· 5 years ago · Feb 26, 2020, 04:46 PM
1#config-version=FGVMK6-6.2.0-FW-build0866-190328:opmode=0:vdom=0:user=admin
2#conf_file_ver=185280594225277
3#buildno=0866
4#global_vdom=1
5config system global
6 set admintimeout 50
7 set alias "FortiGate-VM64-KVM"
8 set hostname "SERRINHA"
9 set timezone 18
10end
11config system accprofile
12 edit "super_admin"
13 set secfabgrp read-write
14 set ftviewgrp read-write
15 set authgrp read-write
16 set sysgrp read-write
17 set netgrp read-write
18 set loggrp read-write
19 set fwgrp read-write
20 set vpngrp read-write
21 set utmgrp read-write
22 set wanoptgrp read-write
23 set wifi read-write
24 next
25 edit "prof_admin"
26 set secfabgrp read-write
27 set ftviewgrp read-write
28 set authgrp read-write
29 set sysgrp read-write
30 set netgrp read-write
31 set loggrp read-write
32 set fwgrp read-write
33 set vpngrp read-write
34 set utmgrp read-write
35 set wanoptgrp read-write
36 set wifi read-write
37 next
38end
39config system interface
40 edit "port1"
41 set vdom "root"
42 set mode dhcp
43 set allowaccess ping ssh http
44 set type physical
45 set snmp-index 1
46 next
47 edit "port2"
48 set vdom "root"
49 set ip 192.168.253.10 255.255.255.0
50 set allowaccess ping ssh http
51 set type physical
52 set snmp-index 2
53 next
54 edit "port3"
55 set vdom "root"
56 set ip 192.168.228.1 255.255.255.0
57 set allowaccess ping ssh http
58 set type physical
59 set snmp-index 3
60 next
61 edit "port4"
62 set vdom "root"
63 set type physical
64 set snmp-index 4
65 next
66 edit "port5"
67 set vdom "root"
68 set type physical
69 set snmp-index 5
70 next
71 edit "port6"
72 set vdom "root"
73 set type physical
74 set snmp-index 6
75 next
76 edit "port7"
77 set vdom "root"
78 set type physical
79 set snmp-index 7
80 next
81 edit "port8"
82 set vdom "root"
83 set type physical
84 set snmp-index 8
85 next
86 edit "port9"
87 set vdom "root"
88 set type physical
89 set snmp-index 9
90 next
91 edit "port10"
92 set vdom "root"
93 set type physical
94 set snmp-index 10
95 next
96 edit "ssl.root"
97 set vdom "root"
98 set type tunnel
99 set alias "SSL VPN interface"
100 set snmp-index 11
101 next
102 edit "toDC-CURITIBA"
103 set vdom "root"
104 set ip 10.10.228.2 255.255.255.255
105 set allowaccess ping
106 set type tunnel
107 set remote-ip 10.10.228.1 255.255.255.255
108 set snmp-index 12
109 set interface "port1"
110 next
111 edit "toDC-CTA-TERR"
112 set vdom "root"
113 set ip 10.20.228.2 255.255.255.255
114 set allowaccess ping
115 set type tunnel
116 set remote-ip 10.20.228.1 255.255.255.255
117 set snmp-index 13
118 set interface "port2"
119 next
120end
121config system custom-language
122 edit "en"
123 set filename "en"
124 next
125 edit "fr"
126 set filename "fr"
127 next
128 edit "sp"
129 set filename "sp"
130 next
131 edit "pg"
132 set filename "pg"
133 next
134 edit "x-sjis"
135 set filename "x-sjis"
136 next
137 edit "big5"
138 set filename "big5"
139 next
140 edit "GB2312"
141 set filename "GB2312"
142 next
143 edit "euc-kr"
144 set filename "euc-kr"
145 next
146end
147config system admin
148 edit "admin"
149 set accprofile "super_admin"
150 set vdom "root"
151 config gui-dashboard
152 edit 1
153 set name "Status"
154 set vdom "root"
155 set permanent enable
156 config widget
157 edit 1
158 set width 1
159 set height 1
160 next
161 edit 2
162 set type licinfo
163 set x-pos 1
164 set width 1
165 set height 1
166 next
167 edit 3
168 set type vminfo
169 set x-pos 2
170 set width 1
171 set height 1
172 next
173 edit 4
174 set type forticloud
175 set x-pos 3
176 set width 1
177 set height 1
178 next
179 edit 5
180 set type security-fabric
181 set x-pos 4
182 set width 1
183 set height 1
184 next
185 edit 6
186 set type security-fabric-ranking
187 set x-pos 5
188 set width 1
189 set height 1
190 next
191 edit 7
192 set type admins
193 set x-pos 6
194 set width 1
195 set height 1
196 next
197 edit 8
198 set type cpu-usage
199 set x-pos 7
200 set width 2
201 set height 1
202 next
203 edit 9
204 set type memory-usage
205 set x-pos 8
206 set width 2
207 set height 1
208 next
209 edit 10
210 set type sessions
211 set x-pos 9
212 set width 2
213 set height 1
214 next
215 end
216 next
217 edit 2
218 set name "Top Usage LAN/DMZ"
219 set vdom "root"
220 set layout-type fixed
221 set columns 12
222 config widget
223 edit 1
224 set type fortiview
225 set width 6
226 set height 3
227 set fortiview-type "source"
228 set fortiview-sort-by "bytes"
229 set fortiview-timeframe "hour"
230 set fortiview-visualization "table"
231 next
232 edit 2
233 set type fortiview
234 set x-pos 1
235 set width 6
236 set height 3
237 set fortiview-type "destination"
238 set fortiview-sort-by "sessions"
239 set fortiview-timeframe "hour"
240 set fortiview-visualization "table"
241 next
242 edit 3
243 set type fortiview
244 set x-pos 2
245 set width 6
246 set height 3
247 set fortiview-type "application"
248 set fortiview-sort-by "bytes"
249 set fortiview-timeframe "hour"
250 set fortiview-visualization "table"
251 next
252 edit 4
253 set type fortiview
254 set x-pos 3
255 set width 6
256 set height 3
257 set fortiview-type "website"
258 set fortiview-sort-by "sessions"
259 set fortiview-timeframe "hour"
260 set fortiview-visualization "table"
261 next
262 end
263 next
264 edit 3
265 set name "Security"
266 set vdom "root"
267 set layout-type fixed
268 set columns 12
269 config widget
270 edit 1
271 set type fortiview
272 set width 6
273 set height 3
274 set fortiview-type "compromisedHosts"
275 set fortiview-sort-by "verdict"
276 set fortiview-timeframe "hour"
277 set fortiview-visualization "table"
278 next
279 edit 2
280 set type fortiview
281 set x-pos 1
282 set width 6
283 set height 3
284 set fortiview-type "threats"
285 set fortiview-sort-by "threatLevel"
286 set fortiview-timeframe "hour"
287 set fortiview-visualization "table"
288 next
289 edit 3
290 set type vulnerability-summary
291 set x-pos 2
292 set width 3
293 set height 3
294 next
295 edit 4
296 set type host-scan-summary
297 set x-pos 3
298 set width 3
299 set height 3
300 next
301 edit 5
302 set type fortiview
303 set x-pos 4
304 set width 6
305 set height 3
306 set fortiview-type "endpointDevices"
307 set fortiview-sort-by "vulnerabilities"
308 set fortiview-timeframe "hour"
309 set fortiview-visualization "table"
310 next
311 end
312 next
313 end
314 next
315end
316config system sso-admin
317end
318config system ha
319 set override disable
320end
321config system storage
322 edit "Virtual-Disk"
323 set status enable
324 set media-status enable
325 set order 1
326 set partition "LOGUSEDXABA32AD6"
327 set device "/dev/vdb1"
328 set size 30236
329 set usage log
330 next
331end
332config system dns
333 set primary 208.91.112.53
334 set secondary 208.91.112.52
335end
336config system replacemsg-image
337 edit "logo_fnet"
338 set image-type gif
339 set image-base64 ''
340 next
341 edit "logo_fguard_wf"
342 set image-type gif
343 set image-base64 ''
344 next
345 edit "logo_fw_auth"
346 set image-base64 ''
347 next
348 edit "logo_v2_fnet"
349 set image-base64 ''
350 next
351 edit "logo_v2_fguard_wf"
352 set image-base64 ''
353 next
354 edit "logo_v2_fguard_app"
355 set image-base64 ''
356 next
357end
358config system replacemsg mail "email-av-fail"
359end
360config system replacemsg mail "email-block"
361end
362config system replacemsg mail "email-dlp-subject"
363end
364config system replacemsg mail "email-dlp-ban"
365end
366config system replacemsg mail "email-filesize"
367end
368config system replacemsg mail "email-file-filter"
369end
370config system replacemsg mail "partial"
371end
372config system replacemsg mail "smtp-block"
373end
374config system replacemsg mail "smtp-filesize"
375end
376config system replacemsg mail "email-decompress-limit"
377end
378config system replacemsg mail "smtp-decompress-limit"
379end
380config system replacemsg http "bannedword"
381end
382config system replacemsg http "url-block"
383end
384config system replacemsg http "urlfilter-err"
385end
386config system replacemsg http "infcache-block"
387end
388config system replacemsg http "http-block"
389end
390config system replacemsg http "http-filesize"
391end
392config system replacemsg http "http-dlp-ban"
393end
394config system replacemsg http "http-archive-block"
395end
396config system replacemsg http "http-contenttypeblock"
397end
398config system replacemsg http "https-invalid-cert-block"
399end
400config system replacemsg http "https-untrusted-cert-block"
401end
402config system replacemsg http "https-blacklisted-cert-block"
403end
404config system replacemsg http "http-client-block"
405end
406config system replacemsg http "http-client-filesize"
407end
408config system replacemsg http "http-client-bannedword"
409end
410config system replacemsg http "http-post-block"
411end
412config system replacemsg http "http-client-archive-block"
413end
414config system replacemsg http "switching-protocols-block"
415end
416config system replacemsg webproxy "deny"
417end
418config system replacemsg webproxy "user-limit"
419end
420config system replacemsg webproxy "auth-challenge"
421end
422config system replacemsg webproxy "auth-login-fail"
423end
424config system replacemsg webproxy "auth-group-info-fail"
425end
426config system replacemsg webproxy "http-err"
427end
428config system replacemsg webproxy "auth-ip-blackout"
429end
430config system replacemsg ftp "ftp-av-fail"
431end
432config system replacemsg ftp "ftp-dl-blocked"
433end
434config system replacemsg ftp "ftp-dl-filesize"
435end
436config system replacemsg ftp "ftp-dl-dlp-ban"
437end
438config system replacemsg ftp "ftp-explicit-banner"
439end
440config system replacemsg ftp "ftp-dl-archive-block"
441end
442config system replacemsg nntp "nntp-av-fail"
443end
444config system replacemsg nntp "nntp-dl-blocked"
445end
446config system replacemsg nntp "nntp-dl-filesize"
447end
448config system replacemsg nntp "nntp-dlp-subject"
449end
450config system replacemsg nntp "nntp-dlp-ban"
451end
452config system replacemsg nntp "email-decompress-limit"
453end
454config system replacemsg fortiguard-wf "ftgd-block"
455end
456config system replacemsg fortiguard-wf "http-err"
457end
458config system replacemsg fortiguard-wf "ftgd-ovrd"
459end
460config system replacemsg fortiguard-wf "ftgd-quota"
461end
462config system replacemsg fortiguard-wf "ftgd-warning"
463end
464config system replacemsg spam "ipblocklist"
465end
466config system replacemsg spam "smtp-spam-dnsbl"
467end
468config system replacemsg spam "smtp-spam-feip"
469end
470config system replacemsg spam "smtp-spam-helo"
471end
472config system replacemsg spam "smtp-spam-emailblack"
473end
474config system replacemsg spam "smtp-spam-mimeheader"
475end
476config system replacemsg spam "reversedns"
477end
478config system replacemsg spam "smtp-spam-bannedword"
479end
480config system replacemsg spam "smtp-spam-ase"
481end
482config system replacemsg spam "submit"
483end
484config system replacemsg alertmail "alertmail-virus"
485end
486config system replacemsg alertmail "alertmail-block"
487end
488config system replacemsg alertmail "alertmail-nids-event"
489end
490config system replacemsg alertmail "alertmail-crit-event"
491end
492config system replacemsg alertmail "alertmail-disk-full"
493end
494config system replacemsg admin "pre_admin-disclaimer-text"
495end
496config system replacemsg admin "post_admin-disclaimer-text"
497end
498config system replacemsg auth "auth-disclaimer-page-1"
499end
500config system replacemsg auth "auth-disclaimer-page-2"
501end
502config system replacemsg auth "auth-disclaimer-page-3"
503end
504config system replacemsg auth "auth-reject-page"
505end
506config system replacemsg auth "auth-login-page"
507end
508config system replacemsg auth "auth-login-failed-page"
509end
510config system replacemsg auth "auth-token-login-page"
511end
512config system replacemsg auth "auth-token-login-failed-page"
513end
514config system replacemsg auth "auth-success-msg"
515end
516config system replacemsg auth "auth-challenge-page"
517end
518config system replacemsg auth "auth-keepalive-page"
519end
520config system replacemsg auth "auth-portal-page"
521end
522config system replacemsg auth "auth-password-page"
523end
524config system replacemsg auth "auth-fortitoken-page"
525end
526config system replacemsg auth "auth-next-fortitoken-page"
527end
528config system replacemsg auth "auth-email-token-page"
529end
530config system replacemsg auth "auth-sms-token-page"
531end
532config system replacemsg auth "auth-email-harvesting-page"
533end
534config system replacemsg auth "auth-email-failed-page"
535end
536config system replacemsg auth "auth-cert-passwd-page"
537end
538config system replacemsg auth "auth-guest-print-page"
539end
540config system replacemsg auth "auth-guest-email-page"
541end
542config system replacemsg auth "auth-success-page"
543end
544config system replacemsg auth "auth-block-notification-page"
545end
546config system replacemsg auth "auth-quarantine-page"
547end
548config system replacemsg auth "auth-qtn-reject-page"
549end
550config system replacemsg sslvpn "sslvpn-login"
551end
552config system replacemsg sslvpn "sslvpn-header"
553end
554config system replacemsg sslvpn "sslvpn-limit"
555end
556config system replacemsg sslvpn "hostcheck-error"
557end
558config system replacemsg device-detection-portal "device-detection-failure"
559end
560config system replacemsg nac-quar "nac-quar-virus"
561end
562config system replacemsg nac-quar "nac-quar-dos"
563end
564config system replacemsg nac-quar "nac-quar-ips"
565end
566config system replacemsg nac-quar "nac-quar-dlp"
567end
568config system replacemsg nac-quar "nac-quar-admin"
569end
570config system replacemsg nac-quar "nac-quar-app"
571end
572config system replacemsg traffic-quota "per-ip-shaper-block"
573end
574config system replacemsg utm "virus-html"
575end
576config system replacemsg utm "client-virus-html"
577end
578config system replacemsg utm "virus-text"
579end
580config system replacemsg utm "dlp-html"
581end
582config system replacemsg utm "dlp-text"
583end
584config system replacemsg utm "appblk-html"
585end
586config system replacemsg utm "ipsblk-html"
587end
588config system replacemsg utm "ipsfail-html"
589end
590config system replacemsg utm "exe-text"
591end
592config system replacemsg utm "waf-html"
593end
594config system replacemsg utm "outbreak-prevention-html"
595end
596config system replacemsg utm "outbreak-prevention-text"
597end
598config system replacemsg icap "icap-req-resp"
599end
600config system snmp sysinfo
601end
602config firewall internet-service-definition
603end
604config firewall internet-service-cat-definition
605end
606config system cluster-sync
607end
608config system fortiguard
609 set update-server-location usa
610 set sdns-server-ip "208.91.112.220"
611end
612config ips global
613end
614config system email-server
615 set server "notification.fortinet.net"
616 set port 465
617 set security smtps
618end
619config system session-helper
620 edit 1
621 set name pptp
622 set protocol 6
623 set port 1723
624 next
625 edit 2
626 set name h323
627 set protocol 6
628 set port 1720
629 next
630 edit 3
631 set name ras
632 set protocol 17
633 set port 1719
634 next
635 edit 4
636 set name tns
637 set protocol 6
638 set port 1521
639 next
640 edit 5
641 set name tftp
642 set protocol 17
643 set port 69
644 next
645 edit 6
646 set name rtsp
647 set protocol 6
648 set port 554
649 next
650 edit 7
651 set name rtsp
652 set protocol 6
653 set port 7070
654 next
655 edit 8
656 set name rtsp
657 set protocol 6
658 set port 8554
659 next
660 edit 9
661 set name ftp
662 set protocol 6
663 set port 21
664 next
665 edit 10
666 set name mms
667 set protocol 6
668 set port 1863
669 next
670 edit 11
671 set name pmap
672 set protocol 6
673 set port 111
674 next
675 edit 12
676 set name pmap
677 set protocol 17
678 set port 111
679 next
680 edit 13
681 set name sip
682 set protocol 17
683 set port 5060
684 next
685 edit 14
686 set name dns-udp
687 set protocol 17
688 set port 53
689 next
690 edit 15
691 set name rsh
692 set protocol 6
693 set port 514
694 next
695 edit 16
696 set name rsh
697 set protocol 6
698 set port 512
699 next
700 edit 17
701 set name dcerpc
702 set protocol 6
703 set port 135
704 next
705 edit 18
706 set name dcerpc
707 set protocol 17
708 set port 135
709 next
710 edit 19
711 set name mgcp
712 set protocol 17
713 set port 2427
714 next
715 edit 20
716 set name mgcp
717 set protocol 17
718 set port 2727
719 next
720end
721config system auto-install
722 set auto-install-config enable
723 set auto-install-image enable
724end
725config system ntp
726 set ntpsync enable
727end
728config system object-tagging
729 edit "default"
730 next
731end
732config switch-controller traffic-policy
733 edit "quarantine"
734 set description "Rate control for quarantined traffic"
735 set guaranteed-bandwidth 163840
736 set guaranteed-burst 8192
737 set maximum-burst 163840
738 set cos-queue 0
739 set id 1
740 next
741 edit "sniffer"
742 set description "Rate control for sniffer mirrored traffic"
743 set guaranteed-bandwidth 50000
744 set guaranteed-burst 8192
745 set maximum-burst 163840
746 set cos-queue 0
747 set id 2
748 next
749end
750config system settings
751end
752config system dhcp server
753 edit 1
754 set dns-service default
755 set default-gateway 192.168.228.1
756 set netmask 255.255.255.0
757 set interface "port3"
758 config ip-range
759 edit 1
760 set start-ip 192.168.228.2
761 set end-ip 192.168.228.254
762 next
763 end
764 set timezone-option default
765 next
766end
767config firewall address
768 edit "none"
769 set uuid a39ab858-574f-51ea-74f9-9e214dabefd6
770 set subnet 0.0.0.0 255.255.255.255
771 next
772 edit "login.microsoftonline.com"
773 set uuid a39ac3fc-574f-51ea-6c98-fee2ef77aa17
774 set type fqdn
775 set fqdn "login.microsoftonline.com"
776 next
777 edit "login.microsoft.com"
778 set uuid a39acff0-574f-51ea-9c25-02af6b7db87b
779 set type fqdn
780 set fqdn "login.microsoft.com"
781 next
782 edit "login.windows.net"
783 set uuid a39ad8f6-574f-51ea-0dc0-2c1721836660
784 set type fqdn
785 set fqdn "login.windows.net"
786 next
787 edit "gmail.com"
788 set uuid a39ae0f8-574f-51ea-3716-c16e8c898341
789 set type fqdn
790 set fqdn "gmail.com"
791 next
792 edit "wildcard.google.com"
793 set uuid a39aea8a-574f-51ea-a3a4-6eb02427c8dc
794 set type wildcard-fqdn
795 set wildcard-fqdn "*.google.com"
796 next
797 edit "wildcard.dropbox.com"
798 set uuid a39af692-574f-51ea-44d5-08dc2df08eb6
799 set type wildcard-fqdn
800 set wildcard-fqdn "*.dropbox.com"
801 next
802 edit "all"
803 set uuid a3abef9c-574f-51ea-b1a7-0d9a66a65dea
804 next
805 edit "FIREWALL_AUTH_PORTAL_ADDRESS"
806 set uuid a3abf2a8-574f-51ea-9e38-aff6c5152dfc
807 set visibility disable
808 next
809 edit "FABRIC_DEVICE"
810 set uuid a3abf550-574f-51ea-42ff-a3fb817e1768
811 set comment "IPv4 addresses of Fabric Devices."
