{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}} {\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang9\f0\fs22 #config-version=FG1K2D-5.00-FW-build292-141001:opmode=0:vdom=0:user=admin\par #conf_file_ver=9064609003113891801\par #buildno=4664\par #global_vdom=1\par config system global\par set fgd-alert-subscription advisory latest-threat\par set hostname "FDNH169001"\par set optimize antivirus\par set timezone 42\par end\par config system accprofile\par edit "prof_admin"\par set admingrp read-write\par set authgrp read-write\par set endpoint-control-grp read-write\par set fwgrp read-write\par set loggrp read-write\par set mntgrp read-write\par set netgrp read-write\par set routegrp read-write\par set sysgrp read-write\par set updategrp read-write\par set utmgrp read-write\par set vpngrp read-write\par set wanoptgrp read-write\par set wifi read-write\par next\par end\par config system np6\par edit "np6_0"\par next\par edit "np6_1"\par next\par end\par config system interface\par edit "port1"\par set vdom "root"\par set allowaccess ping fgfm\par set type physical\par set snmp-index 3\par set speed 1000full\par next\par edit "port2"\par set vdom "root"\par set type physical\par set snmp-index 5\par set speed 1000full\par next\par edit "port3"\par set vdom "root"\par set type physical\par set snmp-index 6\par set speed 1000full\par next\par edit "port4"\par set vdom "root"\par set type physical\par set snmp-index 7\par set speed 1000full\par next\par edit "port5"\par set vdom "root"\par set type physical\par set snmp-index 8\par set speed 1000full\par next\par edit "port6"\par set vdom "root"\par set type physical\par set snmp-index 9\par set speed 1000full\par next\par edit "port7"\par set vdom "root"\par set type physical\par set snmp-index 10\par set speed 1000full\par next\par edit "port8"\par set vdom "root"\par set type physical\par set snmp-index 11\par set speed 1000full\par next\par edit "port9"\par set vdom "root"\par set type physical\par set snmp-index 12\par set speed 1000full\par next\par edit "port10"\par set vdom "root"\par set type physical\par set snmp-index 13\par set speed 1000full\par next\par edit "port11"\par set vdom "root"\par set type physical\par set snmp-index 14\par set speed 1000full\par next\par edit "port12"\par set vdom "root"\par set type physical\par set snmp-index 15\par set speed 1000full\par next\par edit "port13"\par set vdom "root"\par set type physical\par set snmp-index 16\par set speed 1000full\par next\par edit "port14"\par set vdom "root"\par set type physical\par set snmp-index 17\par set speed 1000full\par next\par edit "port15"\par set vdom "root"\par set type physical\par set snmp-index 18\par set speed 1000full\par next\par edit "port16"\par set vdom "root"\par set ip 100.100.100.1 255.255.255.252\par set type physical\par set snmp-index 19\par set speed 1000full\par next\par edit "port17"\par set vdom "root"\par set type physical\par set snmp-index 20\par next\par edit "port18"\par set vdom "root"\par set type physical\par set snmp-index 21\par next\par edit "port19"\par set vdom "root"\par set type physical\par set snmp-index 22\par next\par edit "port20"\par set vdom "root"\par set type physical\par set snmp-index 23\par next\par edit "port21"\par set vdom "root"\par set type physical\par set snmp-index 24\par next\par edit "port22"\par set vdom "root"\par set type physical\par set snmp-index 25\par next\par edit "port23"\par set vdom "root"\par set type physical\par set snmp-index 26\par next\par edit "port24"\par set vdom "root"\par set type physical\par set snmp-index 27\par next\par edit "port25"\par set vdom "root"\par set type physical\par set snmp-index 28\par next\par edit "port26"\par set vdom "root"\par set type physical\par set snmp-index 29\par next\par edit "port27"\par set vdom "root"\par set type physical\par set snmp-index 30\par next\par edit "port28"\par set vdom "root"\par set type physical\par set snmp-index 31\par next\par edit "port29"\par set vdom "root"\par set type physical\par set snmp-index 32\par next\par edit "port30"\par set vdom "root"\par set type physical\par set snmp-index 33\par next\par edit "port31"\par set vdom "root"\par set ip 200.200.200.1 255.255.255.0\par set type physical\par set snmp-index 34\par next\par edit "port32"\par set vdom "root"\par set ip 10.30.10.226 255.255.255.224\par set allowaccess ping https ssh\par set type physical\par set snmp-index 35\par next\par edit "port33"\par set vdom "root"\par set type physical\par set snmp-index 36\par next\par edit "port34"\par set vdom "root"\par set type physical\par set snmp-index 37\par next\par edit "port35"\par set vdom "root"\par set type physical\par set snmp-index 38\par next\par edit "port36"\par set vdom "root"\par set type physical\par set snmp-index 39\par next\par edit "mgmt1"\par set vdom "root"\par set ip 192.168.1.99 255.255.255.0\par set allowaccess ping https ssh http fgfm\par set type physical\par set dedicated-to management\par set snmp-index 1\par next\par edit "mgmt2"\par set vdom "root"\par set ip 192.168.2.99 255.255.255.0\par set allowaccess ping https fgfm\par set type physical\par set dedicated-to management\par set snmp-index 2\par next\par edit "modem"\par set vdom "root"\par set mode pppoe\par set type physical\par set snmp-index 4\par set defaultgw enable\par next\par edit "ssl.root"\par set vdom "root"\par set type tunnel\par set alias "sslvpn tunnel interface"\par set snmp-index 40\par next\par edit "npu0_vlink0"\par set vdom "root"\par set status down\par set type physical\par set snmp-index 41\par next\par edit "npu0_vlink1"\par set vdom "root"\par set status down\par set type physical\par set snmp-index 42\par next\par edit "npu1_vlink0"\par set vdom "root"\par set status down\par set type physical\par set snmp-index 43\par next\par edit "npu1_vlink1"\par set vdom "root"\par set status down\par set type physical\par set snmp-index 44\par next\par edit "MGMT-OFFICE"\par set vdom "root"\par set ip 192.168.165.1 255.255.255.0\par set snmp-index 47\par set interface "port1"\par set vlanid 165\par next\par edit "TRAINING ROOM"\par set vdom "root"\par set ip 192.168.166.1 255.255.255.0\par set snmp-index 48\par set interface "port2"\par set vlanid 166\par next\par edit "IMAC"\par set vdom "root"\par set ip 192.168.167.1 255.255.255.0\par set snmp-index 49\par set interface "port3"\par set vlanid 167\par next\par edit "PMO OFFICE"\par set vdom "root"\par set ip 192.168.168.1 255.255.255.0\par set snmp-index 50\par set interface "port3"\par set vlanid 168\par next\par edit "MGMT-OFF-INTERN"\par set vdom "root"\par set ip 192.168.169.1 255.255.255.0\par set snmp-index 51\par set interface "port3"\par set vlanid 169\par next\par edit "Aggregating"\par set vdom "root"\par set type aggregate\par set member "port33" "port34"\par set snmp-index 52\par next\par edit "WSUS/AV"\par set vdom "root"\par set ip 192.168.174.1 255.255.255.0\par set allowaccess ping https ssh\par set snmp-index 53\par set interface "Aggregating"\par set vlanid 174\par next\par edit "Point-to-Point"\par set vdom "root"\par set ip 192.168.181.1 255.255.255.0\par set allowaccess ping https ssh\par set snmp-index 54\par set interface "Aggregating"\par set vlanid 181\par next\par edit "UTP-Aggregate"\par set vdom "root"\par set type aggregate\par set member "port29" "port30"\par set snmp-index 55\par next\par edit "UTP-Core"\par set vdom "root"\par set ip 10.10.10.1 255.255.255.0\par set allowaccess ping telnet\par set snmp-index 56\par set interface "UTP-Aggregate"\par set vlanid 25\par next\par edit "MGMT"\par set vdom "root"\par set ip 192.168.180.1 255.255.255.0\par set allowaccess https ssh\par set snmp-index 45\par set interface "Aggregating"\par set vlanid 180\par next\par edit "FDNA696003-MGMT"\par set vdom "root"\par set ip 192.168.182.1 255.255.255.0\par set allowaccess https ssh\par set snmp-index 46\par set interface "port1"\par set vlanid 182\par next\par edit "FDNA696004-MGMT"\par set vdom "root"\par set ip 192.168.183.1 255.255.255.0\par set allowaccess https ssh\par set snmp-index 57\par set interface "port2"\par set vlanid 183\par next\par edit "FDNA696005-MGMT"\par set vdom "root"\par set ip 192.168.184.1 255.255.255.0\par set allowaccess https ssh\par set snmp-index 58\par set interface "port3"\par set vlanid 184\par next\par end\par config system admin\par edit "admin"\par set accprofile "super_admin"\par set vdom "root"\par config dashboard-tabs\par edit 1\par set name "Status"\par next\par edit 2\par set columns 1\par set name "Top Sources"\par next\par edit 3\par set columns 1\par set name "Top Destinations"\par next\par edit 4\par set columns 1\par set name "Top Applications"\par next\par edit 5\par set columns 1\par set name "Traffic History"\par next\par edit 6\par set columns 1\par set name "Threat History"\par next\par end\par config dashboard\par edit 1\par set tab-id 1\par set column 1\par next\par edit 2\par set widget-type licinfo\par set tab-id 1\par set column 1\par next\par edit 3\par set widget-type jsconsole\par set tab-id 1\par set column 1\par next\par edit 4\par set widget-type sysres\par set tab-id 1\par set column 2\par next\par edit 5\par set widget-type gui-features\par set tab-id 1\par set column 2\par next\par edit 6\par set widget-type alert\par set tab-id 1\par set column 2\par set top-n 10\par next\par edit 21\par set widget-type sessions\par set tab-id 2\par set column 1\par set top-n 25\par set sort-by msg-counts\par next\par edit 31\par set widget-type sessions\par set tab-id 3\par set column 1\par set top-n 25\par set sort-by msg-counts\par set report-by destination\par next\par edit 41\par set widget-type sessions\par set tab-id 4\par set column 1\par set top-n 25\par set sort-by msg-counts\par set report-by application\par next\par edit 51\par