO89+BqUmz9IqQjtnarzXmsiwNGn5d3hIgmHGMCX g7D46IJ9ouGDz2XxRp+RxfKyftbDD2ay4TN4n0N4i0Zf+3zoUcDKI/VxjVAvAQkq 74F/GJ9d1/Tb+hxgQhdaZA+7T2cnWNapXMI9oyIwIDAJBgNVHRMEAjAAMBMGA1Ud JQQMMAoGCCsGAQUFBwMBMAsGCWCGSAFlAwQDAgNIADBFAiB/T65A2k3Csx54ntgN x+Ar6MpBzJ61A/PA/PbJVwfgDwIhAN20QcU+pKBr1O70s+iNbZZIzy9z+RobFYC5 kQB2RXVM -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_ECDSA256" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgZR8uxbDoRXQICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIYL7aWF5sOs8EgZAGN3YDvGYnZTbP u0ef4u1+sseIZi38WvG/e2yxagcPKGocGBgr9fYyYvcovsVlIsWg4QszXQAMbEXy X73A6x5QhHawmPYYfts4xjPWWmVf73gr+sDbho1F675mGaD99SJllBxEEdehCRay 0BoVa3m/D6fWagUt/Mt7JfXEda/32NtKGcJXYdIbmvQ0GJODGMs= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICUDCCAfagAwIBAgIEGdQCWjAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNjBF VEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMjAwNjI0MTcxMDQ3WhcNMjIwOTI3MTcxMDQ3WjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNjBF VEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQsBqyCdEPEEhmC+Tt4fdo5IUMzfyO0 kNm8pnCFt5tPRYxE3cRnA5xyJzy27Z8zHp6A6CKLObxXPgkn6ObSS3AnoyIwIDAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA0gAMEUC IQCqYWOqLDperVlAWdiXjN9Q7RNIyEcFdi52xYX9f89niAIgaVylE93b32tjD9ip oQW6tZ6iJY9nEgHT/X4NFpSdkxc= -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_ECDSA384" set password set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIDSiMsjtflWYCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE8ZpEKju9IJBIHAc9B9Z+yW0vNF kExIGCAYvnGLj1nI3HaakDws8lwrrwZfCpoWkAwU4solb50nn7xQM/XzjrFtlN91 6Nw+A+nV+FipRVOWogIso3hr5OtTG4QCtStCD+9HgBZyQxmWPNMegQaHU4p7DsBq cVs/PSP1xrg8F01UdMQIlL7cyuFiU/3eAfUju2WkCx9f84hCqB9gysrF6yEiWpJS OOqdr9ZBrDkDquSS5mMal2qvLGwDXaiaMJsBywVmOcN+r5xF0LVK -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICjTCCAhOgAwIBAgIEUqxGTjAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNjBF VEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMjAwNjI0MTcxMDQ3WhcNMjIwOTI3MTcxMDQ3WjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNjBF VEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w djAQBgcqhkjOPQIBBgUrgQQAIgNiAAT6HNHiXeLKxMvAGENQ35isOMyseeAEvLcJ B97JSneJlOJu+XzzzM6jnzddezYp0HEGOGu6r5nu+5wIsVVs1eMsqd/ykef0nsWH UaWzVxL8pokqg9Vy6OfjopokWTaR/56jIjAgMAkGA1UdEwQCMAAwEwYDVR0lBAww CgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDaAAwZQIwcONZM+38GMHlWTeJWqzK17XJ fsEEM+CzbwIEQ+awjNz8TVUZn2zkBSRMfAj4GMW0AjEAzwROrFmuHdF1SS7wzlio 7BCvrsXvaxb9F4NiWk3lb2TQ1fv62WLZnoDRMsov8QRN -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_ECDSA521" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBSzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIIW80B0yyNiMCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJyCaAh7OpiLBIH489I5ESA1EeKq AiKOmeQ+5I8HKMDrPae0YnfkDI+N8RRQ5xSmDruz7naZ6ferWJPZDdwSx2JB9X4W kL3cfVrB+JcP7y/yiJAvxMwpu9ZLl6gzpoMYMeJhfzI30wpRYIB0FbJu06aBF3VZ m4S4wJOQ2AOfKJ4CgOYoBq5f/46U7hraGSjjOoHzQCzIdB4Q0kH8OQE5FFq10aj2 JhiXb/xCj0EzubfmebfwIMp/+wTESqnOb+EonsnRD5WQFlkfqYym0IyVs12TJpgi Fi2oUjr3xf9ZSj3SFOV1oIFwg0Ml1EJPL61ERjrpHMMqyqsQwJCs+dWo7cnueac= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIC2DCCAjmgAwIBAgIEdGwsHDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNjBF VEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMjAwNjI0MTcxMDQ3WhcNMjIwOTI3MTcxMDQ3WjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUNjBF VEsxOTA5OU02WTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w gZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGDBhJv68NMz4eupwasmW81xcfGUrQt kNnsLihfbG/VatfO6k4GSZrn3w6zHJQzxR3A6zsWv54BKSvmpMJmhgYcnwAaaqsA WnnU0J2ttBFE8fkIxrfiOd1pDmfNvMgNDa2+m8VaoR1QE8BgYb6/gxeC7NYlrjq2 XUQuuWZJtbtwOVOVtKMiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD ATAKBggqhkjOPQQDAgOBjAAwgYgCQgGaxR8Dti6R+j5h0peFxamCh7qT8ugP2ixg BDf+paaLL0RrDmjr4QpTUS2Goq0JpMx2O0O3+wdRdsqHy8Xwn4KiAwJCAa2yowLX JImaetSXoNw2zREPjvaWTpIdvM25zJRas3CrS33zpjx8Ym05eJEDW1aRYYPyDXyJ x4gjBmc0UCTyISEh -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_ED25519" set password ENC