812 next
813 edit "SSLVPN_TUNNEL_ADDR1"
814 set uuid a3ae2762-574f-51ea-d3a7-79481719ea0a
815 set type iprange
816 set associated-interface "ssl.root"
817 set start-ip 10.212.134.200
818 set end-ip 10.212.134.210
819 next
820 edit "LAN-228"
821 set uuid 6a4fe2d8-577e-51ea-51e2-1712503fa8fb
822 set associated-interface "port3"
823 set allow-routing enable
824 set subnet 192.168.228.0 255.255.255.0
825 next
826 edit "SERVERS"
827 set uuid 7cd16e4a-577e-51ea-4c00-3d0b71f1c36b
828 set allow-routing enable
829 set subnet 10.44.127.0 255.255.255.0
830 next
831 edit "SERVER2"
832 set uuid 09878d82-5780-51ea-9c45-be28ae79d610
833 set allow-routing enable
834 set subnet 10.44.127.4 255.255.255.255
835 next
836end
837config firewall multicast-address
838 edit "all"
839 set start-ip 224.0.0.0
840 set end-ip 239.255.255.255
841 next
842 edit "all_hosts"
843 set start-ip 224.0.0.1
844 set end-ip 224.0.0.1
845 next
846 edit "all_routers"
847 set start-ip 224.0.0.2
848 set end-ip 224.0.0.2
849 next
850 edit "Bonjour"
851 set start-ip 224.0.0.251
852 set end-ip 224.0.0.251
853 next
854 edit "EIGRP"
855 set start-ip 224.0.0.10
856 set end-ip 224.0.0.10
857 next
858 edit "OSPF"
859 set start-ip 224.0.0.5
860 set end-ip 224.0.0.6
861 next
862end
863config firewall address6
864 edit "SSLVPN_TUNNEL_IPv6_ADDR1"
865 set uuid a3ae2c9e-574f-51ea-d370-4a236a11727d
866 set ip6 fdff:ffff::/120
867 next
868 edit "all"
869 set uuid a59a63e2-574f-51ea-33e9-3c977cb78c26
870 next
871 edit "none"
872 set uuid a59a74f4-574f-51ea-5d37-4cff18dc79c6
873 set ip6 ::/128
874 next
875end
876config firewall multicast-address6
877 edit "all"
878 set ip6 ff00::/8
879 next
880end
881config firewall addrgrp
882 edit "G Suite"
883 set uuid a39b0b1e-574f-51ea-bc61-4cfe12f85f13
884 set member "gmail.com" "wildcard.google.com"
885 next
886 edit "Microsoft Office 365"
887 set uuid a39b1a64-574f-51ea-1492-5fde5b5f839f
888 set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
889 next
890end
891config firewall wildcard-fqdn custom
892 edit "adobe"
893 set uuid a412264a-574f-51ea-3e69-317947838aab
894 set wildcard-fqdn "*.adobe.com"
895 next
896 edit "Adobe Login"
897 set uuid a4122d3e-574f-51ea-ba6c-33651a6c7ec4
898 set wildcard-fqdn "*.adobelogin.com"
899 next
900 edit "android"
901 set uuid a41233c4-574f-51ea-c1f0-b5acf3c908f8
902 set wildcard-fqdn "*.android.com"
903 next
904 edit "apple"
905 set uuid a4123612-574f-51ea-1ede-bbd88d91db81
906 set wildcard-fqdn "*.apple.com"
907 next
908 edit "appstore"
909 set uuid a41237de-574f-51ea-ca3c-d705f8ae56d9
910 set wildcard-fqdn "*.appstore.com"
911 next
912 edit "auth.gfx.ms"
913 set uuid a4123cde-574f-51ea-b2d7-8a38dd85227e
914 set wildcard-fqdn "*.auth.gfx.ms"
915 next
916 edit "citrix"
917 set uuid a41245b2-574f-51ea-54da-c053b9c42ff5
918 set wildcard-fqdn "*.citrixonline.com"
919 next
920 edit "dropbox.com"
921 set uuid a4124882-574f-51ea-860d-a39411aaac59
922 set wildcard-fqdn "*.dropbox.com"
923 next
924 edit "eease"
925 set uuid a4124f44-574f-51ea-18e0-a9fc1ce0e5cd
926 set wildcard-fqdn "*.eease.com"
927 next
928 edit "firefox update server"
929 set uuid a4125656-574f-51ea-04ac-b78326a7e4fd
930 set wildcard-fqdn "aus*.mozilla.org"
931 next
932 edit "fortinet"
933 set uuid a4125886-574f-51ea-c1a7-d13383363a68
934 set wildcard-fqdn "*.fortinet.com"
935 next
936 edit "googleapis.com"
937 set uuid a41260b0-574f-51ea-bfb6-9acad985687e
938 set wildcard-fqdn "*.googleapis.com"
939 next
940 edit "google-drive"
941 set uuid a41269c0-574f-51ea-2ee2-0e1ed9334188
942 set wildcard-fqdn "*drive.google.com"
943 next
944 edit "google-play2"
945 set uuid a4126bc8-574f-51ea-22a9-f2bc4a1a9d78
946 set wildcard-fqdn "*.ggpht.com"
947 next
948 edit "google-play3"
949 set uuid a4127712-574f-51ea-aaee-bf17d36be0c1
950 set wildcard-fqdn "*.books.google.com"
951 next
952 edit "Gotomeeting"
953 set uuid a4127c44-574f-51ea-0336-65c4d9a28529
954 set wildcard-fqdn "*.gotomeeting.com"
955 next
956 edit "icloud"
957 set uuid a4128cca-574f-51ea-d2f7-b1441dc12a27
958 set wildcard-fqdn "*.icloud.com"
959 next
960 edit "itunes"
961 set uuid a4128fea-574f-51ea-f908-7891dfa931fc
962 set wildcard-fqdn "*itunes.apple.com"
963 next
964 edit "microsoft"
965 set uuid a412c62c-574f-51ea-7f53-282bf412ca49
966 set wildcard-fqdn "*.microsoft.com"
967 next
968 edit "skype"
969 set uuid a412cf28-574f-51ea-c607-c3ec202c97b0
970 set wildcard-fqdn "*.messenger.live.com"
971 next
972 edit "softwareupdate.vmware.com"
973 set uuid a412d5ea-574f-51ea-e46a-46e9a9619fef
974 set wildcard-fqdn "*.softwareupdate.vmware.com"
975 next
976 edit "verisign"
977 set uuid a412e292-574f-51ea-9b29-e2d2664db17a
978 set wildcard-fqdn "*.verisign.com"
979 next
980 edit "Windows update 2"
981 set uuid a412e5da-574f-51ea-7dc7-5d1674ff9a46
982 set wildcard-fqdn "*.windowsupdate.com"
983 next
984 edit "live.com"
985 set uuid a412ef80-574f-51ea-f10b-c08eb4e95506
986 set wildcard-fqdn "*.live.com"
987 next
988 edit "google-play"
989 set uuid a413129e-574f-51ea-c652-b69e192978b5
990 set wildcard-fqdn "*play.google.com"
991 next
992 edit "update.microsoft.com"
993 set uuid a41314d8-574f-51ea-190b-f5c54ab4a08b
994 set wildcard-fqdn "*update.microsoft.com"
995 next
996 edit "swscan.apple.com"
997 set uuid a413202c-574f-51ea-8b54-8677d0eae5e7
998 set wildcard-fqdn "*swscan.apple.com"
999 next
1000 edit "autoupdate.opera.com"
1001 set uuid a413293c-574f-51ea-1f10-953c1a650b0d
1002 set wildcard-fqdn "*autoupdate.opera.com"
1003 next
1004end
1005config firewall service category
1006 edit "General"
1007 set comment "General services."
1008 next
1009 edit "Web Access"
1010 set comment "Web access."
1011 next
1012 edit "File Access"
1013 set comment "File access."
1014 next
1015 edit "Email"
1016 set comment "Email services."
1017 next
1018 edit "Network Services"
1019 set comment "Network services."
1020 next
1021 edit "Authentication"
1022 set comment "Authentication service."
1023 next
1024 edit "Remote Access"
1025 set comment "Remote access."
1026 next
1027 edit "Tunneling"
1028 set comment "Tunneling service."
1029 next
1030 edit "VoIP, Messaging & Other Applications"
1031 set comment "VoIP, messaging, and other applications."
1032 next
1033 edit "Web Proxy"
1034 set comment "Explicit web proxy."
1035 next
1036end
1037config firewall service custom
1038 edit "ALL"
1039 set category "General"
1040 set protocol IP
1041 next
1042 edit "ALL_TCP"
1043 set category "General"
1044 set tcp-portrange 1-65535
1045 next
1046 edit "ALL_UDP"
1047 set category "General"
1048 set udp-portrange 1-65535
1049 next
1050 edit "ALL_ICMP"
1051 set category "General"
1052 set protocol ICMP
1053 unset icmptype
1054 next
1055 edit "ALL_ICMP6"
1056 set category "General"
1057 set protocol ICMP6
1058 unset icmptype
1059 next
1060 edit "GRE"
1061 set category "Tunneling"
1062 set protocol IP
1063 set protocol-number 47
1064 next
1065 edit "AH"
1066 set category "Tunneling"
1067 set protocol IP
1068 set protocol-number 51
1069 next
1070 edit "ESP"
1071 set category "Tunneling"
1072 set protocol IP
1073 set protocol-number 50
1074 next
1075 edit "AOL"
1076 set visibility disable
1077 set tcp-portrange 5190-5194
1078 next
1079 edit "BGP"
1080 set category "Network Services"
1081 set tcp-portrange 179
1082 next
1083 edit "DHCP"
1084 set category "Network Services"
1085 set udp-portrange 67-68
1086 next
1087 edit "DNS"
1088 set category "Network Services"
1089 set tcp-portrange 53
1090 set udp-portrange 53
1091 next
1092 edit "FINGER"
1093 set visibility disable
1094 set tcp-portrange 79
1095 next
1096 edit "FTP"
1097 set category "File Access"
1098 set tcp-portrange 21
1099 next
1100 edit "FTP_GET"
1101 set category "File Access"
1102 set tcp-portrange 21
1103 next
1104 edit "FTP_PUT"
1105 set category "File Access"
1106 set tcp-portrange 21
1107 next
1108 edit "GOPHER"
1109 set visibility disable
1110 set tcp-portrange 70
1111 next
1112 edit "H323"
1113 set category "VoIP, Messaging & Other Applications"
1114 set tcp-portrange 1720 1503
1115 set udp-portrange 1719
1116 next
1117 edit "HTTP"
1118 set category "Web Access"
1119 set tcp-portrange 80
1120 next
1121 edit "HTTPS"
1122 set category "Web Access"
1123 set tcp-portrange 443
1124 next
1125 edit "IKE"
1126 set category "Tunneling"
1127 set udp-portrange 500 4500
1128 next
1129 edit "IMAP"
1130 set category "Email"
1131 set tcp-portrange 143
1132 next
1133 edit "IMAPS"
1134 set category "Email"
1135 set tcp-portrange 993
1136 next
1137 edit "Internet-Locator-Service"
1138 set visibility disable
1139 set tcp-portrange 389
1140 next
1141 edit "IRC"
1142 set category "VoIP, Messaging & Other Applications"
1143 set tcp-portrange 6660-6669
1144 next
1145 edit "L2TP"
1146 set category "Tunneling"
1147 set tcp-portrange 1701
1148 set udp-portrange 1701
1149 next
1150 edit "LDAP"
1151 set category "Authentication"
1152 set tcp-portrange 389
1153 next
1154 edit "NetMeeting"
1155 set visibility disable
1156 set tcp-portrange 1720
1157 next
1158 edit "NFS"
1159 set category "File Access"
1160 set tcp-portrange 111 2049
1161 set udp-portrange 111 2049
1162 next
1163 edit "NNTP"
1164 set visibility disable
1165 set tcp-portrange 119
1166 next
1167 edit "NTP"
1168 set category "Network Services"
1169 set tcp-portrange 123
1170 set udp-portrange 123
1171 next
1172 edit "OSPF"
1173 set category "Network Services"
1174 set protocol IP
1175 set protocol-number 89
1176 next
1177 edit "PC-Anywhere"
1178 set category "Remote Access"
1179 set tcp-portrange 5631
1180 set udp-portrange 5632
1181 next
1182 edit "PING"
1183 set category "Network Services"
1184 set protocol ICMP
1185 set icmptype 8
1186 unset icmpcode
1187 next
1188 edit "TIMESTAMP"
1189 set protocol ICMP
1190 set visibility disable
1191 set icmptype 13
1192 unset icmpcode
1193 next
1194 edit "INFO_REQUEST"
1195 set protocol ICMP
1196 set visibility disable
1197 set icmptype 15
1198 unset icmpcode
1199 next
1200 edit "INFO_ADDRESS"
1201 set protocol ICMP
1202 set visibility disable
1203 set icmptype 17
1204 unset icmpcode
1205 next
1206 edit "ONC-RPC"
1207 set category "Remote Access"
1208 set tcp-portrange 111
1209 set udp-portrange 111
1210 next
1211 edit "DCE-RPC"
1212 set category "Remote Access"
1213 set tcp-portrange 135
1214 set udp-portrange 135
1215 next
1216 edit "POP3"
1217 set category "Email"
1218 set tcp-portrange 110
1219 next
1220 edit "POP3S"
1221 set category "Email"
1222 set tcp-portrange 995
1223 next
1224 edit "PPTP"
1225 set category "Tunneling"
1226 set tcp-portrange 1723
1227 next
1228 edit "QUAKE"
1229 set visibility disable
1230 set udp-portrange 26000 27000 27910 27960
1231 next
1232 edit "RAUDIO"
1233 set visibility disable
1234 set udp-portrange 7070
1235 next
1236 edit "REXEC"
1237 set visibility disable
1238 set tcp-portrange 512
1239 next
1240 edit "RIP"
1241 set category "Network Services"
1242 set udp-portrange 520
1243 next
1244 edit "RLOGIN"
1245 set visibility disable
1246 set tcp-portrange 513:512-1023
1247 next
1248 edit "RSH"
1249 set visibility disable
1250 set tcp-portrange 514:512-1023
1251 next
1252 edit "SCCP"
1253 set category "VoIP, Messaging & Other Applications"
1254 set tcp-portrange 2000
1255 next
1256 edit "SIP"
1257 set category "VoIP, Messaging & Other Applications"
1258 set tcp-portrange 5060
1259 set udp-portrange 5060
1260 next
1261 edit "SIP-MSNmessenger"
1262 set category "VoIP, Messaging & Other Applications"
1263 set tcp-portrange 1863
1264 next
1265 edit "SAMBA"
1266 set category "File Access"
1267 set tcp-portrange 139
1268 next
1269 edit "SMTP"
1270 set category "Email"
1271 set tcp-portrange 25
1272 next
1273 edit "SMTPS"
1274 set category "Email"
1275 set tcp-portrange 465
1276 next
1277 edit "SNMP"
1278 set category "Network Services"
1279 set tcp-portrange 161-162
1280 set udp-portrange 161-162
1281 next
1282 edit "SSH"
1283 set category "Remote Access"
1284 set tcp-portrange 22
1285 next
1286 edit "SYSLOG"
1287 set category "Network Services"
1288 set udp-portrange 514
1289 next
1290 edit "TALK"
1291 set visibility disable
1292 set udp-portrange 517-518
1293 next
1294 edit "TELNET"
1295 set category "Remote Access"
1296 set tcp-portrange 23
1297 next
1298 edit "TFTP"
1299 set category "File Access"
1300 set udp-portrange 69
1301 next
1302 edit "MGCP"
1303 set visibility disable
1304 set udp-portrange 2427 2727
1305 next
1306 edit "UUCP"
1307 set visibility disable
1308 set tcp-portrange 540
1309 next
1310 edit "VDOLIVE"
1311 set visibility disable
1312 set tcp-portrange 7000-7010
1313 next
1314 edit "WAIS"
1315 set visibility disable
1316 set tcp-portrange 210
1317 next
1318 edit "WINFRAME"
1319 set visibility disable
1320 set tcp-portrange 1494 2598
1321 next
1322 edit "X-WINDOWS"
1323 set category "Remote Access"
1324 set tcp-portrange 6000-6063
1325 next
1326 edit "PING6"
1327 set protocol ICMP6
1328 set visibility disable
1329 set icmptype 128
1330 unset icmpcode
1331 next
1332 edit "MS-SQL"
1333 set category "VoIP, Messaging & Other Applications"
1334 set tcp-portrange 1433 1434
1335 next
1336 edit "MYSQL"
1337 set category "VoIP, Messaging & Other Applications"
1338 set tcp-portrange 3306
1339 next
1340 edit "RDP"
1341 set category "Remote Access"
1342 set tcp-portrange 3389
1343 next
1344 edit "VNC"
1345 set category "Remote Access"
1346 set tcp-portrange 5900
1347 next
1348 edit "DHCP6"
1349 set category "Network Services"
1350 set udp-portrange 546 547
1351 next
1352 edit "SQUID"
1353 set category "Tunneling"
1354 set tcp-portrange 3128
1355 next
1356 edit "SOCKS"
1357 set category "Tunneling"
1358 set tcp-portrange 1080
1359 set udp-portrange 1080
1360 next
1361 edit "WINS"
1362 set category "Remote Access"
1363 set tcp-portrange 1512
1364 set udp-portrange 1512
1365 next
1366 edit "RADIUS"
1367 set category "Authentication"
1368 set udp-portrange 1812 1813
1369 next
1370 edit "RADIUS-OLD"
1371 set visibility disable
1372 set udp-portrange 1645 1646
1373 next
1374 edit "CVSPSERVER"
1375 set visibility disable
1376 set tcp-portrange 2401
1377 set udp-portrange 2401
1378 next
1379 edit "AFS3"
1380 set category "File Access"
1381 set tcp-portrange 7000-7009
1382 set udp-portrange 7000-7009
1383 next
1384 edit "TRACEROUTE"
1385 set category "Network Services"
1386 set udp-portrange 33434-33535
1387 next
1388 edit "RTSP"
1389 set category "VoIP, Messaging & Other Applications"
1390 set tcp-portrange 554 7070 8554
1391 set udp-portrange 554
1392 next
1393 edit "MMS"
1394 set visibility disable
1395 set tcp-portrange 1755
1396 set udp-portrange 1024-5000
1397 next
1398 edit "KERBEROS"
1399 set category "Authentication"
1400 set tcp-portrange 88 464
1401 set udp-portrange 88 464
1402 next
1403 edit "LDAP_UDP"
1404 set category "Authentication"
1405 set udp-portrange 389
1406 next
1407 edit "SMB"
1408 set category "File Access"
1409 set tcp-portrange 445
1410 next
1411 edit "NONE"
1412 set visibility disable
1413 set tcp-portrange 0
1414 next
1415 edit "webproxy"
1416 set proxy enable
1417 set category "Web Proxy"
1418 set protocol ALL
1419 set tcp-portrange 0-65535:0-65535
1420 next
1421end
1422config firewall service group
1423 edit "Email Access"
1424 set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
1425 next
1426 edit "Web Access"
1427 set member "DNS" "HTTP" "HTTPS"
1428 next
1429 edit "Windows AD"
1430 set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
1431 next
1432 edit "Exchange Server"
1433 set member "DCE-RPC" "DNS" "HTTPS"
1434 next
1435end
1436config vpn certificate ca
1437end
1438config vpn certificate local
1439 edit "Fortinet_CA_SSL"
1440 set password ENC qVGj8Xd+OCkrDrIBn3DOYsb+PJPQ1LKr9J+bPGgp79z6ekvA406LYgMpwB1AsEFiKycFB3hRl8fIBEgcnsnOhbfkFJBDCAFCMpyC+jxXDhJDkYgEVQJB198vcKwYJKwOX2piPdi/q6Oa+rxfJdr68ZcgjUZlu4deczZuBJxqmQAXNZgQPA0YZC13EJ46ncG5oAaHgQ==
1441 set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
1442 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1443MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIw1notdRa36cCAggA
1444MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAVfg9hWziBRBIIBYGg6QZI6mE3F
1445xfIPhbr/NgGi+/T7RGivWeYLkGhfV9OR1d/KZtOC1MYkezJjzV+3AogJ46jiVejV
1446SF3PXre7Rt15iM6O4vANubnLS47yhkCOk3sgIYiBJ37bn3OpqUjDG170uo+YkHV6
1447Lz1jTHUAbhNub4xvNWEaOBHowjRHSeOFELLnxR8T4rSX6KHhzVQOfz45fDgqvWF0
1448H1mTwuq3CoarmGVcQMRi9G036qyANcpcpQ64hspCKBtVfH9pYycINcYpx1bkisQm
1449ikLLYzh7GaMbzoL5R/i/snuqrrrN258SNOafjHygLh6ub4d48hGvSs1h/jc2QN8b
1450tsuiVj2wXQnnKxzd7mtn00Wi4lwLt8vj1mzLrLoVLnIgmKYubZb34xz/qlL5pjzB
1451dqQozbFAYo7kAI7rRLZXU7kXGP+5jM71m7UeNqD5HHe0n0NydgZqP+jPCwj+9I/w
1452HHOQU5Vuox8=
1453-----END ENCRYPTED PRIVATE KEY-----"
1454 set certificate "-----BEGIN CERTIFICATE-----
1455MIICXDCCAgagAwIBAgIINV9bVNCGG78wDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
1456BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1457ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
1458dHkxGTAXBgNVBAMMEEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1
1459cHBvcnRAZm9ydGluZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAx
