Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- set firewall all-ping 'enable'
- set firewall broadcast-ping 'disable'
- set firewall config-trap 'disable'
- set firewall group address-group ag-bcast_dmz address '192.168.67.255'
- set firewall group address-group ag-bcast_iot address '192.168.11.255'
- set firewall group address-group ag-bcast_iot address '192.168.11.253'
- set firewall group address-group ag-bcast_lan address '192.168.13.255'
- set firewall group address-group ag-bcast_lan address '192.168.13.253'
- set firewall group address-group ag-bcast_limit address '255.255.255.255'
- set firewall group address-group ag-bf_relay address '192.168.67.225'
- set firewall group address-group ag-bf_relay address '192.168.67.226'
- set firewall group address-group ag-bf_relay_extender address '192.168.67.225'
- set firewall group address-group ag-bf_server address '192.168.67.220'
- set firewall group address-group ag-bf_webreports address '192.168.67.220'
- set firewall group address-group ag-blueiris address '192.168.67.110'
- set firewall group address-group ag-cert_issuer address '192.168.67.231'
- set firewall group address-group ag-cert_web address '192.168.67.231'
- set firewall group address-group ag-ct_sync address '224.0.0.50'
- set firewall group address-group ag-dc address '192.168.67.241'
- set firewall group address-group ag-dc address '192.168.67.242'
- set firewall group address-group ag-dockerhosts address '192.168.7.195'
- set firewall group address-group ag-dockerhosts address '192.168.67.196'
- set firewall group address-group ag-dockerhosts address '192.168.7.196'
- set firewall group address-group ag-dockerhosts address '192.168.67.195'
- set firewall group address-group ag-docker_pub address '192.168.17.207'
- set firewall group address-group ag-fileserver address '192.168.67.200'
- set firewall group address-group ag-fileserver address '192.168.67.205'
- set firewall group address-group ag-hypervisors address '192.168.7.10'
- set firewall group address-group ag-hypervisors address '192.168.7.11'
- set firewall group address-group ag-hypervisors address '192.168.7.12'
- set firewall group address-group ag-hypervisors address '192.168.7.15'
- set firewall group address-group ag-hypervisors address '192.168.7.16'
- set firewall group address-group ag-igmp address '224.0.0.22'
- set firewall group address-group ag-kms address '192.168.67.240'
- set firewall group address-group ag-mdns address '224.0.0.251'
- set firewall group address-group ag-mdns address '192.168.11.252'
- set firewall group address-group ag-mdns address '192.168.11.254'
- set firewall group address-group ag-mdns address '192.168.13.254'
- set firewall group address-group ag-mdns address '192.168.13.252'
- set firewall group address-group ag-mdns address '192.168.13.253'
- set firewall group address-group ag-mdns address '192.168.11.253'
- set firewall group address-group ag-mdns address '192.168.131.253'
- set firewall group address-group ag-mdns address '192.168.131.252'
- set firewall group address-group ag-mdns address '192.168.131.254'
- set firewall group address-group ag-media_player address '192.168.11.66'
- set firewall group address-group ag-media_player address '192.168.11.99'
- set firewall group address-group ag-omada address '192.168.7.240'
- set firewall group address-group ag-portainer address '192.168.7.196'
- set firewall group address-group ag-printer address '192.168.13.210'
- set firewall group address-group ag-testDNS_fw address '192.168.7.140'
- set firewall group address-group ag-testNTP address '192.168.7.140'
- set firewall group address-group ag-testNTP address '192.168.7.141'
- set firewall group address-group ag-testWEB address '192.168.7.142'
- set firewall group address-group ag-testWEB address '192.168.7.143'
- set firewall group address-group ag-testWEB address '192.168.7.141'
- set firewall group address-group ag-testWEB address '192.168.7.146'
- set firewall group address-group ag-traccar_mysql address '192.168.67.195'
- set firewall group address-group ag-traccar_srv address '192.168.17.207'
- set firewall group address-group ag-tv_server address '192.168.11.196'
- set firewall group address-group ag-unifi
- set firewall group address-group ag-ups_mgmt address '192.168.7.100'
- set firewall group address-group ag-vcenter address '192.168.7.15'
- set firewall group address-group ag-vpn_bck address '192.168.17.100'
- set firewall group address-group ag-vpn_pri address '192.168.17.100'
- set firewall group address-group ag-vpn_servers address '192.168.17.100'
- set firewall group address-group ag-vrrp address '224.0.0.18'
- set firewall group address-group ag-vsphere address '192.168.7.15'
- set firewall group address-group ag-wsus address '192.168.67.235'
- set firewall group address-group ag-dhcp-isp address '172.17.0.1'
- set firewall group address-group ag-dhcp-isp address '172.23.0.1'
- set firewall group address-group ag-dhcp-server address '192.168.67.241'
- set firewall group address-group ag-dhcp-server address '192.168.67.242'
- set firewall group address-group ag-dns-dc_main address '192.168.67.241'
- set firewall group address-group ag-dns-dc_main address '192.168.67.242'
- set firewall group address-group ag-down-fileserver address '192.168.79.202'
- set firewall group address-group ag-fw-iot address '192.168.11.253'
- set firewall group address-group ag-fw-lan address '192.168.13.253'
- set firewall group address-group ag-vrrp-cam address '192.168.53.252'
- set firewall group address-group ag-vrrp-cam address '192.168.53.254'
- set firewall group address-group ag-vrrp-dmz address '192.168.67.252'
- set firewall group address-group ag-vrrp-dmz address '192.168.67.254'
- set firewall group address-group ag-vrrp-download address '192.168.79.252'
- set firewall group address-group ag-vrrp-download address '192.168.79.254'
- set firewall group address-group ag-vrrp-guest address '192.168.131.252'
- set firewall group address-group ag-vrrp-guest address '192.168.131.254'
- set firewall group address-group ag-vrrp-iot address '192.168.11.252'
- set firewall group address-group ag-vrrp-iot address '192.168.11.254'
- set firewall group address-group ag-vrrp-lan address '192.168.13.252'
- set firewall group address-group ag-vrrp-lan address '192.168.13.254'
- set firewall group address-group ag-vrrp-mgmt address '192.168.7.252'
- set firewall group address-group ag-vrrp-mgmt address '192.168.7.254'
- set firewall group address-group ag-vrrp-public address '192.168.17.252'
- set firewall group address-group ag-vrrp-public address '192.168.17.254'
- set firewall group address-group dns-piholes address '192.168.67.243'
- set firewall group address-group dns-piholes address '192.168.67.244'
- set firewall group address-group dnsforwarders address '192.168.67.241'
- set firewall group address-group dnsforwarders address '192.168.67.242'
- set firewall group address-group dnsforwarders address '192.168.67.243'
- set firewall group address-group dnsforwarders address '192.168.67.244'
- set firewall group address-group mgmtfromlan address '192.168.13.15'
- set firewall group address-group mgmtfromlan address '192.168.13.85'
- set firewall group address-group mgmtfromlan address '192.168.13.43'
- set firewall group address-group mgmtfromlan address '192.168.13.95'
- set firewall group address-group mgmtfromlan address '192.168.13.44'
- set firewall group address-group mgmtfromlan address '192.168.13.86'
- set firewall group address-group ntpservers address '192.168.67.241'
- set firewall group address-group ntpservers address '192.168.67.242'
- set firewall group address-group wifiaps address '192.168.7.210'
- set firewall group address-group wifiaps address '192.168.7.247'
- set firewall group address-group wifiaps address '192.168.7.248'
- set firewall group network-group ng-guest network '192.168.131.0/24'
- set firewall group network-group ng-lan network '192.168.13.0/24'
- set firewall group network-group vpnusers network '10.168.17.0/24'
- set firewall group network-group vpnusers network '10.168.19.0/24'
- set firewall group port-group pg-agps port '7275'
- set firewall group port-group pg-bf_server port '52311'
- set firewall group port-group pg-bf_webreports port '8083'
- set firewall group port-group pg-blueiris port '443'
- set firewall group port-group pg-blueiris port '442'
- set firewall group port-group pg-cam_onvif port '80'
- set firewall group port-group pg-cam_onvif port '8999'
- set firewall group port-group pg-cam_rtsp port '554'
- set firewall group port-group pg-cert_issuer port '135'
- set firewall group port-group pg-cert_issuer port '49152-65535'
- set firewall group port-group pg-crashplan port '4287'
- set firewall group port-group pg-ct_sync port '3780'
- set firewall group port-group pg-dhcp port '67'
- set firewall group port-group pg-dhcp port '68'
- set firewall group port-group pg-dns port '53'
- set firewall group port-group pg-dnsblock_admin port '3000'
- set firewall group port-group pg-dns_tls port '853'
- set firewall group port-group pg-domain port '389'
- set firewall group port-group pg-domain port '88'
- set firewall group port-group pg-domain port '445'
- set firewall group port-group pg-domain port '636'
- set firewall group port-group pg-domain port '3269'
- set firewall group port-group pg-domain port '3268'
- set firewall group port-group pg-domain port '135'
- set firewall group port-group pg-domain port '49152-65535'
- set firewall group port-group pg-domain port '137'
- set firewall group port-group pg-domain_udp port '137'
- set firewall group port-group pg-ftp port '21'
- set firewall group port-group pg-google_cast port '8008'
- set firewall group port-group pg-google_cast port '8009'
- set firewall group port-group pg-google_cast port '8443'
- set firewall group port-group pg-google_cast_pic port '2346'
- set firewall group port-group pg-google_fcm port '5228'
- set firewall group port-group pg-google_fcm port '5229'
- set firewall group port-group pg-google_fcm port '5230'
- set firewall group port-group pg-google_quic port '443'
- set firewall group port-group pg-google_quic port '19302-19309'
- set firewall group port-group pg-iperf port '5201'
- set firewall group port-group pg-iptv port '8086'
- set firewall group port-group pg-iptv port '8080'
- set firewall group port-group pg-iptv port '8000'
- set firewall group port-group pg-iptv port '9090'
- set firewall group port-group pg-person2work_genesys port '16384-32768'
- set firewall group port-group pg-person2work_webrtc port '3478'
- set firewall group port-group pg-person2work_webrtc port '19302'
- set firewall group port-group pg-kms port '1688'
- set firewall group port-group pg-person3_work port '9993'
- set firewall group port-group pg-person1work_lotusnotes port '1352'
- set firewall group port-group pg-mdns port '5353'
- set firewall group port-group pg-mysql port '3306'
- set firewall group port-group pg-netbios port '137'
- set firewall group port-group pg-netbios port '138'
- set firewall group port-group pg-netbios port '139'
- set firewall group port-group pg-ntp port '123'
- set firewall group port-group pg-ocsp port '80'
- set firewall group port-group pg-omada port '8043'
- set firewall group port-group pg-pia_ping port '8888'
- set firewall group port-group pg-pia_wguard port '1337'
- set firewall group port-group pg-pihole port '80'
- set firewall group port-group pg-pihole port '443'
- set firewall group port-group pg-portainer port '9000'
- set firewall group port-group pg-portainer_agent port '9001'
- set firewall group port-group pg-printer_web port '443'
- set firewall group port-group pg-rdp port '3389'
- set firewall group port-group pg-skype port '3478'
- set firewall group port-group pg-skype port '3479'
- set firewall group port-group pg-skype port '3480'
- set firewall group port-group pg-skype port '3481'
- set firewall group port-group pg-smb port '445'
- set firewall group port-group pg-solar port '54321'
- set firewall group port-group pg-solar port '54320'
- set firewall group port-group pg-solar port '54319'
- set firewall group port-group pg-solar port '49049'
- set firewall group port-group pg-solar2 port '50052'
- set firewall group port-group pg-speedtest port '5060'
- set firewall group port-group pg-speedtest port '8080'
- set firewall group port-group pg-spotify port '4070'
- set firewall group port-group pg-ssh port '22'
- set firewall group port-group pg-traccar_srv port '8082'
- set firewall group port-group pg-tvh_htsp port '9982'
- set firewall group port-group pg-tvh_web port '9981'
- set firewall group port-group pg-tv_discover port '65001'
- set firewall group port-group pg-unifi_adapt port '10001'
- set firewall group port-group pg-ups_web port '4679'
- set firewall group port-group pg-ups_web port '4680'
- set firewall group port-group pg-vcenter port '5480'
- set firewall group port-group pg-vcenter port '443'
- set firewall group port-group pg-vpn_bck port '443'
- set firewall group port-group pg-vpn_globalprotect port '4501'
- set firewall group port-group pg-vpn_globalprotect port '500'
- set firewall group port-group pg-vpn_globalprotect port '4500'
- set firewall group port-group pg-vpn_pri port '443'
- set firewall group port-group pg-web port '80'
- set firewall group port-group pg-web port '443'
- set firewall group port-group pg-webex port '9000'
- set firewall group port-group pg-webex port '5004'
- set firewall group port-group pg-webex port '33434-33598'
- set firewall group port-group pg-whatsapp port '3478'
- set firewall group port-group pg-wsus port '8530'
- set firewall group port-group pg-xmpp port '5222'
- set firewall ipv6-receive-redirects 'disable'
- set firewall ipv6-src-route 'disable'
- set firewall ip-src-route 'disable'
- set firewall log-martians 'enable'
- set firewall name cam-dmz default-action 'drop'
- set firewall name cam-dmz enable-default-log
- set firewall name cam-dmz rule 1 action 'accept'
- set firewall name cam-dmz rule 1 state established 'enable'
- set firewall name cam-dmz rule 1 state related 'enable'
- set firewall name cam-dmz rule 2 action 'drop'
- set firewall name cam-dmz rule 2 log 'enable'
- set firewall name cam-dmz rule 2 state invalid 'enable'
- set firewall name cam-dmz rule 400 action 'accept'