set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIGKME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgdWisE+UKf8gICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQII6JvMBRAaPMEODVAltxGYrnwsVot 8ps9vOGuQbVyNKVNYD56WIj+j1vJ5gUy8VkzeQfggL31gDr5iKHV8fp7uYke -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICEDCCAcKgAwIBAgIEMf6fAjAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYwRVRLMTkw OTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTIw MDYyNDE3MTA0N1oXDTIyMDkyNzE3MTA0N1owgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYwRVRLMTkw OTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMCowBQYD K2VwAyEAa2OrPEqPVRdQ8IQHQINpPOLj8U6pB2ZAxzsEG5aI/V6jIjAgMAkGA1Ud EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwBQYDK2VwA0EAz6zMpqlzvV3XPf4Z VFic5skuD48pW2OFMVsBa5AeOgHp4aPse/XdG5onGcSQeTiSst6GmBF9din8KUAe Ya5iDg== -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next edit "Fortinet_SSL_ED448" set password ENC eSBVOceBUjjCkYUhDTR/Gr7IdZnh2HUWrcHw0SJg/C3VVlUxuCCQmJIRHrIkqhdcli38QhMb7RN0PGrKToGWMNBRBBacnWuw5mfD2GTV9NAZOrkWI8UjBRc7iuT1aDeGs6TuW0lqy4jqcOYA7gnQRNLi9/I462zL+8qZ4uTsbjTQ+I87iv+ZXA93KsSnw2rZomMTyQ== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIGiME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhZvzQ5jI7uAgICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIOi/SEvs8flEEUG1cldC1V99hjhlP EW4ktk5oznzIbWhkLF/8/dZulmVBL2+0wXwoo6NdNtOOXEJ+aSWTNAfUKqVu2gY5 waQTiK6o39iluG4LnkjB3Dk3VzUM -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICWzCCAdugAwIBAgIELGNIVjAFBgMrZXEwgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYwRVRLMTkw OTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTIw MDYyNDE3MTA0N1oXDTIyMDkyNzE3MTA0N1owgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDYwRVRLMTkw OTlNNlkxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMEMwBQYD K2VxAzoAO3qfXXrl/9RhnsQaRHAIsd8AdTSzyspjvPzVhaxF3gHEgRM5nKi0xtQQ odnMOZWKKy+to5uvlqQAoyIwIDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF BwMBMAUGAytlcQNzADm7PNJQg5Igy0IE75Ox+USEp28Hw8iKjNwaH3l1D5ja9/9K KlQGq4gaei72NFw0iJ9MNhfk8WsEAIhXmRC91MecJZbZxsTSOadPnLyz0ge3Z6F4 q1ikj6WyClu/EClncb3pJ2nuTgvrfS6vf48ih2wcAA== -----END CERTIFICATE-----" set range global set source factory set last-updated 1593018651 next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity medium high critical next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" set block-malicious-url enable config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set deep-app-inspection disable config entries edit 1 set action pass set log disable next end next edit "block-high-risk" config entries edit 1 set category 2 6 next edit 2 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "default" set comment "Default sensor." next edit "sniffer-profile" set comment "Log a summary of email and web traffic." set summary-proto smtp pop3 imap http-get http-post next edit "Content_Summary" set summary-proto smtp pop3 imap http-get http-post ftp nntp next edit "Content_Archive" set summary-proto smtp pop3 imap http-get http-post ftp nntp next edit "Large-File" config filter edit 1 set name "Large-File-Filter" set proto smtp pop3 imap http-get http-post set filter-by file-size set file-size 5120 set action log-only next end next edit "Credit-Card" config filter edit 1 set name "Credit-Card-Filter" set severity high set proto smtp pop3 imap http-get http-post set action log-only next edit 2 set name "Credit-Card-Filter" set severity high set type message set proto smtp pop3 imap http-post set action log-only next end next edit "SSN-Sensor" set comment "Match SSN numbers but NOT WebEx invite emails." config filter edit 1 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap set filter-by regexp set regexp "WebEx" next edit 2 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap set filter-by ssn set action log-only next edit 3 set name "SSN-Sensor-Filter" set severity high set proto smtp pop3 imap http-get http-post ftp set filter-by ssn set action log-only next end next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next end end config icap profile edit "default" config icap-headers