1460M1owgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
1461DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
1462Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkq
1463hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMFwwDQYJKoZIhvcNAQEBBQAD
1464SwAwSAJBAKPupHNHcqAR9rfd0hdrG+it/S14EeedPrTEEQJ38YrPcRDQYr20SgsL
1465sicwOc1YcoUCqDrI2UtZbPf+AZhno1MCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
1466BgkqhkiG9w0BAQsFAANBAApI53cI54BTdaagVIcwpsR7btsuvlZTVPHOEH6XVjU5
1467Y7za+9jP5kk5dqQu9teYu4992LA67ERMiP2OxdPE4H0=
1468-----END CERTIFICATE-----"
1469 set range global
1470 set source factory
1471 set last-updated 1582581014
1472 next
1473 edit "Fortinet_CA_Untrusted"
1474 set password ENC 1MUlL+WSVT6oSxGPsnyndomlLjquRTZQ2UPCKtXRw78enqHfS2iTtrf5DDhs7tDclcDUgpO9oKcmqTiQ4jRTgVIaJu0IsE/AFsFamOLBFBEqDvc4bH2OWbBilAyVPNd84l43NJ9kDzBHSQL5gwnnabIjV2Ycnh44XthqT2VlQd30QHRedFppzZUzUDeOMUrfAbMFpA==
1475 set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
1476 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1477MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIG9uRNzwsBmECAggA
1478MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBknGT7raMraBIIBYGp+mf5rERbp
1479rPjMfWZ02Bo9PODFRZ4pVfYNqa2ESiRDEgXLibFy0TJtmQa2oiV7pwGaGRJWNuhR
1480ZiVDVAfbr8WHvHHbsWUJyt0/jDZbuSDNU4E8WnCBndXC8ItaBuicN6wkkvfWrsJi
1481c5v20Oj+oBRddWI8EMp3D419ICNfFIsZL60kWSjDE41KtJ0elCiaTAQs++m/hWzk
1482Tt7HsaS+TfTlj/mx2Kkt948dJq6wH/OpWesAQjrUavQDOYF/4ZURZvjR6t3Fo9Az
1483JETwr5lKM5n0YMWLQ7TWyoULg/jJub1fN9yIFUoqtsqCdtby8tztc+vU9BWiFPso
1484Q1xD1Hqf5uh15mkZWQHedp+vuNhf6w0mCB88wtz1TQSyGtdIYzsKvG2bppMWZoLR
1485B+5Fpjm5t1GrhzbJ8iSqA/1zcw98ytQX8z1A+YDW3tosXvMHohiWav/IOTAM3ijU
1486SlU8i8ybGTQ=
1487-----END ENCRYPTED PRIVATE KEY-----"
1488 set certificate "-----BEGIN CERTIFICATE-----
1489MIICZjCCAhCgAwIBAgIIIF+6UNNe4qYwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
1490BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1491ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
1492dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
1493ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwMjI0MjE1MDEzWhcNMzAwMjI0
1494MjE1MDEzWjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
1495BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
1496cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
1497IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG
1498SIb3DQEBAQUAA0sAMEgCQQC4T0/b9vn42Gt6E6ARUW7T14uWuy48nYgzYZOS9SDc
1499zmZOaM4Ig0FigXgg3lMGFioR7fqXS1RGViJtDe836uvDAgMBAAGjEDAOMAwGA1Ud
1500EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQA4usG/kUf9/5C+Sz2/pqb16VUb0ymF
1501wbSGnHQjk4CTxmsIZ8ybdx5L2ELAcqM6VcqoSdXBZSLcjyFb4fg2+C1M
1502-----END CERTIFICATE-----"
1503 set range global
1504 set source factory
1505 set last-updated 1582581014
1506 next
1507 edit "Fortinet_SSL"
1508 set password ENC dJulCh/XL26f13uwpvTShxn8c8C+loe7xAnTI/A9DY31T+7c5vT1YX8I4fmaVlgseoEST15o4UsIJ81FxW/dKyJ4b9cAbhk2Sh8WXL/pqqZzCp1pOlhF/KMNL0mGGm2kQCXfBP4MmPw3peONJBQMPraadyFA9wn4D3Bouyheb6fK9UBez6Y/aMa+P0nbiBMfmjVsDQ==
1509 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1510 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1511MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeEFCota4SMICAggA
1512MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMLXpDpXH4pcBIIBYJaqAPiTmv6x
1513NqG3/33jRXwKxkVnTszLz7CuSD85nNfLo0nHNaTyoXX9RttyjYlWsLxGdrx/5qoY
1514ykEz64l83XmLNaraE/p23+kJ3rXfrrOZZi2dZ1dkaej+tJMQtOeDbPcOEdDMmvBI
1515QNkuNLzTxlbFCdpvLuZSY2xHDQOZV8akRqMdd7Img6xUgwHdH0c90TkEcM1iIvpC
1516J7GsoHncScWLanQhn/Ny1hBZ/mDaTtF8VYn/A0VAVrkGUOG6K9aE7ZSP671Wgg48
1517AaXO/3iLzqETc/IdjOejFWbHNtd1Gtky1zc1EfFWDlFOXLEHDEYjgOMtS8ZQZaTK
1518DAFcWPZcf7d4rO0qJCRc3oTUlGKO8Y8mOG3LlS0IMH8N2JfL2TYftXWbbVEYS5eM
1519j95SWXYQ4iU3a4hw6yor8jmP1lZMR1BftUYyu7FSUpqkZpCUW2e65STRV1ajGttY
1520Ymg6XBodGko=
1521-----END ENCRYPTED PRIVATE KEY-----"
1522 set certificate "-----BEGIN CERTIFICATE-----
1523MIICQTCCAeugAwIBAgIINB3oNygBTOIwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
1524BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1525ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1526EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1527ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
1528BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1529ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1530EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1531ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANzdx5xVQOBOjw1l5QGvUK0a
1532eya79hzmMxtXL7fFoVsyeHVdjPbIenRXVIwQF14/MZjX1n4I6RjX/AdAOb3oSQkC
1533AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAChW2PH4uqJwSbX5
1534mGHIp9hur+27IlbVliyL6XufGgYut6upMng1YBZVsbhogtblULTZs2fm8m0ViXSX
1535dF5ga9s=
1536-----END CERTIFICATE-----"
1537 set range global
1538 set source factory
1539 set last-updated 1582581014
1540 next
1541 edit "Fortinet_SSL_RSA1024"
1542 set password ENC 8DLHankv26c6DT8S2kcdDB3xwi2G7qc+MwD4l++eQc5uzAD4q73OyDFd8aQ9uyaXfmgc3zi243tkgT7y+J5pfRvpnqZJnIoZUR+4ZjDiBozGVCU80VSmv/UTdSiuN7hVGeRPxOZf/GYGCOSdMguuYfjDjTXxjsMbhPeKfVXQ32tqoe+uhij5qLFVr5q7UnQfH7IjTA==
1543 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1544 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1545MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsWOUvo/IbAoCAggA
1546MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDxWcahgIbH1BIIBYHwmvs2wvOpG
1547049frjzbcYZmQ9MUu7rZ3jVLuRZu+gqMBICeLIu8w2fSpHJviWvLTweCE4AwWQZ6
1548U/hCOoPqdsa8qJIzwILuYKDj2C4m1xnAdE3AepAPKVhye4zMV2eykiqIFm1tO55C
15498rLIMb9Vi/IT6bbFtgD739Ijty9v2PLLwuD2+xgkLfyIS35coe4Wv3aSkYdykheq
1550yP7PQ2oNlc0aMZ0IIn8EedQZXbejUma6YnBIHwvklXnG76knIfYhnpljKw9BtZ55
1551UnTVNRdrm4WVt/JM7FAa56KEm9KNOpU5tOCkIfOeWh7pe+c5zS+hM4OXej/2cZJM
15526mugCBR0i6kdG2U0uSBhxClUEt6cV9Z7Ody8CzICECRZLJA+7fLByKTvMHVDJrEy
1553w+hnHu3KW2FLNCTdmc2CxC7/2l6SP0rkAv6kSRiSqllLZ1pCXZ8VTK07WlimUC5z
1554qoIs5rnXWaI=
1555-----END ENCRYPTED PRIVATE KEY-----"
1556 set certificate "-----BEGIN CERTIFICATE-----
1557MIICQTCCAeugAwIBAgIITuU1BTAc8o0wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
1558BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1559ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1560EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1561ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
1562BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1563ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1564EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1565ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALS/Tyxy1AdFTSmESxnWuOP6
15667S2Ef36hfSfLaW+qTd0qmNR88WIOB3IHXSnCEKzBa//8h20T66ssaZ6W7VHZxhMC
1567AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBABSf3vjDIENYimJS
1568A2xLcknZrsIJArzEdku9T/ISPOKEp2gTDqHaMGTw3ezgYnXx5KqTADBwcVgEpen5
1569+bIHkk8=
1570-----END CERTIFICATE-----"
1571 set range global
1572 set source factory
1573 set last-updated 1582581014
1574 next
1575 edit "Fortinet_SSL_RSA2048"
1576 set password ENC jzKFKoZRSWrmbIk3LwWP+86uU91UwZ48QkyS4yh4XNgkaV4PFbVZV6AnEAPCdF8qHJIL4zl56JHihV30cOFe8oweF7iWso6YsPdY9C0zdia7SMEE5fCOA2YhNsiiL7jSFxTHDnrJAhN/EfxXiHOJ+W0ggHy8Rxyb7n1JyMeClM93lg7qVsa1z7HT9qC+gL2acN1vdw==
1577 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1578 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1579MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcnpWG5bGj2UCAggA
1580MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMJzA6t1IbiqBIIBYCsrw4fmiWOX
158185VUWtBdXK8/3YHr+sQhk5IZjv2YowKo6ZttqpNseijQMPdmmjkGnAWkcJAnA9lQ
1582U8H4MeEnA35ifg/AzIOr2Sp5gmDKIugZfMc9IVYVrfRy8QJ3pQXcAqIBhT+he6DF
1583OgPjGmcXHOo5UB6Kgc6urQ80JuZEftHL9h78j8sMwVBdSvxkEBv3a/G5Mwx7p8LT
1584ajpKZgX/jQB186yxAQub7mwVLDdpXSawES1D3IiKC4L+FfIvkkEST5hhFo8cY6jX
1585iEjArjdNmdyEx80le2onnmnAziR1kJ0GcNiwk570roBGHbMVkLJ7aOjmnGh+fcy6
1586nBtUrhmj8ONqErbNefD5w4cDcdgHAVkIjqofglZ0a7D+haE2v4PPqK20ocpLCf/B
15879PKX7dp0Gu9JJ0S6W4aa+/fJwvcopQ/4hduq8fP3q2pq5rBbi6j72Rsrxsh/L/jb
1588EYe1ZqAF43U=
1589-----END ENCRYPTED PRIVATE KEY-----"
1590 set certificate "-----BEGIN CERTIFICATE-----
1591MIICQTCCAeugAwIBAgIIX8a3Eudj3eMwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
1592BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1593ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1594EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1595ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
1596BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1597ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1598EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1599ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOTcsUQKWfGyBUMolj+1uB/6
1600tHzmBirJ5EE5U3lfkIj7V8fK8U6yGjcUIazYd7tzMJr2I7nOX+m0x1bRXOYzUZcC
1601AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAGd/1czqXin81ui/
16027rBNlfX09KEmBPzBM2HoyDNOTkBoON8iRUnIi/+LTJIhxoi9KsI3hQQoZKbkv2Kg
1603pfrOeto=
1604-----END CERTIFICATE-----"
1605 set range global
1606 set source factory
1607 set last-updated 1582581014
1608 next
1609 edit "Fortinet_SSL_DSA1024"
1610 set password ENC V6Q3eSmPMiSFb0Mc0Q7vUb3kPK11LQfknZnjzdjGmfSSKZhR8gVL6i28d42iO/nPOeD7l3RO6FVGGFkPDzSLqdI/TpvwZLMJ9hkFYC9gCZqurJmMMuEl/Ra8HBkq3rINNrU9S2rCLp9L9JpOj56APlR1ydbel3sW+i7MLSCpSpRvypGh8oz35Rv+eC0WdU85VpQ7aA==
1611 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1612 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1613MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJqervJdp5RwCAggA
1614MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLZoqvb4POo9BIHQwyJwkQfpgVSR
1615hka189ZLquE7GDRa420CkeHCIeWMKaimWxeXD8+xLCCzdQL0bRMTKWWcUfWnP4RK
1616VDZ9ydsjtvV73a1JpzzMEAVNWbrHF5/+FuJ484bavm/nYP0vc6NI+Wop50k49Zzi
1617GD9wlNW+H2S844ow5x6VPaFENbz7KA0/YII5rKW7qPDLP9ohPOWKsGYS+0K5R+2G
1618AR0sInEThVynoQSepcwhCbSxTeIua/SpGVglmm5+NzajYnhmvvBaLlQbjZcXfvz4
1619WpC2UGzouA==
1620-----END ENCRYPTED PRIVATE KEY-----"
1621 set certificate "-----BEGIN CERTIFICATE-----
1622MIICwDCCAn6gAwIBAgIIO81eT0Y0brAwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
1623EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1624DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1625R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1626LmNvbTAeFw0yMDAyMjQyMTUwMTNaFw0zMDAyMjQyMTUwMTNaMIGdMQswCQYDVQQG
1627EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1628DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1629R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1630LmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJsIjdORkGk89t/EMmKQFxfXKGp+nRPA
163143u8D5SznBW9OHYEaRsvqJy2nxjPHuP4ChdrT45/Rfqy+6SWgKXgaw0CFQDt6niL
1632xAELeken+esco8pbcHxaXwJAFgzYwHv63iMLn5Gb7IUPq5a2T6kwZ0uiJjn7TIv9
1633hf4oXnLC8xBeAYqypjofobt9e5dOfgS8muRRBeUBSR0yjANDAAJAaPKC/Ckdkm8y
1634t8L+psXLc+Pu+kDSmOhk0hcFTVczUWiDbd8NJ4mPewRbnLAzmN2BNr+V97ZNuCME
1635LW6EozuucaMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDLwAwLAIUDQ41rMtx
1636/JLPydVFgyBWmUeEKr8CFDboeVsi62alnjK8ce82UtdHdKrw
1637-----END CERTIFICATE-----"
1638 set range global
1639 set source factory
1640 set last-updated 1582581014
1641 next
1642 edit "Fortinet_SSL_DSA2048"
1643 set password ENC mTYtePOB/xSsZ4sOspAaPxiCxtb60V1gGjRCkBNWwfh4SNQWnLbSeZqbTBfamCnFzi5cWH5h+MBeTVv5cepLx85JQX/Ilv4FTNFh1404ItMIjj2SgYnhkOYlXlFIV1JIafQWDq7zReXmdAaInoXPf74OuUn01N6R6avBJ39D1C6NgS36UpLB3i/LoKzJxx3PUUr1aw==
1644 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1645 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1646MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeNGLDtmtzXgCAggA
1647MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAE8F2KwvuzwBIHQ+mhmgjOJkrri
1648bYbR4K8b0aWdX0K6r0s2iZDuVK9YVChTkzbZQqe8uEEwVfDG6rugpiIkFr2js66y
1649cLItZHRPDixq5wBZTizmQbRvnbiKcO/EZJx6eQajAvkQFb0mUmENCPXfNX2AwkZ0
1650bNjI1dtPzpZ2OqJn2A6AhvY33/BIKELGXUEHtxOG+bmNKMrHtD4xjEkX7yGcFsWg
1651yQC3IwSAheV37+6UHNhNbWj+kA////1NnXvnCcZBQhatPV3Ccs3jx76VkaWn+366
165218MSQCx2UQ==
1653-----END ENCRYPTED PRIVATE KEY-----"
1654 set certificate "-----BEGIN CERTIFICATE-----
1655MIICxDCCAoCgAwIBAgIIZT00B2DTjGgwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
1656EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1657DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1658R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1659LmNvbTAeFw0yMDAyMjQyMTUwMTNaFw0zMDAyMjQyMTUwMTNaMIGdMQswCQYDVQQG
1660EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1661DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1662R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1663LmNvbTCB8jCBqQYHKoZIzjgEATCBnQJBANBLRl5vxi6xLwhr/73tuUJnikffIpWl
1664ghnqo4oTJe6JdL/JuuprQG5e1NgVPhveo5orP0pyVXfnZTj2h0cW6aMCFQDdQaID
1665lzWvqo5YsyI4VLpDKRKaKwJBAK4IBqcjeEn2sVYy4bCru6vz6DGi+27MMRlwwLes
1666sEdx2OYMfKGFLISO8mY+S2rJITOx6364f7ETBKYGpb4BlwcDRAACQQCD9vMaF+KU
1667/Os5UCCn5WLBCVyU/IPygiLj6poM3JS6LWHqh2lqc9TOEokABU+9z9ZmsvooOJaM
1668sJ1wO1MKE29yow0wCzAJBgNVHRMEAjAAMAsGCWCGSAFlAwQDAgMxADAuAhUAhuk4
1669xSLoqFO2+8f3J9WFEUNe82ACFQCfBQ6tkxDmdf9UPhcihr8AXNvC9Q==
1670-----END CERTIFICATE-----"
1671 set range global
1672 set source factory
1673 set last-updated 1582581014
1674 next
1675 edit "Fortinet_SSL_ECDSA256"
1676 set password ENC npT1uUJyYYIEnWQ+G4PFPGLXMGufbq3haH1Lt5mDuFzOe+dLrVB19unkzGFy2A4ZQuvTFSX0oh4k3ElMH3r6WB6P9v47OcCBN5Y88VggLprS1KFKfl/Mzx5e+8oTFOpNpvAejg8rNjEMGqDwmbv6nMWgFS8tR3w1FZCwBxLtqO2incLn6OUP4T7kmBbiikdRjHGbrw==
1677 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1678 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1679MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAipDE+PNyBoWAICCAAw
1680DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkfgqatkjNmIEgZDWlXska/YJHQR7
1681WYUQ8G3wTA3qFxdImM9ssyaWtNyxtchggrIeJOqbHC64t136RJkN27SCfNYW9Wv5
16824qyzdkfc+xSY8qGPWjSoi7OCUh08/WrDAnT0hN7PokWmVmcvX5ndwbSjjHdPJi92
1683sdFe0jnrKxVSZ1oPK+xoNa5Z26UsmfMUX0y2Cb62+TGQ64C5xUM=
1684-----END ENCRYPTED PRIVATE KEY-----"
1685 set certificate "-----BEGIN CERTIFICATE-----
1686MIICPjCCAeWgAwIBAgIICVS/9sw0RT8wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
1687AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1688BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1689Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1690Y29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNVBAYT
1691AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1692BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1693Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1694Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEi9LBJPxIL5BIMgrdpV5JnbkL
1695Y+sr/+gob43515vMBLFxUJsdJyqjOAdmnqMAav9yqWvEs1DecXGAKwO9XAnRbqMN
1696MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNHADBEAiANqG1ivrfBdT2vI8F4+n2E
1697gGqnowqzoDHg313WN9CqAQIgd98CXMxlaMCipPn/3Fw2VqInng94qkVYlNGOeye/
1698Z0g=
1699-----END CERTIFICATE-----"
1700 set range global
1701 set source factory
1702 set last-updated 1582581014
1703 next
1704 edit "Fortinet_SSL_ECDSA384"
1705 set password ENC pdOIryXKo2gLCdz1OTau2BOZmrLAHEI+FslpbUS49Ou3etS0pSW8jVPiXQ/HC2dhsfGvdE4AsfgywzTI/JaBOEREF/jvxtgmW/AOnHR7poon2HTGTN2mQyExpK/AdrYrKPqE7rQmZYM2yuM3cd0a2OxmKhtwP/NXfe8KswkdY40P4RuBidOfSBFNjziDXYqNLeWhaw==
1706 set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1707 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1708MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIyygrzo6X4VoCAggA
1709MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGeRdGqh2rUFBIHAcpRgzDXaA0Aq
1710uVm265u64DM03P9xOPmqWuUFM7xpLHiaYs5oDab7Cc0XhMP1HNFu2U8+LS+Vx/GL
1711kjPiYCybSOSM6WiXe/ox7CE05vAJbtrOTJWlHELxWI64NbEHlizWIwvvcQYotMOa
1712+4/ZBgTVwMPbEIVFfRoEZZXnwB6I91du0K8uTLolWpibFJ+jrJpVN+x4hBuNF/OC
1713hG+d+hZpeKWqNP0fcesN0LgdjJj3BrfID8YbLBRhKiwDlhnMrRLl
1714-----END ENCRYPTED PRIVATE KEY-----"
1715 set certificate "-----BEGIN CERTIFICATE-----
1716MIICfTCCAgKgAwIBAgIIZmRZ1535awIwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
1717AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1718BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1719Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1720Y29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNVBAYT
1721AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1722BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1723Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1724Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7dTElGm8XDrFGWrylY1ty2c211BB
1725hYcUoI+iWHzB7MUCETu+aH3+3Iw4LRTvlY0gRO5muAXHLJbP0X/Vrzk8r09PMBlf
17266tVGFf6a1fFQvOdtbN9ot/q99df8rg72043mow0wCzAJBgNVHRMEAjAAMAoGCCqG
1727SM49BAMCA2kAMGYCMQDT9MaoRQmpYnvWP0EaHtCE6bKG+Z8A3lhS0r4R1WzExV21
1728OmzKf2zrVhaR8+J8uTACMQC4WPR1Nisl6egolX1GQnL4ewQ+m253HyOuOg6YySjw
17297rRTWNVF9HwLs6yduDvkovY=
1730-----END CERTIFICATE-----"
1731 set range global
1732 set source factory
1733 set last-updated 1582581014
1734 next
1735end
1736config webfilter ftgd-local-cat
1737 edit "custom1"
1738 set id 140
1739 next
1740 edit "custom2"
1741 set id 141
1742 next
1743end
1744config ips sensor
1745 edit "default"
1746 set comment "Prevent critical attacks."