- set firewall name cam-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name cam-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name cam-dmz rule 400 log 'enable'
- set firewall name cam-dmz rule 400 protocol 'udp'
- set firewall name cam-download default-action 'drop'
- set firewall name cam-download enable-default-log
- set firewall name cam-download rule 1 action 'accept'
- set firewall name cam-download rule 1 state established 'enable'
- set firewall name cam-download rule 1 state related 'enable'
- set firewall name cam-download rule 2 action 'drop'
- set firewall name cam-download rule 2 log 'enable'
- set firewall name cam-download rule 2 state invalid 'enable'
- set firewall name cam-firewall default-action 'drop'
- set firewall name cam-firewall enable-default-log
- set firewall name cam-firewall rule 1 action 'accept'
- set firewall name cam-firewall rule 1 state established 'enable'
- set firewall name cam-firewall rule 1 state related 'enable'
- set firewall name cam-firewall rule 2 action 'drop'
- set firewall name cam-firewall rule 2 log 'enable'
- set firewall name cam-firewall rule 2 state invalid 'enable'
- set firewall name cam-firewall rule 10 action 'accept'
- set firewall name cam-firewall rule 10 destination group address-group 'ag-vrrp-cam'
- set firewall name cam-firewall rule 10 protocol 'vrrp'
- set firewall name cam-firewall rule 10 source group address-group 'ag-vrrp-cam'
- set firewall name cam-guest default-action 'drop'
- set firewall name cam-guest enable-default-log
- set firewall name cam-guest rule 1 action 'accept'
- set firewall name cam-guest rule 1 state established 'enable'
- set firewall name cam-guest rule 1 state related 'enable'
- set firewall name cam-guest rule 2 action 'drop'
- set firewall name cam-guest rule 2 log 'enable'
- set firewall name cam-guest rule 2 state invalid 'enable'
- set firewall name cam-lan default-action 'drop'
- set firewall name cam-lan enable-default-log
- set firewall name cam-lan rule 1 action 'accept'
- set firewall name cam-lan rule 1 state established 'enable'
- set firewall name cam-lan rule 1 state related 'enable'
- set firewall name cam-lan rule 2 action 'drop'
- set firewall name cam-lan rule 2 log 'enable'
- set firewall name cam-lan rule 2 state invalid 'enable'
- set firewall name cam-mgmt default-action 'drop'
- set firewall name cam-mgmt enable-default-log
- set firewall name cam-mgmt rule 1 action 'accept'
- set firewall name cam-mgmt rule 1 state established 'enable'
- set firewall name cam-mgmt rule 1 state related 'enable'
- set firewall name cam-mgmt rule 2 action 'drop'
- set firewall name cam-mgmt rule 2 log 'enable'
- set firewall name cam-mgmt rule 2 state invalid 'enable'
- set firewall name cam-public default-action 'drop'
- set firewall name cam-public enable-default-log
- set firewall name cam-public rule 1 action 'accept'
- set firewall name cam-public rule 1 state established 'enable'
- set firewall name cam-public rule 1 state related 'enable'
- set firewall name cam-public rule 2 action 'drop'
- set firewall name cam-public rule 2 log 'enable'
- set firewall name cam-public rule 2 state invalid 'enable'
- set firewall name cam-wan default-action 'drop'
- set firewall name cam-wan enable-default-log
- set firewall name cam-wan rule 1 action 'accept'
- set firewall name cam-wan rule 1 state established 'enable'
- set firewall name cam-wan rule 1 state related 'enable'
- set firewall name cam-wan rule 2 action 'drop'
- set firewall name cam-wan rule 2 log 'enable'
- set firewall name cam-wan rule 2 state invalid 'enable'
- set firewall name dmz-cam default-action 'drop'
- set firewall name dmz-cam enable-default-log
- set firewall name dmz-cam rule 1 action 'accept'
- set firewall name dmz-cam rule 1 state established 'enable'
- set firewall name dmz-cam rule 1 state related 'enable'
- set firewall name dmz-cam rule 2 action 'drop'
- set firewall name dmz-cam rule 2 log 'enable'
- set firewall name dmz-cam rule 2 state invalid 'enable'
- set firewall name dmz-cam rule 380 action 'accept'
- set firewall name dmz-cam rule 380 destination group port-group 'pg-cam_rtsp'
- set firewall name dmz-cam rule 380 log 'enable'
- set firewall name dmz-cam rule 380 protocol 'tcp'
- set firewall name dmz-cam rule 380 source group address-group 'ag-blueiris'
- set firewall name dmz-cam rule 381 action 'accept'
- set firewall name dmz-cam rule 381 destination group port-group 'pg-cam_onvif'
- set firewall name dmz-cam rule 381 log 'enable'
- set firewall name dmz-cam rule 381 protocol 'tcp'
- set firewall name dmz-cam rule 381 source group address-group 'ag-blueiris'
- set firewall name dmz-download default-action 'drop'
- set firewall name dmz-download enable-default-log
- set firewall name dmz-download rule 1 action 'accept'
- set firewall name dmz-download rule 1 state established 'enable'
- set firewall name dmz-download rule 1 state related 'enable'
- set firewall name dmz-download rule 2 action 'drop'
- set firewall name dmz-download rule 2 log 'enable'
- set firewall name dmz-download rule 2 state invalid 'enable'
- set firewall name dmz-download rule 100 action 'accept'
- set firewall name dmz-download rule 100 log 'enable'
- set firewall name dmz-download rule 100 protocol 'icmp'
- set firewall name dmz-download rule 300 action 'accept'
- set firewall name dmz-download rule 300 destination group address-group 'ag-down-fileserver'
- set firewall name dmz-download rule 300 destination group port-group 'pg-smb'
- set firewall name dmz-download rule 300 log 'enable'
- set firewall name dmz-download rule 300 protocol 'tcp'
- set firewall name dmz-download rule 300 source group address-group 'ag-fileserver'
- set firewall name dmz-firewall default-action 'drop'
- set firewall name dmz-firewall enable-default-log
- set firewall name dmz-firewall rule 1 action 'accept'
- set firewall name dmz-firewall rule 1 state established 'enable'
- set firewall name dmz-firewall rule 1 state related 'enable'
- set firewall name dmz-firewall rule 2 action 'drop'
- set firewall name dmz-firewall rule 2 log 'enable'
- set firewall name dmz-firewall rule 2 state invalid 'enable'
- set firewall name dmz-firewall rule 10 action 'accept'
- set firewall name dmz-firewall rule 10 destination group address-group 'ag-vrrp-dmz'
- set firewall name dmz-firewall rule 10 protocol 'vrrp'
- set firewall name dmz-firewall rule 10 source group address-group 'ag-vrrp-dmz'
- set firewall name dmz-firewall rule 600 action 'accept'
- set firewall name dmz-firewall rule 600 destination group port-group 'pg-dhcp'
- set firewall name dmz-firewall rule 600 log 'enable'
- set firewall name dmz-firewall rule 600 protocol 'udp'
- set firewall name dmz-firewall rule 600 source group address-group 'ag-dhcp-server'
- set firewall name dmz-firewall rule 610 action 'drop'
- set firewall name dmz-firewall rule 610 description 'Drop Netbios traffic from logs'
- set firewall name dmz-firewall rule 610 destination group port-group 'pg-netbios'
- set firewall name dmz-firewall rule 610 log 'disable'
- set firewall name dmz-firewall rule 610 protocol 'udp'
- set firewall name dmz-guest default-action 'drop'
- set firewall name dmz-guest enable-default-log
- set firewall name dmz-guest rule 1 action 'accept'
- set firewall name dmz-guest rule 1 state established 'enable'
- set firewall name dmz-guest rule 1 state related 'enable'
- set firewall name dmz-guest rule 2 action 'drop'
- set firewall name dmz-guest rule 2 log 'enable'
- set firewall name dmz-guest rule 2 state invalid 'enable'
- set firewall name dmz-iot default-action 'drop'
- set firewall name dmz-iot enable-default-log
- set firewall name dmz-iot rule 1 action 'accept'
- set firewall name dmz-iot rule 1 state established 'enable'
- set firewall name dmz-iot rule 1 state related 'enable'
- set firewall name dmz-iot rule 2 action 'drop'
- set firewall name dmz-iot rule 2 log 'enable'
- set firewall name dmz-iot rule 2 state invalid 'enable'
- set firewall name dmz-lan default-action 'drop'
- set firewall name dmz-lan enable-default-log
- set firewall name dmz-lan rule 1 action 'accept'
- set firewall name dmz-lan rule 1 state established 'enable'
- set firewall name dmz-lan rule 1 state related 'enable'
- set firewall name dmz-lan rule 2 action 'drop'
- set firewall name dmz-lan rule 2 log 'enable'
- set firewall name dmz-lan rule 2 state invalid 'enable'
- set firewall name dmz-lan rule 550 action 'accept'
- set firewall name dmz-lan rule 550 destination group port-group 'pg-bf_server'
- set firewall name dmz-lan rule 550 log 'enable'
- set firewall name dmz-lan rule 550 protocol 'udp'
- set firewall name dmz-lan rule 550 source group address-group 'ag-bf_relay'
- set firewall name dmz-mgmt default-action 'drop'
- set firewall name dmz-mgmt enable-default-log
- set firewall name dmz-mgmt rule 1 action 'accept'
- set firewall name dmz-mgmt rule 1 state established 'enable'
- set firewall name dmz-mgmt rule 1 state related 'enable'
- set firewall name dmz-mgmt rule 2 action 'drop'
- set firewall name dmz-mgmt rule 2 log 'enable'
- set firewall name dmz-mgmt rule 2 state invalid 'enable'
- set firewall name dmz-mgmt rule 100 action 'accept'
- set firewall name dmz-mgmt rule 100 log 'enable'
- set firewall name dmz-mgmt rule 100 protocol 'icmp'
- set firewall name dmz-mgmt rule 456 action 'accept'
- set firewall name dmz-mgmt rule 456 destination group address-group 'ag-vcenter'
- set firewall name dmz-mgmt rule 456 destination group port-group 'pg-vcenter'
- set firewall name dmz-mgmt rule 456 log 'enable'
- set firewall name dmz-mgmt rule 456 protocol 'tcp'
- set firewall name dmz-mgmt rule 456 source group address-group 'ag-bf_relay_extender'
- set firewall name dmz-public default-action 'drop'
- set firewall name dmz-public enable-default-log
- set firewall name dmz-public rule 1 action 'accept'
- set firewall name dmz-public rule 1 state established 'enable'
- set firewall name dmz-public rule 1 state related 'enable'
- set firewall name dmz-public rule 2 action 'drop'
- set firewall name dmz-public rule 2 log 'enable'
- set firewall name dmz-public rule 2 state invalid 'enable'
- set firewall name dmz-wan default-action 'drop'
- set firewall name dmz-wan enable-default-log
- set firewall name dmz-wan rule 1 action 'accept'
- set firewall name dmz-wan rule 1 state established 'enable'
- set firewall name dmz-wan rule 1 state related 'enable'
- set firewall name dmz-wan rule 2 action 'drop'
- set firewall name dmz-wan rule 2 log 'enable'
- set firewall name dmz-wan rule 2 state invalid 'enable'
- set firewall name dmz-wan rule 100 action 'accept'
- set firewall name dmz-wan rule 100 log 'enable'
- set firewall name dmz-wan rule 100 protocol 'icmp'
- set firewall name dmz-wan rule 200 action 'accept'
- set firewall name dmz-wan rule 200 destination group port-group 'pg-web'
- set firewall name dmz-wan rule 200 log 'enable'
- set firewall name dmz-wan rule 200 protocol 'tcp'
- set firewall name dmz-wan rule 205 action 'accept'
- set firewall name dmz-wan rule 205 destination group port-group 'pg-speedtest'
- set firewall name dmz-wan rule 205 log 'enable'
- set firewall name dmz-wan rule 205 protocol 'tcp'
- set firewall name dmz-wan rule 400 action 'accept'
- set firewall name dmz-wan rule 400 destination group port-group 'pg-ntp'
- set firewall name dmz-wan rule 400 log 'enable'
- set firewall name dmz-wan rule 400 protocol 'udp'
- set firewall name dmz-wan rule 400 source group address-group 'ntpservers'
- set firewall name dmz-wan rule 500 action 'accept'
- set firewall name dmz-wan rule 500 destination group port-group 'pg-dns'
- set firewall name dmz-wan rule 500 log 'enable'
- set firewall name dmz-wan rule 500 protocol 'tcp_udp'
- set firewall name dmz-wan rule 500 source group address-group 'dnsforwarders'
- set firewall name dmz-wan rule 700 action 'accept'
- set firewall name dmz-wan rule 700 destination group port-group 'pg-ftp'
- set firewall name dmz-wan rule 700 log 'enable'
- set firewall name dmz-wan rule 700 protocol 'tcp'
- set firewall name download-cam default-action 'drop'
- set firewall name download-cam enable-default-log
- set firewall name download-cam rule 1 action 'accept'
- set firewall name download-cam rule 1 state established 'enable'
- set firewall name download-cam rule 1 state related 'enable'
- set firewall name download-cam rule 2 action 'drop'
- set firewall name download-cam rule 2 log 'enable'
- set firewall name download-cam rule 2 state invalid 'enable'
- set firewall name download-dmz default-action 'drop'
- set firewall name download-dmz enable-default-log
- set firewall name download-dmz rule 1 action 'accept'
- set firewall name download-dmz rule 1 state established 'enable'
- set firewall name download-dmz rule 1 state related 'enable'
- set firewall name download-dmz rule 2 action 'drop'
- set firewall name download-dmz rule 2 log 'enable'
- set firewall name download-dmz rule 2 state invalid 'enable'
- set firewall name download-dmz rule 100 action 'accept'
- set firewall name download-dmz rule 100 log 'enable'
- set firewall name download-dmz rule 100 protocol 'icmp'
- set firewall name download-dmz rule 300 action 'accept'
- set firewall name download-dmz rule 300 destination group address-group 'ag-fileserver'
- set firewall name download-dmz rule 300 destination group port-group 'pg-smb'
- set firewall name download-dmz rule 300 log 'enable'
- set firewall name download-dmz rule 300 protocol 'tcp'
- set firewall name download-dmz rule 400 action 'accept'
- set firewall name download-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name download-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name download-dmz rule 400 log 'enable'
- set firewall name download-dmz rule 400 protocol 'udp'
- set firewall name download-dmz rule 500 action 'accept'
- set firewall name download-dmz rule 500 destination group address-group 'dnsforwarders'
- set firewall name download-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name download-dmz rule 500 log 'enable'
- set firewall name download-dmz rule 500 protocol 'tcp_udp'
- set firewall name download-dmz rule 501 action 'accept'
- set firewall name download-dmz rule 501 description 'Allow pihole web interface'