edit 1 set name "X-Authenticated-User" set content "$user" next edit 2 set name "X-Authenticated-Groups" set content "$local_grp" next end next end config user local edit "guest" set type password set passwd ENC snip-snip next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "FortiClient5-AV" set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next edit "web-access" set web-mode enable next edit "tunnel-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end config vpn ssl settings set servercert "Fortinet_Factory" set port 443 end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config vpn ipsec phase1-interface edit "to_HQ2" set interface "internal1" set peertype any set net-device disable set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1 set encapsulation vxlan set encapsulation-address ipv4 set encap-local-gw4 172.16.200.1 set encap-remote-gw4 172.16.202.1 set remote-gw 172.16.202.1 set psksecret ENC snip-snip next end config vpn ipsec phase2-interface edit "to_HQ2" set phase1name "to_HQ2" set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305 next end config vpn ocvpn end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end set block-botnet enable next end config antivirus settings set grayware enable end config antivirus profile edit "default" set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next end config webfilter profile edit "default" set comment "Default web filtering." config ftgd-wf unset options config filters edit 1 set action block next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 12 set action block next edit 8 set category 13 set action block next edit 9 set category 14 set action block next edit 10 set category 15 set action block next edit 11 set category 16 set action block next edit 12 set category 26 set action block next edit 13 set category 57 set action block next edit 14 set category 61 set action block next edit 15 set category 63 set action block next edit 16 set category 64 set action block next edit 17 set category 65 set action block next edit 18 set category 66 set action block next edit 19 set category 67 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "sniffer-profile" set comment "Monitor web traffic." config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set options block-invalid-url config ftgd-wf unset options config filters edit 1 next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 12 set action block next edit 8 set category 13 set action block next edit 9 set category 14 set action block next edit 10 set category 15 set action block next edit 11 set category 16 set action block next edit 12 set category 26 set action block next edit 13 set category 57 set action block next edit 14 set category 61 set action block next edit 15 set category 63 set action block next edit 16 set category 64 set action block next edit 17 set category 65 set action block next edit 18 set category 66 set action block next edit 19 set category 67 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "monitor-all" set comment "Monitor and log all visited URLs, flow-based." config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*youtube.*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config emailfilter profile edit "sniffer-profile" set comment "Malware and phishing URL monitoring." next edit "default" set comment "Malware and phishing URL filtering." next end config system sdwan config zone edit "virtual-wan-link" next end config health-check edit "Default_DNS" set system-dns enable set interval 1000 set probe-timeout 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_Office_365" set server "www.office.com" set protocol http set interval 1000 set probe-timeout 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_Gmail" set server "gmail.com" set interval 1000 set probe-timeout 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 2 next end next edit "Default_AWS" set server "aws.amazon.com" set protocol http set interval 1000 set probe-timeout 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_Google Search" set server "www.google.com" set protocol http set interval 1000 set probe-timeout 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_FortiGuard" set server "fortiguard.com" set protocol http set interval 1000 set probe-timeout 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next end end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next edit "default-darrp-optimize" set start 01:00 set end 01:30 set day sunday monday tuesday wednesday thursday friday saturday next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config ssh unset options end config dns set ports 53 end config cifs set ports 445 unset options end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 set status deep-inspection end config ftps set ports 990 set status deep-inspection end config imaps set ports 993 set status deep-inspection end config pop3s set ports 995 set status deep-inspection end config smtps set ports 465 set status deep-inspection end config ssh set ports 22 set status disable end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 4 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 5 set type wildcard-fqdn set wildcard-fqdn "android" next edit 6 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 7 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 8 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 9 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 10 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 13 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 14 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 15 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 16 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 17 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 22 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 23 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 24 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 25 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 26 set type wildcard-fqdn set wildcard-fqdn "live.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "google-play" next edit 28 set type wildcard-fqdn set wildcard-fqdn "update.microsoft.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "swscan.apple.com" next edit 30 set type wildcard-fqdn set wildcard-fqdn "autoupdate.opera.com" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 set status deep-inspection end config ftps set ports 990 set status deep-inspection end config imaps set ports 993 set status deep-inspection end config pop3s set ports 995 set status deep-inspection end config smtps set ports 465 set status deep-inspection end config ssh set ports 22 set status disable end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 4 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 5 set type wildcard-fqdn set wildcard-fqdn "android" next edit 6 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 7 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 8 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 9 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 10 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 13 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 14 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 15 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 16 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 17 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 22 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 23 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 24 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 25 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 26 set type wildcard-fqdn set wildcard-fqdn "live.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "google-play" next edit 28 set type wildcard-fqdn set wildcard-fqdn "update.microsoft.