1747 config entries
1748 edit 1
1749 set severity medium high critical
1750 next
1751 end
1752 next
1753 edit "sniffer-profile"
1754 set comment "Monitor IPS attacks."
1755 config entries
1756 edit 1
1757 set severity medium high critical
1758 next
1759 end
1760 next
1761 edit "wifi-default"
1762 set comment "Default configuration for offloading WiFi traffic."
1763 config entries
1764 edit 1
1765 set severity medium high critical
1766 next
1767 end
1768 next
1769 edit "all_default"
1770 set comment "All predefined signatures with default setting."
1771 config entries
1772 edit 1
1773 next
1774 end
1775 next
1776 edit "all_default_pass"
1777 set comment "All predefined signatures with PASS action."
1778 config entries
1779 edit 1
1780 set action pass
1781 next
1782 end
1783 next
1784 edit "protect_http_server"
1785 set comment "Protect against HTTP server-side vulnerabilities."
1786 config entries
1787 edit 1
1788 set location server
1789 set protocol HTTP
1790 next
1791 end
1792 next
1793 edit "protect_email_server"
1794 set comment "Protect against email server-side vulnerabilities."
1795 config entries
1796 edit 1
1797 set location server
1798 set protocol SMTP POP3 IMAP
1799 next
1800 end
1801 next
1802 edit "protect_client"
1803 set comment "Protect against client-side vulnerabilities."
1804 config entries
1805 edit 1
1806 set location client
1807 next
1808 end
1809 next
1810 edit "high_security"
1811 set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
1812 set block-malicious-url enable
1813 config entries
1814 edit 1
1815 set severity medium high critical
1816 set status enable
1817 set action block
1818 next
1819 edit 2
1820 set severity low
1821 next
1822 end
1823 next
1824end
1825config firewall shaper traffic-shaper
1826 edit "high-priority"
1827 set maximum-bandwidth 1048576
1828 set per-policy enable
1829 next
1830 edit "medium-priority"
1831 set maximum-bandwidth 1048576
1832 set priority medium
1833 set per-policy enable
1834 next
1835 edit "low-priority"
1836 set maximum-bandwidth 1048576
1837 set priority low
1838 set per-policy enable
1839 next
1840 edit "guarantee-100kbps"
1841 set guaranteed-bandwidth 100
1842 set maximum-bandwidth 1048576
1843 set per-policy enable
1844 next
1845 edit "shared-1M-pipe"
1846 set maximum-bandwidth 1024
1847 next
1848end
1849config web-proxy global
1850 set proxy-fqdn "default.fqdn"
1851end
1852config application list
1853 edit "default"
1854 set comment "Monitor all applications."
1855 config entries
1856 edit 1
1857 set action pass
1858 next
1859 end
1860 next
1861 edit "sniffer-profile"
1862 set comment "Monitor all applications."
1863 unset options
1864 config entries
1865 edit 1
1866 set action pass
1867 next
1868 end
1869 next
1870 edit "wifi-default"
1871 set comment "Default configuration for offloading WiFi traffic."
1872 set deep-app-inspection disable
1873 config entries
1874 edit 1
1875 set action pass
1876 set log disable
1877 next
1878 end
1879 next
1880 edit "block-high-risk"
1881 config entries
1882 edit 1
1883 set category 2 6
1884 next
1885 edit 2
1886 set action pass
1887 next
1888 end
1889 next
1890end
1891config dlp filepattern
1892 edit 1
1893 set name "builtin-patterns"
1894 config entries
1895 edit "*.bat"
1896 next
1897 edit "*.com"
1898 next
1899 edit "*.dll"
1900 next
1901 edit "*.doc"
1902 next
1903 edit "*.exe"
1904 next
1905 edit "*.gz"
1906 next
1907 edit "*.hta"
1908 next
1909 edit "*.ppt"
1910 next
1911 edit "*.rar"
1912 next
1913 edit "*.scr"
1914 next
1915 edit "*.tar"
1916 next
1917 edit "*.tgz"
1918 next
1919 edit "*.vb?"
1920 next
1921 edit "*.wps"
1922 next
1923 edit "*.xl?"
1924 next
1925 edit "*.zip"
1926 next
1927 edit "*.pif"
1928 next
1929 edit "*.cpl"
1930 next
1931 end
1932 next
1933 edit 2
1934 set name "all_executables"
1935 config entries
1936 edit "bat"
1937 set filter-type type
1938 set file-type bat
1939 next
1940 edit "exe"
1941 set filter-type type
1942 set file-type exe
1943 next
1944 edit "elf"
1945 set filter-type type
1946 set file-type elf
1947 next
1948 edit "hta"
1949 set filter-type type
1950 set file-type hta
1951 next
1952 end
1953 next
1954end
1955config dlp sensitivity
1956 edit "Private"
1957 next
1958 edit "Critical"
1959 next
1960 edit "Warning"
1961 next
1962end
1963config dlp sensor
1964 edit "default"
1965 set comment "Default sensor."
1966 next
1967 edit "sniffer-profile"
1968 set comment "Log a summary of email and web traffic."
1969 set summary-proto smtp pop3 imap http-get http-post
1970 next
1971end
1972config webfilter ips-urlfilter-setting
1973end
1974config webfilter ips-urlfilter-setting6
1975end
1976config log threat-weight
1977 config web
1978 edit 1
1979 set category 26
1980 set level high
1981 next
1982 edit 2
1983 set category 61
1984 set level high
1985 next
1986 edit 3
1987 set category 86
1988 set level high
1989 next
1990 edit 4
1991 set category 1
1992 set level medium
1993 next
1994 edit 5
1995 set category 3
1996 set level medium
1997 next
1998 edit 6
1999 set category 4
2000 set level medium
2001 next
2002 edit 7
2003 set category 5
2004 set level medium
2005 next
2006 edit 8
2007 set category 6
2008 set level medium
2009 next
2010 edit 9
2011 set category 12
2012 set level medium
2013 next
2014 edit 10
2015 set category 59
2016 set level medium
2017 next
2018 edit 11
2019 set category 62
2020 set level medium
2021 next
2022 edit 12
2023 set category 83
2024 set level medium
2025 next
2026 edit 13
2027 set category 72
2028 next
2029 edit 14
2030 set category 14
2031 next
2032 end
2033 config application
2034 edit 1
2035 set category 2
2036 next
2037 edit 2
2038 set category 6
2039 set level medium
2040 next
2041 end
2042end
2043config icap profile
2044 edit "default"
2045 config icap-headers
2046 edit 1
2047 set name "X-Authenticated-User"
2048 set content "$user"
2049 next
2050 edit 2
2051 set name "X-Authenticated-Groups"
2052 set content "$local_grp"
2053 next
2054 end
2055 next
2056end
2057config user local
2058 edit "guest"
2059 set type password
2060 set passwd ENC 2rP7WdqHNrjaDruCFq9mvKeWQmazhD27AEhI/ip+eOFQDZXRKQZO/V4W1oo82trcBw3EG3j0G6eeldBYAgEflaGXYuD8IoDh//mVH8NUAhg31bSIol2q0DS97Wh1bLouGZq+cRSwWLIff7A9VNtWcO7cToVVyjcuH3FSRDXVq+Acx+o0lkx+4OEMHIYx99Keu1BURQ==
2061 next
2062end
2063config user setting
2064 set auth-cert "Fortinet_Factory"
2065end
2066config user group
2067 edit "SSO_Guest_Users"
2068 next
2069 edit "Guest-group"
2070 set member "guest"
2071 next
2072end
2073config vpn ssl web host-check-software
2074 edit "FortiClient-AV"
2075 set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
2076 next
2077 edit "FortiClient-FW"
2078 set type fw
2079 set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
2080 next
2081 edit "FortiClient-AV-Vista"
2082 set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
2083 next
2084 edit "FortiClient-FW-Vista"
2085 set type fw
2086 set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
2087 next
2088 edit "FortiClient-AV-Win7"
2089 set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
2090 next
2091 edit "AVG-Internet-Security-AV"
2092 set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
2093 next
2094 edit "AVG-Internet-Security-FW"
2095 set type fw
2096 set guid "8DECF618-9569-4340-B34A-D78D28969B66"
2097 next
2098 edit "AVG-Internet-Security-AV-Vista-Win7"
2099 set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
2100 next
2101 edit "AVG-Internet-Security-FW-Vista-Win7"
2102 set type fw
2103 set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
2104 next
2105 edit "CA-Anti-Virus"
2106 set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
2107 next
2108 edit "CA-Internet-Security-AV"
2109 set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
2110 next
2111 edit "CA-Internet-Security-FW"
2112 set type fw
2113 set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
2114 next
2115 edit "CA-Internet-Security-AV-Vista-Win7"
2116 set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
2117 next
2118 edit "CA-Internet-Security-FW-Vista-Win7"
2119 set type fw
2120 set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
2121 next
2122 edit "CA-Personal-Firewall"
2123 set type fw
2124 set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
2125 next
2126 edit "F-Secure-Internet-Security-AV"
2127 set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
2128 next
2129 edit "F-Secure-Internet-Security-FW"
2130 set type fw
2131 set guid "D4747503-0346-49EB-9262-997542F79BF4"
2132 next
2133 edit "F-Secure-Internet-Security-AV-Vista-Win7"
2134 set guid "15414183-282E-D62C-CA37-EF24860A2F17"
2135 next
2136 edit "F-Secure-Internet-Security-FW-Vista-Win7"
2137 set type fw
2138 set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
2139 next
2140 edit "Kaspersky-AV"
2141 set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
2142 next
2143 edit "Kaspersky-FW"
2144 set type fw
2145 set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
2146 next
2147 edit "Kaspersky-AV-Vista-Win7"
2148 set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
2149 next
2150 edit "Kaspersky-FW-Vista-Win7"
2151 set type fw
2152 set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
2153 next
2154 edit "McAfee-Internet-Security-Suite-AV"
2155 set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
2156 next
2157 edit "McAfee-Internet-Security-Suite-FW"
2158 set type fw
2159 set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
2160 next
2161 edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
2162 set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
2163 next
2164 edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
2165 set type fw
2166 set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
2167 next
2168 edit "McAfee-Virus-Scan-Enterprise"
2169 set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
2170 next
2171 edit "Norton-360-2.0-AV"
2172 set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
2173 next
2174 edit "Norton-360-2.0-FW"
2175 set type fw
2176 set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
2177 next
2178 edit "Norton-360-3.0-AV"
2179 set guid "E10A9785-9598-4754-B552-92431C1C35F8"
2180 next
2181 edit "Norton-360-3.0-FW"
2182 set type fw
2183 set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
2184 next
2185 edit "Norton-Internet-Security-AV"
2186 set guid "E10A9785-9598-4754-B552-92431C1C35F8"
2187 next
2188 edit "Norton-Internet-Security-FW"
2189 set type fw
2190 set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
2191 next
2192 edit "Norton-Internet-Security-AV-Vista-Win7"
2193 set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
2194 next
2195 edit "Norton-Internet-Security-FW-Vista-Win7"
2196 set type fw
2197 set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
2198 next
2199 edit "Symantec-Endpoint-Protection-AV"
2200 set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
2201 next
2202 edit "Symantec-Endpoint-Protection-FW"
2203 set type fw
2204 set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
2205 next
2206 edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
2207 set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
2208 next
2209 edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
2210 set type fw
2211 set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
2212 next
2213 edit "Panda-Antivirus+Firewall-2008-AV"
2214 set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
2215 next
2216 edit "Panda-Antivirus+Firewall-2008-FW"
2217 set type fw
2218 set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
2219 next
2220 edit "Panda-Internet-Security-AV"
2221 set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
2222 next
2223 edit "Panda-Internet-Security-2006~2007-FW"
2224 set type fw
2225 set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
2226 next
2227 edit "Panda-Internet-Security-2008~2009-FW"
2228 set type fw
2229 set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
2230 next
2231 edit "Sophos-Anti-Virus"
2232 set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
2233 next
2234 edit "Sophos-Enpoint-Secuirty-and-Control-FW"
2235 set type fw
2236 set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
2237 next
2238 edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
2239 set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
2240 next
2241 edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
2242 set type fw
2243 set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
2244 next
2245 edit "Trend-Micro-AV"
2246 set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
2247 next
2248 edit "Trend-Micro-FW"
2249 set type fw
2250 set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
2251 next
2252 edit "Trend-Micro-AV-Vista-Win7"
2253 set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
2254 next
2255 edit "Trend-Micro-FW-Vista-Win7"
2256 set type fw
2257 set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
2258 next
2259 edit "ZoneAlarm-AV"
2260 set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
2261 next
2262 edit "ZoneAlarm-FW"
2263 set type fw
2264 set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
2265 next
2266 edit "ZoneAlarm-AV-Vista-Win7"
2267 set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
2268 next
2269 edit "ZoneAlarm-FW-Vista-Win7"
2270 set type fw
2271 set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
2272 next
2273 edit "ESET-Smart-Security-AV"
2274 set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
2275 next
2276 edit "ESET-Smart-Security-FW"
2277 set type fw
2278 set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
2279 next
2280end
2281config vpn ssl web portal
2282 edit "full-access"
2283 set tunnel-mode enable
2284 set ipv6-tunnel-mode enable
2285 set web-mode enable
2286 set ip-pools "SSLVPN_TUNNEL_ADDR1"
2287 set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
2288 next
2289end
2290config vpn ssl settings
2291 set servercert "self-sign"
2292 set port 443
2293end
2294config voip profile
2295 edit "default"
2296 set comment "Default VoIP profile."
2297 next
2298 edit "strict"
2299 config sip
2300 set malformed-request-line discard
2301 set malformed-header-via discard
2302 set malformed-header-from discard
2303 set malformed-header-to discard
2304 set malformed-header-call-id discard
2305 set malformed-header-cseq discard
2306 set malformed-header-rack discard
2307 set malformed-header-rseq discard
2308 set malformed-header-contact discard
2309 set malformed-header-record-route discard
2310 set malformed-header-route discard
2311 set malformed-header-expires discard
2312 set malformed-header-content-type discard
2313 set malformed-header-content-length discard
2314 set malformed-header-max-forwards discard
2315 set malformed-header-allow discard
2316 set malformed-header-p-asserted-identity discard
2317 set malformed-header-sdp-v discard
2318 set malformed-header-sdp-o discard
2319 set malformed-header-sdp-s discard
2320 set malformed-header-sdp-i discard
2321 set malformed-header-sdp-c discard
2322 set malformed-header-sdp-b discard
2323 set malformed-header-sdp-z discard
2324 set malformed-header-sdp-k discard
2325 set malformed-header-sdp-a discard
2326 set malformed-header-sdp-t discard
2327 set malformed-header-sdp-r discard
2328 set malformed-header-sdp-m discard
2329 end
2330 next
2331end
2332config vpn ipsec phase1-interface
2333 edit "toDC-CURITIBA"
2334 set interface "port1"
2335 set peertype any
2336 set net-device enable
2337 set proposal des-sha256
2338 set nattraversal disable
2339 set remote-gw 10.1.2.2
2340 set psksecret ENC N+KxRL1BLtuISx2IPHN5NM/ipKLXKae5eMjVx/+q4sKLGnf+hxvnmp+rZFqxa7PdnXfvqXx+PTdnuP3VT3vE9aqR4RQBVwue+/EFS+DWIJxoP75zMllJAW1MvLO1vt6jFuZXzah8SUCDr96+wdS1ceMLq3eHGq3+hWftCUeMBDTs0THL48RKpHdY66a3W+tJcve2fw==
2341 next
2342 edit "toDC-CTA-TERR"
2343 set interface "port2"
2344 set peertype any
2345 set net-device enable
2346 set proposal des-sha256
2347 set nattraversal disable
2348 set remote-gw 10.44.112.33
2349 set psksecret ENC hjD5frclY1GmUkLLV8u9ARJljccM2GYSBoYKcp/SJuxuRuVoXCtEqKHmQI8K8og/Mb6JjgM5zs/CJiYjvhfW8EwEc7K31VWFiN7TLeUOaFRVXHUMJpYRBwgLV4Qsu1nmRxkU7ur3htSGCq46idaYWS38zcdmFTiGdMn9shPqs0v0owWLAvqAGKsamxf3eRSo0Nu6VQ==
2350 next
2351end
2352config vpn ipsec phase2-interface
2353 edit "toDC-CURITIBA"
2354 set phase1name "toDC-CURITIBA"
2355 set proposal des-md5 des-sha1
2356 next
2357 edit "toDC-CTA-TERR"
2358 set phase1name "toDC-CTA-TERR"
2359 set proposal des-md5 des-sha1
2360 next
2361end
2362config dnsfilter profile
2363 edit "default"
2364 set comment "Default dns filtering."
2365 config ftgd-dns
2366 config filters
2367 edit 1
2368 set category 2
2369 next
2370 edit 2
2371 set category 7
2372 next
2373 edit 3
2374 set category 8
2375 next
2376 edit 4
2377 set category 9
2378 next
2379 edit 5
2380 set category 11
2381 next
2382 edit 6
2383 set category 12
2384 next
2385 edit 7
2386 set category 13
2387 next
2388 edit 8
2389 set category 14
2390 next
2391 edit 9
2392 set category 15
2393 next
2394 edit 10
2395 set category 16
2396 next
2397 edit 11
2398 next
2399 edit 12
2400 set category 57
2401 next
2402 edit 13
2403 set category 63
2404 next
2405 edit 14
2406 set category 64
2407 next
2408 edit 15
2409 set category 65
2410 next
2411 edit 16
2412 set category 66
2413 next
2414 edit 17
2415 set category 67
2416 next
2417 edit 18
2418 set category 26
2419 set action block
2420 next
2421 edit 19
2422 set category 61
2423 set action block
2424 next
2425 edit 20
2426 set category 86
2427 set action block
2428 next
2429 edit 21
2430 set category 88
2431 set action block
2432 next
2433 edit 22
2434 set category 90
2435 set action block
2436 next
2437 edit 23
2438 set category 91
2439 set action block
2440 next
2441 end
2442 end
2443 set block-botnet enable
2444 next
2445end
2446config antivirus settings
2447 set grayware enable
2448end
2449config antivirus profile
2450 edit "default"
2451 set comment "Scan files and block viruses."
2452 config http
2453 set options scan
2454 end
2455 config ftp
2456 set options scan
2457 end
2458 config imap
2459 set options scan
2460 set executables virus
2461 end
2462 config pop3
2463 set options scan
2464 set executables virus
2465 end
2466 config smtp
2467 set options scan
2468 set executables virus
2469 end
2470 next
2471 edit "sniffer-profile"
2472 set comment "Scan files and monitor viruses."
2473 config http
2474 set options scan
2475 end
2476 config ftp
2477 set options scan
2478 end
2479 config imap
2480 set options scan
2481 set executables virus
2482 end
2483 config pop3
2484 set options scan
2485 set executables virus
2486 end
2487 config smtp
2488 set options scan
2489 set executables virus
2490 end
2491 next
2492 edit "wifi-default"
2493 set comment "Default configuration for offloading WiFi traffic."