- set firewall name download-dmz rule 501 destination group address-group 'dns-piholes'
- set firewall name download-dmz rule 501 destination group port-group 'pg-pihole'
- set firewall name download-dmz rule 501 log 'enable'
- set firewall name download-dmz rule 501 protocol 'tcp'
- set firewall name download-dmz rule 560 action 'accept'
- set firewall name download-dmz rule 560 destination group address-group 'ag-wsus'
- set firewall name download-dmz rule 560 destination group port-group 'pg-wsus'
- set firewall name download-dmz rule 560 log 'enable'
- set firewall name download-dmz rule 560 protocol 'tcp'
- set firewall name download-firewall default-action 'drop'
- set firewall name download-firewall enable-default-log
- set firewall name download-firewall rule 1 action 'accept'
- set firewall name download-firewall rule 1 state established 'enable'
- set firewall name download-firewall rule 1 state related 'enable'
- set firewall name download-firewall rule 2 action 'drop'
- set firewall name download-firewall rule 2 log 'enable'
- set firewall name download-firewall rule 2 state invalid 'enable'
- set firewall name download-firewall rule 10 action 'accept'
- set firewall name download-firewall rule 10 destination group address-group 'ag-vrrp-download'
- set firewall name download-firewall rule 10 protocol 'vrrp'
- set firewall name download-firewall rule 10 source group address-group 'ag-vrrp-download'
- set firewall name download-firewall rule 610 action 'drop'
- set firewall name download-firewall rule 610 description 'Drop Netbios traffic from logs'
- set firewall name download-firewall rule 610 destination group port-group 'pg-netbios'
- set firewall name download-firewall rule 610 log 'disable'
- set firewall name download-firewall rule 610 protocol 'udp'
- set firewall name download-guest default-action 'drop'
- set firewall name download-guest enable-default-log
- set firewall name download-guest rule 1 action 'accept'
- set firewall name download-guest rule 1 state established 'enable'
- set firewall name download-guest rule 1 state related 'enable'
- set firewall name download-guest rule 2 action 'drop'
- set firewall name download-guest rule 2 log 'enable'
- set firewall name download-guest rule 2 state invalid 'enable'
- set firewall name download-lan default-action 'drop'
- set firewall name download-lan enable-default-log
- set firewall name download-lan rule 1 action 'accept'
- set firewall name download-lan rule 1 state established 'enable'
- set firewall name download-lan rule 1 state related 'enable'
- set firewall name download-lan rule 2 action 'drop'
- set firewall name download-lan rule 2 log 'enable'
- set firewall name download-lan rule 2 state invalid 'enable'
- set firewall name download-mgmt default-action 'drop'
- set firewall name download-mgmt enable-default-log
- set firewall name download-mgmt rule 1 action 'accept'
- set firewall name download-mgmt rule 1 state established 'enable'
- set firewall name download-mgmt rule 1 state related 'enable'
- set firewall name download-mgmt rule 2 action 'drop'
- set firewall name download-mgmt rule 2 log 'enable'
- set firewall name download-mgmt rule 2 state invalid 'enable'
- set firewall name download-public default-action 'drop'
- set firewall name download-public enable-default-log
- set firewall name download-public rule 1 action 'accept'
- set firewall name download-public rule 1 state established 'enable'
- set firewall name download-public rule 1 state related 'enable'
- set firewall name download-public rule 2 action 'drop'
- set firewall name download-public rule 2 log 'enable'
- set firewall name download-public rule 2 state invalid 'enable'
- set firewall name download-wan default-action 'drop'
- set firewall name download-wan enable-default-log
- set firewall name download-wan rule 1 action 'accept'
- set firewall name download-wan rule 1 state established 'enable'
- set firewall name download-wan rule 1 state related 'enable'
- set firewall name download-wan rule 2 action 'drop'
- set firewall name download-wan rule 2 log 'enable'
- set firewall name download-wan rule 2 state invalid 'enable'
- set firewall name download-wan rule 100 action 'accept'
- set firewall name download-wan rule 100 log 'enable'
- set firewall name download-wan rule 100 protocol 'icmp'
- set firewall name download-wan rule 200 action 'accept'
- set firewall name download-wan rule 200 destination group port-group 'pg-web'
- set firewall name download-wan rule 200 log 'enable'
- set firewall name download-wan rule 200 protocol 'tcp'
- set firewall name download-wan rule 201 action 'accept'
- set firewall name download-wan rule 201 destination group port-group 'pg-pia_wguard'
- set firewall name download-wan rule 201 log 'enable'
- set firewall name download-wan rule 201 protocol 'tcp_udp'
- set firewall name download-wan rule 700 action 'accept'
- set firewall name download-wan rule 700 destination group port-group 'pg-ftp'
- set firewall name download-wan rule 700 log 'enable'
- set firewall name download-wan rule 700 protocol 'tcp'
- set firewall name download-wan rule 705 action 'accept'
- set firewall name download-wan rule 705 destination group port-group 'pg-pia_ping'
- set firewall name download-wan rule 705 log 'enable'
- set firewall name download-wan rule 705 protocol 'udp'
- set firewall name firewall-cam default-action 'drop'
- set firewall name firewall-cam enable-default-log
- set firewall name firewall-cam rule 1 action 'accept'
- set firewall name firewall-cam rule 1 state established 'enable'
- set firewall name firewall-cam rule 1 state related 'enable'
- set firewall name firewall-cam rule 2 action 'drop'
- set firewall name firewall-cam rule 2 log 'enable'
- set firewall name firewall-cam rule 2 state invalid 'enable'
- set firewall name firewall-cam rule 10 action 'accept'
- set firewall name firewall-cam rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-cam rule 10 protocol 'vrrp'
- set firewall name firewall-cam rule 10 source group address-group 'ag-vrrp-cam'
- set firewall name firewall-cam rule 100 action 'accept'
- set firewall name firewall-cam rule 100 log 'enable'
- set firewall name firewall-cam rule 100 protocol 'icmp'
- set firewall name firewall-dmz default-action 'drop'
- set firewall name firewall-dmz enable-default-log
- set firewall name firewall-dmz rule 1 action 'accept'
- set firewall name firewall-dmz rule 1 state established 'enable'
- set firewall name firewall-dmz rule 1 state related 'enable'
- set firewall name firewall-dmz rule 2 action 'drop'
- set firewall name firewall-dmz rule 2 log 'enable'
- set firewall name firewall-dmz rule 2 state invalid 'enable'
- set firewall name firewall-dmz rule 10 action 'accept'
- set firewall name firewall-dmz rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-dmz rule 10 protocol 'vrrp'
- set firewall name firewall-dmz rule 10 source group address-group 'ag-vrrp-dmz'
- set firewall name firewall-dmz rule 100 action 'accept'
- set firewall name firewall-dmz rule 100 log 'enable'
- set firewall name firewall-dmz rule 100 protocol 'icmp'
- set firewall name firewall-dmz rule 400 action 'accept'
- set firewall name firewall-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name firewall-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name firewall-dmz rule 400 log 'enable'
- set firewall name firewall-dmz rule 400 protocol 'udp'
- set firewall name firewall-dmz rule 500 action 'accept'
- set firewall name firewall-dmz rule 500 destination group address-group 'ag-dns-dc_main'
- set firewall name firewall-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name firewall-dmz rule 500 log 'enable'
- set firewall name firewall-dmz rule 500 protocol 'tcp_udp'
- set firewall name firewall-dmz rule 600 action 'accept'
- set firewall name firewall-dmz rule 600 destination group address-group 'ag-dhcp-server'
- set firewall name firewall-dmz rule 600 destination group port-group 'pg-dhcp'
- set firewall name firewall-dmz rule 600 log 'enable'
- set firewall name firewall-dmz rule 600 protocol 'udp'
- set firewall name firewall-download default-action 'drop'
- set firewall name firewall-download enable-default-log
- set firewall name firewall-download rule 1 action 'accept'
- set firewall name firewall-download rule 1 state established 'enable'
- set firewall name firewall-download rule 1 state related 'enable'
- set firewall name firewall-download rule 2 action 'drop'
- set firewall name firewall-download rule 2 log 'enable'
- set firewall name firewall-download rule 2 state invalid 'enable'
- set firewall name firewall-download rule 10 action 'accept'
- set firewall name firewall-download rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-download rule 10 protocol 'vrrp'
- set firewall name firewall-download rule 10 source group address-group 'ag-vrrp-download'
- set firewall name firewall-download rule 100 action 'accept'
- set firewall name firewall-download rule 100 log 'enable'
- set firewall name firewall-download rule 100 protocol 'icmp'
- set firewall name firewall-guest default-action 'drop'
- set firewall name firewall-guest enable-default-log
- set firewall name firewall-guest rule 1 action 'accept'
- set firewall name firewall-guest rule 1 state established 'enable'
- set firewall name firewall-guest rule 1 state related 'enable'
- set firewall name firewall-guest rule 2 action 'drop'
- set firewall name firewall-guest rule 2 log 'enable'
- set firewall name firewall-guest rule 2 state invalid 'enable'
- set firewall name firewall-guest rule 10 action 'accept'
- set firewall name firewall-guest rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-guest rule 10 protocol 'vrrp'
- set firewall name firewall-guest rule 10 source group address-group 'ag-vrrp-guest'
- set firewall name firewall-guest rule 100 action 'accept'
- set firewall name firewall-guest rule 100 log 'enable'
- set firewall name firewall-guest rule 100 protocol 'icmp'
- set firewall name firewall-guest rule 602 action 'accept'
- set firewall name firewall-guest rule 602 destination group address-group 'ag-mdns'
- set firewall name firewall-guest rule 602 destination group port-group 'pg-mdns'
- set firewall name firewall-guest rule 602 protocol 'udp'
- set firewall name firewall-iot default-action 'drop'
- set firewall name firewall-iot enable-default-log
- set firewall name firewall-iot rule 1 action 'accept'
- set firewall name firewall-iot rule 1 state established 'enable'
- set firewall name firewall-iot rule 1 state related 'enable'
- set firewall name firewall-iot rule 2 action 'drop'
- set firewall name firewall-iot rule 2 log 'enable'
- set firewall name firewall-iot rule 2 state invalid 'enable'
- set firewall name firewall-iot rule 10 action 'accept'
- set firewall name firewall-iot rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-iot rule 10 protocol 'vrrp'
- set firewall name firewall-iot rule 10 source group address-group 'ag-vrrp-iot'
- set firewall name firewall-iot rule 100 action 'accept'
- set firewall name firewall-iot rule 100 log 'enable'
- set firewall name firewall-iot rule 100 protocol 'icmp'
- set firewall name firewall-iot rule 602 action 'accept'
- set firewall name firewall-iot rule 602 destination group address-group 'ag-mdns'
- set firewall name firewall-iot rule 602 destination group port-group 'pg-mdns'
- set firewall name firewall-iot rule 602 protocol 'udp'
- set firewall name firewall-lan default-action 'drop'
- set firewall name firewall-lan enable-default-log
- set firewall name firewall-lan rule 1 action 'accept'
- set firewall name firewall-lan rule 1 state established 'enable'
- set firewall name firewall-lan rule 1 state related 'enable'
- set firewall name firewall-lan rule 2 action 'drop'
- set firewall name firewall-lan rule 2 log 'enable'
- set firewall name firewall-lan rule 2 state invalid 'enable'
- set firewall name firewall-lan rule 10 action 'accept'
- set firewall name firewall-lan rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-lan rule 10 protocol 'vrrp'
- set firewall name firewall-lan rule 10 source group address-group 'ag-vrrp-lan'
- set firewall name firewall-lan rule 100 action 'accept'
- set firewall name firewall-lan rule 100 log 'enable'
- set firewall name firewall-lan rule 100 protocol 'icmp'
- set firewall name firewall-lan rule 602 action 'accept'
- set firewall name firewall-lan rule 602 destination group address-group 'ag-mdns'
- set firewall name firewall-lan rule 602 destination group port-group 'pg-mdns'
- set firewall name firewall-lan rule 602 protocol 'udp'
- set firewall name firewall-mgmt default-action 'drop'
- set firewall name firewall-mgmt enable-default-log
- set firewall name firewall-mgmt rule 1 action 'accept'
- set firewall name firewall-mgmt rule 1 state established 'enable'
- set firewall name firewall-mgmt rule 1 state related 'enable'
- set firewall name firewall-mgmt rule 2 action 'drop'
- set firewall name firewall-mgmt rule 2 log 'enable'
- set firewall name firewall-mgmt rule 2 state invalid 'enable'
- set firewall name firewall-mgmt rule 10 action 'accept'
- set firewall name firewall-mgmt rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-mgmt rule 10 protocol 'vrrp'
- set firewall name firewall-mgmt rule 10 source group address-group 'ag-vrrp-mgmt'
- set firewall name firewall-mgmt rule 100 action 'accept'
- set firewall name firewall-mgmt rule 100 log 'enable'
- set firewall name firewall-mgmt rule 100 protocol 'icmp'
- set firewall name firewall-mgmt rule 650 action 'accept'
- set firewall name firewall-mgmt rule 650 description 'Accept Conntrack Sync'
- set firewall name firewall-mgmt rule 650 destination group address-group 'ag-ct_sync'
- set firewall name firewall-mgmt rule 650 destination group port-group 'pg-ct_sync'
- set firewall name firewall-mgmt rule 650 protocol 'udp'
- set firewall name firewall-mgmt rule 650 source group address-group 'ag-vrrp-mgmt'
- set firewall name firewall-mgmt rule 651 action 'accept'
- set firewall name firewall-mgmt rule 651 description 'Allow IGMP for Conntrack Sync'
- set firewall name firewall-mgmt rule 651 destination group address-group 'ag-igmp'
- set firewall name firewall-mgmt rule 651 protocol 'igmp'
- set firewall name firewall-mgmt rule 651 source group address-group 'ag-vrrp-mgmt'