set widget-type sessions-bandwidth\par set tab-id 5\par set column 1\par next\par edit 61\par set widget-type threat-history\par set tab-id 6\par set column 1\par next\par end\par next\par end\par config system ha\par set mode a-p\par set password ENC g2wYCLJs5Kq8Q2czFuembq7dTqTBSoLlgj4QK7rjG3tKVSHeJpVlGjW/GK7cvzpPHmPfxfGUkhiBjTlRBsS8lQbI/WIUTmNqurhwL3ha3Iw67du1Fxjb5nJQmfIFC6o5b2X33R0aizNG//jDpfZ1gB5Z3ZXdrg1eBkOHwHNkY5Y8LbSpjS4KWHCqO2VFMvZJcnhQ+A==\par set hbdev "port17" 50 "port18" 50 \par set session-pickup enable\par set override disable\par set priority 255\par end\par config system storage\par edit "HDD1"\par set media-type "scsi"\par set partition "32C4F80651F467BD"\par next\par end\par config system dns\par set primary 82.178.158.173\par set secondary 8.8.8.8\par end\par config system replacemsg-image\par edit "logo_fnet"\par set image-base64 ''\par set image-type gif\par next\par edit "logo_fguard_wf"\par set image-base64 ''\par set image-type gif\par next\par edit "logo_fw_auth"\par set image-base64 ''\par set image-type png\par next\par edit "logo_v2_fnet"\par set image-base64 ''\par set image-type png\par next\par edit "logo_v2_fguard_wf"\par set image-base64 ''\par set image-type png\par next\par end\par config system replacemsg mail "email-block"\par end\par config system replacemsg mail "email-dlp-subject"\par end\par config system replacemsg mail "email-dlp-ban"\par end\par config system replacemsg mail "email-filesize"\par end\par config system replacemsg mail "partial"\par end\par config system replacemsg mail "smtp-block"\par end\par config system replacemsg mail "smtp-filesize"\par end\par config system replacemsg http "bannedword"\par end\par config system replacemsg http "url-block"\par end\par config system replacemsg http "urlfilter-err"\par end\par config system replacemsg http "infcache-block"\par end\par config system replacemsg http "http-block"\par end\par config system replacemsg http "http-filesize"\par end\par config system replacemsg http "http-dlp-ban"\par end\par config system replacemsg http "http-archive-block"\par end\par config system replacemsg http "http-contenttypeblock"\par end\par config system replacemsg http "https-invalid-cert-block"\par end\par config system replacemsg http "http-client-block"\par end\par config system replacemsg http "http-client-filesize"\par end\par config system replacemsg http "http-client-bannedword"\par end\par config system replacemsg http "http-post-block"\par end\par config system replacemsg http "http-client-archive-block"\par end\par config system replacemsg http "switching-protocols-block"\par end\par config system replacemsg webproxy "deny"\par end\par config system replacemsg webproxy "user-limit"\par end\par config system replacemsg webproxy "auth-challenge"\par end\par config system replacemsg webproxy "auth-login-fail"\par end\par config system replacemsg webproxy "auth-authorization-fail"\par end\par config system replacemsg webproxy "http-err"\par end\par config system replacemsg ftp "ftp-dl-blocked"\par end\par config system replacemsg ftp "ftp-dl-filesize"\par end\par config system replacemsg ftp "ftp-dl-dlp-ban"\par end\par config system replacemsg ftp "ftp-explicit-banner"\par end\par config system replacemsg ftp "ftp-dl-archive-block"\par end\par config system replacemsg nntp "nntp-dl-blocked"\par end\par config system replacemsg nntp "nntp-dl-filesize"\par end\par config system replacemsg nntp "nntp-dlp-subject"\par end\par config system replacemsg nntp "nntp-dlp-ban"\par end\par config system replacemsg fortiguard-wf "ftgd-block"\par end\par config system replacemsg fortiguard-wf "http-err"\par end\par config system replacemsg fortiguard-wf "ftgd-ovrd"\par end\par config system replacemsg fortiguard-wf "ftgd-quota"\par end\par config system replacemsg fortiguard-wf "ftgd-warning"\par end\par config system replacemsg spam "ipblocklist"\par end\par config system replacemsg spam "smtp-spam-dnsbl"\par end\par config system replacemsg spam "smtp-spam-feip"\par end\par config system replacemsg spam "smtp-spam-helo"\par end\par config system replacemsg spam "smtp-spam-emailblack"\par end\par config system replacemsg spam "smtp-spam-mimeheader"\par end\par config system replacemsg spam "reversedns"\par end\par config system replacemsg spam "smtp-spam-bannedword"\par end\par config system replacemsg spam "smtp-spam-ase"\par end\par config system replacemsg spam "submit"\par end\par config system replacemsg im "im-file-xfer-block"\par end\par config system replacemsg im "im-file-xfer-name"\par end\par config system replacemsg im "im-file-xfer-infected"\par end\par config system replacemsg im "im-file-xfer-size"\par end\par config system replacemsg im "im-dlp"\par end\par config system replacemsg im "im-dlp-ban"\par end\par config system replacemsg im "im-voice-chat-block"\par end\par config system replacemsg im "im-video-chat-block"\par end\par config system replacemsg im "im-photo-share-block"\par end\par config system replacemsg im "im-long-chat-block"\par end\par config system replacemsg alertmail "alertmail-virus"\par end\par config system replacemsg alertmail "alertmail-block"\par end\par config system replacemsg alertmail "alertmail-nids-event"\par end\par config system replacemsg alertmail "alertmail-crit-event"\par end\par config system replacemsg alertmail "alertmail-disk-full"\par end\par config system replacemsg admin "pre_admin-disclaimer-text"\par end\par config system replacemsg admin "post_admin-disclaimer-text"\par end\par config system replacemsg auth "auth-disclaimer-page-1"\par end\par config system replacemsg auth "auth-disclaimer-page-2"\par end\par config system replacemsg auth "auth-disclaimer-page-3"\par end\par config system replacemsg auth "auth-reject-page"\par end\par config system replacemsg auth "auth-login-page"\par end\par config system replacemsg auth "auth-login-failed-page"\par end\par config system replacemsg auth "auth-token-login-page"\par end\par config system replacemsg auth "auth-token-login-failed-page"\par end\par config system replacemsg auth "auth-success-msg"\par end\par config system replacemsg auth "auth-challenge-page"\par end\par config system replacemsg auth "auth-keepalive-page"\par end\par config system replacemsg auth "auth-portal-page"\par end\par config system replacemsg auth "auth-password-page"\par end\par config system replacemsg auth "auth-fortitoken-page"\par end\par config system replacemsg auth "auth-next-fortitoken-page"\par end\par config system replacemsg auth "auth-email-token-page"\par end\par config system replacemsg auth "auth-sms-token-page"\par end\par config system replacemsg auth "auth-email-harvesting-page"\par end\par config system replacemsg auth "auth-email-failed-page"\par end\par config system replacemsg auth "auth-cert-passwd-page"\par end\par config system replacemsg auth "auth-guest-print-page"\par end\par config system replacemsg auth "auth-guest-email-page"\par end\par config system replacemsg captive-portal-dflt "cpa-disclaimer-page-1"\par end\par config system replacemsg captive-portal-dflt "cpa-disclaimer-page-2"\par end\par config system replacemsg captive-portal-dflt "cpa-disclaimer-page-3"\par end\par config system replacemsg captive-portal-dflt "cpa-reject-page"\par end\par config system replacemsg captive-portal-dflt "cpa-login-page"\par end\par config system replacemsg captive-portal-dflt "cpa-login-failed-page"\par end\par config system replacemsg sslvpn "sslvpn-login"\par end\par config system replacemsg sslvpn "sslvpn-limit"\par end\par config system replacemsg ec "endpt-download-portal"\par end\par config system replacemsg ec "endpt-download-portal-mac"\par end\par config system replacemsg ec "endpt-download-portal-ios"\par end\par config system replacemsg ec "endpt-download-portal-aos"\par end\par config system replacemsg ec "endpt-download-portal-other"\par end\par config system replacemsg device-detection-portal "device-detection-failure"\par end\par config system replacemsg nac-quar "nac-quar-virus"\par end\par config system replacemsg nac-quar "nac-quar-dos"\par end\par config system replacemsg nac-quar "nac-quar-ips"\par end\par config system replacemsg nac-quar "nac-quar-dlp"\par end\par config system replacemsg traffic-quota "per-ip-shaper-block"\par end\par config system replacemsg utm "virus-html"\par end\par config system replacemsg utm "virus-text"\par end\par config system replacemsg utm "dlp-html"\par end\par config system replacemsg utm "dlp-text"\par end\par config vpn certificate ca\par end\par config vpn certificate local\par end\par config user device-category\par edit "ipad"\par next\par edit "iphone"\par next\par edit "gaming-console"\par next\par edit "blackberry-phone"\par next\par edit "blackberry-playbook"\par next\par edit "linux-pc"\par next\par edit "mac"\par next\par edit "windows-pc"\par next\par edit "android-phone"\par next\par edit "android-tablet"\par next\par edit "media-streaming"\par next\par edit "windows-phone"\par next\par edit "windows-tablet"\par next\par edit "fortinet-device"\par next\par edit "ip-phone"\par next\par edit "router-nat-device"\par next\par edit "other-network-device"\par next\par edit "collected-emails"\par next\par edit "all"\par next\par end\par config antivirus service "http"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "https"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "ftp"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "ftps"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "pop3"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "pop3s"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "imap"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "imaps"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "smtp"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "smtps"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "nntp"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config