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "swscan.apple.com" next edit 30 set type wildcard-fqdn set wildcard-fqdn "autoupdate.opera.com" next end next edit "no-inspection" set comment "Read-only profile that does no inspection." config https set status disable end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall policy edit 1 set uuid 6e3e5902-b64b-51ea-b309-195a88d1e2c4 set srcintf "internal2" set dstintf "to_HQ2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next edit 2 set uuid 7759debc-b64b-51ea-b6f5-df17db598eeb set srcintf "to_HQ2" set dstintf "internal2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next end config firewall ssh local-key edit "Fortinet_SSH_RSA2048" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAdZYqCT5 4NQd+lEPmVlSYqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC3rb4jn1Ad SnhKunPHl1ZS3uCdZivGE7T1Dbr8NA7D95mvC681zEy87ywM5gHoaneKHOvE/7zwDD0v0D LnpLUAmCL1cpeDThZxHRZhO9VCBU414hfc3o8Fxrx2UhHFq9BR1XwOX4jx92y7EwR4muBT X78DFn8frglT0PZLC5MI+miRPMa/Uvyjjt0/6r7afx8p+QTZ0XDLcQYCqm3D+Fq8RLHVUD hFbiQlsM/QKprqgIZO9h9Cn4FTXETLd22EPuOT063LWEdJqTtfVWFKiHLYF1+PT2j8RLjI HMH8HnyufTmHDQNignWgGFO5/lvHoBmdulHE4ovCKV24iD/OFu41AAADwCetjEvq73iV0V RK6hCxcdpB7QM5Zz4lIDGGL6C76N1h+tZ65zRFdrVkAGbZqIomVqmnkHB1MeApPPxmU6uO VZC8TBCpTNQoZzImAYq9Bi8GQQi3Hxu1RV0C+cupwMUyGoboJVPLm2JkyM946SnhGYwqjy 3K94wckzFcd4dZhWIpmcXHvG4Nr3Wp1qB46RVoAavDU58RqNsmFXL8+U4DZamk0SLANR8R vy1IklxxSZqvIVIhv03H7bAQKRJC0+4tmZFAaePvCE/2FOvK95h+l7q7UPueNLwJ6E6Xov wZ34lKLU5KQ6pdyvbN/v/5rHy+EDHSyxnNtYrkyZLHH7qAhN1en4M+xKlsU/q8pzVWk3zP h4ORq+Ueli0b/O3ShFRD3iiagVQpIU2M6/aHs6f8GZaqkGZKD2g6cKPTseoCWXiaaIg1wE +k3OxFMPK/K6XJ0acymsxnG5F5/mWDtVDYjbi5NoJtwCjHjnVSqXdP46nZrbVSPJt2//+m KOYabJVQSaFRj/Du5raQu057NxoGSNZIygicgIkXp4FKu13FeOIf4U/ilj4bJ9sMD1Fvt6 Y5o5p+p2o2iLah38jeTIru2rEviGnZrblloec89s6l8KzajUDF/jd+0Py5ob2FTIGwo4cy Qjz1SQmoI05Gnw6qzA9uuLqHZ8IKXjdWyU7ZhQ0/BLkzRW9U95QE0TVfNon2dcM6kAVJWW tvq/IrJci91GEscRNchnwzfm3rnD36ilfhl/zcSJwe5IiwNnjrx2GmDkK94GpWUxJuljcy v5DNI9F892MOjsNMKi4moa3MglcTQNZWL075sv56cmWFn523My7jDf6DXj9fxErHKc1wAd NfU8OmWIgrM4O1yAf1jURmuvek7LNUtRvtQE5+55YDId24NpB4wHdfIrsQI8340wKw3WtB rfkgh6FjGtoc6kBankrwTfw48p83amKW1t/9X5+F2rG2NjjSgZS94mTrb7z+l2CTUZKY0L skAravcqXwFZ9Y0jdn1Q1d44nv+ukk9E7PZSug1g5HLMs1Lj7O+0WxXNWQ5BpHq9DssacC 7XlZXRVM2nLv6SM4M6sC2AkfsVwpSue7Mh+qEd8L1+iJLI+wz67sRsFBYTgvGMsrBd0kE1 0zDaDe+wUt9ZJ7Wcu356D/3W7XIMzY8Lcieywzpdz5N+FcX22PFQbnI04ZFWEEhaAX65To YHDCac6BnNY6nKf/Idm0By39E3f5lkhbvC+YBXLBbAZoROFac3FlCC+jksZNDGki4A98k/ 7n8LMweQ== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3rb4jn1AdSnhKunPHl1ZS3uCdZivGE7T1Dbr8NA7D95mvC681zEy87ywM5gHoaneKHOvE/7zwDD0v0DLnpLUAmCL1cpeDThZxHRZhO9VCBU414hfc3o8Fxrx2UhHFq9BR1XwOX4jx92y7EwR4muBTX78DFn8frglT0PZLC5MI+miRPMa/Uvyjjt0/6r7afx8p+QTZ0XDLcQYCqm3D+Fq8RLHVUDhFbiQlsM/QKprqgIZO9h9Cn4FTXETLd22EPuOT063LWEdJqTtfVWFKiHLYF1+PT2j8RLjIHMH8HnyufTmHDQNignWgGFO5/lvHoBmdulHE4ovCKV24iD/OFu41" set source built-in next edit "Fortinet_SSH_DSA1024" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDFelQZ+V PqbbiWaeUuOi5LAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAJ/3UKUd5hMATaG31/Nj X1AHjE/cd1RPb36ynib34fdwIVjQ1hqcqLPWmLrkepZLT4QQ/kYz2hwpbETaOV8+JE909X FDpLvlJ/FKe36cJgGVx41ILmqQ36dDTpG8yAOCwdyiftysvse8C3t5wSvbF1Qj96aASfWR 91+2cIk4eUkdAAAAFQCjGwjdUb5plxzWH9qsFuADy2h5zQAAAIBvybNrUg2lh0caE9VuHn OWkEbmtUcT0nl8ZkXbGUsGvxd3ojdIuYplMxA/qujVQAK0H+Qli7U4A++eJTl9eu+33wc5 jKQ5qbkceM0P2hQYAaMgVdLJkzd3cnpn3k9gEo1E3ZTRQm1Pckzx7XspYNPqAUAVcbnz+p 55avvbxevR7gAAAIA6+iGYmEVyoTMHP6a7bkbbEZIhd6HxkoLgEUcAQrZrnR70x0cMaz29 DInUMjtnkZswDFTlqw/6TUoUAB48ico25+ZT6fmZY+tFJNM0owYuF6ABbL1n6PGhDnUmzP 1jgXHN/wGJc48QPMkMg6sqY1+gktsEewPs+HJVuIMYFtkvpwAAAeD8LQvzPIfSOiCKl6Gm 8YHwS8qicfmzpB6EsuVAP/hmlaGmuCKjzLKPk66DyDSPz/FP/wZNKbv75Nw9lsjV5Hj+vd g5Nonq4HJI/sQXYhrA2q8QIGsnvaeLJA/s0MtE2ZNzu9waRsHXQnZMKhdCoqe9OLdslrdx EEQckyfnTuBHK4a1pBq9+NCgErOUMVNf/fGoU/6hQNHBU98+s9O64cSJbl2ruUYgp9FAgP +rFOzPdI7F/YmTmRZuia+dJPpfMl3N8h4t2NkLhYtG1G/xbDASpAPiArEUJAe/9DFiSFHQ f0Lyvj3BIWwBl+hcnk2QTRXz1rv/17nu4xmJ5nC5MQCiAx7m/bvZKJO+MinJVFPA41B8nj eLx6WjH2YWJ9Dv2Cai7u8+wy/tDK4HM6Ea87FKXsZvGPdV3KMX2hGKJh01SLtlzrnu5Fos cEh+eW7FCjoWFEVZHM6i1/qIrEPjxZadFGbqw3QvdM4BpqCTmzECuwuUszaj+IpjRQtQj/ 1j4rAsoU2q3Q076OalP8m/O+82g41/d4EwIATV0gCL0HrkPvhprkhPHAvOSi7TLG/COouq