- set firewall name firewall-public default-action 'drop'
- set firewall name firewall-public enable-default-log
- set firewall name firewall-public rule 1 action 'accept'
- set firewall name firewall-public rule 1 state established 'enable'
- set firewall name firewall-public rule 1 state related 'enable'
- set firewall name firewall-public rule 2 action 'drop'
- set firewall name firewall-public rule 2 log 'enable'
- set firewall name firewall-public rule 2 state invalid 'enable'
- set firewall name firewall-public rule 10 action 'accept'
- set firewall name firewall-public rule 10 destination group address-group 'ag-vrrp'
- set firewall name firewall-public rule 10 protocol 'vrrp'
- set firewall name firewall-public rule 10 source group address-group 'ag-vrrp-public'
- set firewall name firewall-public rule 100 action 'accept'
- set firewall name firewall-public rule 100 log 'enable'
- set firewall name firewall-public rule 100 protocol 'icmp'
- set firewall name firewall-wan default-action 'drop'
- set firewall name firewall-wan enable-default-log
- set firewall name firewall-wan rule 1 action 'accept'
- set firewall name firewall-wan rule 1 state established 'enable'
- set firewall name firewall-wan rule 1 state related 'enable'
- set firewall name firewall-wan rule 2 action 'drop'
- set firewall name firewall-wan rule 2 log 'enable'
- set firewall name firewall-wan rule 2 state invalid 'enable'
- set firewall name firewall-wan rule 100 action 'accept'
- set firewall name firewall-wan rule 100 log 'enable'
- set firewall name firewall-wan rule 100 protocol 'icmp'
- set firewall name firewall-wan rule 200 action 'accept'
- set firewall name firewall-wan rule 200 description 'Allow updating dynamic DNS'
- set firewall name firewall-wan rule 200 destination group port-group 'pg-web'
- set firewall name firewall-wan rule 200 log 'enable'
- set firewall name firewall-wan rule 200 protocol 'tcp'
- set firewall name firewall-wan rule 600 action 'accept'
- set firewall name firewall-wan rule 600 destination group port-group 'pg-dhcp'
- set firewall name firewall-wan rule 600 log 'enable'
- set firewall name firewall-wan rule 600 protocol 'udp'
- set firewall name guest-cam default-action 'drop'
- set firewall name guest-cam enable-default-log
- set firewall name guest-cam rule 1 action 'accept'
- set firewall name guest-cam rule 1 state established 'enable'
- set firewall name guest-cam rule 1 state related 'enable'
- set firewall name guest-cam rule 2 action 'drop'
- set firewall name guest-cam rule 2 log 'enable'
- set firewall name guest-cam rule 2 state invalid 'enable'
- set firewall name guest-dmz default-action 'drop'
- set firewall name guest-dmz enable-default-log
- set firewall name guest-dmz rule 1 action 'accept'
- set firewall name guest-dmz rule 1 state established 'enable'
- set firewall name guest-dmz rule 1 state related 'enable'
- set firewall name guest-dmz rule 2 action 'drop'
- set firewall name guest-dmz rule 2 log 'enable'
- set firewall name guest-dmz rule 2 state invalid 'enable'
- set firewall name guest-dmz rule 400 action 'accept'
- set firewall name guest-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name guest-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name guest-dmz rule 400 log 'enable'
- set firewall name guest-dmz rule 400 protocol 'udp'
- set firewall name guest-dmz rule 500 action 'accept'
- set firewall name guest-dmz rule 500 destination group address-group 'dnsforwarders'
- set firewall name guest-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name guest-dmz rule 500 log 'enable'
- set firewall name guest-dmz rule 500 protocol 'tcp_udp'
- set firewall name guest-dmz rule 501 action 'accept'
- set firewall name guest-dmz rule 501 description 'Allow HTTP for Pi-hole'
- set firewall name guest-dmz rule 501 destination group address-group 'dns-piholes'
- set firewall name guest-dmz rule 501 destination group port-group 'pg-pihole'
- set firewall name guest-dmz rule 501 log 'enable'
- set firewall name guest-dmz rule 501 protocol 'tcp'
- set firewall name guest-dmz rule 600 action 'accept'
- set firewall name guest-dmz rule 600 destination group address-group 'ag-dhcp-server'
- set firewall name guest-dmz rule 600 destination group port-group 'pg-dhcp'
- set firewall name guest-dmz rule 600 log 'enable'
- set firewall name guest-dmz rule 600 protocol 'udp'
- set firewall name guest-download default-action 'drop'
- set firewall name guest-download enable-default-log
- set firewall name guest-download rule 1 action 'accept'
- set firewall name guest-download rule 1 state established 'enable'
- set firewall name guest-download rule 1 state related 'enable'
- set firewall name guest-download rule 2 action 'drop'
- set firewall name guest-download rule 2 log 'enable'
- set firewall name guest-download rule 2 state invalid 'enable'
- set firewall name guest-firewall default-action 'drop'
- set firewall name guest-firewall enable-default-log
- set firewall name guest-firewall rule 1 action 'accept'
- set firewall name guest-firewall rule 1 state established 'enable'
- set firewall name guest-firewall rule 1 state related 'enable'
- set firewall name guest-firewall rule 2 action 'drop'
- set firewall name guest-firewall rule 2 log 'enable'
- set firewall name guest-firewall rule 2 state invalid 'enable'
- set firewall name guest-firewall rule 10 action 'accept'
- set firewall name guest-firewall rule 10 destination group address-group 'ag-vrrp-guest'
- set firewall name guest-firewall rule 10 protocol 'vrrp'
- set firewall name guest-firewall rule 10 source group address-group 'ag-vrrp-guest'
- set firewall name guest-firewall rule 600 action 'accept'
- set firewall name guest-firewall rule 600 destination group port-group 'pg-dhcp'
- set firewall name guest-firewall rule 600 log 'enable'
- set firewall name guest-firewall rule 600 protocol 'udp'
- set firewall name guest-firewall rule 602 action 'accept'
- set firewall name guest-firewall rule 602 destination group address-group 'ag-mdns'
- set firewall name guest-firewall rule 602 destination group port-group 'pg-mdns'
- set firewall name guest-firewall rule 602 protocol 'udp'
- set firewall name guest-firewall rule 605 action 'accept'
- set firewall name guest-firewall rule 605 description 'Allow media/TV discovery (Direct)'
- set firewall name guest-firewall rule 605 destination group address-group 'ag-bcast_lan'
- set firewall name guest-firewall rule 605 destination group port-group 'pg-tv_discover'
- set firewall name guest-firewall rule 605 log 'enable'
- set firewall name guest-firewall rule 605 protocol 'udp'
- set firewall name guest-firewall rule 606 action 'accept'
- set firewall name guest-firewall rule 606 description 'Allow media/TV discovery (Limited)'
- set firewall name guest-firewall rule 606 destination group address-group 'ag-bcast_limit'
- set firewall name guest-firewall rule 606 destination group port-group 'pg-tv_discover'
- set firewall name guest-firewall rule 606 log 'enable'
- set firewall name guest-firewall rule 606 protocol 'udp'
- set firewall name guest-firewall rule 610 action 'drop'
- set firewall name guest-firewall rule 610 description 'Drop Netbios traffic from logs'
- set firewall name guest-firewall rule 610 destination group port-group 'pg-netbios'
- set firewall name guest-firewall rule 610 log 'disable'
- set firewall name guest-firewall rule 610 protocol 'udp'
- set firewall name guest-iot default-action 'drop'
- set firewall name guest-iot enable-default-log
- set firewall name guest-iot rule 1 action 'accept'
- set firewall name guest-iot rule 1 state established 'enable'
- set firewall name guest-iot rule 1 state related 'enable'
- set firewall name guest-iot rule 2 action 'drop'
- set firewall name guest-iot rule 2 log 'enable'
- set firewall name guest-iot rule 2 state invalid 'enable'
- set firewall name guest-iot rule 207 action 'accept'
- set firewall name guest-iot rule 207 destination group port-group 'pg-google_cast'
- set firewall name guest-iot rule 207 log 'enable'
- set firewall name guest-iot rule 207 protocol 'tcp'
- set firewall name guest-iot rule 208 action 'accept'
- set firewall name guest-iot rule 208 log 'enable'
- set firewall name guest-iot rule 208 protocol 'udp'
- set firewall name guest-iot rule 208 source group port-group 'pg-google_cast_pic'
- set firewall name guest-lan default-action 'drop'
- set firewall name guest-lan enable-default-log
- set firewall name guest-lan rule 1 action 'accept'
- set firewall name guest-lan rule 1 state established 'enable'
- set firewall name guest-lan rule 1 state related 'enable'
- set firewall name guest-lan rule 2 action 'drop'
- set firewall name guest-lan rule 2 log 'enable'
- set firewall name guest-lan rule 2 state invalid 'enable'
- set firewall name guest-mgmt default-action 'drop'
- set firewall name guest-mgmt enable-default-log
- set firewall name guest-mgmt rule 1 action 'accept'
- set firewall name guest-mgmt rule 1 state established 'enable'
- set firewall name guest-mgmt rule 1 state related 'enable'
- set firewall name guest-mgmt rule 2 action 'drop'
- set firewall name guest-mgmt rule 2 log 'enable'
- set firewall name guest-mgmt rule 2 state invalid 'enable'
- set firewall name guest-public default-action 'drop'
- set firewall name guest-public enable-default-log
- set firewall name guest-public rule 1 action 'accept'
- set firewall name guest-public rule 1 state established 'enable'
- set firewall name guest-public rule 1 state related 'enable'
- set firewall name guest-public rule 2 action 'drop'
- set firewall name guest-public rule 2 log 'enable'
- set firewall name guest-public rule 2 state invalid 'enable'
- set firewall name guest-wan default-action 'drop'
- set firewall name guest-wan enable-default-log
- set firewall name guest-wan rule 1 action 'accept'
- set firewall name guest-wan rule 1 state established 'enable'
- set firewall name guest-wan rule 1 state related 'enable'
- set firewall name guest-wan rule 2 action 'drop'
- set firewall name guest-wan rule 2 log 'enable'
- set firewall name guest-wan rule 2 state invalid 'enable'
- set firewall name guest-wan rule 100 action 'accept'
- set firewall name guest-wan rule 100 log 'enable'
- set firewall name guest-wan rule 100 protocol 'icmp'
- set firewall name guest-wan rule 200 action 'accept'
- set firewall name guest-wan rule 200 destination group port-group 'pg-web'
- set firewall name guest-wan rule 200 log 'enable'
- set firewall name guest-wan rule 200 protocol 'tcp'
- set firewall name guest-wan rule 203 action 'accept'
- set firewall name guest-wan rule 203 destination group port-group 'pg-google_quic'
- set firewall name guest-wan rule 203 log 'enable'
- set firewall name guest-wan rule 203 protocol 'udp'
- set firewall name guest-wan rule 204 action 'accept'
- set firewall name guest-wan rule 204 destination group port-group 'pg-google_fcm'
- set firewall name guest-wan rule 204 log 'enable'
- set firewall name guest-wan rule 204 protocol 'tcp_udp'
- set firewall name guest-wan rule 205 action 'accept'
- set firewall name guest-wan rule 205 destination group port-group 'pg-speedtest'
- set firewall name guest-wan rule 205 log 'enable'
- set firewall name guest-wan rule 205 protocol 'tcp'
- set firewall name guest-wan rule 208 action 'accept'
- set firewall name guest-wan rule 208 destination group port-group 'pg-agps'
- set firewall name guest-wan rule 208 log 'enable'
- set firewall name guest-wan rule 208 protocol 'tcp'
- set firewall name guest-wan rule 209 action 'accept'
- set firewall name guest-wan rule 209 destination group port-group 'pg-xmpp'
- set firewall name guest-wan rule 209 log 'enable'
- set firewall name guest-wan rule 209 protocol 'tcp'
- set firewall name guest-wan rule 215 action 'accept'
- set firewall name guest-wan rule 215 destination group port-group 'pg-spotify'
- set firewall name guest-wan rule 215 log 'enable'
- set firewall name guest-wan rule 215 protocol 'tcp'
- set firewall name guest-wan rule 400 action 'accept'
- set firewall name guest-wan rule 400 destination group port-group 'pg-ntp'
- set firewall name guest-wan rule 400 log 'enable'
- set firewall name guest-wan rule 400 protocol 'udp'
- set firewall name guest-wan rule 500 action 'accept'
- set firewall name guest-wan rule 500 destination group port-group 'pg-dns'
- set firewall name guest-wan rule 500 log 'enable'
- set firewall name guest-wan rule 500 protocol 'tcp_udp'
- set firewall name guest-wan rule 630 action 'accept'
- set firewall name guest-wan rule 630 destination group port-group 'pg-whatsapp'
- set firewall name guest-wan rule 630 log 'enable'
- set firewall name guest-wan rule 630 protocol 'udp'
- set firewall name guest-wan rule 631 action 'accept'
- set firewall name guest-wan rule 631 destination group port-group 'pg-skype'
- set firewall name guest-wan rule 631 log 'enable'
- set firewall name guest-wan rule 631 protocol 'udp'
- set firewall name guest-wan rule 632 action 'accept'
- set firewall name guest-wan rule 632 destination group port-group 'pg-webex'
- set firewall name guest-wan rule 632 log 'enable'
- set firewall name guest-wan rule 632 protocol 'tcp_udp'
- set firewall name guest-wan rule 635 action 'accept'
- set firewall name guest-wan rule 635 destination group port-group 'pg-person3_work'
- set firewall name guest-wan rule 635 log 'enable'
- set firewall name guest-wan rule 635 protocol 'udp'
- set firewall name guest-wan rule 700 action 'accept'
- set firewall name guest-wan rule 700 destination group port-group 'pg-ftp'
- set firewall name guest-wan rule 700 log 'enable'
- set firewall name guest-wan rule 700 protocol 'tcp'
- set firewall name iot-dmz default-action 'drop'
- set firewall name iot-dmz enable-default-log
- set firewall name iot-dmz rule 1 action 'accept'
- set firewall name iot-dmz rule 1 state established 'enable'
- set firewall name iot-dmz rule 1 state related 'enable'
- set firewall name iot-dmz rule 2 action 'drop'
- set firewall name iot-dmz rule 2 log 'enable'
- set firewall name iot-dmz rule 2 state invalid 'enable'
- set firewall name iot-dmz rule 100 action 'accept'
- set firewall name iot-dmz rule 100 destination group address-group 'dns-piholes'
- set firewall name iot-dmz rule 100 log 'enable'