antivirus service "im"\par set scan-bzip2 disable\par set uncompnestlimit 12\par set uncompsizelimit 10\par end\par config wanopt storage\par edit "HDD1"\par set size 67603\par next\par end\par config system session-sync\par end\par config system fortiguard\par set webfilter-sdns-server-ip "208.91.112.220" \par end\par config ips global\par set default-app-cat-mask 18446744073474670591\par set fail-open disable\par end\par config ips dbinfo\par set version 1\par end\par config gui console\par unset preferences\par end\par config system session-helper\par edit 1\par set name pptp\par set port 1723\par set protocol 6\par next\par edit 2\par set name h323\par set port 1720\par set protocol 6\par next\par edit 3\par set name ras\par set port 1719\par set protocol 17\par next\par edit 4\par set name tns\par set port 1521\par set protocol 6\par next\par edit 5\par set name tftp\par set port 69\par set protocol 17\par next\par edit 6\par set name rtsp\par set port 554\par set protocol 6\par next\par edit 7\par set name rtsp\par set port 7070\par set protocol 6\par next\par edit 8\par set name rtsp\par set port 8554\par set protocol 6\par next\par edit 9\par set name ftp\par set port 21\par set protocol 6\par next\par edit 10\par set name mms\par set port 1863\par set protocol 6\par next\par edit 11\par set name pmap\par set port 111\par set protocol 6\par next\par edit 12\par set name pmap\par set port 111\par set protocol 17\par next\par edit 13\par set name sip\par set port 5060\par set protocol 17\par next\par edit 14\par set name dns-udp\par set port 53\par set protocol 17\par next\par edit 15\par set name rsh\par set port 514\par set protocol 6\par next\par edit 16\par set name rsh\par set port 512\par set protocol 6\par next\par edit 17\par set name dcerpc\par set port 135\par set protocol 6\par next\par edit 18\par set name dcerpc\par set port 135\par set protocol 17\par next\par edit 19\par set name mgcp\par set port 2427\par set protocol 17\par next\par edit 20\par set name mgcp\par set port 2727\par set protocol 17\par next\par end\par config system auto-install\par set auto-install-config enable\par set auto-install-image enable\par end\par config system ntp\par set interface "MGMT"\par config ntpserver\par edit 1\par set server "pol.time.org"\par next\par end\par set ntpsync enable\par set server-mode enable\par set syncinterval 5\par set type custom\par end\par config system settings\par end\par config firewall address\par edit "all"\par next\par edit "SSLVPN_TUNNEL_ADDR1"\par set type iprange\par set end-ip 10.212.134.210\par set start-ip 10.212.134.200\par next\par edit "Internal-Interface"\par set associated-interface "port19"\par set subnet 192.168.10.100 255.255.255.255\par next\par edit "IMAC,PMO-OFF,MGMT-OFF-INTERNET"\par set type iprange\par set end-ip 192.168.169.0\par set start-ip 192.168.167.0\par next\par edit "Testing Servers"\par set associated-interface "Point-to-Point"\par set subnet 192.168.170.101 255.255.255.255\par next\par edit "MGMT"\par set associated-interface "Point-to-Point"\par set comment "Nexus switches accessing NTP server"\par set subnet 192.168.180.0 255.255.255.0\par next\par edit "Subnet-192.168.161.0"\par set associated-interface "Point-to-Point"\par set comment "Access To NTP service in UTM"\par set subnet 192.168.161.0 255.255.255.0\par next\par edit "WSUS-Servers"\par set associated-interface "WSUS/AV"\par set comment "Access To NTP service in UTM"\par set subnet 192.168.174.101 255.255.255.255\par next\par edit "SUPER ADMINISTRATOR"\par set associated-interface "MGMT-OFFICE"\par set subnet 192.168.165.11 255.255.255.255\par next\par edit "Subnet-192.168.175.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.175.0 255.255.255.0\par next\par edit "Subnet-192.168.162.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.162.0 255.255.255.0\par next\par edit "Subnet-192.168.163.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.163.0 255.255.255.0\par next\par edit "Subnet-192.168.164.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.164.0 255.255.255.0\par next\par edit "Subnet-192.168.165.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.165.0 255.255.255.0\par next\par edit "Subnet-192.168.170.0"\par set subnet 192.168.170.0 255.255.255.0\par next\par edit "Subnet-192.168.173.0"\par set associated-interface "Point-to-Point"\par set subnet 92.168.173.0 255.255.255.0\par next\par edit "KOM4-SUBNETS"\par set type iprange\par set end-ip 192.168.169.0\par set start-ip 192.168.166.0\par next\par edit "Subnet-192.168.171.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.171.0 255.255.255.0\par next\par edit "Subnet-192.168.172.0"\par set associated-interface "Point-to-Point"\par set subnet 192.168.172.0 255.255.255.0\par next\par edit "NMS-Server"\par set associated-interface "Point-to-Point"\par set subnet 192.168.173.15 255.255.255.255\par next\par edit "BACKUP-Server"\par set associated-interface "Point-to-Point"\par set subnet 192.168.173.13 255.255.255.255\par next\par edit "Fortigate-INT-NTP"\par set associated-interface "MGMT"\par set comment "For Accessing NTP"\par set subnet 192.168.180.1 255.255.255.255\par next\par edit "INTERNET-NTP"\par set associated-interface "port16"\par set type fqdn\par set fqdn "pool.ntp.org"\par next\par edit "FDNA696003-MGMT"\par set associated-interface "FDNA696003-MGMT"\par set subnet 192.168.182.2 255.255.255.255\par next\par edit "FDNA696004-MGMT"\par set associated-interface "FDNA696004-MGMT"\par set subnet 192.168.183.2 255.255.255.255\par next\par edit "FDNA696005-MGMT"\par set associated-interface "FDNA696005-MGMT"\par set subnet 192.168.184.2 255.255.255.255\par next\par end\par config firewall multicast-address\par edit "all"\par set end-ip 239.255.255.255\par set start-ip 224.0.0.0\par next\par edit "all_hosts"\par set end-ip 224.0.0.1\par set start-ip 224.0.0.1\par next\par edit "all_routers"\par set end-ip 224.0.0.2\par set start-ip 224.0.0.2\par next\par edit "Bonjour"\par set end-ip 224.0.0.251\par set start-ip 224.0.0.251\par next\par edit "EIGRP"\par set end-ip 224.0.0.10\par set start-ip 224.0.0.10\par next\par edit "OSPF"\par set end-ip 224.0.0.6\par set start-ip 224.0.0.5\par next\par end\par config firewall address6\par edit "all"\par next\par edit "SSLVPN_TUNNEL_IPv6_ADDR1"\par set ip6 fdff:ffff::/120\par next\par end\par config firewall addrgrp\par edit "Subnet-192.168.161.0 & 192.168.175.0"\par set comment "Access To NTP service in UTM"\par set member "Subnet-192.168.161.0" "Subnet-192.168.175.0"\par next\par edit "Subnet-192.168.161.0-192.168.165.0"\par set member "Subnet-192.168.161.0" "Subnet-192.168.162.0" "Subnet-192.168.163.0" "Subnet-192.168.164.0" "Subnet-192.168.165.0" "Subnet-192.168.170.0" "Subnet-192.168.173.0" "Subnet-192.168.175.0"\par next\par edit "Internet-Access"\par set member "KOM4-SUBNETS" "WSUS-Servers"\par next\par edit "All Subnets"\par set member "KOM4-SUBNETS" "Subnet-192.168.161.0" "Subnet-192.168.162.0" "Subnet-192.168.163.0" "Subnet-192.168.164.0" "Subnet-192.168.165.0" "Subnet-192.168.170.0" "Subnet-192.168.171.0" "Subnet-192.168.172.0" "Subnet-192.168.173.0" "Subnet-192.168.175.0"\par next\par edit "ACCESS SWITCHES MGMT"\par set member "FDNA696003-MGMT"\par next\par end\par config firewall service category\par edit "General"\par set comment "general services"\par next\par edit "Web Access"\par set comment "web access"\par next\par edit "File Access"\par set comment "file access"\par next\par edit "Email"\par set comment "email services"\par next\par edit "Network Services"\par set comment "network services"\par next\par edit "Authentication"\par set comment "authentication service"\par next\par edit "Remote Access"\par set comment "remote access"\par next\par edit "Tunneling"\par set comment "tunneling service"\par next\par edit "VoIP, Messaging & Other Applications"\par set comment "VoIP, messaging, and other applications"\par next\par edit "Web Proxy"\par set comment "Explicit web proxy"\par next\par end\par config firewall service custom\par edit "ALL"\par set category "General"\par set protocol IP\par set protocol-number 0\par next\par edit "ALL_TCP"\par set category "General"\par set tcp-portrange 1-65535\par next\par edit "ALL_UDP"\par set category "General"\par set tcp-portrange 0:0\par set udp-portrange 1-65535\par next\par edit "ALL_ICMP"\par set category "General"\par set protocol ICMP\par unset icmptype\par next\par edit "ALL_ICMP6"\par set category "General"\par set protocol ICMP6\par unset icmptype\par next\par edit "GRE"\par set category "Tunneling"\par set protocol IP\par set protocol-number 47\par next\par edit "AH"\par set category "Tunneling"\par set protocol IP\par set protocol-number 51\par next\par edit "ESP"\par set category "Tunneling"\par set protocol IP\par set protocol-number 50\par next\par edit "AOL"\par set visibility disable\par set tcp-portrange 5190-5194\par next\par edit "BGP"\par set category "Network Services"\par set tcp-portrange 179\par next\par edit "DHCP"\par set category "Network Services"\par set tcp-portrange 0:0\par set udp-portrange 67-68\par next\par edit "DNS"\par set category "Network Services"\par set tcp-portrange 53\par set udp-portrange 53\par next\par edit "FINGER"\par set visibility disable\par set tcp-portrange 79\par next\par edit "FTP"\par set category "File Access"\par set tcp-portrange 21\par next\par edit "FTP_GET"\par set category "File Access"\par set tcp-portrange 21\par next\par edit "FTP_PUT"\par set category "File Access"\par set tcp-portrange 21\par next\par edit "GOPHER"\par set visibility disable\par set tcp-portrange 70\par next\par edit "H323"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 1720 1503\par set