M6dPzYYM+meVQZhcBfokkAFh1eR6Nxqeuw8t0UNn4UPwtnJkXAmSwYEO4EfJaaA= -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAJ/3UKUd5hMATaG31/NjX1AHjE/cd1RPb36ynib34fdwIVjQ1hqcqLPWmLrkepZLT4QQ/kYz2hwpbETaOV8+JE909XFDpLvlJ/FKe36cJgGVx41ILmqQ36dDTpG8yAOCwdyiftysvse8C3t5wSvbF1Qj96aASfWR91+2cIk4eUkdAAAAFQCjGwjdUb5plxzWH9qsFuADy2h5zQAAAIBvybNrUg2lh0caE9VuHnOWkEbmtUcT0nl8ZkXbGUsGvxd3ojdIuYplMxA/qujVQAK0H+Qli7U4A++eJTl9eu+33wc5jKQ5qbkceM0P2hQYAaMgVdLJkzd3cnpn3k9gEo1E3ZTRQm1Pckzx7XspYNPqAUAVcbnz+p55avvbxevR7gAAAIA6+iGYmEVyoTMHP6a7bkbbEZIhd6HxkoLgEUcAQrZrnR70x0cMaz29DInUMjtnkZswDFTlqw/6TUoUAB48ico25+ZT6fmZY+tFJNM0owYuF6ABbL1n6PGhDnUmzP1jgXHN/wGJc48QPMkMg6sqY1+gktsEewPs+HJVuIMYFtkvpw==" set source built-in next edit "Fortinet_SSH_ECDSA256" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDg1eXTb0 7gU7AnQkL9uKOoAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz dHAyNTYAAABBBM30EdSFI8iwWl8N9I1dlnyP3eT3OzvUVEZTyeo43/a3waW5X7HPVDdDiK I19Oxa+EztVKYGKkI5irZkI9/BjmIAAACgWpxOCBgJnfyUZNUjDt9bDRt6zJK3eHBlJIdc L79hOOAduo8kyWBbRHgzBtHIKB6k5TKVMkVAAnyt1w6HqYLO6sQyCSYcN2jDLF/sioHtDT BDGm/J0jw8YMW7Y8gEuf47PNr/uzR8X4pMlZm1bmd/Q31ISzL4ZVHevx/X0+9B2RL8YSks kPlrLLR0y0/SkWtMuQART54evk1s2IMK19GZ6Q== -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM30EdSFI8iwWl8N9I1dlnyP3eT3OzvUVEZTyeo43/a3waW5X7HPVDdDiKI19Oxa+EztVKYGKkI5irZkI9/BjmI=" set source built-in next edit "Fortinet_SSH_ECDSA384" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBABar2O8 kP0U+7jJGI5gYdAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz dHAzODQAAABhBBOOiKHFp/9rDF7owGSR3k8dhtrPU3gfVO57b54r3QnqqKkbfvZgDFub+Z 1jnOREqjJz9zYmysrfSz1mOJRgXpf22r62zczFjhEU2tG8qLSkrml8xmFeTJQvgyhaI1qf VAAAAND/TLnPoEBgr6xN3W8Zhw8J43klcTo8j5EfYhfVVjQ8/WDBBYLIVfUqV6ve1XHfED lUa07chZLON57Uo/qoPOAG3+vFfOYLW86oHPVNm+gkI8SPW9rLlnr/QrZyWYmxkKOAPXbD VWb6Pdp8ULfk+xuJbY1Zo71eU7hSzJ2F4YPYEQxrnzWS2qSvQDwc/3NCsg1CjS0dxsw8IW wvIdIirtDqost2b2tGo+43HBx4CkR14UgNNpU3KowFQCq9GF+QUrq9dnInFr3xBtRlzebQ qzNB -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBOOiKHFp/9rDF7owGSR3k8dhtrPU3gfVO57b54r3QnqqKkbfvZgDFub+Z1jnOREqjJz9zYmysrfSz1mOJRgXpf22r62zczFjhEU2tG8qLSkrml8xmFeTJQvgyhaI1qfVA==" set source built-in next edit "Fortinet_SSH_ECDSA521" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC7vcxjJE Ji1aeM4MtIp65PAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz dHA1MjEAAACFBAHNUET35rM8MVcyTKDvHkXfkeS9jmphy/qjU68uCW5Soah6cUuSnAadTv 1gUH36MS0O42QmLXLaGGa2n+j0uQ3BXgAYofdM1trf4FC5ci/tcJdRCqMJvQAchwAoaOxb ZRhezCsIM6/ced8YjuBocq8fXYygwek/J3lKzk7X79NKWM1zBwAAAQAm537qV4tU8lgX13 +3wg9VFxboLkY59OlZd1RriEZ3VRUlpNlfazZSNo5q0B3B0/o0iZcGZqrqyHy+vsxsapF6 fwdjTBYXnAhO1QHkps6bU4qVdaeH1LZDcV9/gK5Th33nhscT7qI/BNrYGonPDrO9t4LFbR ikdOkHPtWzIXTr1/MT4SSA6ttKjQPC2mGOAgHcfJe7xFSiqO/9rsQDelD8nw01sqf4+rwa D8YTaPAkzwy4Z+A2kmUfHnLVMdPVJcCxbSOW4Zbp6VCYvWwWQs/cJIyYPoCHyG6xyJ3uDk OX8Mz/uqHpduEkq7av8/IKqNvsOF9C468yjSTBJSXRor9K -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHNUET35rM8MVcyTKDvHkXfkeS9jmphy/qjU68uCW5Soah6cUuSnAadTv1gUH36MS0O42QmLXLaGGa2n+j0uQ3BXgAYofdM1trf4FC5ci/tcJdRCqMJvQAchwAoaOxbZRhezCsIM6/ced8YjuBocq8fXYygwek/J3lKzk7X79NKWM1zBw==" set source built-in next edit "Fortinet_SSH_ED25519" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBXKqB3l7 ZXeEs89XHBMFmKAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIKhz/Xocke8tTCCc 7DLtFUlkwQhoHUYGdu4/d+yoh+/MAAAAkNWhgeuIsiBFOqlsQBzaz8uIi4uyIEBJJd/HoY ozC5VRhsKkmEeaWUecmr+Dr4g2qd6NM924SIjNoquf+ZrhzNw0MPjr/9u8X0SC0Oye5d8O Q8eUsp7NOqxgQg+XQd9RrBwiwJ4IQ12RnQr1HLkGIqf5Ut3ay+HVJdRzJ8s7v7JXTlfgqW A7MqRfjtyl1s60/Q== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhz/Xocke8tTCCc7DLtFUlkwQhoHUYGdu4/d+yoh+/M" set source built-in next end config firewall ssh local-ca edit "Fortinet_SSH_CA" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA59GTWoA j9+qOxBUhIa7bYAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCxtiV5O9HJ FPO/dMZxKXsFcOZN204gMd1SUqdz18UjJaiBVMD00mj3WnigHwpE/mCiUcETEjAmkLhNeL TcAIdYCnkYOOdsDK/QQHnGS/9wKYslaa6DnmAbbKzKjJWBEy+O7zUhgohZitqxAdmMmKpF KT5/5QNG4ldELvJFoFpWj8laDKXyrQ4kLW/gfJiQC7MeE+e8roBQ0Gs6uhcH6+WqnH4z9H NgSPM7iMysEv/1dGNqbI3AqC10ael1SfDbxsgnexLnoHql8ylrcdEZhvHAtsmg2ZJGKBzA 5ViBhd/DzDk508/tIz4eIOSPCvxf+TcH9K5gQpHXpXDkseckgzH5AAADwDjTXBXGDgXNCt eM6LDRdl4qfbnYbzgilv5lLL4X8uZtE2Ip4KBJLwa3f9I6MdZjkl1c7flLG6xVNYcmw9Ai