2494 config http
2495 set options scan
2496 end
2497 config ftp
2498 set options scan
2499 end
2500 config imap
2501 set options scan
2502 set executables virus
2503 end
2504 config pop3
2505 set options scan
2506 set executables virus
2507 end
2508 config smtp
2509 set options scan
2510 set executables virus
2511 end
2512 next
2513end
2514config webfilter profile
2515 edit "default"
2516 set comment "Default web filtering."
2517 config ftgd-wf
2518 unset options
2519 config filters
2520 edit 1
2521 set action block
2522 next
2523 edit 2
2524 set category 2
2525 set action block
2526 next
2527 edit 3
2528 set category 7
2529 set action block
2530 next
2531 edit 4
2532 set category 8
2533 set action block
2534 next
2535 edit 5
2536 set category 9
2537 set action block
2538 next
2539 edit 6
2540 set category 11
2541 set action block
2542 next
2543 edit 7
2544 set category 12
2545 set action block
2546 next
2547 edit 8
2548 set category 13
2549 set action block
2550 next
2551 edit 9
2552 set category 14
2553 set action block
2554 next
2555 edit 10
2556 set category 15
2557 set action block
2558 next
2559 edit 11
2560 set category 16
2561 set action block
2562 next
2563 edit 12
2564 set category 26
2565 set action block
2566 next
2567 edit 13
2568 set category 57
2569 set action block
2570 next
2571 edit 14
2572 set category 61
2573 set action block
2574 next
2575 edit 15
2576 set category 63
2577 set action block
2578 next
2579 edit 16
2580 set category 64
2581 set action block
2582 next
2583 edit 17
2584 set category 65
2585 set action block
2586 next
2587 edit 18
2588 set category 66
2589 set action block
2590 next
2591 edit 19
2592 set category 67
2593 set action block
2594 next
2595 edit 20
2596 set category 86
2597 set action block
2598 next
2599 edit 21
2600 set category 88
2601 set action block
2602 next
2603 edit 22
2604 set category 90
2605 set action block
2606 next
2607 edit 23
2608 set category 91
2609 set action block
2610 next
2611 end
2612 end
2613 next
2614 edit "sniffer-profile"
2615 set comment "Monitor web traffic."
2616 config ftgd-wf
2617 config filters
2618 edit 1
2619 next
2620 edit 2
2621 set category 1
2622 next
2623 edit 3
2624 set category 2
2625 next
2626 edit 4
2627 set category 3
2628 next
2629 edit 5
2630 set category 4
2631 next
2632 edit 6
2633 set category 5
2634 next
2635 edit 7
2636 set category 6
2637 next
2638 edit 8
2639 set category 7
2640 next
2641 edit 9
2642 set category 8
2643 next
2644 edit 10
2645 set category 9
2646 next
2647 edit 11
2648 set category 11
2649 next
2650 edit 12
2651 set category 12
2652 next
2653 edit 13
2654 set category 13
2655 next
2656 edit 14
2657 set category 14
2658 next
2659 edit 15
2660 set category 15
2661 next
2662 edit 16
2663 set category 16
2664 next
2665 edit 17
2666 set category 17
2667 next
2668 edit 18
2669 set category 18
2670 next
2671 edit 19
2672 set category 19
2673 next
2674 edit 20
2675 set category 20
2676 next
2677 edit 21
2678 set category 23
2679 next
2680 edit 22
2681 set category 24
2682 next
2683 edit 23
2684 set category 25
2685 next
2686 edit 24
2687 set category 26
2688 next
2689 edit 25
2690 set category 28
2691 next
2692 edit 26
2693 set category 29
2694 next
2695 edit 27
2696 set category 30
2697 next
2698 edit 28
2699 set category 31
2700 next
2701 edit 29
2702 set category 33
2703 next
2704 edit 30
2705 set category 34
2706 next
2707 edit 31
2708 set category 35
2709 next
2710 edit 32
2711 set category 36
2712 next
2713 edit 33
2714 set category 37
2715 next
2716 edit 34
2717 set category 38
2718 next
2719 edit 35
2720 set category 39
2721 next
2722 edit 36
2723 set category 40
2724 next
2725 edit 37
2726 set category 41
2727 next
2728 edit 38
2729 set category 42
2730 next
2731 edit 39
2732 set category 43
2733 next
2734 edit 40
2735 set category 44
2736 next
2737 edit 41
2738 set category 46
2739 next
2740 edit 42
2741 set category 47
2742 next
2743 edit 43
2744 set category 48
2745 next
2746 edit 44
2747 set category 49
2748 next
2749 edit 45
2750 set category 50
2751 next
2752 edit 46
2753 set category 51
2754 next
2755 edit 47
2756 set category 52
2757 next
2758 edit 48
2759 set category 53
2760 next
2761 edit 49
2762 set category 54
2763 next
2764 edit 50
2765 set category 55
2766 next
2767 edit 51
2768 set category 56
2769 next
2770 edit 52
2771 set category 57
2772 next
2773 edit 53
2774 set category 58
2775 next
2776 edit 54
2777 set category 59
2778 next
2779 edit 55
2780 set category 61
2781 next
2782 edit 56
2783 set category 62
2784 next
2785 edit 57
2786 set category 63
2787 next
2788 edit 58
2789 set category 64
2790 next
2791 edit 59
2792 set category 65
2793 next
2794 edit 60
2795 set category 66
2796 next
2797 edit 61
2798 set category 67
2799 next
2800 edit 62
2801 set category 68
2802 next
2803 edit 63
2804 set category 69
2805 next
2806 edit 64
2807 set category 70
2808 next
2809 edit 65
2810 set category 71
2811 next
2812 edit 66
2813 set category 72
2814 next
2815 edit 67
2816 set category 75
2817 next
2818 edit 68
2819 set category 76
2820 next
2821 edit 69
2822 set category 77
2823 next
2824 edit 70
2825 set category 78
2826 next
2827 edit 71
2828 set category 79
2829 next
2830 edit 72
2831 set category 80
2832 next
2833 edit 73
2834 set category 81
2835 next
2836 edit 74
2837 set category 82
2838 next
2839 edit 75
2840 set category 83
2841 next
2842 edit 76
2843 set category 84
2844 next
2845 edit 77
2846 set category 85
2847 next
2848 edit 78
2849 set category 86
2850 next
2851 edit 79
2852 set category 87
2853 next
2854 edit 80
2855 set category 88
2856 next
2857 edit 81
2858 set category 89
2859 next
2860 edit 82
2861 set category 90
2862 next
2863 edit 83
2864 set category 91
2865 next
2866 edit 84
2867 set category 92
2868 next
2869 edit 85
2870 set category 93
2871 next
2872 edit 86
2873 set category 94
2874 next
2875 edit 87
2876 set category 95
2877 next
2878 end
2879 end
2880 next
2881 edit "wifi-default"
2882 set comment "Default configuration for offloading WiFi traffic."
2883 set options block-invalid-url
2884 config ftgd-wf
2885 unset options
2886 config filters
2887 edit 1
2888 next
2889 edit 2
2890 set category 2
2891 set action block
2892 next
2893 edit 3
2894 set category 7
2895 set action block
2896 next
2897 edit 4
2898 set category 8
2899 set action block
2900 next
2901 edit 5
2902 set category 9
2903 set action block
2904 next
2905 edit 6
2906 set category 11
2907 set action block
2908 next
2909 edit 7
2910 set category 12
2911 set action block
2912 next
2913 edit 8
2914 set category 13
2915 set action block
2916 next
2917 edit 9
2918 set category 14
2919 set action block
2920 next
2921 edit 10
2922 set category 15
2923 set action block
2924 next
2925 edit 11
2926 set category 16
2927 set action block
2928 next
2929 edit 12
2930 set category 26
2931 set action block
2932 next
2933 edit 13
2934 set category 57
2935 set action block
2936 next
2937 edit 14
2938 set category 61
2939 set action block
2940 next
2941 edit 15
2942 set category 63
2943 set action block
2944 next
2945 edit 16
2946 set category 64
2947 set action block
2948 next
2949 edit 17
2950 set category 65
2951 set action block
2952 next
2953 edit 18
2954 set category 66
2955 set action block
2956 next
2957 edit 19
2958 set category 67
2959 set action block
2960 next
2961 edit 20
2962 set category 86
2963 set action block
2964 next
2965 edit 21
2966 set category 88
2967 set action block
2968 next
2969 edit 22
2970 set category 90
2971 set action block
2972 next
2973 edit 23
2974 set category 91
2975 set action block
2976 next
2977 end
2978 end
2979 next
2980 edit "monitor-all"
2981 set comment "Monitor and log all visited URLs, flow-based."
2982 config ftgd-wf
2983 unset options
2984 config filters
2985 edit 1
2986 set category 1
2987 next
2988 edit 2
2989 set category 3
2990 next
2991 edit 3
2992 set category 4
2993 next
2994 edit 4
2995 set category 5
2996 next
2997 edit 5
2998 set category 6
2999 next
3000 edit 6
3001 set category 12
3002 next
3003 edit 7
3004 set category 59
3005 next
3006 edit 8
3007 set category 62
3008 next
3009 edit 9
3010 set category 83
3011 next
3012 edit 10
3013 set category 2
3014 next
3015 edit 11
3016 set category 7
3017 next
3018 edit 12
3019 set category 8
3020 next
3021 edit 13
3022 set category 9
3023 next
3024 edit 14
3025 set category 11
3026 next
3027 edit 15
3028 set category 13
3029 next
3030 edit 16
3031 set category 14
3032 next
3033 edit 17
3034 set category 15
3035 next
3036 edit 18
3037 set category 16
3038 next
3039 edit 19
3040 set category 57
3041 next
3042 edit 20
3043 set category 63
3044 next
3045 edit 21
3046 set category 64
3047 next
3048 edit 22
3049 set category 65
3050 next
3051 edit 23
3052 set category 66
3053 next
3054 edit 24
3055 set category 67
3056 next
3057 edit 25
3058 set category 19
3059 next
3060 edit 26
3061 set category 24
3062 next
3063 edit 27
3064 set category 25
3065 next
3066 edit 28
3067 set category 72
3068 next
3069 edit 29
3070 set category 75
3071 next
3072 edit 30
3073 set category 76
3074 next
3075 edit 31
3076 set category 26
3077 next
3078 edit 32
3079 set category 61
3080 next
3081 edit 33
3082 set category 86
3083 next
3084 edit 34
3085 set category 17
3086 next
3087 edit 35
3088 set category 18
3089 next
3090 edit 36
3091 set category 20
3092 next
3093 edit 37
3094 set category 23
3095 next
3096 edit 38
3097 set category 28
3098 next
3099 edit 39
3100 set category 29
3101 next
3102 edit 40
3103 set category 30
3104 next
3105 edit 41
3106 set category 33
3107 next
3108 edit 42
3109 set category 34
3110 next
3111 edit 43
3112 set category 35
3113 next
3114 edit 44
3115 set category 36
3116 next
3117 edit 45
3118 set category 37
3119 next
3120 edit 46
3121 set category 38
3122 next
3123 edit 47
3124 set category 39
3125 next
3126 edit 48
3127 set category 40
3128 next
3129 edit 49
3130 set category 42
3131 next
3132 edit 50
3133 set category 44
3134 next
3135 edit 51
3136 set category 46
3137 next
3138 edit 52
3139 set category 47
3140 next
3141 edit 53
3142 set category 48
3143 next
3144 edit 54
3145 set category 54
3146 next
3147 edit 55
3148 set category 55
3149 next
3150 edit 56
3151 set category 58
3152 next
3153 edit 57
3154 set category 68
3155 next
3156 edit 58
3157 set category 69
3158 next
3159 edit 59
3160 set category 70
3161 next
3162 edit 60
3163 set category 71
3164 next
3165 edit 61
3166 set category 77
3167 next
3168 edit 62
3169 set category 78
3170 next
3171 edit 63
3172 set category 79
3173 next
3174 edit 64
3175 set category 80
3176 next
3177 edit 65
3178 set category 82
3179 next
3180 edit 66
3181 set category 85
3182 next
3183 edit 67
3184 set category 87
3185 next
3186 edit 68
3187 set category 31
3188 next
3189 edit 69
3190 set category 41
3191 next
3192 edit 70
3193 set category 43
3194 next
3195 edit 71
3196 set category 49
3197 next
3198 edit 72
3199 set category 50
3200 next
3201 edit 73
3202 set category 51
3203 next
3204 edit 74
3205 set category 52
3206 next
3207 edit 75
3208 set category 53
3209 next
3210 edit 76
3211 set category 56
3212 next
3213 edit 77
3214 set category 81
3215 next
3216 edit 78
3217 set category 84
3218 next
3219 edit 79
3220 next
3221 edit 80
3222 set category 88
3223 next
3224 edit 81
3225 set category 89
3226 next
3227 edit 82
3228 set category 90
3229 next
3230 edit 83
3231 set category 91
3232 next
3233 edit 84
3234 set category 92
3235 next
3236 edit 85
3237 set category 93
3238 next
3239 edit 86
3240 set category 94
3241 next
3242 edit 87
3243 set category 95
3244 next
3245 end
3246 end
3247 set log-all-url enable
3248 set web-content-log disable
3249 set web-filter-activex-log disable
3250 set web-filter-command-block-log disable
3251 set web-filter-cookie-log disable
3252 set web-filter-applet-log disable
3253 set web-filter-jscript-log disable
3254 set web-filter-js-log disable
3255 set web-filter-vbs-log disable
3256 set web-filter-unknown-log disable
3257 set web-filter-referer-log disable
3258 set web-filter-cookie-removal-log disable
3259 set web-url-log disable
3260 set web-invalid-domain-log disable
3261 set web-ftgd-err-log disable
3262 set web-ftgd-quota-usage disable
3263 next
3264end
3265config webfilter search-engine
3266 edit "google"
3267 set hostname ".*\\.google\\..*"
3268 set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
3269 set query "q="
3270 set safesearch url
3271 set safesearch-str "&safe=active"
3272 next
3273 edit "yahoo"
3274 set hostname ".*\\.yahoo\\..*"
3275 set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
3276 set query "p="
3277 set safesearch url
3278 set safesearch-str "&vm=r"
3279 next
3280 edit "bing"
3281 set hostname ".*\\.bing\\..*"
3282 set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
3283 set query "q="
3284 set safesearch header
3285 next
3286 edit "yandex"
3287 set hostname "yandex\\..*"
3288 set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
3289 set query "text="
3290 set safesearch url
3291 set safesearch-str "&family=yes"
3292 next
3293 edit "youtube"
3294 set hostname ".*youtube.*"
3295 set safesearch header
3296 next
3297 edit "baidu"
3298 set hostname ".*\\.baidu\\.com"
3299 set url "^\\/s?\\?"
3300 set query "wd="
3301 next
3302 edit "baidu2"
3303 set hostname ".*\\.baidu\\.com"
3304 set url "^\\/(ns|q|m|i|v)\\?"
3305 set query "word="
3306 next
3307 edit "baidu3"
3308 set hostname "tieba\\.baidu\\.com"
3309 set url "^\\/f\\?"
3310 set query "kw="
3311 next
3312end
3313config emailfilter profile
3314 edit "sniffer-profile"
3315 set comment "Malware and phishing URL monitoring."
3316 next
3317 edit "default"
3318 set comment "Malware and phishing URL filtering."
3319 next
3320end
3321config report layout
3322 edit "default"
3323 set title "FortiGate System Analysis Report"
3324 set style-theme "default-report"
3325 set options include-table-of-content view-chart-as-heading
3326 config page
3327 set paper letter
3328 set page-break-before heading1
3329 config header
3330 config header-item
3331 edit 1
3332 set type image
3333 set style "header-image"
3334 set img-src "fortinet_logo_small.png"
3335 next
3336 end
3337 end
3338 config footer
3339 config footer-item
3340 edit 1
3341 set style "footer-text"
3342 set content "FortiGate ${schedule_type} Security Report - Host Name: ${hostname}"
3343 next
3344 edit 2
3345 set style "footer-pageno"
3346 next
3347 end
3348 end
3349 end
3350 config body-item
3351 edit 101
3352 set type image
3353 set style "report-cover1"
3354 set img-src "fortigate_log.png"
3355 next
3356 edit 103
3357 set style "report-cover2"
3358 set content "FortiGate ${schedule_type} Security Report"
3359 next
3360 edit 105
3361 set style "report-cover3"
3362 set content "Report Date: ${started_time}"
3363 next
3364 edit 107
3365 set style "report-cover3"
3366 set content "Data Range: ${report_data_range} (${hostname})"
3367 next
3368 edit 109
3369 set style "report-cover3"
3370 set content "${vdom}"
3371 next
3372 edit 111
3373 set type image
3374 set style "report-cover4"
3375 set img-src "fortinet_logo_small.png"
3376 next
3377 edit 121
3378 set type misc
3379 set misc-component page-break
3380 next
3381 edit 301
3382 set text-component heading1
3383 set content "Bandwidth and Applications"
3384 next
3385 edit 311
3386 set type chart
3387 set chart "traffic.bandwidth.history_c"
3388 next
3389 edit 321
3390 set type chart
3391 set chart "traffic.sessions.history_c"
3392 next
3393 edit 331
3394 set type chart
3395 set chart "traffic.statistics"
3396 next
3397 edit 411
3398 set type chart
3399 set chart "traffic.bandwidth.apps_c"
3400 next
3401 edit 421
3402 set type chart
3403 set chart "traffic.bandwidth.cats_c"
3404 next
3405 edit 511
3406 set type chart
3407 set chart "traffic.bandwidth.users_c"
3408 next
3409 edit 521
3410 set type chart
3411 set chart "traffic.users.history.hour_c"
3412 next
3413 edit 611
3414 set type chart
3415 set chart "traffic.bandwidth.destinations_tab"
3416 next
3417 edit 1001
3418 set text-component heading1
3419 set content "Web Usage"
3420 next
3421 edit 1011
3422 set type chart
3423 set chart "web.allowed-request.sites_c"
3424 next
3425 edit 1021
3426 set type chart
3427 set chart "web.bandwidth.sites_c"
3428 next
3429 edit 1031
3430 set type chart
3431 set chart "web.blocked-request.sites_c"
3432 next
3433 edit 1041
3434 set type chart
3435 set chart "web.blocked-request.users_c"
3436 next
3437 edit 1051
3438 set type chart
3439 set chart "web.requests.users_c"
3440 next
3441 edit 1061
3442 set type chart
3443 set chart "web.bandwidth.users_c"
3444 next
3445 edit 1071
3446 set type chart
3447 set chart "web.bandwidth.stream-sites_c"
3448 next
3449 edit 1301
3450 set text-component heading1
3451 set content "Emails"
3452 next
3453 edit 1311
3454 set type chart
3455 set chart "email.request.senders_c"
3456 next
3457 edit 1321
3458 set type chart
3459 set chart "email.bandwidth.senders_c"
3460 next
3461 edit 1331
3462 set type chart
3463 set chart "email.request.recipients_c"
3464 next
3465 edit 1341
3466 set type chart
3467 set chart "email.bandwidth.recipients_c"
3468 next
3469 edit 1501
3470 set text-component heading1
3471 set content "Threats"
3472 next
3473 edit 1511
3474 set type chart
3475 set top-n 80
3476 set chart "virus.count.viruses_c"
3477 next
3478 edit 1531
3479 set type chart
3480 set top-n 80
3481 set chart "virus.count.users_c"
3482 next
3483 edit 1541
3484 set type chart
3485 set top-n 80
3486 set chart "virus.count.sources_c"
3487 next
3488 edit 1551
3489 set type chart
3490 set chart "virus.count.history_c"
3491 next
3492 edit 1561
3493 set type chart
3494 set top-n 80
3495 set chart "botnet.count_c"
3496 next
3497 edit 1571
3498 set type chart
3499 set top-n 80
3500 set chart "botnet.count.users_c"
3501 next
3502 edit 1581
3503 set type chart
3504 set top-n 80
3505 set chart "botnet.count.sources_c"
3506 next
3507 edit 1591
3508 set type chart
3509 set chart "botnet.count.history_c"
3510 next
3511 edit 1601
3512 set type chart
3513 set top-n 80
3514 set chart "attack.count.attacks_c"
3515 next
3516 edit 1611
3517 set type chart
3518 set top-n 80
3519 set chart "attack.count.victims_c"
3520 next
3521 edit 1621
3522 set type chart
3523 set top-n 80
3524 set chart "attack.count.source_bar_c"
3525 next
3526 edit 1631
3527 set type chart
3528 set chart "attack.count.blocked_attacks_c"
3529 next
3530 edit 1641
3531 set type chart
3532 set chart "attack.count.severity_c"
3533 next
3534 edit 1651
3535 set type chart
3536 set chart "attack.count.history_c"
3537 next
3538 edit 1701
3539 set text-component heading1
3540 set content "VPN Usage"
3541 next
3542 edit 1711
3543 set type chart
3544 set top-n 80
3545 set chart "vpn.bandwidth.static-tunnels_c"
3546 next
3547 edit 1721
3548 set type chart
3549 set top-n 80
3550 set chart "vpn.bandwidth.dynamic-tunnels_c"
3551 next
3552 edit 1731
3553 set type chart
3554 set top-n 80
3555 set chart "vpn.bandwidth.ssl-tunnel.users_c"
3556 next
3557 edit 1741
3558 set type chart
3559 set top-n 80
3560 set chart "vpn.bandwidth.ssl-web.users_c"
3561 next
3562 edit 1901
3563 set text-component heading1
3564 set content "Admin Login and System Events"
3565 next
3566 edit 1911
3567 set type chart
3568 set top-n 80
3569 set chart "event.login.summary_c"
3570 next
3571 edit 1931
3572 set type chart
3573 set top-n 80
3574 set chart "event.failed.login_c"
3575 next
3576 edit 1961
3577 set type chart
3578 set top-n 80
3579 set chart "event.system.group_events_c"
3580 next
3581 end
3582 next
3583end
3584config wanopt settings
3585 set host-id "default-id"
3586end
3587config wanopt profile
3588 edit "default"
3589 set comments "Default WANopt profile."