- set firewall name iot-dmz rule 100 protocol 'icmp'
- set firewall name iot-dmz rule 300 action 'accept'
- set firewall name iot-dmz rule 300 destination group address-group 'ag-fileserver'
- set firewall name iot-dmz rule 300 destination group port-group 'pg-smb'
- set firewall name iot-dmz rule 300 log 'enable'
- set firewall name iot-dmz rule 300 protocol 'tcp'
- set firewall name iot-dmz rule 300 source group address-group 'ag-media_player'
- set firewall name iot-dmz rule 400 action 'accept'
- set firewall name iot-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name iot-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name iot-dmz rule 400 log 'enable'
- set firewall name iot-dmz rule 400 protocol 'udp'
- set firewall name iot-dmz rule 500 action 'accept'
- set firewall name iot-dmz rule 500 destination group address-group 'dns-piholes'
- set firewall name iot-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name iot-dmz rule 500 log 'enable'
- set firewall name iot-dmz rule 500 protocol 'tcp_udp'
- set firewall name iot-dmz rule 501 action 'accept'
- set firewall name iot-dmz rule 501 description 'Allow HTTP for Pi-hole'
- set firewall name iot-dmz rule 501 destination group address-group 'dns-piholes'
- set firewall name iot-dmz rule 501 destination group port-group 'pg-pihole'
- set firewall name iot-dmz rule 501 log 'enable'
- set firewall name iot-dmz rule 501 protocol 'tcp'
- set firewall name iot-dmz rule 502 action 'drop'
- set firewall name iot-dmz rule 502 description 'Disable DNS over TLS'
- set firewall name iot-dmz rule 502 destination group address-group 'dns-piholes'
- set firewall name iot-dmz rule 502 destination group port-group 'pg-dns_tls'
- set firewall name iot-dmz rule 502 log 'enable'
- set firewall name iot-dmz rule 502 protocol 'tcp'
- set firewall name iot-dmz rule 600 action 'accept'
- set firewall name iot-dmz rule 600 destination group address-group 'ag-dhcp-server'
- set firewall name iot-dmz rule 600 destination group port-group 'pg-dhcp'
- set firewall name iot-dmz rule 600 log 'enable'
- set firewall name iot-dmz rule 600 protocol 'udp'
- set firewall name iot-firewall default-action 'drop'
- set firewall name iot-firewall enable-default-log
- set firewall name iot-firewall rule 1 action 'accept'
- set firewall name iot-firewall rule 1 state established 'enable'
- set firewall name iot-firewall rule 1 state related 'enable'
- set firewall name iot-firewall rule 2 action 'drop'
- set firewall name iot-firewall rule 2 log 'enable'
- set firewall name iot-firewall rule 2 state invalid 'enable'
- set firewall name iot-firewall rule 10 action 'accept'
- set firewall name iot-firewall rule 10 destination group address-group 'ag-vrrp-iot'
- set firewall name iot-firewall rule 10 protocol 'vrrp'
- set firewall name iot-firewall rule 10 source group address-group 'ag-vrrp-iot'
- set firewall name iot-firewall rule 100 action 'accept'
- set firewall name iot-firewall rule 100 destination group address-group 'ag-fw-iot'
- set firewall name iot-firewall rule 100 log 'enable'
- set firewall name iot-firewall rule 100 protocol 'icmp'
- set firewall name iot-firewall rule 371 action 'accept'
- set firewall name iot-firewall rule 371 description 'Fronius solar 2'
- set firewall name iot-firewall rule 371 destination address '192.168.11.255'
- set firewall name iot-firewall rule 371 destination group port-group 'pg-solar2'
- set firewall name iot-firewall rule 371 log 'enable'
- set firewall name iot-firewall rule 371 protocol 'udp'
- set firewall name iot-firewall rule 600 action 'accept'
- set firewall name iot-firewall rule 600 destination group port-group 'pg-dhcp'
- set firewall name iot-firewall rule 600 log 'enable'
- set firewall name iot-firewall rule 600 protocol 'udp'
- set firewall name iot-firewall rule 601 action 'accept'
- set firewall name iot-firewall rule 601 description 'Allow direct bcast mDNS'
- set firewall name iot-firewall rule 601 destination group address-group 'ag-bcast_iot'
- set firewall name iot-firewall rule 601 destination group port-group 'pg-mdns'
- set firewall name iot-firewall rule 601 log 'enable'
- set firewall name iot-firewall rule 601 protocol 'udp'
- set firewall name iot-firewall rule 602 action 'accept'
- set firewall name iot-firewall rule 602 destination group address-group 'ag-mdns'
- set firewall name iot-firewall rule 602 destination group port-group 'pg-mdns'
- set firewall name iot-firewall rule 602 protocol 'udp'
- set firewall name iot-firewall rule 605 action 'accept'
- set firewall name iot-firewall rule 605 description 'Allow media/TV discovery (Direct)'
- set firewall name iot-firewall rule 605 destination group address-group 'ag-bcast_iot'
- set firewall name iot-firewall rule 605 destination group port-group 'pg-tv_discover'
- set firewall name iot-firewall rule 605 log 'enable'
- set firewall name iot-firewall rule 605 protocol 'udp'
- set firewall name iot-firewall rule 606 action 'accept'
- set firewall name iot-firewall rule 606 description 'Allow media/TV discovery (Limited)'
- set firewall name iot-firewall rule 606 destination group address-group 'ag-bcast_limit'
- set firewall name iot-firewall rule 606 destination group port-group 'pg-tv_discover'
- set firewall name iot-firewall rule 606 log 'enable'
- set firewall name iot-firewall rule 606 protocol 'udp'
- set firewall name iot-firewall rule 610 action 'drop'
- set firewall name iot-firewall rule 610 description 'Drop Netbios traffic from logs'
- set firewall name iot-firewall rule 610 destination group port-group 'pg-netbios'
- set firewall name iot-firewall rule 610 log 'disable'
- set firewall name iot-firewall rule 610 protocol 'udp'
- set firewall name iot-guest default-action 'drop'
- set firewall name iot-guest enable-default-log
- set firewall name iot-guest rule 1 action 'accept'
- set firewall name iot-guest rule 1 state established 'enable'
- set firewall name iot-guest rule 1 state related 'enable'
- set firewall name iot-guest rule 2 action 'drop'
- set firewall name iot-guest rule 2 log 'enable'
- set firewall name iot-guest rule 2 state invalid 'enable'
- set firewall name iot-guest rule 207 action 'accept'
- set firewall name iot-guest rule 207 description 'Allow Google Cast Returns'
- set firewall name iot-guest rule 207 destination group network-group 'ng-guest'
- set firewall name iot-guest rule 207 log 'enable'
- set firewall name iot-guest rule 207 protocol 'tcp'
- set firewall name iot-guest rule 207 source group address-group 'ag-media_player'
- set firewall name iot-guest rule 207 source group port-group 'pg-google_cast'
- set firewall name iot-lan default-action 'drop'
- set firewall name iot-lan enable-default-log
- set firewall name iot-lan rule 1 action 'accept'
- set firewall name iot-lan rule 1 state established 'enable'
- set firewall name iot-lan rule 1 state related 'enable'
- set firewall name iot-lan rule 2 action 'drop'
- set firewall name iot-lan rule 2 log 'enable'
- set firewall name iot-lan rule 2 state invalid 'enable'
- set firewall name iot-lan rule 207 action 'accept'
- set firewall name iot-lan rule 207 description 'Allow Google Cast Returns'
- set firewall name iot-lan rule 207 destination group network-group 'ng-lan'
- set firewall name iot-lan rule 207 log 'enable'
- set firewall name iot-lan rule 207 protocol 'tcp'
- set firewall name iot-lan rule 207 source group address-group 'ag-media_player'
- set firewall name iot-lan rule 207 source group port-group 'pg-google_cast'
- set firewall name iot-wan default-action 'drop'
- set firewall name iot-wan enable-default-log
- set firewall name iot-wan rule 1 action 'accept'
- set firewall name iot-wan rule 1 state established 'enable'
- set firewall name iot-wan rule 1 state related 'enable'
- set firewall name iot-wan rule 2 action 'drop'
- set firewall name iot-wan rule 2 log 'enable'
- set firewall name iot-wan rule 2 state invalid 'enable'
- set firewall name iot-wan rule 100 action 'accept'
- set firewall name iot-wan rule 100 log 'enable'
- set firewall name iot-wan rule 100 protocol 'icmp'
- set firewall name iot-wan rule 200 action 'accept'
- set firewall name iot-wan rule 200 destination group port-group 'pg-web'
- set firewall name iot-wan rule 200 log 'enable'
- set firewall name iot-wan rule 200 protocol 'tcp'
- set firewall name iot-wan rule 203 action 'accept'
- set firewall name iot-wan rule 203 destination group port-group 'pg-google_quic'
- set firewall name iot-wan rule 203 log 'enable'
- set firewall name iot-wan rule 203 protocol 'udp'
- set firewall name iot-wan rule 204 action 'accept'
- set firewall name iot-wan rule 204 destination group port-group 'pg-google_fcm'
- set firewall name iot-wan rule 204 log 'enable'
- set firewall name iot-wan rule 204 protocol 'tcp_udp'
- set firewall name iot-wan rule 209 action 'accept'
- set firewall name iot-wan rule 209 destination group port-group 'pg-xmpp'
- set firewall name iot-wan rule 209 log 'enable'
- set firewall name iot-wan rule 209 protocol 'tcp'
- set firewall name iot-wan rule 370 action 'accept'
- set firewall name iot-wan rule 370 description 'Fronius solar'
- set firewall name iot-wan rule 370 destination group port-group 'pg-solar'
- set firewall name iot-wan rule 370 log 'enable'
- set firewall name iot-wan rule 370 protocol 'udp'
- set firewall name iot-wan rule 400 action 'accept'
- set firewall name iot-wan rule 400 destination group port-group 'pg-ntp'
- set firewall name iot-wan rule 400 log 'enable'
- set firewall name iot-wan rule 400 protocol 'udp'
- set firewall name lan-cam default-action 'drop'
- set firewall name lan-cam enable-default-log
- set firewall name lan-cam rule 1 action 'accept'
- set firewall name lan-cam rule 1 state established 'enable'
- set firewall name lan-cam rule 1 state related 'enable'
- set firewall name lan-cam rule 2 action 'drop'
- set firewall name lan-cam rule 2 log 'enable'
- set firewall name lan-cam rule 2 state invalid 'enable'
- set firewall name lan-cam rule 380 action 'accept'
- set firewall name lan-cam rule 380 destination group port-group 'pg-cam_rtsp'
- set firewall name lan-cam rule 380 log 'enable'
- set firewall name lan-cam rule 380 protocol 'tcp'
- set firewall name lan-cam rule 380 source group address-group 'mgmtfromlan'
- set firewall name lan-cam rule 381 action 'accept'
- set firewall name lan-cam rule 381 destination group port-group 'pg-cam_onvif'
- set firewall name lan-cam rule 381 log 'enable'
- set firewall name lan-cam rule 381 protocol 'tcp'
- set firewall name lan-cam rule 381 source group address-group 'mgmtfromlan'
- set firewall name lan-cam rule 900 action 'accept'
- set firewall name lan-cam rule 900 destination group port-group 'pg-ssh'
- set firewall name lan-cam rule 900 log 'enable'
- set firewall name lan-cam rule 900 protocol 'tcp'
- set firewall name lan-cam rule 900 source group address-group 'mgmtfromlan'
- set firewall name lan-dmz default-action 'drop'
- set firewall name lan-dmz enable-default-log
- set firewall name lan-dmz rule 1 action 'accept'
- set firewall name lan-dmz rule 1 state established 'enable'
- set firewall name lan-dmz rule 1 state related 'enable'
- set firewall name lan-dmz rule 2 action 'drop'
- set firewall name lan-dmz rule 2 log 'enable'
- set firewall name lan-dmz rule 2 state invalid 'enable'
- set firewall name lan-dmz rule 100 action 'accept'
- set firewall name lan-dmz rule 100 log 'enable'
- set firewall name lan-dmz rule 100 protocol 'icmp'
- set firewall name lan-dmz rule 200 action 'accept'
- set firewall name lan-dmz rule 200 destination group port-group 'pg-web'
- set firewall name lan-dmz rule 200 log 'enable'
- set firewall name lan-dmz rule 200 protocol 'tcp'
- set firewall name lan-dmz rule 200 source group address-group 'mgmtfromlan'
- set firewall name lan-dmz rule 300 action 'accept'
- set firewall name lan-dmz rule 300 destination group address-group 'ag-fileserver'
- set firewall name lan-dmz rule 300 destination group port-group 'pg-smb'
- set firewall name lan-dmz rule 300 log 'enable'
- set firewall name lan-dmz rule 300 protocol 'tcp'
- set firewall name lan-dmz rule 385 action 'accept'
- set firewall name lan-dmz rule 385 destination group address-group 'ag-blueiris'
- set firewall name lan-dmz rule 385 destination group port-group 'pg-blueiris'
- set firewall name lan-dmz rule 385 log 'enable'
- set firewall name lan-dmz rule 385 protocol 'tcp'
- set firewall name lan-dmz rule 400 action 'accept'
- set firewall name lan-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name lan-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name lan-dmz rule 400 log 'enable'
- set firewall name lan-dmz rule 400 protocol 'udp'
- set firewall name lan-dmz rule 450 action 'accept'
- set firewall name lan-dmz rule 450 destination group address-group 'ag-dc'
- set firewall name lan-dmz rule 450 destination group port-group 'pg-domain'
- set firewall name lan-dmz rule 450 log 'enable'
- set firewall name lan-dmz rule 450 protocol 'tcp_udp'
- set firewall name lan-dmz rule 500 action 'accept'
- set firewall name lan-dmz rule 500 destination group address-group 'dnsforwarders'
- set firewall name lan-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name lan-dmz rule 500 log 'enable'
- set firewall name lan-dmz rule 500 protocol 'tcp_udp'
- set firewall name lan-dmz rule 501 action 'accept'
- set firewall name lan-dmz rule 501 description 'Allow HTTP for Pi-hole'
- set firewall name lan-dmz rule 501 destination group address-group 'dns-piholes'
- set firewall name lan-dmz rule 501 destination group port-group 'pg-pihole'
- set firewall name lan-dmz rule 501 log 'enable'
- set firewall name lan-dmz rule 501 protocol 'tcp'
- set firewall name lan-dmz rule 505 action 'accept'
- set firewall name lan-dmz rule 505 description 'Allow admin interface for DNS blocking services'
- set firewall name lan-dmz rule 505 destination group address-group 'dns-piholes'
- set firewall name lan-dmz rule 505 destination group port-group 'pg-dnsblock_admin'
- set firewall name lan-dmz rule 505 log 'enable'
- set firewall name lan-dmz rule 505 protocol 'tcp'
- set firewall name lan-dmz rule 505 source group address-group 'mgmtfromlan'
- set firewall name lan-dmz rule 550 action 'accept'