udp-portrange 1719\par next\par edit "HTTP"\par set category "Web Access"\par set tcp-portrange 80\par next\par edit "HTTPS"\par set category "Web Access"\par set tcp-portrange 443\par next\par edit "IKE"\par set category "Tunneling"\par set tcp-portrange 0:0\par set udp-portrange 500 4500\par next\par edit "IMAP"\par set category "Email"\par set tcp-portrange 143\par next\par edit "IMAPS"\par set category "Email"\par set tcp-portrange 993\par next\par edit "Internet-Locator-Service"\par set visibility disable\par set tcp-portrange 389\par next\par edit "IRC"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 6660-6669\par next\par edit "L2TP"\par set category "Tunneling"\par set tcp-portrange 1701\par set udp-portrange 1701\par next\par edit "LDAP"\par set category "Authentication"\par set tcp-portrange 389\par next\par edit "NetMeeting"\par set visibility disable\par set tcp-portrange 1720\par next\par edit "NFS"\par set category "File Access"\par set tcp-portrange 111 2049\par set udp-portrange 111 2049\par next\par edit "NNTP"\par set visibility disable\par set tcp-portrange 119\par next\par edit "NTP"\par set category "Network Services"\par set tcp-portrange 123\par set udp-portrange 123\par next\par edit "OSPF"\par set category "Network Services"\par set protocol IP\par set protocol-number 89\par next\par edit "PC-Anywhere"\par set category "Remote Access"\par set tcp-portrange 5631\par set udp-portrange 5632\par next\par edit "PING"\par set category "Network Services"\par set protocol ICMP\par set icmptype 8\par unset icmpcode\par next\par edit "TIMESTAMP"\par set protocol ICMP\par set visibility disable\par set icmptype 13\par unset icmpcode\par next\par edit "INFO_REQUEST"\par set protocol ICMP\par set visibility disable\par set icmptype 15\par unset icmpcode\par next\par edit "INFO_ADDRESS"\par set protocol ICMP\par set visibility disable\par set icmptype 17\par unset icmpcode\par next\par edit "ONC-RPC"\par set category "Remote Access"\par set tcp-portrange 111\par set udp-portrange 111\par next\par edit "DCE-RPC"\par set category "Remote Access"\par set tcp-portrange 135\par set udp-portrange 135\par next\par edit "POP3"\par set category "Email"\par set tcp-portrange 110\par next\par edit "POP3S"\par set category "Email"\par set tcp-portrange 995\par next\par edit "PPTP"\par set category "Tunneling"\par set tcp-portrange 1723\par next\par edit "QUAKE"\par set visibility disable\par set tcp-portrange 0:0\par set udp-portrange 26000 27000 27910 27960\par next\par edit "RAUDIO"\par set visibility disable\par set tcp-portrange 0:0\par set udp-portrange 7070\par next\par edit "REXEC"\par set visibility disable\par set tcp-portrange 512\par next\par edit "RIP"\par set category "Network Services"\par set tcp-portrange 0:0\par set udp-portrange 520\par next\par edit "RLOGIN"\par set visibility disable\par set tcp-portrange 513:512-1023\par next\par edit "RSH"\par set visibility disable\par set tcp-portrange 514:512-1023\par next\par edit "SCCP"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 2000\par next\par edit "SIP"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 5060\par set udp-portrange 5060\par next\par edit "SIP-MSNmessenger"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 1863\par next\par edit "SAMBA"\par set category "File Access"\par set tcp-portrange 139\par next\par edit "SMTP"\par set category "Email"\par set tcp-portrange 25\par next\par edit "SMTPS"\par set category "Email"\par set tcp-portrange 465\par next\par edit "SNMP"\par set category "Network Services"\par set tcp-portrange 161-162\par set udp-portrange 161-162\par next\par edit "SSH"\par set category "Remote Access"\par set tcp-portrange 22\par next\par edit "SYSLOG"\par set category "Network Services"\par set tcp-portrange 0:0\par set udp-portrange 514\par next\par edit "TALK"\par set visibility disable\par set tcp-portrange 0:0\par set udp-portrange 517-518\par next\par edit "TELNET"\par set category "Remote Access"\par set tcp-portrange 23\par next\par edit "TFTP"\par set category "File Access"\par set tcp-portrange 0:0\par set udp-portrange 69\par next\par edit "MGCP"\par set visibility disable\par set tcp-portrange 0:0\par set udp-portrange 2427 2727\par next\par edit "UUCP"\par set visibility disable\par set tcp-portrange 540\par next\par edit "VDOLIVE"\par set visibility disable\par set tcp-portrange 7000-7010\par next\par edit "WAIS"\par set visibility disable\par set tcp-portrange 210\par next\par edit "WINFRAME"\par set visibility disable\par set tcp-portrange 1494 2598\par next\par edit "X-WINDOWS"\par set category "Remote Access"\par set tcp-portrange 6000-6063\par next\par edit "PING6"\par set protocol ICMP6\par set visibility disable\par set icmptype 128\par unset icmpcode\par next\par edit "MS-SQL"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 1433 1434\par next\par edit "MYSQL"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 3306\par next\par edit "RDP"\par set category "Remote Access"\par set tcp-portrange 3389\par next\par edit "VNC"\par set category "Remote Access"\par set tcp-portrange 5900\par next\par edit "DHCP6"\par set category "Network Services"\par set tcp-portrange 0:0\par set udp-portrange 546 547\par next\par edit "SQUID"\par set category "Tunneling"\par set tcp-portrange 3128\par next\par edit "SOCKS"\par set category "Tunneling"\par set tcp-portrange 1080\par set udp-portrange 1080\par next\par edit "WINS"\par set category "Remote Access"\par set tcp-portrange 1512\par set udp-portrange 1512\par next\par edit "RADIUS"\par set category "Authentication"\par set tcp-portrange 0:0\par set udp-portrange 1812 1813\par next\par edit "RADIUS-OLD"\par set visibility disable\par set tcp-portrange 0:0\par set udp-portrange 1645 1646\par next\par edit "CVSPSERVER"\par set visibility disable\par set tcp-portrange 2401\par set udp-portrange 2401\par next\par edit "AFS3"\par set category "File Access"\par set tcp-portrange 7000-7009\par set udp-portrange 7000-7009\par next\par edit "TRACEROUTE"\par set category "Network Services"\par set tcp-portrange 0:0\par set udp-portrange 33434-33535\par next\par edit "RTSP"\par set category "VoIP, Messaging & Other Applications"\par set tcp-portrange 554 7070 8554\par set udp-portrange 554\par next\par edit "MMS"\par set visibility disable\par set tcp-portrange 1755\par set udp-portrange 1024-5000\par next\par edit "KERBEROS"\par set category "Authentication"\par set tcp-portrange 88\par set udp-portrange 88\par next\par edit "LDAP_UDP"\par set category "Authentication"\par set tcp-portrange 0:0\par set udp-portrange 389\par next\par edit "SMB"\par set category "File Access"\par set tcp-portrange 445\par next\par edit "webproxy"\par set explicit-proxy enable\par set category "Web Proxy"\par set protocol ALL\par set tcp-portrange 0-65535:0-65535\par next\par edit "Customize_Ports"\par set category "General"\par set tcp-portrange 1-50:0\par next\par end\par config firewall service group\par edit "Email Access"\par set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"\par next\par edit "Web Access"\par set member "DNS" "HTTP" "HTTPS"\par next\par edit "Windows AD"\par set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"\par next\par edit "Exchange Server"\par set member "DCE-RPC" "DNS" "HTTPS"\par next\par end\par config webfilter ftgd-local-cat\par edit "custom1"\par set id 140\par next\par edit "custom2"\par set id 141\par next\par end\par config ips sensor\par edit "default"\par set comment "prevent critical attacks"\par config entries\par edit 1\par set severity medium high critical \par next\par end\par next\par edit "all_default"\par set comment "all predefined signatures with default setting"\par config entries\par edit 1\par next\par end\par next\par edit "all_default_pass"\par set comment "all predefined signatures with PASS action"\par config entries\par edit 1\par set action pass\par next\par end\par next\par edit "protect_http_server"\par set comment "protect against HTTP server-side vulnerabilities"\par config entries\par edit 1\par set location server \par set protocol HTTP \par next\par end\par next\par edit "protect_email_server"\par set comment "protect against EMail server-side vulnerabilities"\par config entries\par edit 1\par set location server \par set protocol SMTP POP3 IMAP \par next\par end\par next\par edit "protect_client"\par set comment "protect against client-side vulnerabilities"\par config entries\par edit 1\par set location client \par next\par end\par next\par edit "high_security"\par set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"\par config entries\par edit 1\par set action block\par set severity medium high critical \par set status enable\par next\par edit 2\par set severity low \par next\par end\par next\par end\par config firewall shaper traffic-shaper\par edit "high-priority"\par set maximum-bandwidth 1048576\par set per-policy enable\par next\par edit "medium-priority"\par set maximum-bandwidth 1048576\par set per-policy enable\par set priority medium\par next\par edit "low-priority"\par set maximum-bandwidth 1048576\par set per-policy enable\par set priority low\par next\par edit "guarantee-100kbps"\par set guaranteed-bandwidth 100\par set maximum-bandwidth 1048576\par set per-policy enable\par next\par edit "shared-1M-pipe"\par set maximum-bandwidth 1024\par next\par end\par config application list\par edit "default"\par set comment "monitor all applications"\par config entries\par edit 1\par set action pass\par next\par end\par next\par edit "block-p2p"\par config entries\par edit 1\par set category 2\par next\par end\par next\par edit "monitor-p2p-and-media"\par config entries\par edit 1\par set action pass\par set category 2\par next\par edit 2\par set action pass\par set category 5\par next\par end\par next\par end\par config dlp filepattern\par edit 1\par config entries\par edit "*.bat"\par next\par edit "*.com"\par next\par edit "*.dll"\par next\par edit "*.doc"\par next\par edit "*.exe"\par next\par edit "*.gz"\par next\par edit "*.hta"\par next\par edit "*.ppt"\par next\par edit "*.rar"\par next\par edit "*.scr"\par next\par edit "*.tar"\par next\par edit "*.tgz"\par next\par edit "*.vb?"