3590 next
3591end
3592config system virtual-wan-link
3593 set status enable
3594 config members
3595 edit 2
3596 set interface "toDC-CURITIBA"
3597 set gateway 10.10.228.1
3598 next
3599 edit 3
3600 set interface "toDC-CTA-TERR"
3601 set gateway 10.20.228.1
3602 next
3603 end
3604 config health-check
3605 edit "Teste_DC_Curitiba"
3606 set server "10.44.127.1"
3607 set failtime 10
3608 set recoverytime 10
3609 set update-static-route disable
3610 set members 3 2
3611 next
3612 end
3613 config service
3614 edit 2
3615 set name "toDC_Curitiba"
3616 set mode priority
3617 set dst "SERVERS"
3618 set src "LAN-228"
3619 set health-check "Teste_DC_Curitiba"
3620 set priority-members 3
3621 next
3622 end
3623end
3624config firewall schedule recurring
3625 edit "always"
3626 set day sunday monday tuesday wednesday thursday friday saturday
3627 next
3628 edit "none"
3629 next
3630end
3631config firewall profile-protocol-options
3632 edit "default"
3633 set comment "All default services."
3634 config http
3635 set ports 80
3636 unset options
3637 unset post-lang
3638 end
3639 config ftp
3640 set ports 21
3641 set options splice
3642 end
3643 config imap
3644 set ports 143
3645 set options fragmail
3646 end
3647 config mapi
3648 set ports 135
3649 set options fragmail
3650 end
3651 config pop3
3652 set ports 110
3653 set options fragmail
3654 end
3655 config smtp
3656 set ports 25
3657 set options fragmail splice
3658 end
3659 config nntp
3660 set ports 119
3661 set options splice
3662 end
3663 config dns
3664 set ports 53
3665 end
3666 config cifs
3667 set ports 445
3668 end
3669 next
3670end
3671config firewall ssl-ssh-profile
3672 edit "deep-inspection"
3673 set comment "Read-only deep inspection profile."
3674 config https
3675 set ports 443
3676 set status deep-inspection
3677 end
3678 config ftps
3679 set ports 990
3680 set status deep-inspection
3681 end
3682 config imaps
3683 set ports 993
3684 set status deep-inspection
3685 end
3686 config pop3s
3687 set ports 995
3688 set status deep-inspection
3689 end
3690 config smtps
3691 set ports 465
3692 set status deep-inspection
3693 end
3694 config ssh
3695 set ports 22
3696 set status disable
3697 end
3698 config ssl-exempt
3699 edit 1
3700 set fortiguard-category 31
3701 next
3702 edit 2
3703 set fortiguard-category 33
3704 next
3705 edit 3
3706 set type wildcard-fqdn
3707 set wildcard-fqdn "adobe"
3708 next
3709 edit 4
3710 set type wildcard-fqdn
3711 set wildcard-fqdn "Adobe Login"
3712 next
3713 edit 5
3714 set type wildcard-fqdn
3715 set wildcard-fqdn "android"
3716 next
3717 edit 6
3718 set type wildcard-fqdn
3719 set wildcard-fqdn "apple"
3720 next
3721 edit 7
3722 set type wildcard-fqdn
3723 set wildcard-fqdn "appstore"
3724 next
3725 edit 8
3726 set type wildcard-fqdn
3727 set wildcard-fqdn "auth.gfx.ms"
3728 next
3729 edit 9
3730 set type wildcard-fqdn
3731 set wildcard-fqdn "citrix"
3732 next
3733 edit 10
3734 set type wildcard-fqdn
3735 set wildcard-fqdn "dropbox.com"
3736 next
3737 edit 11
3738 set type wildcard-fqdn
3739 set wildcard-fqdn "eease"
3740 next
3741 edit 12
3742 set type wildcard-fqdn
3743 set wildcard-fqdn "firefox update server"
3744 next
3745 edit 13
3746 set type wildcard-fqdn
3747 set wildcard-fqdn "fortinet"
3748 next
3749 edit 14
3750 set type wildcard-fqdn
3751 set wildcard-fqdn "googleapis.com"
3752 next
3753 edit 15
3754 set type wildcard-fqdn
3755 set wildcard-fqdn "google-drive"
3756 next
3757 edit 16
3758 set type wildcard-fqdn
3759 set wildcard-fqdn "google-play2"
3760 next
3761 edit 17
3762 set type wildcard-fqdn
3763 set wildcard-fqdn "google-play3"
3764 next
3765 edit 18
3766 set type wildcard-fqdn
3767 set wildcard-fqdn "Gotomeeting"
3768 next
3769 edit 19
3770 set type wildcard-fqdn
3771 set wildcard-fqdn "icloud"
3772 next
3773 edit 20
3774 set type wildcard-fqdn
3775 set wildcard-fqdn "itunes"
3776 next
3777 edit 21
3778 set type wildcard-fqdn
3779 set wildcard-fqdn "microsoft"
3780 next
3781 edit 22
3782 set type wildcard-fqdn
3783 set wildcard-fqdn "skype"
3784 next
3785 edit 23
3786 set type wildcard-fqdn
3787 set wildcard-fqdn "softwareupdate.vmware.com"
3788 next
3789 edit 24
3790 set type wildcard-fqdn
3791 set wildcard-fqdn "verisign"
3792 next
3793 edit 25
3794 set type wildcard-fqdn
3795 set wildcard-fqdn "Windows update 2"
3796 next
3797 edit 26
3798 set type wildcard-fqdn
3799 set wildcard-fqdn "live.com"
3800 next
3801 edit 27
3802 set type wildcard-fqdn
3803 set wildcard-fqdn "google-play"
3804 next
3805 edit 28
3806 set type wildcard-fqdn
3807 set wildcard-fqdn "update.microsoft.com"
3808 next
3809 edit 29
3810 set type wildcard-fqdn
3811 set wildcard-fqdn "swscan.apple.com"
3812 next
3813 edit 30
3814 set type wildcard-fqdn
3815 set wildcard-fqdn "autoupdate.opera.com"
3816 next
3817 end
3818 next
3819 edit "custom-deep-inspection"
3820 set comment "Customizable deep inspection profile."
3821 config https
3822 set ports 443
3823 set status deep-inspection
3824 end
3825 config ftps
3826 set ports 990
3827 set status deep-inspection
3828 end
3829 config imaps
3830 set ports 993
3831 set status deep-inspection
3832 end
3833 config pop3s
3834 set ports 995
3835 set status deep-inspection
3836 end
3837 config smtps
3838 set ports 465
3839 set status deep-inspection
3840 end
3841 config ssh
3842 set ports 22
3843 set status disable
3844 end
3845 config ssl-exempt
3846 edit 1
3847 set fortiguard-category 31
3848 next
3849 edit 2
3850 set fortiguard-category 33
3851 next
3852 edit 3
3853 set type wildcard-fqdn
3854 set wildcard-fqdn "adobe"
3855 next
3856 edit 4
3857 set type wildcard-fqdn
3858 set wildcard-fqdn "Adobe Login"
3859 next
3860 edit 5
3861 set type wildcard-fqdn
3862 set wildcard-fqdn "android"
3863 next
3864 edit 6
3865 set type wildcard-fqdn
3866 set wildcard-fqdn "apple"
3867 next
3868 edit 7
3869 set type wildcard-fqdn
3870 set wildcard-fqdn "appstore"
3871 next
3872 edit 8
3873 set type wildcard-fqdn
3874 set wildcard-fqdn "auth.gfx.ms"
3875 next
3876 edit 9
3877 set type wildcard-fqdn
3878 set wildcard-fqdn "citrix"
3879 next
3880 edit 10
3881 set type wildcard-fqdn
3882 set wildcard-fqdn "dropbox.com"
3883 next
3884 edit 11
3885 set type wildcard-fqdn
3886 set wildcard-fqdn "eease"
3887 next
3888 edit 12
3889 set type wildcard-fqdn
3890 set wildcard-fqdn "firefox update server"
3891 next
3892 edit 13
3893 set type wildcard-fqdn
3894 set wildcard-fqdn "fortinet"
3895 next
3896 edit 14
3897 set type wildcard-fqdn
3898 set wildcard-fqdn "googleapis.com"
3899 next
3900 edit 15
3901 set type wildcard-fqdn
3902 set wildcard-fqdn "google-drive"
3903 next
3904 edit 16
3905 set type wildcard-fqdn
3906 set wildcard-fqdn "google-play2"
3907 next
3908 edit 17
3909 set type wildcard-fqdn
3910 set wildcard-fqdn "google-play3"
3911 next
3912 edit 18
3913 set type wildcard-fqdn
3914 set wildcard-fqdn "Gotomeeting"
3915 next
3916 edit 19
3917 set type wildcard-fqdn
3918 set wildcard-fqdn "icloud"
3919 next
3920 edit 20
3921 set type wildcard-fqdn
3922 set wildcard-fqdn "itunes"
3923 next
3924 edit 21
3925 set type wildcard-fqdn
3926 set wildcard-fqdn "microsoft"
3927 next
3928 edit 22
3929 set type wildcard-fqdn
3930 set wildcard-fqdn "skype"
3931 next
3932 edit 23
3933 set type wildcard-fqdn
3934 set wildcard-fqdn "softwareupdate.vmware.com"
3935 next
3936 edit 24
3937 set type wildcard-fqdn
3938 set wildcard-fqdn "verisign"
3939 next
3940 edit 25
3941 set type wildcard-fqdn
3942 set wildcard-fqdn "Windows update 2"
3943 next
3944 edit 26
3945 set type wildcard-fqdn
3946 set wildcard-fqdn "live.com"
3947 next
3948 edit 27
3949 set type wildcard-fqdn
3950 set wildcard-fqdn "google-play"
3951 next
3952 edit 28
3953 set type wildcard-fqdn
3954 set wildcard-fqdn "update.microsoft.com"
3955 next
3956 edit 29
3957 set type wildcard-fqdn
3958 set wildcard-fqdn "swscan.apple.com"
3959 next
3960 edit 30
3961 set type wildcard-fqdn
3962 set wildcard-fqdn "autoupdate.opera.com"
3963 next
3964 end
3965 next
3966 edit "no-inspection"
3967 set comment "Read-only profile that does no inspection."
3968 config https
3969 set status disable
3970 end
3971 config ftps
3972 set status disable
3973 end
3974 config imaps
3975 set status disable
3976 end
3977 config pop3s
3978 set status disable
3979 end
3980 config smtps
3981 set status disable
3982 end
3983 config ssh
3984 set ports 22
3985 set status disable
3986 end
3987 next
3988 edit "certificate-inspection"
3989 set comment "Read-only SSL handshake inspection profile."
3990 config https
3991 set ports 443
3992 set status certificate-inspection
3993 end
3994 config ftps
3995 set status disable
3996 end
3997 config imaps
3998 set status disable
3999 end
4000 config pop3s
4001 set status disable
4002 end
4003 config smtps
4004 set status disable
4005 end
4006 config ssh
4007 set ports 22
4008 set status disable
4009 end
4010 next
4011end
4012config waf profile
4013 edit "default"
4014 config signature
4015 config main-class 100000000
4016 set action block
4017 set severity high
4018 end
4019 config main-class 20000000
4020 end
4021 config main-class 30000000
4022 set status enable
4023 set action block
4024 set severity high
4025 end
4026 config main-class 40000000
4027 end
4028 config main-class 50000000
4029 set status enable
4030 set action block
4031 set severity high
4032 end
4033 config main-class 60000000
4034 end
4035 config main-class 70000000
4036 set status enable
4037 set action block
4038 set severity high
4039 end
4040 config main-class 80000000
4041 set status enable
4042 set severity low
4043 end
4044 config main-class 110000000
4045 set status enable
4046 set severity high
4047 end
4048 config main-class 90000000
4049 set status enable
4050 set action block
4051 set severity high
4052 end
4053 set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
4054 end
4055 config constraint
4056 config header-length
4057 set status enable
4058 set log enable
4059 set severity low
4060 end
4061 config content-length
4062 set status enable
4063 set log enable
4064 set severity low
4065 end
4066 config param-length
4067 set status enable
4068 set log enable
4069 set severity low
4070 end
4071 config line-length
4072 set status enable
4073 set log enable
4074 set severity low
4075 end
4076 config url-param-length
4077 set status enable
4078 set log enable
4079 set severity low
4080 end
4081 config version
4082 set log enable
4083 end
4084 config method
4085 set action block
4086 set log enable
4087 end
4088 config hostname
4089 set action block
4090 set log enable
4091 end
4092 config malformed
4093 set log enable
4094 end
4095 config max-cookie
4096 set status enable
4097 set log enable
4098 set severity low
4099 end
4100 config max-header-line
4101 set status enable
4102 set log enable
4103 set severity low
4104 end
4105 config max-url-param
4106 set status enable
4107 set log enable
4108 set severity low
4109 end
4110 config max-range-segment
4111 set status enable
4112 set log enable
4113 set severity high
4114 end
4115 end
4116 next
4117end
4118config firewall policy
4119 edit 1
4120 set name "fromLAN"
4121 set uuid 4ff61d2a-577f-51ea-fea1-5727940db2f7
4122 set srcintf "port3"
4123 set dstintf "virtual-wan-link"
4124 set srcaddr "all"
4125 set dstaddr "all"
4126 set action accept
4127 set schedule "always"
4128 set service "ALL"
4129 set fsso disable
4130 set nat enable
4131 next
4132 edit 2
4133 set name "fromTuns"
4134 set uuid da4794f0-58af-51ea-8e7f-d604335f694d
4135 set srcintf "virtual-wan-link"
4136 set dstintf "port3"
4137 set srcaddr "all"
4138 set dstaddr "all"
4139 set action accept
4140 set schedule "always"
4141 set service "ALL"
4142 set fsso disable
4143 next
4144end
4145config firewall ssh local-key
4146 edit "Fortinet_SSH_RSA2048"
4147 set password ENC fwAAAEkqNsqX5uUqFvmLH1a8ZTaadGamlnFC6aJutilGI65KRGZN3agSNRnJ7nBAIW/fC1gw5hvPNyjgtOZLVhazuqOyHrUPdWipJCp7nHSs2TXo+lEuUZVU+yLHolSnXoZ6MMfbejZEy5G4holngtN4xLyxEcgY1o1a8/seLPxx1OGo5iALRbe8dv4XjhWA5oSKdw==
4148 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4149b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAEnx191T
4150R1EtHniAxv0EqrAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDx0vfhYC/F
4151YSWWW4UfRK/kNUrrWLrolvEgveOwvj98lrZ4e+DsManJcMiHVQoxbUXPyXW07SUDNB5gsq
4152045XorNqN8BlW8TKsoNPRO4XvoUvuY6ITfufYPusJY5sxl4eSOZ7EfCFGHn8IA2a/p3zH9
41532hOPuXfxoNOAj6b31NQnvpDTkUDywAF2A/WYauMZL1Ms7QCrMayjPHqkVu/ah42oyiQhuu
4154a4m3AXHlAkrfj88kfH3NmlqhOx0cWQKMnr9BOBX/joEhlgHnS5Aol8lYNQTBtV8s5b2gEZ
4155Hk9zEkhmYSnfBaitq4ZgSyVXCWYskyTQycq8vifoQBZh2y1Z7NpZAAADwFENpFxRIgoc1y
4156ORBq08JdoTHccUdFqt0E1WkdqlqPke7UTzzDxpP2Rue1H3wqxN1r/KxSBH5QQESPE4RVP5
4157bulbYPoQhxQngLRu8GkNABac5+wfC0T99jsRnKFQScNBepvbyLkpYo8pAnOVCPFyDftyu9
4158wV3FwvqhDK4OK13F3OqSwLqDQozyHqzffGa3nU/FYK5yGn45msJVURpo5yHhl03+zqw1Tk
4159zj/2W+wEPDY4SgMgNplU0xtoJyGHP0ZNJOTtk0jK+pVLO1eYzlOs+z6UmXJ892p9nb7hA1
4160AN7+fqL4J4BMzwtyrm5IByKniXw6JTJjywUBI3GL4uLikHO4EXPthNZDLoMGZU2P/Y6oG+
4161KWa816W/34Xngs7a/3+CqjxR5w3Xy8Pi94t5EVGgq3bDFXxEciXS1cHm4D8wOTpdZPanYh
4162zMe9z0a98NPKu7DGzMKt0DgaWGxiVhApT1AvmUqGYJ5UAKd9bsmsxD6TGO/zxBa5vRA60s
4163pGN8hb9cDEM1UFtQUtJn/OEoRFdRJBI7VuHHhJuTxpGaOWuQgpL1s817sYGrvn28xZaJOm
4164HE5dqio3bY0Pa0Jc9SRMHKUvRhlpaogNaL9droHJSZnwJG8vm/quhb1h0Yrpzc3ViiUIWy
4165RbtZpE++5wx4XBhoZ7A4fo6u+w+2rfJqD/4MoFuogvu7zDfM+99Tx+oSmmvdbRbD/Rak+M
4166vvK7ui9O+lk+JGNYbiyrf9742Zom2LYiXKKg8bFUmy75MjnApmM6+TPJZfOx3uRk6Z/60V
4167d95mz0woWueOkODrmcbd9lYDhx9P/6ad28cpaBzYpz7feFn8XEl7T9ANbo0zdUFTGD5x30
4168i2bmtwm3mc6vL6/fErbY0tFFKBVoJsb0CvPvDGIRFCsn1K9ObZRQOPPKKuYce3vlNDD9LZ
4169zu9iRZt88I9G8lO4iiN3QlwFkDzphehkZQXaxT2ZFjkHJyC9mwIWH49gNwkl1IptRORTQI
4170vIya1eAWGCqZQPj1ecOF8fejtww9Ybs+Sen4u+5UpM9B+xUAYkbPYu+0BY1023qhZjELnP
4171PcaL+KgdjHAnnBALfhgJ1019iBBTPD3XvnUNtfJUoKc622nL3ZHGxnvH6I1sJYZx8dT51d
4172Q76QDgSmOCYVueaMhC8L1hy5lyll6nCTlMMSWxYfPje1PjeSTUZoLwgR63flXB7hkoMgMp
4173mlezdA2WSYsGySh0750DYzlFGcDy5UALS72RJWAu8VpYF5cYlqYmDS1a64Le55mnpv5Qj+
41742kxK5Bgg==
4175-----END OPENSSH PRIVATE KEY-----
4176"
4177 set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDx0vfhYC/FYSWWW4UfRK/kNUrrWLrolvEgveOwvj98lrZ4e+DsManJcMiHVQoxbUXPyXW07SUDNB5gsq045XorNqN8BlW8TKsoNPRO4XvoUvuY6ITfufYPusJY5sxl4eSOZ7EfCFGHn8IA2a/p3zH92hOPuXfxoNOAj6b31NQnvpDTkUDywAF2A/WYauMZL1Ms7QCrMayjPHqkVu/ah42oyiQhuua4m3AXHlAkrfj88kfH3NmlqhOx0cWQKMnr9BOBX/joEhlgHnS5Aol8lYNQTBtV8s5b2gEZHk9zEkhmYSnfBaitq4ZgSyVXCWYskyTQycq8vifoQBZh2y1Z7NpZ"