- set firewall name lan-dmz rule 550 destination group address-group 'ag-bf_relay'
- set firewall name lan-dmz rule 550 destination group port-group 'pg-bf_server'
- set firewall name lan-dmz rule 550 log 'enable'
- set firewall name lan-dmz rule 550 protocol 'tcp'
- set firewall name lan-dmz rule 551 action 'accept'
- set firewall name lan-dmz rule 551 destination group address-group 'ag-bf_webreports'
- set firewall name lan-dmz rule 551 destination group port-group 'pg-bf_webreports'
- set firewall name lan-dmz rule 551 log 'enable'
- set firewall name lan-dmz rule 551 protocol 'tcp'
- set firewall name lan-dmz rule 551 source group address-group 'mgmtfromlan'
- set firewall name lan-dmz rule 560 action 'accept'
- set firewall name lan-dmz rule 560 destination group address-group 'ag-wsus'
- set firewall name lan-dmz rule 560 destination group port-group 'pg-wsus'
- set firewall name lan-dmz rule 560 log 'enable'
- set firewall name lan-dmz rule 560 protocol 'tcp'
- set firewall name lan-dmz rule 600 action 'accept'
- set firewall name lan-dmz rule 600 destination group address-group 'ag-dhcp-server'
- set firewall name lan-dmz rule 600 destination group port-group 'pg-dhcp'
- set firewall name lan-dmz rule 600 log 'enable'
- set firewall name lan-dmz rule 600 protocol 'udp'
- set firewall name lan-dmz rule 800 action 'accept'
- set firewall name lan-dmz rule 800 destination group port-group 'pg-rdp'
- set firewall name lan-dmz rule 800 log 'enable'
- set firewall name lan-dmz rule 800 protocol 'tcp_udp'
- set firewall name lan-dmz rule 800 source group address-group 'mgmtfromlan'
- set firewall name lan-dmz rule 900 action 'accept'
- set firewall name lan-dmz rule 900 destination group port-group 'pg-ssh'
- set firewall name lan-dmz rule 900 log 'enable'
- set firewall name lan-dmz rule 900 protocol 'tcp'
- set firewall name lan-dmz rule 900 source group address-group 'mgmtfromlan'
- set firewall name lan-dmz rule 950 action 'accept'
- set firewall name lan-dmz rule 950 destination group address-group 'ag-cert_web'
- set firewall name lan-dmz rule 950 destination group port-group 'pg-ocsp'
- set firewall name lan-dmz rule 950 log 'enable'
- set firewall name lan-dmz rule 950 protocol 'tcp'
- set firewall name lan-dmz rule 951 action 'accept'
- set firewall name lan-dmz rule 951 destination group address-group 'ag-cert_issuer'
- set firewall name lan-dmz rule 951 destination group port-group 'pg-cert_issuer'
- set firewall name lan-dmz rule 951 log 'enable'
- set firewall name lan-dmz rule 951 protocol 'tcp'
- set firewall name lan-dmz rule 960 action 'accept'
- set firewall name lan-dmz rule 960 destination group address-group 'ag-kms'
- set firewall name lan-dmz rule 960 destination group port-group 'pg-kms'
- set firewall name lan-dmz rule 960 log 'enable'
- set firewall name lan-dmz rule 960 protocol 'tcp'
- set firewall name lan-download default-action 'drop'
- set firewall name lan-download enable-default-log
- set firewall name lan-download rule 1 action 'accept'
- set firewall name lan-download rule 1 state established 'enable'
- set firewall name lan-download rule 1 state related 'enable'
- set firewall name lan-download rule 2 action 'drop'
- set firewall name lan-download rule 2 log 'enable'
- set firewall name lan-download rule 2 state invalid 'enable'
- set firewall name lan-download rule 100 action 'accept'
- set firewall name lan-download rule 100 log 'enable'
- set firewall name lan-download rule 100 protocol 'icmp'
- set firewall name lan-download rule 100 source group address-group 'mgmtfromlan'
- set firewall name lan-download rule 300 action 'accept'
- set firewall name lan-download rule 300 destination group port-group 'pg-smb'
- set firewall name lan-download rule 300 log 'enable'
- set firewall name lan-download rule 300 protocol 'tcp'
- set firewall name lan-download rule 300 source group address-group 'mgmtfromlan'
- set firewall name lan-download rule 800 action 'accept'
- set firewall name lan-download rule 800 destination group port-group 'pg-rdp'
- set firewall name lan-download rule 800 log 'enable'
- set firewall name lan-download rule 800 protocol 'tcp_udp'
- set firewall name lan-download rule 800 source group address-group 'mgmtfromlan'
- set firewall name lan-firewall default-action 'drop'
- set firewall name lan-firewall enable-default-log
- set firewall name lan-firewall rule 1 action 'accept'
- set firewall name lan-firewall rule 1 state established 'enable'
- set firewall name lan-firewall rule 1 state related 'enable'
- set firewall name lan-firewall rule 2 action 'drop'
- set firewall name lan-firewall rule 2 log 'enable'
- set firewall name lan-firewall rule 2 state invalid 'enable'
- set firewall name lan-firewall rule 10 action 'accept'
- set firewall name lan-firewall rule 10 destination group address-group 'ag-vrrp-lan'
- set firewall name lan-firewall rule 10 protocol 'vrrp'
- set firewall name lan-firewall rule 10 source group address-group 'ag-vrrp-lan'
- set firewall name lan-firewall rule 100 action 'accept'
- set firewall name lan-firewall rule 100 destination group address-group 'ag-fw-lan'
- set firewall name lan-firewall rule 100 log 'enable'
- set firewall name lan-firewall rule 100 protocol 'icmp'
- set firewall name lan-firewall rule 101 action 'accept'
- set firewall name lan-firewall rule 101 destination group address-group 'ag-vrrp-lan'
- set firewall name lan-firewall rule 101 log 'enable'
- set firewall name lan-firewall rule 101 protocol 'icmp'
- set firewall name lan-firewall rule 455 action 'accept'
- set firewall name lan-firewall rule 455 destination group port-group 'pg-iperf'
- set firewall name lan-firewall rule 455 log 'enable'
- set firewall name lan-firewall rule 455 protocol 'tcp_udp'
- set firewall name lan-firewall rule 600 action 'accept'
- set firewall name lan-firewall rule 600 destination group port-group 'pg-dhcp'
- set firewall name lan-firewall rule 600 log 'enable'
- set firewall name lan-firewall rule 600 protocol 'udp'
- set firewall name lan-firewall rule 602 action 'accept'
- set firewall name lan-firewall rule 602 destination group address-group 'ag-mdns'
- set firewall name lan-firewall rule 602 destination group port-group 'pg-mdns'
- set firewall name lan-firewall rule 602 protocol 'udp'
- set firewall name lan-firewall rule 605 action 'accept'
- set firewall name lan-firewall rule 605 description 'Allow media/TV discovery (Direct)'
- set firewall name lan-firewall rule 605 destination group address-group 'ag-bcast_lan'
- set firewall name lan-firewall rule 605 destination group port-group 'pg-tv_discover'
- set firewall name lan-firewall rule 605 log 'enable'
- set firewall name lan-firewall rule 605 protocol 'udp'
- set firewall name lan-firewall rule 606 action 'accept'
- set firewall name lan-firewall rule 606 description 'Allow media/TV discovery (Limited)'
- set firewall name lan-firewall rule 606 destination group address-group 'ag-bcast_limit'
- set firewall name lan-firewall rule 606 destination group port-group 'pg-tv_discover'
- set firewall name lan-firewall rule 606 log 'enable'
- set firewall name lan-firewall rule 606 protocol 'udp'
- set firewall name lan-firewall rule 610 action 'drop'
- set firewall name lan-firewall rule 610 description 'Drop Netbios traffic from logs'
- set firewall name lan-firewall rule 610 destination group port-group 'pg-netbios'
- set firewall name lan-firewall rule 610 log 'disable'
- set firewall name lan-firewall rule 610 protocol 'udp'
- set firewall name lan-firewall rule 900 action 'accept'
- set firewall name lan-firewall rule 900 destination group port-group 'pg-ssh'
- set firewall name lan-firewall rule 900 log 'enable'
- set firewall name lan-firewall rule 900 protocol 'tcp'
- set firewall name lan-firewall rule 900 source group address-group 'mgmtfromlan'
- set firewall name lan-guest default-action 'drop'
- set firewall name lan-guest enable-default-log
- set firewall name lan-guest rule 1 action 'accept'
- set firewall name lan-guest rule 1 state established 'enable'
- set firewall name lan-guest rule 1 state related 'enable'
- set firewall name lan-guest rule 2 action 'drop'
- set firewall name lan-guest rule 2 log 'enable'
- set firewall name lan-guest rule 2 state invalid 'enable'
- set firewall name lan-iot default-action 'drop'
- set firewall name lan-iot enable-default-log
- set firewall name lan-iot rule 1 action 'accept'
- set firewall name lan-iot rule 1 state established 'enable'
- set firewall name lan-iot rule 1 state related 'enable'
- set firewall name lan-iot rule 2 action 'drop'
- set firewall name lan-iot rule 2 log 'enable'
- set firewall name lan-iot rule 2 state invalid 'enable'
- set firewall name lan-iot rule 100 action 'accept'
- set firewall name lan-iot rule 100 log 'enable'
- set firewall name lan-iot rule 100 protocol 'icmp'
- set firewall name lan-iot rule 207 action 'accept'
- set firewall name lan-iot rule 207 destination group port-group 'pg-google_cast'
- set firewall name lan-iot rule 207 log 'enable'
- set firewall name lan-iot rule 207 protocol 'tcp'
- set firewall name lan-iot rule 208 action 'accept'
- set firewall name lan-iot rule 208 log 'enable'
- set firewall name lan-iot rule 208 protocol 'udp'
- set firewall name lan-iot rule 208 source group port-group 'pg-google_cast_pic'
- set firewall name lan-iot rule 300 action 'accept'
- set firewall name lan-iot rule 300 destination group address-group 'ag-media_player'
- set firewall name lan-iot rule 300 destination group port-group 'pg-smb'
- set firewall name lan-iot rule 300 log 'enable'
- set firewall name lan-iot rule 300 protocol 'tcp'
- set firewall name lan-iot rule 300 source group address-group 'mgmtfromlan'
- set firewall name lan-iot rule 555 action 'accept'
- set firewall name lan-iot rule 555 destination group address-group 'ag-tv_server'
- set firewall name lan-iot rule 555 destination group port-group 'pg-tvh_web'
- set firewall name lan-iot rule 555 log 'enable'
- set firewall name lan-iot rule 555 protocol 'tcp'
- set firewall name lan-iot rule 556 action 'accept'
- set firewall name lan-iot rule 556 destination group address-group 'ag-tv_server'
- set firewall name lan-iot rule 556 destination group port-group 'pg-tvh_htsp'
- set firewall name lan-iot rule 556 log 'enable'
- set firewall name lan-iot rule 556 protocol 'tcp'
- set firewall name lan-mgmt default-action 'drop'
- set firewall name lan-mgmt enable-default-log
- set firewall name lan-mgmt rule 1 action 'accept'
- set firewall name lan-mgmt rule 1 state established 'enable'
- set firewall name lan-mgmt rule 1 state related 'enable'
- set firewall name lan-mgmt rule 2 action 'drop'
- set firewall name lan-mgmt rule 2 log 'enable'
- set firewall name lan-mgmt rule 2 state invalid 'enable'
- set firewall name lan-mgmt rule 100 action 'accept'
- set firewall name lan-mgmt rule 100 log 'enable'
- set firewall name lan-mgmt rule 100 protocol 'icmp'
- set firewall name lan-mgmt rule 100 source group address-group 'mgmtfromlan'
- set firewall name lan-mgmt rule 200 action 'accept'
- set firewall name lan-mgmt rule 200 destination group port-group 'pg-web'
- set firewall name lan-mgmt rule 200 log 'enable'
- set firewall name lan-mgmt rule 200 protocol 'tcp'
- set firewall name lan-mgmt rule 200 source group address-group 'mgmtfromlan'
- set firewall name lan-mgmt rule 230 action 'accept'
- set firewall name lan-mgmt rule 230 destination group address-group 'ag-omada'
- set firewall name lan-mgmt rule 230 destination group port-group 'pg-omada'
- set firewall name lan-mgmt rule 230 log 'enable'
- set firewall name lan-mgmt rule 230 protocol 'tcp'
- set firewall name lan-mgmt rule 230 source group address-group 'mgmtfromlan'
- set firewall name lan-mgmt rule 450 action 'accept'
- set firewall name lan-mgmt rule 450 destination group address-group 'ag-dc'
- set firewall name lan-mgmt rule 450 destination group port-group 'pg-domain'
- set firewall name lan-mgmt rule 450 log 'enable'
- set firewall name lan-mgmt rule 450 protocol 'tcp_udp'
- set firewall name lan-mgmt rule 455 action 'accept'
- set firewall name lan-mgmt rule 455 destination group port-group 'pg-iperf'
- set firewall name lan-mgmt rule 455 log 'enable'
- set firewall name lan-mgmt rule 455 protocol 'tcp_udp'
- set firewall name lan-mgmt rule 456 action 'accept'
- set firewall name lan-mgmt rule 456 destination group address-group 'ag-vcenter'
- set firewall name lan-mgmt rule 456 destination group port-group 'pg-vcenter'
- set firewall name lan-mgmt rule 456 log 'enable'
- set firewall name lan-mgmt rule 456 protocol 'tcp'
- set firewall name lan-mgmt rule 456 source group address-group 'mgmtfromlan'
- set firewall name lan-mgmt rule 633 action 'accept'
- set firewall name lan-mgmt rule 633 destination group address-group 'ag-portainer'
- set firewall name lan-mgmt rule 633 destination group port-group 'pg-portainer'
- set firewall name lan-mgmt rule 633 log 'enable'
- set firewall name lan-mgmt rule 633 protocol 'tcp'
- set firewall name lan-mgmt rule 633 source group address-group 'mgmtfromlan'
- set firewall name lan-mgmt rule 800 action 'accept'
- set firewall name lan-mgmt rule 800 destination group port-group 'pg-rdp'
- set firewall name lan-mgmt rule 800 log 'enable'
- set firewall name lan-mgmt rule 800 protocol 'tcp_udp'
- set firewall name lan-mgmt rule 800 source group address-group 'mgmtfromlan'
- set firewall name lan-mgmt rule 900 action 'accept'
- set firewall name lan-mgmt rule 900 destination group port-group 'pg-ssh'
- set firewall name lan-mgmt rule 900 log 'enable'
- set firewall name lan-mgmt rule 900 protocol 'tcp'
- set firewall name lan-mgmt rule 900 source group address-group 'mgmtfromlan'
- set firewall name lan-public default-action 'drop'
- set firewall name lan-public enable-default-log
- set firewall name lan-public rule 1 action 'accept'
- set firewall name lan-public rule 1 state established 'enable'
- set firewall name lan-public rule 1 state related 'enable'
- set firewall name lan-public rule 2 action 'drop'
- set firewall name lan-public rule 2 log 'enable'
- set firewall name lan-public rule 2 state invalid 'enable'
- set firewall name lan-public rule 100 action 'accept'
- set firewall name lan-public rule 100 log 'enable'
- set firewall name lan-public rule 100 protocol 'icmp'