\par next\par edit "*.wps"\par next\par edit "*.xl?"\par next\par edit "*.zip"\par next\par edit "*.pif"\par next\par edit "*.cpl"\par next\par end\par set name "builtin-patterns"\par next\par edit 2\par config entries\par edit "bat"\par set filter-type type\par set file-type bat\par next\par edit "exe"\par set filter-type type\par set file-type exe\par next\par edit "elf"\par set filter-type type\par set file-type elf\par next\par edit "hta"\par set filter-type type\par set file-type hta\par next\par end\par set name "all_executables"\par next\par end\par config dlp fp-sensitivity\par edit "Private"\par next\par edit "Critical"\par next\par edit "Warning"\par next\par end\par config dlp sensor\par edit "default"\par set comment "summary archive email and web traffic"\par set summary-proto smtp pop3 imap http-get http-post\par next\par edit "Content_Summary"\par set summary-proto smtp pop3 imap http-get http-post ftp nntp aim icq msn yahoo mapi\par next\par edit "Content_Archive"\par set full-archive-proto smtp pop3 imap http-get http-post ftp nntp aim icq msn yahoo mapi\par set summary-proto smtp pop3 imap http-get http-post ftp nntp aim icq msn yahoo mapi\par next\par edit "Large-File"\par config filter\par edit 1\par set proto smtp pop3 imap http-get http-post mapi\par set filter-by file-size\par set file-size 5120\par set action log-only\par next\par end\par next\par edit "Credit-Card"\par config filter\par edit 1\par set proto smtp pop3 imap http-get http-post mapi\par set action log-only\par next\par edit 2\par set type message\par set proto smtp pop3 imap http-post mapi\par set action log-only\par next\par end\par next\par edit "SSN-Sensor"\par set comment "Match SSN numbers but NOT WebEx invite emails"\par config filter\par edit 1\par set type message\par set proto smtp pop3 imap mapi\par set filter-by regexp\par set regexp "WebEx"\par next\par edit 2\par set type message\par set proto smtp pop3 imap mapi\par set filter-by ssn\par set action log-only\par next\par edit 3\par set proto smtp pop3 imap http-get http-post ftp mapi\par set filter-by ssn\par set action log-only\par next\par end\par next\par end\par config webfilter content\par end\par config webfilter urlfilter\par end\par config spamfilter bword\par end\par config spamfilter bwl\par end\par config spamfilter mheader\par end\par config spamfilter dnsbl\par end\par config spamfilter iptrust\par end\par config client-reputation profile\par config web\par edit 1\par set group 1\par set level medium\par next\par edit 2\par set group 5\par set level critical\par next\par end\par config application\par edit 1\par set category 2\par next\par edit 2\par set category 6\par set level medium\par next\par edit 3\par set category 19\par set level high\par next\par end\par end\par config icap profile\par edit "default"\par next\par end\par config vpn ssl settings\par set port 443\par end\par config vpn ssl web host-check-software\par edit "FortiClient-AV"\par set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"\par next\par edit "FortiClient-FW"\par set guid "528CB157-D384-4593-AAAA-E42DFF111CED"\par set type fw\par next\par edit "FortiClient-AV-Vista-Win7"\par set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"\par next\par edit "FortiClient-FW-Vista-Win7"\par set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"\par set type fw\par next\par edit "AVG-Internet-Security-AV"\par set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"\par next\par edit "AVG-Internet-Security-FW"\par set guid "8DECF618-9569-4340-B34A-D78D28969B66"\par set type fw\par next\par edit "AVG-Internet-Security-AV-Vista-Win7"\par set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"\par next\par edit "AVG-Internet-Security-FW-Vista-Win7"\par set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"\par set type fw\par next\par edit "CA-Anti-Virus"\par set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"\par next\par edit "CA-Internet-Security-AV"\par set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"\par next\par edit "CA-Internet-Security-FW"\par set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"\par set type fw\par next\par edit "CA-Internet-Security-AV-Vista-Win7"\par set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"\par next\par edit "CA-Internet-Security-FW-Vista-Win7"\par set guid "06D680B0-4024-4FAB-E710-E675E50F6324"\par set type fw\par next\par edit "CA-Personal-Firewall"\par set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"\par set type fw\par next\par edit "F-Secure-Internet-Security-AV"\par set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"\par next\par edit "F-Secure-Internet-Security-FW"\par set guid "D4747503-0346-49EB-9262-997542F79BF4"\par set type fw\par next\par edit "F-Secure-Internet-Security-AV-Vista-Win7"\par set guid "15414183-282E-D62C-CA37-EF24860A2F17"\par next\par edit "F-Secure-Internet-Security-FW-Vista-Win7"\par set guid "2D7AC0A6-6241-D774-E168-461178D9686C"\par set type fw\par next\par edit "Kaspersky-AV"\par set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"\par next\par edit "Kaspersky-FW"\par set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"\par set type fw\par next\par edit "Kaspersky-AV-Vista-Win7"\par set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"\par next\par edit "Kaspersky-FW-Vista-Win7"\par set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"\par set type fw\par next\par edit "McAfee-Internet-Security-Suite-AV"\par set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"\par next\par edit "McAfee-Internet-Security-Suite-FW"\par set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"\par set type fw\par next\par edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"\par set guid "86355677-4064-3EA7-ABB3-1B136EB04637"\par next\par edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"\par set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"\par set type fw\par next\par edit "McAfee-Virus-Scan-Enterprise"\par set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"\par next\par edit "Norton-360-2.0-AV"\par set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"\par next\par edit "Norton-360-2.0-FW"\par set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"\par set type fw\par next\par edit "Norton-360-3.0-AV"\par set guid "E10A9785-9598-4754-B552-92431C1C35F8"\par next\par edit "Norton-360-3.0-FW"\par set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"\par set type fw\par next\par edit "Norton-Internet-Security-AV"\par set guid "E10A9785-9598-4754-B552-92431C1C35F8"\par next\par edit "Norton-Internet-Security-FW"\par set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"\par set type fw\par next\par edit "Norton-Internet-Security-AV-Vista-Win7"\par set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"\par next\par edit "Norton-Internet-Security-FW-Vista-Win7"\par set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"\par set type fw\par next\par edit "Symantec-Endpoint-Protection-AV"\par set guid "FB06448E-52B8-493A-90F3-E43226D3305C"\par next\par edit "Symantec-Endpoint-Protection-FW"\par set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"\par set type fw\par next\par edit "Symantec-Endpoint-Protection-AV-Vista-Win7"\par set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"\par next\par edit "Symantec-Endpoint-Protection-FW-Vista-Win7"\par set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"\par set type fw\par next\par edit "Panda-Antivirus+Firewall-2008-AV"\par set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"\par next\par edit "Panda-Antivirus+Firewall-2008-FW"\par set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"\par set type fw\par next\par edit "Panda-Internet-Security-AV"\par set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"\par next\par edit "Panda-Internet-Security-2006~2007-FW"\par set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"\par set type fw\par next\par edit "Panda-Internet-Security-2008~2009-FW"\par set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"\par set type fw\par next\par edit "Sophos-Anti-Virus"\par set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"\par next\par edit "Sophos-Enpoint-Secuirty-and-Control-FW"\par set guid "0786E95E-326A-4524-9691-41EF88FB52EA"\par set type fw\par next\par edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"\par set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"\par next\par edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"\par set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"\par set type fw\par next\par edit "Trend-Micro-AV"\par set guid "7D2296BC-32CC-4519-917E-52E652474AF5"\par next\par edit "Trend-Micro-FW"\par set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"\par set type fw\par next\par edit "Trend-Micro-AV-Vista-Win7"\par set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"\par next\par edit "Trend-Micro-FW-Vista-Win7"\par set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"\par set type fw\par next\par edit "ZoneAlarm-AV"\par set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"\par next\par edit "ZoneAlarm-FW"\par set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"\par set type fw\par next\par edit "ZoneAlarm-AV-Vista-Win7"\par set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"\par next\par edit "ZoneAlarm-FW-Vista-Win7"\par set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"\par