4178 set source built-in
4179 next
4180 edit "Fortinet_SSH_DSA1024"
4181 set password ENC fwAAANTU7ZYdZh6rXFnXg0Dn/IapZhFgs5MPLtFGNpJal7x9RDuJwgzpYpWEJe+FIEKxZqyAGV3NMU8nWmlSZS26wSz33yQ34Ce6zAd3yD28F3QBvZRR8qdluzSiQOQrqRBSEQvWVs6dLw10mLLW0EbO4V2DbMD3jEGhWj9Cm4vdo2i6cnAdm18FnHsj3qUD/61YSA==
4182 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4183b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBuslvQ0b
4184akeWJ1fqckSUNyAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAIF2XFvtuXbcVxGuPhhe
4185m/jO3rZ2G/ADnCTYDdSHDf1tak/PXEDlzTivSBNevkR6noeik+R/UawOn4R/jOgWGYDKgM
4186fE7ywaNfeIMmaNDqlyHYuruHfbTgZSuPR+Gwg0Lh5CMe1xKXUxsY4XEQOQuEyhzoaWeGka
4187SSDwRTHs8xItAAAAFQDKZJyd36OXJ4sPdA/TplD2Rf/UJQAAAIA1E2jBkmGN0hnlvJc/8y
4188L/7LYP4Fgl8p51VasSZ3Uv7hXkv49sx6KBhgh0TyzCAcj3hhspgvs4dQpkY0WTv18pxl02
4189i5D4EX8P7zhOcrGdTeC1kB4XrkcqhpNeJ6auCUOVvEGsP3EyPfoWLVyfO91GE+l5PCrqYB
4190DZiJHI0xqw8gAAAIAZoLMCrN+/QnSNM13rcLjif0qegcersulN5DuUyslm+2sSOlKq2mca
41915RuP7i47vGs2IXwmvZobPYtwDmyja6o2wtYaNpcpRptYcaLXYf2gDlAjElpqOZEnC+ZUOw
4192/NafBuZ7D1PKkehApR2aBl0O1OWtHXOuRTGqvtROREL+mBJwAAAeAwD/oVwgTNtcCk1IHD
4193iZY/JPwLeEMF0hY2jELtogxNdErzhkSZsJmwHglYMJk3pb9GfGQ8wJ91L5r4tLXWuaaoA6
4194evEmgVETooZ8Ot7e1IbVjAY+RsSJF0i4b8iayizj2IzNcsUQbdtd8Sf9c/ErWjd188/Z7u
4195U4S9xwwE5Czmzy8jb5pmNtvWSP2N2UlcztjM/WWp94rxLiUXZXOIAimQ0+epHVrNjmMlgn
41961CaLstBshx5IqBTGLHc+sSnH+Gntovp4NMWQFVHEGsFqVCKzceDL7NfHcOSA81nSSv3F4I
4197rKo7VllfF2aO2JBqni0/Dg9TZkNq6fVjE1iFhB+kZ6YrMOaPpR9u5f+9FuGhJ4ppuh4BPc
4198BSp2y+FyRRtjVkpw/CUK9ASBHjad/+zevbHkb3gEar2RHnR/d/uhR7nYqSj87e//Uk2Ywl
41996F8ISPA4ZfACbmyDEv3/L9OQnAYu1jURK/9pZ12OMHleazn0P9H9Xvf9ES6agKK8ba1N6w
4200Qu3Lyd1Q5k2LKVj+ph59wifUkNUpTwiaCM/fxVw8QhbAI8Z+IodPUo+sN9wws6/TUCP8ug
4201Q0nqPjgXD+pCVeI9aYihbU/Em4BWElWhHaRVPXJULibTqdFDxMWDwKvnSjwKf/U=
4202-----END OPENSSH PRIVATE KEY-----
4203"
4204 set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAIF2XFvtuXbcVxGuPhhem/jO3rZ2G/ADnCTYDdSHDf1tak/PXEDlzTivSBNevkR6noeik+R/UawOn4R/jOgWGYDKgMfE7ywaNfeIMmaNDqlyHYuruHfbTgZSuPR+Gwg0Lh5CMe1xKXUxsY4XEQOQuEyhzoaWeGkaSSDwRTHs8xItAAAAFQDKZJyd36OXJ4sPdA/TplD2Rf/UJQAAAIA1E2jBkmGN0hnlvJc/8yL/7LYP4Fgl8p51VasSZ3Uv7hXkv49sx6KBhgh0TyzCAcj3hhspgvs4dQpkY0WTv18pxl02i5D4EX8P7zhOcrGdTeC1kB4XrkcqhpNeJ6auCUOVvEGsP3EyPfoWLVyfO91GE+l5PCrqYBDZiJHI0xqw8gAAAIAZoLMCrN+/QnSNM13rcLjif0qegcersulN5DuUyslm+2sSOlKq2mca5RuP7i47vGs2IXwmvZobPYtwDmyja6o2wtYaNpcpRptYcaLXYf2gDlAjElpqOZEnC+ZUOw/NafBuZ7D1PKkehApR2aBl0O1OWtHXOuRTGqvtROREL+mBJw=="
4205 set source built-in
4206 next
4207 edit "Fortinet_SSH_ECDSA256"
4208 set password ENC fwAAAIJwXODNsTOCeLdRJwDAFHzR3L3S1aubYVvWa9fQJYvkGatXZi466ATzN0AzO+ZIZC3ypZ0lSOgXxkLT+Y7GZdJYSQwViIH2rF6BQFJdCwNNDZGSye3iULnCnVUMnFX5c486BrE/ImDRXsQ5hOn8gai8xv9eGgevrCTWTH+ayC3ruLHo65IDelEQXa0s9pTE9g==
4209 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4210b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA0YLHj+Q
4211xdPg2i0soD92dFAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
4212dHAyNTYAAABBBAX1xn2UkeXxzvgJZg5iTBEujKPOpH0GtQtKOOaNWXkSUgPcqiERXiGsXz
42131e05qbVgP1PKNddukBxglats54JX4AAACgBdVlmWL9PsjOWgc5mHOsDBjK8G2VSHEHb6X6
4214kY6qCVo2oNmCl1RRuPUTNMTEuwAkTtjpSFwHGqLvwktPR+/2zl74v40nYdkYU86Nxs4DqL
4215MOgtrDBSG+U8ACpv0PG/BfGMhyb/U8zSIKGRJxzJkK7JhYeNxmQ/3R9Ne0xdnpKZVuX4mS
4216Jo9bahma+IT4xl2v5UMI/FJaR0OVmPiSLWcdTA==
4217-----END OPENSSH PRIVATE KEY-----
4218"
4219 set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAX1xn2UkeXxzvgJZg5iTBEujKPOpH0GtQtKOOaNWXkSUgPcqiERXiGsXz1e05qbVgP1PKNddukBxglats54JX4="
4220 set source built-in
4221 next
4222 edit "Fortinet_SSH_ECDSA384"
4223 set password ENC fwAAACDS526hDsCPYHkKBM7sp5PUHbD4Quo7/11S4jHFIPiqokkszpLCz/5fmZU1FZJAoP9UnUxL7Zp1+kuGxh3vUdHdWbrz+Ygm8NSirIAPrr9PC7cn9V/C9eJtfCjNEgXpUL9z0tbOoQq7RpJZK5DYc1TtjwT42pMGDNYYFElttnMTuuHxgOuQF5vcvAgE16Tntw==
4224 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4225b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCi3I6qVb
4226UKbCUXKF8z9E2fAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
4227dHAzODQAAABhBGHTLvlIAIACs+24KY1z2oLfp0wat2Y80CJVGrBWUE1O4nMWE9wWatyi2T
42280C6dxdhdSfjCgd2zEd4QHdF0D+ot4+8aUaQbwczTrFdlCSkS1PAiNmvV7PRYf7exlyqZuP
4229JwAAAND2eMgW5HLSBvmRT00mGyAhGy7eF0Behq0t1JYvmW0EbcEjjFm1giOl67zJHnE2+y
4230I2byCNODyrjCeJYmQ3Sx+QXpeAX8zzO5i9j3BaBt+SM8XcMR11OE//PgOGVscq2J2hauNH
423143Bztr0SxSSQ4sCc01IhqlcqCC8eGTDJQn8P2Tw6pq0LNacKBp2RnnMVGXgVQZyvDXio/m
42327j9c+Lyws0KpcSU71HXm6ELHNLVpDMWD+lrdBWCfBXDwhilm15xyz6kkqOotRP6mww05bp
4233mzOP
4234-----END OPENSSH PRIVATE KEY-----
4235"
4236 set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGHTLvlIAIACs+24KY1z2oLfp0wat2Y80CJVGrBWUE1O4nMWE9wWatyi2T0C6dxdhdSfjCgd2zEd4QHdF0D+ot4+8aUaQbwczTrFdlCSkS1PAiNmvV7PRYf7exlyqZuPJw=="
4237 set source built-in
4238 next
4239 edit "Fortinet_SSH_ECDSA521"
4240 set password ENC fwAAACkH6+9KxvFzYS2i/qoThic8UvESMNglIrcoDLznYrSyeC4QifkxAbr7Gs7NN/EIx7V22JcsK7x9xB+TlXdFcl04loJWZCV2SkesxoVyZ/kleLKPY3T3vz76BQrZrvYPP9+WKv6aLSWtkhqpJn71lb/UnYWnywHnJh/E9v7pwQSkdFQV992gASrhh5xq6+VdLQ==
4241 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4242b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCJaKQd7u
4243kpgGAyP80PBVcFAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
4244dHA1MjEAAACFBAD+ABKtGeSzO0RffmFn4HOl/3HEfn1eW7k208b/w3E0NYzcmQOPRUQiFm
4245/0mIEKumoSwsUl3vRQmlHtizZSjcJwsgCR0iEB/ZsMWbMhN2NIVTc2+EJzYo+8qC2GBOzK
4246bQIu2PcYwtnlYqXwQXgF5Pm7RRPOGd0g7qcCV/qOE66JywDFowAAAQDuaUyqgefDGLKjJx
4247VKifGN7Yy6dxOaq8ZKu4UzUypFqVgaTNb1dftGK8V5vJOUrJgrjJyZP+WL+sqPARFarP0P
4248f7TpC9VQ1RwvmGcv1KnhikoO1x93zxX/sUe19xPXc7zP8LxXZSvx69ibyeHcpwI4oBVkZR
4249feCc5iKiEeAZCUiRVCqPM3kJpcfXOMuwASoGX+MJtqfZWiCSWoPaiF3m0Um2Wyz51ahkU8
4250GYTMMf+XCWc46z2hS/uzlIk/wED5fIBZBHv4Bn7h4Dq9XpyvuLYaKKS1wVL7x77To5Pz/T
42517ydzd/o8anJRsA3jB78zk2n8Cw6s94MwrU3up+v0qDmAUZ
4252-----END OPENSSH PRIVATE KEY-----
4253"
4254 set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD+ABKtGeSzO0RffmFn4HOl/3HEfn1eW7k208b/w3E0NYzcmQOPRUQiFm/0mIEKumoSwsUl3vRQmlHtizZSjcJwsgCR0iEB/ZsMWbMhN2NIVTc2+EJzYo+8qC2GBOzKbQIu2PcYwtnlYqXwQXgF5Pm7RRPOGd0g7qcCV/qOE66JywDFow=="
4255 set source built-in
4256 next
4257 edit "Fortinet_SSH_ED25519"
4258 set password ENC BhS9m3AvTQdFkudwJSo1e4BEXSvZWNkDlz0FbPUDzGAP9COY/aFErHRoHHAPlvilhxMI3WRNJBv55egnK3f+K1dA1Ulq7zrlxAYforLMGliSJC0776/gOsrlKgY7hMD1UuVmJeQUE6xD+v/R6gJcVcLcUFTi8Yjv2Rx5v8n1mM6MAz9c1RO4TWHF9UcN55pQYEvHhg==
4259 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4260b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCLjF9TKd
42616oLKzrixqPZ+IlAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAICP0toHH6bnc52uu
4262r1NBCn8wleyu6jUggMXHX7yBQxlkAAAAkI93vDKt+zQ2eUT1XLG7wOFavN+wdt5UE0U9Rs
4263Z8Fz9ly9RLA0ZlLA8nasTEvd9H0CV0uhg/7LNIOMPm0FIv0dtDPFohos7c3Aq4Hc6DHAyv
4264r9lf9OycGPQ2LLk0jiksHUl66Ilxg2lh8eo4TVXC8k49iH/oL/BfYc3NdGWRutFID01oWj
4265y98hS8mWvn8p9Lkw==
4266-----END OPENSSH PRIVATE KEY-----
4267"
4268 set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICP0toHH6bnc52uur1NBCn8wleyu6jUggMXHX7yBQxlk"
4269 set source built-in
4270 next
4271end
4272config firewall ssh local-ca
4273 edit "Fortinet_SSH_CA"
4274 set password ENC AAAAAflE3MAcob9XGpnFGQ1BTWTc2iLTHquKUe2kmd0uFw1c/YDc9I62jfplHig9enm/C97orOYjYlm842tZYc1+jo1eAbaJXP6QWCIMZm+0Gao46ZOptXnvBubDG1IQzX6ufldhweWbs251qPuBxyVQfB8EmdM7cGKncsCyOL8PZgQBvvDhGqE2Zg/1crqnBMhcPw==
4275 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4276b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDcR914L3
42775GJmTNRyUg7E1+AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD53F7IKNvL
42781MsEh63GtQTNnKQBlukISw/zy1eidac8xSj1STtDlYSFKlsbW+FHB6ZNgxXCjJDYea+dFD
4279unEWdtcz11PxK8o2m6b0KAeOcuVpmBbnkivAtLg6YGDIyobt7JDUiaRxdI/R6Vd9wsuv6N
4280uDYxZ3CX+WaEEoEr5HWUHnRqb5c7/tM1j3C2cfcziB0k9xmRNLGmNbt3q+qCe17imzaDp5
4281xQKV8UkqCi1yJTdhD+tbQ3Yv1TeEWzRuNAu54WR6NMlAU2/2RrexB6dTVdaoyHB7oc44XZ
4282P1pWtS3343Cgg3TIeKYclRsUM3gWBtPePASNI5qkdnY0JaKhscNHAAADwJ4MvkFGYN0XOP
42831qS/kesUUwdVEgGFp+X+NTfn0Vx48zz9H1mgSwB6a8BQnUvcAH1yMJsAUIa0Rg9OGqXZiP
4284XmPoCVoLynX1OQ8wF8oGGNXy9i3rY+eYRQoFpwHSYbX68XFeiTnj08NicBo0m+nQ/c73Ci
4285wDhFUJarzgXWrSKjwWDbzpdiMEMccJsDW7lubeRMw/FW3f49bTw82YMucXXArBicnZukNA
4286Z3K/O10QYKhkzvRicg6kchlyKqAkG8Vl/wIa9YpZtVwO0K2gyOpQkmkCCzr1reXdu+HUSs
4287avk8NGQ60BbURY6qLRZ04QleFkXPYbpkk3IeVKeeWABLxCEQmRuB5KdhDmFffUuVTE8jTF
4288mCGw/Ogekkev0eJJrOJjE8tp266rvZkgKNhvyD4q0suFYvWw0dkcmUwMB0xQMEt+Trq2FT
42890KIoKRQjIJqhchGSzn3AlwB5yy8IJoinlAHWZ4mCUJE2gzZIf0DHpSjnXm3km1D5RjvHFi
4290OC3c3ZZY9fn3F6fqmYT5ZUyl4wGldfLjv8yd+KsADBHYBVT8+tBvjBtal7TYbBmfBLl2yX
4291iCe3qDABgQdwHx6u4yVH/g3UUq/mwZ91yXJyP3wMO9L5nVB2mG6fAlMW2ZmNAoFEJXfdWG
4292at7QdwR9EWjNy+FkkkAlOkswdrMMzbiDuZYAQenZFs/AFLCADUpEYIRUyMDFfd+9+Sn9/D
4293UV4HY9NndWwWq5T7/A/d5kAJvGIduJqzbVDsWtHTCvixDxHPflWCPwkoLolHJ+eiQuP7k6
4294oIJ+u75TpZObNKikfrW5zGlD6m7HOTifH9diYURNZhNRV4xfwH+W4KfZah+9U1s+JqKzPy
4295Vl6jFhLobm7HyJODfBKO7IcWtj35JEw8wIXe2Bxd7pWbEkuGpcJPKwk5eQoA1VRvxeePy9
4296IafNiOtQ3JlSDv+f6HlH95zbixBfu69vB9nqhNqDYFiWDZulID19/p4+vWJHDzP1lLQdzG
42976el+VW9YttVA+aqE4ICR+tZzJdPv4tw6hHI8jZIKhrcR4Ijq9DrS1uR/89KqYzNqnb82Pc
4298pV0Y+3hdqBg0eKJT2XtO5xKsgeq18Ket7Xkkh3KZlZ3l2hn4GMXo0A3s++6OloRKw8G0rn
4299OyajMp6NVZCkZh23n/asHY8Z5sFBvK8NkEqtCduEACdBR8adeFVxUKQVEpYwkid8hrgErW
4300mLJxa/VYSdZWjvueabn5M3yxnOn/wcACpZ6vSDMPw9+V+HJIljSO9lmjg0rin3LQhunp1k
4301UKbBm4Cw==
4302-----END OPENSSH PRIVATE KEY-----
4303"
4304 set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD53F7IKNvL1MsEh63GtQTNnKQBlukISw/zy1eidac8xSj1STtDlYSFKlsbW+FHB6ZNgxXCjJDYea+dFDunEWdtcz11PxK8o2m6b0KAeOcuVpmBbnkivAtLg6YGDIyobt7JDUiaRxdI/R6Vd9wsuv6NuDYxZ3CX+WaEEoEr5HWUHnRqb5c7/tM1j3C2cfcziB0k9xmRNLGmNbt3q+qCe17imzaDp5xQKV8UkqCi1yJTdhD+tbQ3Yv1TeEWzRuNAu54WR6NMlAU2/2RrexB6dTVdaoyHB7oc44XZP1pWtS3343Cgg3TIeKYclRsUM3gWBtPePASNI5qkdnY0JaKhscNH"
4305 set source built-in
4306 next
4307 edit "Fortinet_SSH_CA_Untrusted"
4308 set password ENC AAAAAUZbPlCdaPFjawlRi/OV0YrhQux9guPfeNCCy32B/dqj1c/t3L0xETVtwYK1ZsZ318fPS9kHaYHlJ2Mlxe/rYt4JCib8HqthUROgnpjNjzc9NAOOjMG57nWmD93ZJ87I5traXsugeBez+phVo04APAkU1Jc5r88Hu84JgHAXqNc8yhxj6Iajfluuv6YkIzFfCA==
4309 set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4310b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBWsXfgSx
4311xJy69oc1NjwgwLAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDsq5p6258f
4312pg2ILxSSNTZAK7aHhLIjW3F08h0ue0q2RTYW1Ni1nkdlsv2suSlLNtYusk4srLP4I1TcOA
4313tyaSSVH3rDi/vvxou2YYwRGB/IJirwRFUnOgly3KbNZg6qxwXFtbKLcf+fom0uHazTDRta
4314Civl57duRjasyPl9CKC8WYfbY/zG4P0iO6i6W2CLMBpaDPF02hMed63we1RB/VH28HPVGV
4315tIOPsnzenj1h0igjwa+jxG1sNvEX7bZahZ2E8JtpOUgU5NmDe8HE8Isa/6WQeI0o+DOpZO
4316JEtbx4J6eKfraAUmJODPz85LsFMpuU6MXDUj7gl6vqoi9rFkwwD1AAADwIzPYcWgyZ9soV
4317NcDz5XDYWLze1p689PsmE5MXpgDbaRnqBaDpB7wwqy81u6grgj2j40/DGr3yDoemfOSCq4
4318NaaLidMVq4GukCYtAUgR0ojEO+PDupIe6Wv4P4wkMmIU4vsFPSa7ICbqW12gdrU9p/LJkI
4319o4WfrbMMiACQrL8F43uMD1yBeIW7nLnhyogEO+/1UIo/8m9A5P1742E24AE1i/DKoPIQvn
4320wFxmlvyxrXMI6n4FyiWjRJ4csLBL+2VTeZww6DohZNBrMqmNcVVaZ+Gbf5o3mnv42xdZoJ
4321qtOXa03Q+oNTssCM35IBYotuzNM7zk29EqN2enzQ8eGFVqHabg6zBeIvfhiY3IDsIs8iOE
4322AHxMlrq5E+xghqTJTfQpt1ciUYWO5xQju5oCstbDqLrexSxpE9756otMxVeCtKYRb8s6mt
4323Wso8bjE5LnmcPYhve5Zd7tSSu2TzStX0lgJBYWdZzmYcq0lIA5XnJRdSlcEOAtfSNV+hPq
4324sRIX38+QT+eLBjuBLTr4MMHM9rAkLknhrntA/Hke2YHRc6aTKZPsX9sICj/jFxGvqin74D
4325Jhq8Sz3AiRSJ5/YvmEncXx9sH4NmxXZrrdUFK7Rm/BxBKLD1/4+FIZSwqCXXCXWMtumDDz
4326W0IMzx4m/ongZLir4QeOKJFJBSp6nGBa1oBcJPM2vF1Oc332tUqGxc01JEKQER54c3nYR9
4327gvYCsbJ75/DTfhIy3ejK8Q3GL5jkPfIYe8/xZQXKg2ALCchQkfS8M5UB5Saa0R66x3RtID
43283Om041B10XOjbhHheGzTUY83dkp1CR/oWOSdXSN1E6qNLsCyAysaRy934X8txDMIIQ7l1Q
4329gp7DmPwkj1HbutOlBvC2j1qGswRqHcyTlxZvJVPZQRjzIo9CyejstX40KEoz1a02QGYMnp
4330ZROuxraOfQSeMI5Wcu3w7sCwx3b787Sp955WGNpHZkr2xpN9nd7bVOBvG9ET34mm2Al6ra
4331rjbaCdxbmw9b0qGVI7Y46GeQ/sCnlc22PbHAlpzmSjwcCMSh2HTSgE0eKJzY5ZdSWjyJuK
4332kfUfPmbRYKp4tQKHhnO/juW4x0XhDR9S2ZuiN45kZhADToo6/EIBbAef0FLNmIN5iC9uA7
4333XIvFTtmgmiCVeekBQxvVzSMqi3MbNzM/M8Y0SCCb0wE9KXX/tGRMIEsYBUZ+jCXRT5evp1
4334iERiJL8Maer+GpT/jdkxo5O4lDgWzZMJabbXGW1zkgeuTm+qBE8CKMUn3CZojh6D5eToZh
4335d5xO65bQ==
4336-----END OPENSSH PRIVATE KEY-----
4337"
4338 set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsq5p6258fpg2ILxSSNTZAK7aHhLIjW3F08h0ue0q2RTYW1Ni1nkdlsv2suSlLNtYusk4srLP4I1TcOAtyaSSVH3rDi/vvxou2YYwRGB/IJirwRFUnOgly3KbNZg6qxwXFtbKLcf+fom0uHazTDRtaCivl57duRjasyPl9CKC8WYfbY/zG4P0iO6i6W2CLMBpaDPF02hMed63we1RB/VH28HPVGVtIOPsnzenj1h0igjwa+jxG1sNvEX7bZahZ2E8JtpOUgU5NmDe8HE8Isa/6WQeI0o+DOpZOJEtbx4J6eKfraAUmJODPz85LsFMpuU6MXDUj7gl6vqoi9rFkwwD1"
4339 set source built-in
4340 next
4341end
4342config firewall ssh setting
4343 set caname "Fortinet_SSH_CA"
4344 set untrusted-caname "Fortinet_SSH_CA_Untrusted"
4345 set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
4346 set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
4347 set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
4348 set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384"
4349 set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521"
4350 set hostkey-ed25519 "Fortinet_SSH_ED25519"
4351end
4352config switch-controller security-policy 802-1X
4353 edit "802-1X-policy-default"
4354 set user-group "SSO_Guest_Users"
4355 set mac-auth-bypass disable
4356 set open-auth disable
4357 set eap-passthru enable
4358 set guest-vlan disable
4359 set auth-fail-vlan disable
4360 set framevid-apply enable
4361 set radius-timeout-overwrite disable
4362 next
4363end
4364config switch-controller security-policy local-access
4365 edit "default"
4366 set mgmt-allowaccess https ping ssh
4367 set internal-allowaccess https ping ssh
4368 next
4369end
4370config switch-controller lldp-profile
4371 edit "default"
4372 set med-tlvs inventory-management network-policy location-identification
4373 set auto-isl disable
4374 next
4375 edit "default-auto-isl"
4376 next
4377end
4378config switch-controller qos dot1p-map
4379 edit "voice-dot1p"
4380 set priority-0 queue-4
4381 set priority-1 queue-4
4382 set priority-2 queue-3
4383 set priority-3 queue-2
4384 set priority-4 queue-3
4385 set priority-5 queue-1
4386 set priority-6 queue-2
4387 set priority-7 queue-2
4388 next
4389end
4390config switch-controller qos ip-dscp-map
4391 edit "voice-dscp"
4392 config map
4393 edit "1"
4394 set cos-queue 1
4395 set value 46
4396 next
4397 edit "2"
4398 set cos-queue 2
4399 set value 24,26,48,56
4400 next
4401 edit "5"