- set firewall name lan-public rule 100 source group address-group 'mgmtfromlan'
- set firewall name lan-public rule 223 action 'accept'
- set firewall name lan-public rule 223 destination group address-group 'ag-traccar_srv'
- set firewall name lan-public rule 223 destination group port-group 'pg-traccar_srv'
- set firewall name lan-public rule 223 log 'enable'
- set firewall name lan-public rule 223 protocol 'tcp'
- set firewall name lan-public rule 223 source group address-group 'mgmtfromlan'
- set firewall name lan-public rule 900 action 'accept'
- set firewall name lan-public rule 900 destination group port-group 'pg-ssh'
- set firewall name lan-public rule 900 log 'enable'
- set firewall name lan-public rule 900 protocol 'tcp'
- set firewall name lan-public rule 900 source group address-group 'mgmtfromlan'
- set firewall name lan-wan default-action 'drop'
- set firewall name lan-wan enable-default-log
- set firewall name lan-wan rule 1 action 'accept'
- set firewall name lan-wan rule 1 state established 'enable'
- set firewall name lan-wan rule 1 state related 'enable'
- set firewall name lan-wan rule 2 action 'drop'
- set firewall name lan-wan rule 2 log 'enable'
- set firewall name lan-wan rule 2 state invalid 'enable'
- set firewall name lan-wan rule 100 action 'accept'
- set firewall name lan-wan rule 100 log 'enable'
- set firewall name lan-wan rule 100 protocol 'icmp'
- set firewall name lan-wan rule 200 action 'accept'
- set firewall name lan-wan rule 200 destination group port-group 'pg-web'
- set firewall name lan-wan rule 200 log 'enable'
- set firewall name lan-wan rule 200 protocol 'tcp'
- set firewall name lan-wan rule 203 action 'accept'
- set firewall name lan-wan rule 203 destination group port-group 'pg-google_quic'
- set firewall name lan-wan rule 203 log 'enable'
- set firewall name lan-wan rule 203 protocol 'udp'
- set firewall name lan-wan rule 204 action 'accept'
- set firewall name lan-wan rule 204 destination group port-group 'pg-google_fcm'
- set firewall name lan-wan rule 204 log 'enable'
- set firewall name lan-wan rule 204 protocol 'tcp_udp'
- set firewall name lan-wan rule 205 action 'accept'
- set firewall name lan-wan rule 205 destination group port-group 'pg-speedtest'
- set firewall name lan-wan rule 205 log 'enable'
- set firewall name lan-wan rule 205 protocol 'tcp'
- set firewall name lan-wan rule 208 action 'accept'
- set firewall name lan-wan rule 208 destination group port-group 'pg-agps'
- set firewall name lan-wan rule 208 log 'enable'
- set firewall name lan-wan rule 208 protocol 'tcp'
- set firewall name lan-wan rule 209 action 'accept'
- set firewall name lan-wan rule 209 destination group port-group 'pg-xmpp'
- set firewall name lan-wan rule 209 log 'enable'
- set firewall name lan-wan rule 209 protocol 'tcp'
- set firewall name lan-wan rule 215 action 'accept'
- set firewall name lan-wan rule 215 destination group port-group 'pg-spotify'
- set firewall name lan-wan rule 215 log 'enable'
- set firewall name lan-wan rule 215 protocol 'tcp'
- set firewall name lan-wan rule 300 action 'accept'
- set firewall name lan-wan rule 300 destination group port-group 'pg-domain'
- set firewall name lan-wan rule 300 protocol 'tcp'
- set firewall name lan-wan rule 300 source group address-group 'mgmtfromlan'
- set firewall name lan-wan rule 301 action 'accept'
- set firewall name lan-wan rule 301 destination group port-group 'pg-domain_udp'
- set firewall name lan-wan rule 301 protocol 'udp'
- set firewall name lan-wan rule 301 source group address-group 'mgmtfromlan'
- set firewall name lan-wan rule 360 action 'accept'
- set firewall name lan-wan rule 360 destination group port-group 'pg-iptv'
- set firewall name lan-wan rule 360 log 'enable'
- set firewall name lan-wan rule 360 protocol 'tcp'
- set firewall name lan-wan rule 400 action 'accept'
- set firewall name lan-wan rule 400 destination group port-group 'pg-ntp'
- set firewall name lan-wan rule 400 log 'enable'
- set firewall name lan-wan rule 400 protocol 'udp'
- set firewall name lan-wan rule 500 action 'accept'
- set firewall name lan-wan rule 500 destination group port-group 'pg-dns'
- set firewall name lan-wan rule 500 log 'enable'
- set firewall name lan-wan rule 500 protocol 'tcp_udp'
- set firewall name lan-wan rule 620 action 'accept'
- set firewall name lan-wan rule 620 destination group port-group 'pg-crashplan'
- set firewall name lan-wan rule 620 log 'enable'
- set firewall name lan-wan rule 620 protocol 'tcp'
- set firewall name lan-wan rule 620 source group address-group 'mgmtfromlan'
- set firewall name lan-wan rule 630 action 'accept'
- set firewall name lan-wan rule 630 destination group port-group 'pg-whatsapp'
- set firewall name lan-wan rule 630 log 'enable'
- set firewall name lan-wan rule 630 protocol 'udp'
- set firewall name lan-wan rule 631 action 'accept'
- set firewall name lan-wan rule 631 destination group port-group 'pg-skype'
- set firewall name lan-wan rule 631 log 'enable'
- set firewall name lan-wan rule 631 protocol 'udp'
- set firewall name lan-wan rule 632 action 'accept'
- set firewall name lan-wan rule 632 destination group port-group 'pg-webex'
- set firewall name lan-wan rule 632 log 'enable'
- set firewall name lan-wan rule 632 protocol 'tcp_udp'
- set firewall name lan-wan rule 634 action 'accept'
- set firewall name lan-wan rule 634 destination group port-group 'pg-vpn_globalprotect'
- set firewall name lan-wan rule 634 log 'enable'
- set firewall name lan-wan rule 634 protocol 'udp'
- set firewall name lan-wan rule 635 action 'accept'
- set firewall name lan-wan rule 635 destination group port-group 'pg-person2work_genesys'
- set firewall name lan-wan rule 635 log 'enable'
- set firewall name lan-wan rule 635 protocol 'udp'
- set firewall name lan-wan rule 636 action 'accept'
- set firewall name lan-wan rule 636 destination group port-group 'pg-person2work_webrtc'
- set firewall name lan-wan rule 636 log 'enable'
- set firewall name lan-wan rule 636 protocol 'tcp_udp'
- set firewall name lan-wan rule 637 action 'accept'
- set firewall name lan-wan rule 637 destination group port-group 'pg-person1work_lotusnotes'
- set firewall name lan-wan rule 637 log 'enable'
- set firewall name lan-wan rule 637 protocol 'tcp'
- set firewall name lan-wan rule 700 action 'accept'
- set firewall name lan-wan rule 700 destination group port-group 'pg-ftp'
- set firewall name lan-wan rule 700 log 'enable'
- set firewall name lan-wan rule 700 protocol 'tcp'
- set firewall name mgmt-cam default-action 'drop'
- set firewall name mgmt-cam enable-default-log
- set firewall name mgmt-cam rule 1 action 'accept'
- set firewall name mgmt-cam rule 1 state established 'enable'
- set firewall name mgmt-cam rule 1 state related 'enable'
- set firewall name mgmt-cam rule 2 action 'drop'
- set firewall name mgmt-cam rule 2 log 'enable'
- set firewall name mgmt-cam rule 2 state invalid 'enable'
- set firewall name mgmt-dmz default-action 'drop'
- set firewall name mgmt-dmz enable-default-log
- set firewall name mgmt-dmz rule 1 action 'accept'
- set firewall name mgmt-dmz rule 1 state established 'enable'
- set firewall name mgmt-dmz rule 1 state related 'enable'
- set firewall name mgmt-dmz rule 2 action 'drop'
- set firewall name mgmt-dmz rule 2 log 'enable'
- set firewall name mgmt-dmz rule 2 state invalid 'enable'
- set firewall name mgmt-dmz rule 100 action 'accept'
- set firewall name mgmt-dmz rule 100 log 'enable'
- set firewall name mgmt-dmz rule 100 protocol 'icmp'
- set firewall name mgmt-dmz rule 300 action 'accept'
- set firewall name mgmt-dmz rule 300 destination group address-group 'ag-fileserver'
- set firewall name mgmt-dmz rule 300 destination group port-group 'pg-smb'
- set firewall name mgmt-dmz rule 300 log 'enable'
- set firewall name mgmt-dmz rule 300 protocol 'tcp'
- set firewall name mgmt-dmz rule 300 source group address-group 'ag-hypervisors'
- set firewall name mgmt-dmz rule 400 action 'accept'
- set firewall name mgmt-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name mgmt-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name mgmt-dmz rule 400 log 'enable'
- set firewall name mgmt-dmz rule 400 protocol 'udp'
- set firewall name mgmt-dmz rule 450 action 'accept'
- set firewall name mgmt-dmz rule 450 destination group address-group 'ag-dc'
- set firewall name mgmt-dmz rule 450 destination group port-group 'pg-domain'
- set firewall name mgmt-dmz rule 450 log 'enable'
- set firewall name mgmt-dmz rule 450 protocol 'tcp_udp'
- set firewall name mgmt-dmz rule 500 action 'accept'
- set firewall name mgmt-dmz rule 500 destination group address-group 'dnsforwarders'
- set firewall name mgmt-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name mgmt-dmz rule 500 log 'enable'
- set firewall name mgmt-dmz rule 500 protocol 'tcp_udp'
- set firewall name mgmt-dmz rule 950 action 'accept'
- set firewall name mgmt-dmz rule 950 destination group address-group 'ag-cert_web'
- set firewall name mgmt-dmz rule 950 destination group port-group 'pg-ocsp'
- set firewall name mgmt-dmz rule 950 log 'enable'
- set firewall name mgmt-dmz rule 950 protocol 'tcp'
- set firewall name mgmt-dmz rule 951 action 'accept'
- set firewall name mgmt-dmz rule 951 destination group address-group 'ag-cert_issuer'
- set firewall name mgmt-dmz rule 951 destination group port-group 'pg-cert_issuer'
- set firewall name mgmt-dmz rule 951 log 'enable'
- set firewall name mgmt-dmz rule 951 protocol 'tcp'
- set firewall name mgmt-dmz rule 952 action 'accept'
- set firewall name mgmt-dmz rule 952 description 'FOR SETTING UP MELLANOX SWITCHES - DELETE'
- set firewall name mgmt-dmz rule 952 destination group address-group 'ag-cert_web'
- set firewall name mgmt-dmz rule 952 destination group port-group 'pg-web'
- set firewall name mgmt-dmz rule 952 log 'enable'
- set firewall name mgmt-dmz rule 952 protocol 'tcp'
- set firewall name mgmt-download default-action 'drop'
- set firewall name mgmt-download enable-default-log
- set firewall name mgmt-download rule 1 action 'accept'
- set firewall name mgmt-download rule 1 state established 'enable'
- set firewall name mgmt-download rule 1 state related 'enable'
- set firewall name mgmt-download rule 2 action 'drop'
- set firewall name mgmt-download rule 2 log 'enable'
- set firewall name mgmt-download rule 2 state invalid 'enable'
- set firewall name mgmt-firewall default-action 'drop'
- set firewall name mgmt-firewall enable-default-log
- set firewall name mgmt-firewall rule 1 action 'accept'
- set firewall name mgmt-firewall rule 1 state established 'enable'
- set firewall name mgmt-firewall rule 1 state related 'enable'
- set firewall name mgmt-firewall rule 2 action 'drop'
- set firewall name mgmt-firewall rule 2 log 'enable'
- set firewall name mgmt-firewall rule 2 state invalid 'enable'
- set firewall name mgmt-firewall rule 10 action 'accept'
- set firewall name mgmt-firewall rule 10 destination group address-group 'ag-vrrp-mgmt'
- set firewall name mgmt-firewall rule 10 protocol 'vrrp'
- set firewall name mgmt-firewall rule 10 source group address-group 'ag-vrrp-mgmt'
- set firewall name mgmt-firewall rule 100 action 'accept'
- set firewall name mgmt-firewall rule 100 log 'enable'
- set firewall name mgmt-firewall rule 100 protocol 'icmp'
- set firewall name mgmt-firewall rule 231 action 'accept'
- set firewall name mgmt-firewall rule 231 description 'Allow UniFi Controller Adaption'
- set firewall name mgmt-firewall rule 231 destination group address-group 'ag-bcast_limit'
- set firewall name mgmt-firewall rule 231 destination group port-group 'pg-unifi_adapt'
- set firewall name mgmt-firewall rule 231 log 'enable'
- set firewall name mgmt-firewall rule 231 protocol 'udp'
- set firewall name mgmt-firewall rule 580 action 'accept'
- set firewall name mgmt-firewall rule 580 description 'Allow UPS discover'
- set firewall name mgmt-firewall rule 580 destination group address-group 'ag-bcast_limit'
- set firewall name mgmt-firewall rule 580 destination group port-group 'pg-ups_web'
- set firewall name mgmt-firewall rule 580 log 'enable'
- set firewall name mgmt-firewall rule 580 protocol 'udp'
- set firewall name mgmt-firewall rule 580 source group address-group 'ag-ups_mgmt'
- set firewall name mgmt-firewall rule 600 action 'accept'
- set firewall name mgmt-firewall rule 600 description 'Allow DHCP relay from WiFi AP'
- set firewall name mgmt-firewall rule 600 destination group address-group 'ag-bcast_limit'
- set firewall name mgmt-firewall rule 600 destination group port-group 'pg-dhcp'
- set firewall name mgmt-firewall rule 600 log 'enable'
- set firewall name mgmt-firewall rule 600 protocol 'udp'
- set firewall name mgmt-firewall rule 610 action 'drop'
- set firewall name mgmt-firewall rule 610 description 'Drop Netbios traffic from logs'
- set firewall name mgmt-firewall rule 610 destination group port-group 'pg-netbios'
- set firewall name mgmt-firewall rule 610 log 'disable'
- set firewall name mgmt-firewall rule 610 protocol 'udp'
- set firewall name mgmt-firewall rule 650 action 'accept'
- set firewall name mgmt-firewall rule 650 description 'Accept Conntrack Sync'
- set firewall name mgmt-firewall rule 650 destination group address-group 'ag-ct_sync'
- set firewall name mgmt-firewall rule 650 destination group port-group 'pg-ct_sync'
- set firewall name mgmt-firewall rule 650 protocol 'udp'
- set firewall name mgmt-firewall rule 650 source group address-group 'ag-vrrp-mgmt'
- set firewall name mgmt-firewall rule 900 action 'accept'
- set firewall name mgmt-firewall rule 900 destination group port-group 'pg-ssh'
- set firewall name mgmt-firewall rule 900 log 'enable'
- set firewall name mgmt-firewall rule 900 protocol 'tcp'
- set firewall name mgmt-guest default-action 'drop'
- set firewall name mgmt-guest enable-default-log
- set firewall name mgmt-guest rule 1 action 'accept'
- set firewall name mgmt-guest rule 1 state established 'enable'
- set firewall name mgmt-guest rule 1 state related 'enable'
- set firewall name mgmt-guest rule 2 action 'drop'
- set firewall name mgmt-guest rule 2 log 'enable'
- set firewall name mgmt-guest rule 2 state invalid 'enable'
- set firewall name mgmt-lan default-action 'drop'
- set firewall name mgmt-lan enable-default-log
- set firewall name mgmt-lan rule 1 action 'accept'