xSROh6VK+jYvRh0t5kphVNQqj9hoc5YR5pGH7ODgxA6RSW43Ejffmwh6kFN6JrChBQevzi ygYWzXN2opssaeir3ypBMdnpMhSntT5Yhp671JO06agPKKv2WreRJtbylO/0mdNS/s9+Fq GbcCbS7yL6haGVy8JwBYGiumrKgm/Mmy2yWAeneamLAgtbz03jTuY6tECfX8hcNr4SnQqa 8q/i25vpffF/0uB6FbWMXUaHiYcZVBQ4H6BimrL9QlwBzmF63NjGZVMCodJoS8bgkJK8oz xIxhuyqtKbvH8Imsh5LtvzZKS12totHuVTrYGWhQjzW6mOgKP2jqhHbGYJmXopd8RCsCBF hNwFCuXGc0uvWTM0TwYVyDlUi/eeWQvGu/YipEtMUj9E+5SQP7uLRQyz/RLCAiCFxjKm8/ Ue/gR6kwJjuSt8oqIxi5s8sHq8bb6BHAw6EwlMo88ja2QCRFwOzVhkXgzeYQIWoAagfPVY k9bJ5q0T6f5phhe+TKq+FEeiIHMHRF3B2ZtP8X2rbpUU1hF/UFmkDQzpISWbblCKmaR8o2 JfM4Mnig5/GPNAd2kwz3pxJT7/Yz7toVfuVVcbPsaGwIDS0xLefSk0AOa3XRxMoSW6iW+K dQ/6ych1/T7qZEHKfJJIHomVW5QebK/KWcE0ll+YSGNJ73aVGGj7uyguqEbPMpX67P/Bs7 BR3cb9B3AtKg9rgEfFxXMEWrY8DSKcasxSU+lop2VDr4uDvwuaGpedBNVnt340+wW4o1Mv CoFB06fJqD5X18yZ6HC5VFewMor2Zh50y0JqDRXCjniIlpftmTnK22y0Lq0ep/72r9srMx obukNdYpPAcX6OfAMrm7jQcqg8O5QP49+TYTKbRl768Hy4ElLP0WW6hgvIdeFhb6kkQVNm uuBKFWeVjiaASE43GoRcIh3MTTGb+nWj4ojhZJkawTEX/j9O9OETDMqDvZvz0NuxxBLSMw vOrlLTfGq6414JrB5vQ/yjs/k8Y0ky0HjHAxDRwtZmb/ZSsJuiqGb4wpsL47bhnCc8pDB4 GymVeoaQx2ua1MDgdWuhnxtWhJcZolrBKn+vtOG7v7Z2CSKzdNFTRFE2w070v2pZGkDzg8 haotKj3PfVMsmPj/gF7WoGoap4+d9CLKwT2NIDupxfKaSMvZt0qyWoVFpnsEOxaqY6EuNS FtV5BuQA== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxtiV5O9HJFPO/dMZxKXsFcOZN204gMd1SUqdz18UjJaiBVMD00mj3WnigHwpE/mCiUcETEjAmkLhNeLTcAIdYCnkYOOdsDK/QQHnGS/9wKYslaa6DnmAbbKzKjJWBEy+O7zUhgohZitqxAdmMmKpFKT5/5QNG4ldELvJFoFpWj8laDKXyrQ4kLW/gfJiQC7MeE+e8roBQ0Gs6uhcH6+WqnH4z9HNgSPM7iMysEv/1dGNqbI3AqC10ael1SfDbxsgnexLnoHql8ylrcdEZhvHAtsmg2ZJGKBzA5ViBhd/DzDk508/tIz4eIOSPCvxf+TcH9K5gQpHXpXDkseckgzH5" set source built-in next edit "Fortinet_SSH_CA_Untrusted" set password ENC set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZJRAEo/ 06DOZQv438cKaDAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCkDJQMprzr OCHrUR515CirMAlj4JmZGsx8gqQRi5YxjR78CseAYu9smZluGshbDoUvQxnT/01cVrPxrZ 9WQnnjNanMbI2sxlaZYnOV/b7gXjZ/wtuDmAErvNcX9RHNM8yi3H2/AO5kivrb+MkEw5Ul mKapHCTDi0sH45gfcRY6wiPJyYMX39YHxyNueEYo4TcLjEJvZjo2vWkqiAb+yTuIqCGaZq 7bhI1VJOX/eg7P0o+NJTOM8HLRMT4EunEoKTGLHUszLUQ0WUJALOn0f/sqtGeXRs8+rurG iZWtTkAxTOWcBSMW2DOk7ihhQASsSmwc2R0awgaa1/rCzPIDYuaXAAADwCpTAl8NU20SGQ 8E8FW7yqHQsFRDBulZX+fNVjS6S9y9VLEDQLEpi6q3Ljz530BRenu2LKQMsVmB8shF/mJn DR8uXJ+NkHuP65rXTWkYTRU2qg533bQuo/74VRRF5cN1mE1YnJZVlpz8EBbBHK4KztFXnp 3qqfIyl/qnQMp2RdAYs6VFAXELJP+Y4/cVklnPVjSmIhkgw+7iQE4RdVbsZyWXRBWymW9+ iaDQprii6UAOIniEt1jcpvLp8T3KOhXZD8Qud44+Rc1kTB73BoQJydfztLrtWzyiixdaDC q2CkjDiB4Zfk2REzagnfFCRxcwc86tjBcPRXBrgcKf2VgyySsBJfPBPgYB7ouRpR7C19hD 4KsZCBa0y2ev8aNQY3rpkjGZ7bblzJSsS0PkcwdNwlwO9rx4v0NH5Wg1pgB9IyvrwCuPp4 LiySdIPHgBjl4wx/4u+ocN6kTEvjCvedN+wi5URqzQpwWhf7deYwYfyu5nqa4bEtelChpw Za3nhjZU7wJNuSHg6jPL2Fi1mk7O54i8k59MHio210mtjf41qWBH0cfVAZZ/73kOQykp+U +ndAd3Jl9PpQ+BJmILC+f88G98mI4mA4Ic/kc6lyBMzfm0QdP9PQ4Qeu+tP26diLzs3CX3 19f/NAjpHxVBpgaoVsL5bTgr8ksLz+31fsQaPSE10jO5Qj+Z/ehB6ehwRf8/E9jQO6qfvO /Acze8aeeLP+6Tc9b4ikEA3rLwVOFFWBEG7wjPPfUlWBg2NGgJ6Bo4H6kvWxuvlpMJ9PfK EnVpkmMIQa8oJdTvLUovkH13lweWZsKGJWK3Juv3H8OfIgTE4R59H/rwLHh3/WlnZ3deY3 9Tm39KlHuhNXtksLhU3XA+MhiBOUWfZGanBYRHGY1GYU/zKf9e0uvOhI6JgkxuTzsAUOx2 Rx5opyzo0opC3e6MeD7AL0VkE42WbAtP3dLGvhReIsN3lCWC+ZoqYPNhS2TKqQliFAo4Sp FiAx7Tvk23yHelr0ThqrwMXNPyS6+oh+jcpV7O1ssvnhC2rTrTQSrwxG5hDjxWPPR9Q1ku AhqVtUTxAuCNxIA7vQ+eiSCgbAOlr5OhXHAjEJ/aLG4BONYUHDVO44jZDntypDH3/pKllN ZwauIKCUzNTAzhQF0mq4EEn7yEEjmVXqUFC03oU8cc5Tjfwyyp8D1iC/zPDGWJep8+iEfL aOo4TyfJlZYOaqkcT7XoYhy30woSmkhHxySCLI9xfEYzz4LSdiiO2QKVXuIekGXoEGI0SC 00150Aqg== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkDJQMprzrOCHrUR515CirMAlj4JmZGsx8gqQRi5YxjR78CseAYu9smZluGshbDoUvQxnT/01cVrPxrZ9WQnnjNanMbI2sxlaZYnOV/b7gXjZ/wtuDmAErvNcX9RHNM8yi3H2/AO5kivrb+MkEw5UlmKapHCTDi0sH45gfcRY6wiPJyYMX39YHxyNueEYo4TcLjEJvZjo2vWkqiAb+yTuIqCGaZq7bhI1VJOX/eg7P0o+NJTOM8HLRMT4EunEoKTGLHUszLUQ0WUJALOn0f/sqtGeXRs8+rurGiZWtTkAxTOWcBSMW2DOk7ihhQASsSmwc2R0awgaa1/rCzPIDYuaX" set source built-in next end config firewall ssh setting set caname "Fortinet_SSH_CA" set untrusted-caname "Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "Fortinet_SSH_RSA2048" set