set type fw\par next\par end\par config vpn ssl web portal\par edit "full-access"\par set allow-access web ftp smb telnet ssh vnc rdp ping citrix rdpnative portforward\par set page-layout double-column\par config widget\par edit 1\par set name "Tunnel Mode"\par set type tunnel\par set column two\par set split-tunneling enable\par set ip-pools "SSLVPN_TUNNEL_ADDR1"\par set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"\par next\par edit 2\par set name "Session Information"\par set type info\par next\par edit 3\par set name "Bookmarks"\par set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward\par next\par edit 4\par set name "Connection Tool"\par set type tool\par set column two\par set allow-apps web ftp smb telnet ssh vnc rdp ping citrix rdpnative portforward\par next\par edit 5\par set name "Login History"\par set type history\par next\par edit 6\par set name "FortiClient Download"\par set type forticlient-download\par set column two\par next\par end\par next\par edit "web-access"\par set allow-access web ftp smb telnet ssh vnc rdp ping citrix rdpnative portforward\par config widget\par edit 1\par set name "Session Information"\par set type info\par next\par edit 2\par set name "Bookmarks"\par set allow-apps web ftp smb telnet ssh vnc rdp citrix rdpnative portforward\par next\par end\par next\par edit "tunnel-access"\par config widget\par edit 1\par set name "Tunnel Mode"\par set type tunnel\par set split-tunneling enable\par set ip-pools "SSLVPN_TUNNEL_ADDR1"\par set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"\par next\par edit 2\par set name "Session Information"\par set type info\par next\par end\par next\par end\par config user local\par edit "guest"\par set type password\par set passwd ENC R8Kjex2D9XKAiUpTho7e+9CAhKqumP4h6f7g97VrjgVHA9iVpCOFstoKQmBJ/jDPoUDecNKiIJpzk4X81QPUROeztdPNAp6LFJfDGQwUF9WxQB8ggqSo0jj5dxlc3emvg7AYW1PsSYlOCG7CIt/bYjeJNJWJXoOf7UG79wbqRx0DrspWj5WOXMPrOaCCDg1GGKCcFA==\par next\par end\par config user group\par edit "FSSO_Guest_Users"\par set group-type fsso-service\par next\par edit "Guest-group"\par set member "guest"\par next\par end\par config voip profile\par edit "default"\par set comment "default VoIP profile"\par next\par edit "strict"\par config sip\par set malformed-request-line discard\par set malformed-header-via discard\par set malformed-header-from discard\par set malformed-header-to discard\par set malformed-header-call-id discard\par set malformed-header-cseq discard\par set malformed-header-rack discard\par set malformed-header-rseq discard\par set malformed-header-contact discard\par set malformed-header-record-route discard\par set malformed-header-route discard\par set malformed-header-expires discard\par set malformed-header-content-type discard\par set malformed-header-content-length discard\par set malformed-header-max-forwards discard\par set malformed-header-allow discard\par set malformed-header-p-asserted-identity discard\par set malformed-header-sdp-v discard\par set malformed-header-sdp-o discard\par set malformed-header-sdp-s discard\par set malformed-header-sdp-i discard\par set malformed-header-sdp-c discard\par set malformed-header-sdp-b discard\par set malformed-header-sdp-z discard\par set malformed-header-sdp-k discard\par set malformed-header-sdp-a discard\par set malformed-header-sdp-t discard\par set malformed-header-sdp-r discard\par set malformed-header-sdp-m discard\par end\par next\par end\par config webfilter profile\par edit "default"\par set comment "default web filtering"\par set post-action comfort\par config ftgd-wf\par config filters\par edit 1\par set action warning\par set category 2\par next\par edit 2\par set action warning\par set category 7\par next\par edit 3\par set action warning\par set category 8\par next\par edit 4\par set action warning\par set category 9\par next\par edit 5\par set action warning\par set category 11\par next\par edit 6\par set action warning\par set category 12\par next\par edit 7\par set action warning\par set category 13\par next\par edit 8\par set action warning\par set category 14\par next\par edit 9\par set action warning\par set category 15\par next\par edit 10\par set action warning\par set category 16\par next\par edit 11\par set action warning\par next\par edit 12\par set action warning\par set category 57\par next\par edit 13\par set action warning\par set category 63\par next\par edit 14\par set action warning\par set category 64\par next\par edit 15\par set action warning\par set category 65\par next\par edit 16\par set action warning\par set category 66\par next\par edit 17\par set action warning\par set category 67\par next\par edit 18\par set action block\par set category 26\par next\par end\par end\par next\par edit "web-filter-flow"\par set comment "flow-based web filter profile"\par set inspection-mode flow-based\par set post-action comfort\par config ftgd-wf\par config filters\par edit 1\par set action warning\par set category 2\par next\par edit 2\par set action warning\par set category 7\par next\par edit 3\par set action warning\par set category 8\par next\par edit 4\par set action warning\par set category 9\par next\par edit 5\par set action warning\par set category 11\par next\par edit 6\par set action warning\par set category 12\par next\par edit 7\par set action warning\par set category 13\par next\par edit 8\par set action warning\par set category 14\par next\par edit 9\par set action warning\par set category 15\par next\par edit 10\par set action warning\par set category 16\par next\par edit 11\par set action warning\par next\par edit 12\par set action warning\par set category 57\par next\par edit 13\par set action warning\par set category 63\par next\par edit 14\par set action warning\par set category 64\par next\par edit 15\par set action warning\par set category 65\par next\par edit 16\par set action warning\par set category 66\par next\par edit 17\par set action warning\par set category 67\par next\par edit 18\par set action block\par set category 26\par next\par end\par end\par next\par edit "monitor-all"\par set comment "monitor and log all visited URLs, proxy based"\par config ftgd-wf\par unset options\par unset exempt-ssl\par config filters\par edit 1\par set category 1\par next\par edit 2\par set category 3\par next\par edit 3\par set category 4\par next\par edit 4\par set category 5\par next\par edit 5\par set category 6\par next\par edit 6\par set category 12\par next\par edit 7\par set category 59\par next\par edit 8\par set category 62\par next\par edit 9\par set category 83\par next\par edit 10\par set category 2\par next\par edit 11\par set category 7\par next\par edit 12\par set category 8\par next\par edit 13\par set category 9\par next\par edit 14\par set category 11\par next\par edit 15\par set category 13\par next\par edit 16\par set category 14\par next\par edit 17\par set category 15\par next\par edit 18\par set category 16\par next\par edit 19\par set category 57\par next\par edit 20\par set category 63\par next\par edit 21\par set category 64\par next\par edit 22\par set category 65\par next\par edit 23\par set category 66\par next\par edit 24\par set category 67\par next\par edit 25\par set category 19\par next\par edit 26\par set category 24\par next\par edit 27\par set category 25\par next\par edit 28\par set category 72\par next\par edit 29\par set category 75\par next\par edit 30\par set category 76\par next\par edit 31\par set category 26\par next\par edit 32\par set category 61\par next\par edit 33\par set category 86\par next\par edit 34\par set category 17\par next\par edit 35\par set category 18\par next\par edit 36\par set category 20\par next\par edit 37\par set category 23\par next\par edit 38\par set category 28\par next\par edit 39\par set category 29\par next\par edit 40\par set category 30\par next\par edit 41\par set category 33\par next\par edit 42\par set category 34\par next\par edit 43\par set category 35\par next\par edit 44\par set category 36\par next\par edit 45\par set category 37\par next\par edit 46\par set category 38\par next\par edit 47\par set category 39\par next\par edit 48\par set category 40\par next\par edit 49\par set category 42\par next\par edit 50\par set category 44\par next\par edit 51\par set category 46\par next\par edit 52\par set category 47\par next\par edit 53\par set category 48\par next\par edit 54\par set category 54\par next\par edit 55\par set category 55\par next\par edit 56\par set category 58\par next\par edit 57\par set category 68\par next\par edit 58\par set category 69\par next\par edit 59\par set category 70\par next\par edit 60\par set category 71\par next\par edit 61\par set category 77\par next\par edit 62\par set category 78\par next\par edit 63\par set category 79\par next\par edit 64\par set category 80\par next\par edit 65\par set category 82\par next\par edit 66\par set category 85\par next\par edit 67\par set category 87\par next\par edit 68\par set category 31\par next\par edit 69\par set category 41\par next\par edit 70\par set category 43\par next\par edit 71\par set category 49\par next\par edit 72\par set category 50\par next\par edit 73\par set category 51\par next\par edit 74\par set category 52\par next\par edit 75\par set category 53\par next\par edit 76\par set category 56\par next\par edit 77\par set category 81\par next\par edit 78\par set category 84\par next\par edit 79\par next\par end\par end\par set log-all-url enable\par set web-content-log disable\par set web-filter-activex-log disable\par set web-filter-command-block-log disable\par set web-filter-cookie-log disable\par set web-filter-applet-log disable\par set web-filter-jscript-log disable\par set web-filter-js-log disable\par set web-filter-vbs-log disable\par set web-filter-unknown-log disable\par set web-filter-referer-log