4402 set cos-queue 3
4403 set value 34
4404 next
4405 end
4406 next
4407end
4408config switch-controller qos queue-policy
4409 edit "default"
4410 set schedule round-robin
4411 set rate-by kbps
4412 config cos-queue
4413 edit "queue-0"
4414 next
4415 edit "queue-1"
4416 next
4417 edit "queue-2"
4418 next
4419 edit "queue-3"
4420 next
4421 edit "queue-4"
4422 next
4423 edit "queue-5"
4424 next
4425 edit "queue-6"
4426 next
4427 edit "queue-7"
4428 next
4429 end
4430 next
4431 edit "voice-egress"
4432 set schedule weighted
4433 set rate-by kbps
4434 config cos-queue
4435 edit "queue-0"
4436 next
4437 edit "queue-1"
4438 set weight 0
4439 next
4440 edit "queue-2"
4441 set weight 6
4442 next
4443 edit "queue-3"
4444 set weight 37
4445 next
4446 edit "queue-4"
4447 set weight 12
4448 next
4449 edit "queue-5"
4450 next
4451 edit "queue-6"
4452 next
4453 edit "queue-7"
4454 next
4455 end
4456 next
4457end
4458config switch-controller qos qos-policy
4459 edit "default"
4460 next
4461 edit "voice-qos"
4462 set trust-dot1p-map "voice-dot1p"
4463 set trust-ip-dscp-map "voice-dscp"
4464 set queue-policy "voice-egress"
4465 next
4466end
4467config switch-controller storm-control-policy
4468 edit "default"
4469 set description "default storm control on all port"
4470 next
4471 edit "auto-config"
4472 set description "storm control policy for fortilink-isl-icl port"
4473 set storm-control-mode disabled
4474 next
4475end
4476config switch-controller auto-config policy
4477 edit "default"
4478 next
4479end
4480config switch-controller auto-config default
4481 set fgt-policy "default"
4482 set isl-policy "default"
4483 set icl-policy "default"
4484end
4485config switch-controller switch-profile
4486 edit "default"
4487 next
4488end
4489config wireless-controller wids-profile
4490 edit "default"
4491 set comment "Default WIDS profile."
4492 set ap-scan enable
4493 set wireless-bridge enable
4494 set deauth-broadcast enable
4495 set null-ssid-probe-resp enable
4496 set long-duration-attack enable
4497 set invalid-mac-oui enable
4498 set weak-wep-iv enable
4499 set auth-frame-flood enable
4500 set assoc-frame-flood enable
4501 set spoofed-deauth enable
4502 set asleap-attack enable
4503 set eapol-start-flood enable
4504 set eapol-logoff-flood enable
4505 set eapol-succ-flood enable
4506 set eapol-fail-flood enable
4507 set eapol-pre-succ-flood enable
4508 set eapol-pre-fail-flood enable
4509 next
4510 edit "default-wids-apscan-enabled"
4511 set ap-scan enable
4512 next
4513end
4514config wireless-controller wtp-profile
4515 edit "FAPU323EV-default"
4516 config platform
4517 set type U323EV
4518 end
4519 config radio-1
4520 set band 802.11n
4521 end
4522 config radio-2
4523 set band 802.11ac
4524 end
4525 next
4526 edit "FAPU321EV-default"
4527 config platform
4528 set type U321EV
4529 end
4530 config radio-1
4531 set band 802.11n
4532 end
4533 config radio-2
4534 set band 802.11ac
4535 end
4536 next
4537 edit "FAPU24JEV-default"
4538 config platform
4539 set type U24JEV
4540 end
4541 config radio-1
4542 set band 802.11n
4543 end
4544 config radio-2
4545 set band 802.11ac
4546 end
4547 next
4548 edit "FAPU223EV-default"
4549 config platform
4550 set type U223EV
4551 end
4552 config radio-1
4553 set band 802.11n
4554 end
4555 config radio-2
4556 set band 802.11ac
4557 end
4558 next
4559 edit "FAPU221EV-default"
4560 config platform
4561 set type U221EV
4562 end
4563 config radio-1
4564 set band 802.11n
4565 end
4566 config radio-2
4567 set band 802.11ac
4568 end
4569 next
4570 edit "FAPU423E-default"
4571 config platform
4572 set type U423E
4573 end
4574 config radio-1
4575 set band 802.11n
4576 end
4577 config radio-2
4578 set band 802.11ac
4579 end
4580 next
4581 edit "FAPU422EV-default"
4582 config platform
4583 set type U422EV
4584 end
4585 config radio-1
4586 set band 802.11n
4587 end
4588 config radio-2
4589 set band 802.11ac
4590 end
4591 next
4592 edit "FAPU421E-default"
4593 config platform
4594 set type U421E
4595 end
4596 config radio-1
4597 set band 802.11n
4598 end
4599 config radio-2
4600 set band 802.11ac
4601 end
4602 next
4603 edit "FAP321E-default"
4604 config platform
4605 set type 321E
4606 end
4607 config radio-1
4608 set band 802.11n,g-only
4609 end
4610 config radio-2
4611 set band 802.11ac
4612 end
4613 next
4614 edit "FAPS223E-default"
4615 config platform
4616 set type S223E
4617 end
4618 config radio-1
4619 set band 802.11n,g-only
4620 end
4621 config radio-2
4622 set band 802.11ac
4623 end
4624 next
4625 edit "FAPS221E-default"
4626 config platform
4627 set type S221E
4628 end
4629 config radio-1
4630 set band 802.11n,g-only
4631 end
4632 config radio-2
4633 set band 802.11ac
4634 end
4635 next
4636 edit "FAP224E-default"
4637 config platform
4638 set type 224E
4639 end
4640 config radio-1
4641 set band 802.11n,g-only
4642 end
4643 config radio-2
4644 set band 802.11ac
4645 end
4646 next
4647 edit "FAP223E-default"
4648 config platform
4649 set type 223E
4650 end
4651 config radio-1
4652 set band 802.11n,g-only
4653 end
4654 config radio-2
4655 set band 802.11ac
4656 end
4657 next
4658 edit "FAP222E-default"
4659 config platform
4660 set type 222E
4661 end
4662 config radio-1
4663 set band 802.11n,g-only
4664 end
4665 config radio-2
4666 set band 802.11ac
4667 end
4668 next
4669 edit "FAP221E-default"
4670 config platform
4671 set type 221E
4672 end
4673 config radio-1
4674 set band 802.11n,g-only
4675 end
4676 config radio-2
4677 set band 802.11ac
4678 end
4679 next
4680 edit "FAP423E-default"
4681 config platform
4682 set type 423E
4683 end
4684 config radio-1
4685 set band 802.11n,g-only
4686 end
4687 config radio-2
4688 set band 802.11ac
4689 end
4690 next
4691 edit "FAP421E-default"
4692 config platform
4693 set type 421E
4694 end
4695 config radio-1
4696 set band 802.11n,g-only
4697 end
4698 config radio-2
4699 set band 802.11ac
4700 end
4701 next
4702 edit "FAPS423E-default"
4703 config platform
4704 set type S423E
4705 end
4706 config radio-1
4707 set band 802.11n,g-only
4708 end
4709 config radio-2
4710 set band 802.11ac
4711 end
4712 next
4713 edit "FAPS422E-default"
4714 config platform
4715 set type S422E
4716 end
4717 config radio-1
4718 set band 802.11n,g-only
4719 end
4720 config radio-2
4721 set band 802.11ac
4722 end
4723 next
4724 edit "FAPS421E-default"
4725 config platform
4726 set type S421E
4727 end
4728 config radio-1
4729 set band 802.11n,g-only
4730 end
4731 config radio-2
4732 set band 802.11ac
4733 end
4734 next
4735 edit "FAPS323CR-default"
4736 config platform
4737 set type S323CR
4738 end
4739 config radio-1
4740 set band 802.11n,g-only
4741 end
4742 config radio-2
4743 set band 802.11ac
4744 end
4745 next
4746 edit "FAPS322CR-default"
4747 config platform
4748 set type S322CR
4749 end
4750 config radio-1
4751 set band 802.11n,g-only
4752 end
4753 config radio-2
4754 set band 802.11ac
4755 end
4756 next
4757 edit "FAPS321CR-default"
4758 config platform
4759 set type S321CR
4760 end
4761 config radio-1
4762 set band 802.11n,g-only
4763 end
4764 config radio-2
4765 set band 802.11ac
4766 end
4767 next
4768 edit "FAPS313C-default"
4769 config platform
4770 set type S313C
4771 end
4772 config radio-1
4773 set band 802.11ac
4774 end
4775 next
4776 edit "FAPS311C-default"
4777 config platform
4778 set type S311C
4779 end
4780 config radio-1
4781 set band 802.11ac
4782 end
4783 next
4784 edit "FAPS323C-default"
4785 config platform
4786 set type S323C
4787 end
4788 config radio-1
4789 set band 802.11n,g-only
4790 end
4791 config radio-2
4792 set band 802.11ac
4793 end
4794 next
4795 edit "FAPS322C-default"
4796 config platform
4797 set type S322C
4798 end
4799 config radio-1
4800 set band 802.11n,g-only
4801 end
4802 config radio-2
4803 set band 802.11ac
4804 end
4805 next
4806 edit "FAPS321C-default"
4807 config platform
4808 set type S321C
4809 end
4810 config radio-1
4811 set band 802.11n,g-only
4812 end
4813 config radio-2
4814 set band 802.11ac
4815 end
4816 next
4817 edit "FAP321C-default"
4818 config platform
4819 set type 321C
4820 end
4821 config radio-1
4822 set band 802.11n,g-only
4823 end
4824 config radio-2
4825 set band 802.11ac
4826 end
4827 next
4828 edit "FAP223C-default"
4829 config platform
4830 set type 223C
4831 end
4832 config radio-1
4833 set band 802.11n,g-only
4834 end
4835 config radio-2
4836 set band 802.11ac
4837 end
4838 next
4839 edit "FAP112D-default"
4840 config platform
4841 set type 112D
4842 end
4843 config radio-1
4844 set band 802.11n,g-only
4845 end
4846 next
4847 edit "FAP24D-default"
4848 config platform
4849 set type 24D
4850 end
4851 config radio-1
4852 set band 802.11n,g-only
4853 end
4854 next
4855 edit "FAP21D-default"
4856 config platform
4857 set type 21D
4858 end
4859 config radio-1
4860 set band 802.11n,g-only
4861 end
4862 next
4863 edit "FK214B-default"
4864 config platform
4865 set type 214B
4866 end
4867 config radio-1
4868 set band 802.11n,g-only
4869 end
4870 next
4871 edit "FAP224D-default"
4872 config platform
4873 set type 224D
4874 end
4875 config radio-1
4876 set band 802.11n-5G
4877 end
4878 config radio-2
4879 set band 802.11n,g-only
4880 end
4881 next
4882 edit "FAP222C-default"
4883 config platform
4884 set type 222C
4885 end
4886 config radio-1
4887 set band 802.11n,g-only
4888 end
4889 config radio-2
4890 set band 802.11ac
4891 end
4892 next
4893 edit "FAP25D-default"
4894 config platform
4895 set type 25D
4896 end
4897 config radio-1
4898 set band 802.11n,g-only
4899 end
4900 next
4901 edit "FAP221C-default"
4902 config platform
4903 set type 221C
4904 end
4905 config radio-1
4906 set band 802.11n,g-only
4907 end
4908 config radio-2
4909 set band 802.11ac
4910 end
4911 next
4912 edit "FAP320C-default"
4913 config platform
4914 set type 320C
4915 end
4916 config radio-1
4917 set band 802.11n,g-only
4918 end
4919 config radio-2
4920 set band 802.11ac
4921 end
4922 next
4923 edit "FAP28C-default"
4924 config platform
4925 set type 28C
4926 end
4927 config radio-1
4928 set band 802.11n,g-only
4929 end
4930 next
4931 edit "FAP223B-default"
4932 config platform
4933 set type 223B
4934 end
4935 config radio-1
4936 set band 802.11n-5G
4937 end
4938 config radio-2
4939 set band 802.11n,g-only
4940 end
4941 next
4942 edit "FAP14C-default"
4943 config platform
4944 set type 14C
4945 end
4946 config radio-1
4947 set band 802.11n,g-only
4948 end
4949 next
4950 edit "FAP11C-default"
4951 config platform
4952 set type 11C
4953 end
4954 config radio-1
4955 set band 802.11n,g-only
4956 end
4957 next
4958 edit "FAP320B-default"
4959 config platform
4960 set type 320B
4961 end
4962 config radio-1
4963 set band 802.11n-5G
4964 end
4965 config radio-2
4966 set band 802.11n,g-only
4967 end
4968 next
4969 edit "FAP112B-default"
4970 config platform
4971 set type 112B
4972 end
4973 config radio-1
4974 set band 802.11n,g-only
4975 end
4976 next
4977 edit "FAP222B-default"
4978 config platform
4979 set type 222B
4980 end
4981 config radio-1
4982 set band 802.11n,g-only
4983 end
4984 config radio-2
4985 set band 802.11n-5G
4986 end
4987 next
4988 edit "FAP210B-default"
4989 config platform
4990 set type 210B
4991 end
4992 config radio-1
4993 set band 802.11n,g-only
4994 end
4995 next
4996 edit "FAP220B-default"
4997 config radio-1
4998 set band 802.11n-5G
4999 end
5000 config radio-2
5001 set band 802.11n,g-only
5002 end
5003 next
5004 edit "AP-11N-default"
5005 config platform
5006 set type AP-11N
5007 end
5008 config radio-1
5009 set band 802.11n,g-only
5010 end
5011 next
5012end
5013config wireless-controller utm-profile
5014 edit "wifi-default"
5015 set comment "Default configuration for offloading WiFi traffic."
5016 set ips-sensor "wifi-default"
5017 set application-list "wifi-default"
5018 set antivirus-profile "wifi-default"
5019 set webfilter-profile "wifi-default"
5020 next
5021end
5022config log memory setting
5023 set status enable
5024end
5025config log disk setting
5026 set status enable
5027end
5028config log null-device setting
5029 set status disable
5030end
5031config router rip
5032 config redistribute "connected"
5033 end
5034 config redistribute "static"
5035 end
5036 config redistribute "ospf"
5037 end
5038 config redistribute "bgp"
5039 end
5040 config redistribute "isis"
5041 end
5042end
5043config router ripng
5044 config redistribute "connected"
5045 end
5046 config redistribute "static"
5047 end
5048 config redistribute "ospf"
5049 end
5050 config redistribute "bgp"
5051 end
5052 config redistribute "isis"
5053 end
5054end
5055config router static
5056 edit 1
5057 set dst 10.44.112.32 255.255.255.240
5058 set gateway 192.168.253.1
5059 set device "port2"
5060 next
5061 edit 2
5062 set gateway 10.78.9.19
5063 set distance 1
5064 set device "port1"
5065 next
5066 edit 3
5067 set dst 10.44.127.0 255.255.255.0
5068 set distance 1
5069 set virtual-wan-link enable
5070 next
5071end
5072config router ospf
5073 config redistribute "connected"
5074 end
5075 config redistribute "static"
5076 end
5077 config redistribute "rip"
5078 end
5079 config redistribute "bgp"
5080 end
5081 config redistribute "isis"
5082 end
5083end
5084config router ospf6
5085 config redistribute "connected"
5086 end
5087 config redistribute "static"
5088 end
5089 config redistribute "rip"
5090 end
5091 config redistribute "bgp"
5092 end
5093 config redistribute "isis"
5094 end
5095end
5096config router bgp
5097 config redistribute "connected"
5098 end
5099 config redistribute "rip"
5100 end
5101 config redistribute "ospf"
5102 end
5103 config redistribute "static"
5104 end
5105 config redistribute "isis"
5106 end
5107 config redistribute6 "connected"
5108 end
5109 config redistribute6 "rip"
5110 end
5111 config redistribute6 "ospf"
5112 end
5113 config redistribute6 "static"
5114 end
5115 config redistribute6 "isis"
5116 end
5117end
5118config router isis
5119 config redistribute "connected"
5120 end
5121 config redistribute "rip"
5122 end
5123 config redistribute "ospf"
5124 end
5125 config redistribute "bgp"
5126 end
5127 config redistribute "static"
5128 end
5129 config redistribute6 "connected"
5130 end
5131 config redistribute6 "rip"
5132 end
5133 config redistribute6 "ospf"
5134 end
5135 config redistribute6 "bgp"
5136 end
5137 config redistribute6 "static"
5138 end
5139end
5140config router multicast
5141end