hostkey-dsa1024 "Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521" set hostkey-ed25519 "Fortinet_SSH_ED25519" end config switch-controller security-policy 802-1X edit "802-1X-policy-default" set user-group "SSO_Guest_Users" set mac-auth-bypass disable set open-auth disable set eap-passthru enable set eap-auto-untagged-vlans enable set guest-vlan disable set auth-fail-vlan disable set framevid-apply enable set radius-timeout-overwrite disable next end config switch-controller security-policy local-access edit "default" set mgmt-allowaccess https ping ssh set internal-allowaccess https ping ssh next end config switch-controller lldp-profile edit "default" set med-tlvs inventory-management network-policy location-identification set auto-isl disable config med-network-policy edit "voice" next edit "voice-signaling" next edit "guest-voice" next edit "guest-voice-signaling" next edit "softphone-voice" next edit "video-conferencing" next edit "streaming-video" next edit "video-signaling" next end config med-location-service edit "coordinates" next edit "address-civic" next edit "elin-number" next end next edit "default-auto-isl" next edit "default-auto-mclag-icl" set auto-mclag-icl enable next end config switch-controller qos dot1p-map edit "voice-dot1p" set priority-0 queue-4 set priority-1 queue-4 set priority-2 queue-3 set priority-3 queue-2 set priority-4 queue-3 set priority-5 queue-1 set priority-6 queue-2 set priority-7 queue-2 next end config switch-controller qos ip-dscp-map edit "voice-dscp" config map edit "1" set cos-queue 1 set value 46 next edit "2" set cos-queue 2 set value 24,26,48,56 next edit "5" set cos-queue 3 set value 34 next end next end config switch-controller qos queue-policy edit "default" set schedule round-robin set rate-by kbps config cos-queue edit "queue-0" next edit "queue-1" next edit "queue-2" next edit "queue-3" next edit "queue-4" next edit "queue-5" next edit "queue-6" next edit "queue-7" next end next edit "voice-egress" set schedule weighted set rate-by kbps config cos-queue edit "queue-0" next edit "queue-1" set weight 0 next edit "queue-2" set weight 6 next edit "queue-3" set weight 37 next edit "queue-4" set weight 12 next edit "queue-5" next edit "queue-6" next edit "queue-7" next end next end config switch-controller qos qos-policy edit "default" next edit "voice-qos" set trust-dot1p-map "voice-dot1p" set trust-ip-dscp-map "voice-dscp" set queue-policy "voice-egress" next end config switch-controller storm-control-policy edit "default" set description "default storm control on all port" next edit "auto-config" set description "storm control policy for fortilink-isl-icl port" set storm-control-mode disabled next end config switch-controller auto-config policy edit "default" next edit "default-icl" set poe-status disable set igmp-flood-report enable set igmp-flood-traffic enable next end config switch-controller initial-config template edit "default" set vlanid 1 next edit "quarantine" set vlanid 4093 set dhcp-server enable next edit "rspan" set vlanid 4092 set dhcp-server enable next edit "voice" set vlanid 4091 set dhcp-server enable next edit "video" set vlanid 4090 set dhcp-server enable next edit "onboarding" set vlanid 4089 set dhcp-server enable next end config switch-controller switch-profile edit "default" next end config switch-controller remote-log edit "syslogd" next edit "syslogd2" next end config wireless-controller setting set darrp-optimize-schedules "default-darrp-optimize" end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller utm-profile edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set ips-sensor "wifi-default" set application-list "wifi-default" set antivirus-profile "wifi-default" set webfilter-profile "wifi-default" next end config log memory setting set status enable end config log null-device setting set status disable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set gateway 172.16.200.3 set device "internal1" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "bgp" end config redistribute6 "static" end end config router multicast end