disable\par set web-filter-cookie-removal-log disable\par set web-url-log disable\par set web-invalid-domain-log disable\par set web-ftgd-err-log disable\par set web-ftgd-quota-usage disable\par next\par edit "flow-monitor-all"\par set comment "monitor and log all visited URLs, flow based"\par set inspection-mode flow-based\par config ftgd-wf\par unset options\par unset exempt-ssl\par config filters\par edit 1\par set category 1\par next\par edit 2\par set category 3\par next\par edit 3\par set category 4\par next\par edit 4\par set category 5\par next\par edit 5\par set category 6\par next\par edit 6\par set category 12\par next\par edit 7\par set category 59\par next\par edit 8\par set category 62\par next\par edit 9\par set category 83\par next\par edit 10\par set category 2\par next\par edit 11\par set category 7\par next\par edit 12\par set category 8\par next\par edit 13\par set category 9\par next\par edit 14\par set category 11\par next\par edit 15\par set category 13\par next\par edit 16\par set category 14\par next\par edit 17\par set category 15\par next\par edit 18\par set category 16\par next\par edit 19\par set category 57\par next\par edit 20\par set category 63\par next\par edit 21\par set category 64\par next\par edit 22\par set category 65\par next\par edit 23\par set category 66\par next\par edit 24\par set category 67\par next\par edit 25\par set category 19\par next\par edit 26\par set category 24\par next\par edit 27\par set category 25\par next\par edit 28\par set category 72\par next\par edit 29\par set category 75\par next\par edit 30\par set category 76\par next\par edit 31\par set category 26\par next\par edit 32\par set category 61\par next\par edit 33\par set category 86\par next\par edit 34\par set category 17\par next\par edit 35\par set category 18\par next\par edit 36\par set category 20\par next\par edit 37\par set category 23\par next\par edit 38\par set category 28\par next\par edit 39\par set category 29\par next\par edit 40\par set category 30\par next\par edit 41\par set category 33\par next\par edit 42\par set category 34\par next\par edit 43\par set category 35\par next\par edit 44\par set category 36\par next\par edit 45\par set category 37\par next\par edit 46\par set category 38\par next\par edit 47\par set category 39\par next\par edit 48\par set category 40\par next\par edit 49\par set category 42\par next\par edit 50\par set category 44\par next\par edit 51\par set category 46\par next\par edit 52\par set category 47\par next\par edit 53\par set category 48\par next\par edit 54\par set category 54\par next\par edit 55\par set category 55\par next\par edit 56\par set category 58\par next\par edit 57\par set category 68\par next\par edit 58\par set category 69\par next\par edit 59\par set category 70\par next\par edit 60\par set category 71\par next\par edit 61\par set category 77\par next\par edit 62\par set category 78\par next\par edit 63\par set category 79\par next\par edit 64\par set category 80\par next\par edit 65\par set category 82\par next\par edit 66\par set category 85\par next\par edit 67\par set category 87\par next\par edit 68\par set category 31\par next\par edit 69\par set category 41\par next\par edit 70\par set category 43\par next\par edit 71\par set category 49\par next\par edit 72\par set category 50\par next\par edit 73\par set category 51\par next\par edit 74\par set category 52\par next\par edit 75\par set category 53\par next\par edit 76\par set category 56\par next\par edit 77\par set category 81\par next\par edit 78\par set category 84\par next\par edit 79\par next\par end\par end\par set log-all-url enable\par set web-content-log disable\par set web-filter-activex-log disable\par set web-filter-command-block-log disable\par set web-filter-cookie-log disable\par set web-filter-applet-log disable\par set web-filter-jscript-log disable\par set web-filter-js-log disable\par set web-filter-vbs-log disable\par set web-filter-unknown-log disable\par set web-filter-referer-log disable\par set web-filter-cookie-removal-log disable\par set web-url-log disable\par set web-invalid-domain-log disable\par set web-ftgd-err-log disable\par set web-ftgd-quota-usage disable\par next\par end\par config webfilter override\par end\par config webfilter override-user\par end\par config webfilter ftgd-warning\par end\par config webfilter ftgd-local-rating\par end\par config webfilter search-engine\par edit "google"\par set hostname ".*\\\\.google\\\\..*"\par set url "^\\\\/((custom|search|images|videosearch|webhp)\\\\?)"\par set query "q="\par set safesearch url\par set safesearch-str "&safe=active"\par next\par edit "yahoo"\par set hostname ".*\\\\.yahoo\\\\..*"\par set url "^\\\\/search(\\\\/video|\\\\/images)\{0,1\}(\\\\?|;)"\par set query "p="\par set safesearch url\par set safesearch-str "&vm=r"\par next\par edit "bing"\par set hostname "www\\\\.bing\\\\.com"\par set url "^(\\\\/images|\\\\/videos)?(\\\\/search|\\\\/async)\\\\?"\par set query "q="\par set safesearch url\par set safesearch-str "&adlt=strict"\par next\par edit "yandex"\par set hostname "yandex\\\\..*"\par set url "^\\\\/(yand)\{0,1\}(search)[\\\\/]\{0,\}.\{0,\}\\\\?"\par set query "text="\par set safesearch url\par set safesearch-str "&fyandex=1"\par next\par edit "youtube"\par set hostname ".*\\\\.youtube\\\\..*"\par set safesearch header\par next\par edit "baidu"\par set hostname ".*\\\\.baidu\\\\.com"\par set url "^\\\\/s?\\\\?"\par set query "wd="\par next\par edit "baidu2"\par set hostname ".*\\\\.baidu\\\\.com"\par set url "^\\\\/(ns|q|m|i|v)\\\\?"\par set query "word="\par next\par edit "baidu3"\par set hostname "tieba\\\\.baidu\\\\.com"\par set url "^\\\\/f\\\\?"\par set query "kw="\par next\par end\par config antivirus settings\par set grayware enable\par end\par config antivirus profile\par edit "default"\par set comment "scan and delete virus"\par config http\par set options scan\par end\par config ftp\par set options scan\par end\par config imap\par set options scan\par end\par config pop3\par set options scan\par end\par config smtp\par set options scan\par end\par config nntp\par set options scan\par end\par config im\par set options scan\par end\par next\par edit "AV-flow"\par set comment "flow-based scan and delete virus"\par set inspection-mode flow-based\par config http\par set options scan\par end\par config ftp\par set options scan\par end\par config imap\par set options scan\par end\par config pop3\par set options scan\par end\par config smtp\par set options scan\par end\par config nntp\par set options scan\par end\par config im\par set options scan\par end\par next\par end\par config spamfilter profile\par edit "default"\par set comment "malware and phishing URL filtering"\par next\par end\par config report layout\par edit "default"\par config body-item\par edit 350\par set type misc\par set misc-component section-start\par set column 1\par set title "Bandwidth and Application Usage"\par next\par edit 401\par set type chart\par set chart "bandwidth.applications"\par set chart-options include-no-data\par next\par edit 501\par set type chart\par set chart "web.usage"\par set chart-options include-no-data\par next\par edit 511\par set type chart\par set chart "email.usage"\par set chart-options include-no-data\par next\par edit 515\par set type chart\par set chart "threats"\par set chart-options include-no-data\par next\par edit 521\par set type chart\par set chart "vpn.usage"\par set chart-options include-no-data\par next\par edit 525\par set type chart\par set chart "events"\par set chart-options include-no-data\par next\par edit 601\par set type chart\par set hide enable\par set chart "traffic.bandwidth.users"\par set chart-options include-no-data\par set drill-down-items "5"\par set drill-down-types "0"\par next\par end\par set format pdf\par set options dummy-option\par config page\par config footer\par config footer-item\par edit 1\par set content "Fortinet Inc. All rights reserved"\par next\par edit 2\par set style "align_right"\par set content "$\{page_no\}"\par next\par end\par end\par config header\par config header-item\par edit 1\par set type image\par set style "align_right"\par set img-src "fortinet_logo.jpg"\par next\par end\par end\par set options header-on-first-page footer-on-first-page\par set page-break-before heading1\par set paper letter\par end\par set style-theme "default-report"\par set title "FortiGate System Analysis Report"\par next\par end\par config wanopt settings\par set host-id "default-id"\par end\par config wanopt profile\par edit "default"\par set comments "default WANopt profile"\par next\par end\par config web-proxy global\par set proxy-fqdn "default.fqdn"\par end\par config firewall schedule recurring\par edit "always"\par set day sunday monday tuesday wednesday thursday friday saturday\par next\par end\par config firewall vip\par edit "Web Server VIP"\par set extip 200.200.200.200\par set extintf "port31"\par set mappedip 192.168.60.2\par next\par end\par config firewall profile-protocol-options\par edit "default"\par set comment "all default services"\par config http\par set ports 80\par set options no-content-summary\par unset post-lang\par end\par config ftp\par set ports 21\par set options no-content-summary splice\par end\par config imap\par set ports 143\par set options fragmail no-content-summary\par end\par config mapi\par set ports 135\par set options fragmail no-content-summary\par end\par config pop3\par set ports 110\par set options fragmail no-content-summary\par end\par config smtp\par set ports 25\par set options fragmail no-content-summary splice\par end\par config nntp\par set ports 119\par set options no-content-summary splice\par end\par config im\par unset options\par end\par config dns\par set ports 53\par end\par next\par end\par config firewall deep-inspection-options\par edit "default"\par set comment "all default services"\par config https\par set ports 443\par end\par config ftps\par set ports 990\par end\par config imaps\par set ports 993\par end\par config pop3s\par set ports 995\par end\par config smtps\par set ports 465\par end\par config ssh\par set ports 22\par end\par next\par end\par config firewall identity-based-route\par end\par config firewall policy\par edit 1\par set srcintf "IMAC" "MGMT-OFF-INTERN" "PMO OFFICE"\par set dstintf "Point-to-Point"\par set srcaddr "IMAC,PMO-OFF,MGMT-OFF-INTERNET"\par set dstaddr "Testing Servers"\par set action accept\par set schedule "always"\par set service "ALL"\par next\par edit 2\par set srcintf "Point-to-Point"\par set dstintf "any"\par set srcaddr "MGMT"\par set dstaddr "all"\par set action accept\par set schedule "always"\par set service "NTP"\par next\par edit 4\par set srcintf "MGMT-OFFICE"\par set dstintf "Point-to-Point"\par set srcaddr "SUPER ADMINISTRATOR"\par set dstaddr "All Subnets"\par set action accept\par set schedule "always"\par set service "ALL"\par next\par edit 5\par set srcintf "WSUS/AV"\par set dstintf "port32"\par set srcaddr "WSUS-Servers"\par set dstaddr "all"\par set action accept\par set schedule "always"\par set service "ALL"\par set logtraffic all\par set logtraffic-start enable\par set nat enable\par set fixedport enable\par next\par edit 6\par set srcintf "WSUS/AV"\par set dstintf "Point-to-Point"\par set srcaddr "WSUS-Servers"\par set dstaddr "Subnet-192.168.161.0-192.168.165.0" "Subnet-192.168.170.0" "Subnet-192.168.173.0" "Subnet-192.168.175.0"\par set action accept\par set schedule "always"\par set service "ALL"\par next\par edit 7\par set srcintf "any"\par set dstintf "port32"\par set srcaddr "KOM4-SUBNETS"\par set dstaddr "all"\par set action accept\par set schedule "always"\par set service "HTTP" "HTTPS" "DNS"\par set nat enable\par next\par edit 8\par set srcintf "Point-to-Point"\par set dstintf "port32"\par set srcaddr "all"\par set dstaddr "all"\par set action accept\par set schedule "always"\par set service "HTTP" "HTTPS" "DNS"\par set logtraffic all\par set logtraffic-start enable\par set nat enable\par next\par edit 9\par set srcintf "MGMT-OFFICE" "IMAC" "TRAINING ROOM" "PMO OFFICE" "MGMT-OFF-INTERN"\par set dstintf "Point-to-Point"\par set srcaddr "KOM4-SUBNETS"\par set dstaddr "NMS-Server"\par set action accept\par set schedule "always"\par set service "SNMP"\par next\par edit 10\par set srcintf "WSUS/AV"\par set dstintf "Point-to-Point"\par set srcaddr "WSUS-Servers"\par set dstaddr "NMS-Server"\par set action accept\par set schedule "always"\par set service "SNMP"\par next\par edit 11\par set srcintf "FDNA696003-MGMT"\par set dstintf "MGMT"\par set srcaddr "FDNA696003-MGMT"\par set dstaddr "Fortigate-INT-NTP"\par set action accept\par set schedule "always"\par set service "NTP"\par next\par edit 12\par set srcintf "FDNA696004-MGMT"\par set dstintf "MGMT"\par set srcaddr "FDNA696004-MGMT"\par set dstaddr "Fortigate-INT-NTP"\par set action accept\par set schedule "always"\par set service "NTP"\par next\par edit 13\par set srcintf "FDNA696005-MGMT"\par set dstintf "MGMT"\par set srcaddr "FDNA696005-MGMT"\par set dstaddr "Fortigate-INT-NTP"\par set action accept\par set schedule "always"\par set service "NTP"\par next\par edit 14\par set srcintf "any"\par set dstintf "port32"\par set srcaddr "all"\par set dstaddr "all"\par set action accept\par set schedule "always"\par set service "ALL"\par set logtraffic all\par set nat enable\par next\par end\par config firewall local-in-policy\par end\par config firewall policy6\par end\par config firewall local-in-policy6\par end\par config firewall ttl-policy\par end\par config firewall policy64\par end\par config firewall policy46\par end\par config firewall interface-policy\par end\par config firewall interface-policy6\par end\par config firewall sniff-interface-policy\par end\par config firewall sniff-interface-policy6\par end\par config firewall DoS-policy\par end\par config firewall DoS-policy6\par end\par config firewall sniffer\par end\par config endpoint-control profile\par edit "default"\par config forticlient-winmac-settings\par end\par config forticlient-android-settings\par end\par config forticlient-ios-settings\par end\par next\par end\par config wireless-controller wids-profile\par edit "default"\par set comment "default wids profile"\par set wireless-bridge enable\par set deauth-broadcast enable\par set null-ssid-probe-resp enable\par set long-duration-attack enable\par set invalid-mac-oui enable\par set weak-wep-iv enable\par set auth-frame-flood enable\par set assoc-frame-flood enable\par set spoofed-deauth enable\par set asleap-attack enable\par set eapol-start-flood enable\par set eapol-logoff-flood enable\par set eapol-succ-flood enable\par set eapol-fail-flood enable\par set eapol-pre-succ-flood enable\par set eapol-pre-fail-flood enable\par next\par end\par config wireless-controller wtp-profile\par edit "11n-only"\par config platform\par set type 60C\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set mode disabled\par end\par next\par edit "FAP112B-default"\par config platform\par set type 112B\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set mode disabled\par end\par next\par edit "FAP220B-default"\par set ap-country US\par config radio-1\par set band 802.11n-5G\par end\par config radio-2\par set band 802.11n\par end\par next\par edit "FAP223B-default"\par config platform\par set type 223B\par end\par set ap-country US\par config radio-1\par set band 802.11n-5G\par end\par config radio-2\par set band 802.11n\par end\par next\par edit "FAP210B-default"\par config platform\par set type 210B\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set mode disabled\par end\par next\par edit "FAP222B-default"\par config platform\par set type 222B\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set band 802.11n-5G\par end\par next\par edit "FAP320B-default"\par config platform\par set type 320B\par end\par set ap-country US\par config radio-1\par set band 802.11n-5G\par end\par config radio-2\par set band 802.11n\par end\par next\par edit "FAP11C-default"\par config platform\par set type 11C\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set mode disabled\par end\par next\par edit "FAP14C-default"\par config platform\par set type 14C\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set mode disabled\par end\par next\par edit "FAP28C-default"\par config platform\par set type 28C\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set mode disabled\par end\par next\par edit "FAP320C-default"\par config platform\par set type 320C\par end\par set ap-country US\par config radio-1\par set band 802.11n\par end\par config radio-2\par set band 802.11n-5G\par end\par next\par end\par config log disk setting\par set status enable\par end\par config router rip\par config redistribute "connected"\par end\par config redistribute "static"\par end\par config redistribute "ospf"\par end\par config redistribute "bgp"\par end\par config redistribute "isis"\par end\par end\par config router ripng\par config redistribute "connected"\par end\par config redistribute "static"\par end\par config redistribute "ospf"\par end\par config redistribute "bgp"\par end\par config redistribute "isis"\par end\par end\par config router static\par edit 1\par set comment "Internet gateway"\par set device "port32"\par set distance 1\par set gateway 10.30.10.225\par next\par edit 2\par set device "Aggregating"\par set dst 192.168.162.0 255.255.255.0\par set gateway 192.168.181.2\par next\par edit 3\par set device "Aggregating"\par set dst 192.168.161.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 4\par set device "Aggregating"\par set dst 192.168.163.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 5\par set device "Aggregating"\par set dst 192.168.164.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 6\par set device "Aggregating"\par set dst 192.168.165.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 7\par set device "Aggregating"\par set dst 192.168.170.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 8\par set device "Aggregating"\par set dst 192.168.171.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 9\par set device "Aggregating"\par set dst 192.168.172.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 10\par set device "Aggregating"\par set dst 192.168.173.0 255.255.255.255\par set gateway 192.168.181.2\par next\par edit 11\par set device "Aggregating"\par set dst 192.168.175.0 255.255.255.255\par set gateway 192.168.181.2\par next\par end\par config router ospf\par config redistribute "connected"\par end\par config redistribute "static"\par end\par config redistribute "rip"\par end\par config redistribute "bgp"\par end\par config redistribute "isis"\par end\par end\par config router ospf6\par config redistribute "connected"\par end\par config redistribute "static"\par end\par config redistribute "rip"\par end\par config redistribute "bgp"\par end\par config redistribute "isis"\par end\par end\par config router bgp\par config redistribute "connected"\par end\par config redistribute "rip"\par end\par config redistribute "ospf"\par end\par config redistribute "static"\par end\par config redistribute "isis"\par end\par config redistribute6 "connected"\par end\par config redistribute6 "rip"\par end\par config redistribute6 "ospf"\par end\par config redistribute6 "static"\par end\par config redistribute6 "isis"\par end\par end\par config router isis\par config redistribute "connected"\par end\par config redistribute "rip"\par end\par config redistribute "ospf"\par end\par config redistribute "bgp"\par end\par config redistribute "static"\par end\par end\par config router multicast\par end\par }