- set firewall name mgmt-lan rule 1 state established 'enable'
- set firewall name mgmt-lan rule 1 state related 'enable'
- set firewall name mgmt-lan rule 2 action 'drop'
- set firewall name mgmt-lan rule 2 log 'enable'
- set firewall name mgmt-lan rule 2 state invalid 'enable'
- set firewall name mgmt-lan rule 100 action 'accept'
- set firewall name mgmt-lan rule 100 log 'enable'
- set firewall name mgmt-lan rule 100 protocol 'icmp'
- set firewall name mgmt-public default-action 'drop'
- set firewall name mgmt-public enable-default-log
- set firewall name mgmt-public rule 1 action 'accept'
- set firewall name mgmt-public rule 1 state established 'enable'
- set firewall name mgmt-public rule 1 state related 'enable'
- set firewall name mgmt-public rule 2 action 'drop'
- set firewall name mgmt-public rule 2 log 'enable'
- set firewall name mgmt-public rule 2 state invalid 'enable'
- set firewall name mgmt-public rule 100 action 'accept'
- set firewall name mgmt-public rule 100 log 'enable'
- set firewall name mgmt-public rule 100 protocol 'icmp'
- set firewall name mgmt-public rule 224 action 'accept'
- set firewall name mgmt-public rule 224 destination group address-group 'ag-docker_pub'
- set firewall name mgmt-public rule 224 destination group port-group 'pg-portainer_agent'
- set firewall name mgmt-public rule 224 log 'enable'
- set firewall name mgmt-public rule 224 protocol 'tcp'
- set firewall name mgmt-public rule 224 source group address-group 'ag-dockerhosts'
- set firewall name mgmt-wan default-action 'drop'
- set firewall name mgmt-wan enable-default-log
- set firewall name mgmt-wan rule 1 action 'accept'
- set firewall name mgmt-wan rule 1 state established 'enable'
- set firewall name mgmt-wan rule 1 state related 'enable'
- set firewall name mgmt-wan rule 2 action 'drop'
- set firewall name mgmt-wan rule 2 log 'enable'
- set firewall name mgmt-wan rule 2 state invalid 'enable'
- set firewall name mgmt-wan rule 100 action 'accept'
- set firewall name mgmt-wan rule 100 log 'enable'
- set firewall name mgmt-wan rule 100 protocol 'icmp'
- set firewall name mgmt-wan rule 198 action 'accept'
- set firewall name mgmt-wan rule 198 destination group port-group 'pg-web'
- set firewall name mgmt-wan rule 198 log 'enable'
- set firewall name mgmt-wan rule 198 protocol 'tcp'
- set firewall name mgmt-wan rule 198 source group address-group 'ag-hypervisors'
- set firewall name mgmt-wan rule 199 action 'accept'
- set firewall name mgmt-wan rule 199 destination group port-group 'pg-web'
- set firewall name mgmt-wan rule 199 log 'enable'
- set firewall name mgmt-wan rule 199 protocol 'tcp'
- set firewall name mgmt-wan rule 199 source group address-group 'ag-dockerhosts'
- set firewall name mgmt-wan rule 200 action 'accept'
- set firewall name mgmt-wan rule 200 destination group port-group 'pg-web'
- set firewall name mgmt-wan rule 200 log 'enable'
- set firewall name mgmt-wan rule 200 protocol 'tcp'
- set firewall name mgmt-wan rule 200 source group address-group 'wifiaps'
- set firewall name mgmt-wan rule 787 action 'accept'
- set firewall name mgmt-wan rule 787 description 'TEST Allow HTTP/HTTPS'
- set firewall name mgmt-wan rule 787 destination group port-group 'pg-web'
- set firewall name mgmt-wan rule 787 log 'enable'
- set firewall name mgmt-wan rule 787 protocol 'tcp'
- set firewall name mgmt-wan rule 787 source group address-group 'ag-testWEB'
- set firewall name mgmt-wan rule 788 action 'accept'
- set firewall name mgmt-wan rule 788 description 'TEST Allow NTP'
- set firewall name mgmt-wan rule 788 destination group port-group 'pg-ntp'
- set firewall name mgmt-wan rule 788 log 'enable'
- set firewall name mgmt-wan rule 788 protocol 'udp'
- set firewall name mgmt-wan rule 788 source group address-group 'ag-testNTP'
- set firewall name mgmt-wan rule 789 action 'accept'
- set firewall name mgmt-wan rule 789 description 'TEST Allow DNS'
- set firewall name mgmt-wan rule 789 destination group port-group 'pg-dns'
- set firewall name mgmt-wan rule 789 log 'enable'
- set firewall name mgmt-wan rule 789 protocol 'tcp_udp'
- set firewall name mgmt-wan rule 789 source group address-group 'ag-testDNS_fw'
- set firewall name public-cam default-action 'drop'
- set firewall name public-cam enable-default-log
- set firewall name public-cam rule 1 action 'accept'
- set firewall name public-cam rule 1 state established 'enable'
- set firewall name public-cam rule 1 state related 'enable'
- set firewall name public-cam rule 2 action 'drop'
- set firewall name public-cam rule 2 log 'enable'
- set firewall name public-cam rule 2 state invalid 'enable'
- set firewall name public-dmz default-action 'drop'
- set firewall name public-dmz enable-default-log
- set firewall name public-dmz rule 1 action 'accept'
- set firewall name public-dmz rule 1 state established 'enable'
- set firewall name public-dmz rule 1 state related 'enable'
- set firewall name public-dmz rule 2 action 'drop'
- set firewall name public-dmz rule 2 log 'enable'
- set firewall name public-dmz rule 2 state invalid 'enable'
- set firewall name public-dmz rule 100 action 'accept'
- set firewall name public-dmz rule 100 log 'enable'
- set firewall name public-dmz rule 100 protocol 'icmp'
- set firewall name public-dmz rule 100 source group network-group 'vpnusers'
- set firewall name public-dmz rule 200 action 'accept'
- set firewall name public-dmz rule 200 destination group port-group 'pg-web'
- set firewall name public-dmz rule 200 log 'enable'
- set firewall name public-dmz rule 200 protocol 'tcp'
- set firewall name public-dmz rule 200 source group network-group 'vpnusers'
- set firewall name public-dmz rule 222 action 'accept'
- set firewall name public-dmz rule 222 destination group address-group 'ag-traccar_mysql'
- set firewall name public-dmz rule 222 destination group port-group 'pg-mysql'
- set firewall name public-dmz rule 222 log 'enable'
- set firewall name public-dmz rule 222 protocol 'tcp'
- set firewall name public-dmz rule 222 source group address-group 'ag-traccar_srv'
- set firewall name public-dmz rule 300 action 'accept'
- set firewall name public-dmz rule 300 destination group address-group 'ag-fileserver'
- set firewall name public-dmz rule 300 destination group port-group 'pg-smb'
- set firewall name public-dmz rule 300 log 'enable'
- set firewall name public-dmz rule 300 protocol 'tcp'
- set firewall name public-dmz rule 300 source group network-group 'vpnusers'
- set firewall name public-dmz rule 385 action 'accept'
- set firewall name public-dmz rule 385 destination group address-group 'ag-blueiris'
- set firewall name public-dmz rule 385 destination group port-group 'pg-blueiris'
- set firewall name public-dmz rule 385 log 'enable'
- set firewall name public-dmz rule 385 protocol 'tcp'
- set firewall name public-dmz rule 385 source group network-group 'vpnusers'
- set firewall name public-dmz rule 400 action 'accept'
- set firewall name public-dmz rule 400 destination group address-group 'ntpservers'
- set firewall name public-dmz rule 400 destination group port-group 'pg-ntp'
- set firewall name public-dmz rule 400 log 'enable'
- set firewall name public-dmz rule 400 protocol 'udp'
- set firewall name public-dmz rule 500 action 'accept'
- set firewall name public-dmz rule 500 destination group address-group 'dnsforwarders'
- set firewall name public-dmz rule 500 destination group port-group 'pg-dns'
- set firewall name public-dmz rule 500 log 'enable'
- set firewall name public-dmz rule 500 protocol 'tcp_udp'
- set firewall name public-dmz rule 501 action 'accept'
- set firewall name public-dmz rule 501 description 'Allow HTTP for pihole interface'
- set firewall name public-dmz rule 501 destination group address-group 'dns-piholes'
- set firewall name public-dmz rule 501 destination group port-group 'pg-pihole'
- set firewall name public-dmz rule 501 log 'enable'
- set firewall name public-dmz rule 501 protocol 'tcp'
- set firewall name public-dmz rule 505 action 'accept'
- set firewall name public-dmz rule 505 description 'Allow admin interface for DNS blocking services'
- set firewall name public-dmz rule 505 destination group address-group 'dns-piholes'
- set firewall name public-dmz rule 505 destination group port-group 'pg-dnsblock_admin'
- set firewall name public-dmz rule 505 log 'enable'
- set firewall name public-dmz rule 505 protocol 'tcp'
- set firewall name public-dmz rule 505 source group network-group 'vpnusers'
- set firewall name public-dmz rule 551 action 'accept'
- set firewall name public-dmz rule 551 destination group address-group 'ag-bf_webreports'
- set firewall name public-dmz rule 551 destination group port-group 'pg-bf_webreports'
- set firewall name public-dmz rule 551 log 'enable'
- set firewall name public-dmz rule 551 protocol 'tcp'
- set firewall name public-dmz rule 552 action 'accept'
- set firewall name public-dmz rule 552 destination group address-group 'ag-bf_server'
- set firewall name public-dmz rule 552 destination group port-group 'pg-bf_server'
- set firewall name public-dmz rule 552 log 'enable'
- set firewall name public-dmz rule 552 protocol 'tcp'
- set firewall name public-dmz rule 800 action 'accept'
- set firewall name public-dmz rule 800 destination group port-group 'pg-rdp'
- set firewall name public-dmz rule 800 log 'enable'
- set firewall name public-dmz rule 800 protocol 'tcp_udp'
- set firewall name public-dmz rule 800 source group network-group 'vpnusers'
- set firewall name public-dmz rule 950 action 'accept'
- set firewall name public-dmz rule 950 destination group address-group 'ag-cert_web'
- set firewall name public-dmz rule 950 destination group port-group 'pg-ocsp'
- set firewall name public-dmz rule 950 log 'enable'
- set firewall name public-dmz rule 950 protocol 'tcp'
- set firewall name public-dmz rule 950 source group network-group 'vpnusers'
- set firewall name public-download default-action 'drop'
- set firewall name public-download enable-default-log
- set firewall name public-download rule 1 action 'accept'
- set firewall name public-download rule 1 state established 'enable'
- set firewall name public-download rule 1 state related 'enable'
- set firewall name public-download rule 2 action 'drop'
- set firewall name public-download rule 2 log 'enable'
- set firewall name public-download rule 2 state invalid 'enable'
- set firewall name public-download rule 100 action 'accept'
- set firewall name public-download rule 100 log 'enable'
- set firewall name public-download rule 100 protocol 'icmp'
- set firewall name public-download rule 100 source group network-group 'vpnusers'
- set firewall name public-download rule 800 action 'accept'
- set firewall name public-download rule 800 destination group port-group 'pg-rdp'
- set firewall name public-download rule 800 log 'enable'
- set firewall name public-download rule 800 protocol 'tcp_udp'
- set firewall name public-download rule 800 source group network-group 'vpnusers'
- set firewall name public-download rule 900 action 'accept'
- set firewall name public-download rule 900 destination group port-group 'pg-ssh'
- set firewall name public-download rule 900 log 'enable'
- set firewall name public-download rule 900 protocol 'tcp'
- set firewall name public-download rule 900 source group network-group 'vpnusers'
- set firewall name public-firewall default-action 'drop'
- set firewall name public-firewall enable-default-log
- set firewall name public-firewall rule 1 action 'accept'
- set firewall name public-firewall rule 1 state established 'enable'
- set firewall name public-firewall rule 1 state related 'enable'
- set firewall name public-firewall rule 2 action 'drop'
- set firewall name public-firewall rule 2 log 'enable'
- set firewall name public-firewall rule 2 state invalid 'enable'
- set firewall name public-firewall rule 10 action 'accept'
- set firewall name public-firewall rule 10 destination group address-group 'ag-vrrp-public'
- set firewall name public-firewall rule 10 protocol 'vrrp'
- set firewall name public-firewall rule 10 source group address-group 'ag-vrrp-public'
- set firewall name public-firewall rule 900 action 'accept'
- set firewall name public-firewall rule 900 destination group port-group 'pg-ssh'
- set firewall name public-firewall rule 900 log 'enable'
- set firewall name public-firewall rule 900 protocol 'tcp'
- set firewall name public-firewall rule 900 source group network-group 'vpnusers'
- set firewall name public-guest default-action 'drop'
- set firewall name public-guest enable-default-log
- set firewall name public-guest rule 1 action 'accept'
- set firewall name public-guest rule 1 state established 'enable'
- set firewall name public-guest rule 1 state related 'enable'
- set firewall name public-guest rule 2 action 'drop'
- set firewall name public-guest rule 2 log 'enable'
- set firewall name public-guest rule 2 state invalid 'enable'
- set firewall name public-iot default-action 'drop'
- set firewall name public-iot rule 555 action 'accept'
- set firewall name public-iot rule 555 destination group address-group 'ag-tv_server'
- set firewall name public-iot rule 555 destination group port-group 'pg-tvh_web'
- set firewall name public-iot rule 555 log 'enable'
- set firewall name public-iot rule 555 protocol 'tcp'
- set firewall name public-iot rule 555 source group network-group 'vpnusers'
- set firewall name public-lan default-action 'drop'
- set firewall name public-lan enable-default-log
- set firewall name public-lan rule 1 action 'accept'
- set firewall name public-lan rule 1 state established 'enable'
- set firewall name public-lan rule 1 state related 'enable'
- set firewall name public-lan rule 2 action 'drop'
- set firewall name public-lan rule 2 log 'enable'
- set firewall name public-lan rule 2 state invalid 'enable'
- set firewall name public-lan rule 777 action 'accept'
- set firewall name public-lan rule 777 destination group address-group 'ag-printer'
- set firewall name public-lan rule 777 destination group port-group 'pg-printer_web'
- set firewall name public-lan rule 777 log 'enable'
- set firewall name public-lan rule 777 protocol 'tcp'
- set firewall name public-lan rule 777 source group network-group 'vpnusers'
- set firewall name public-lan rule 800 action 'accept'
- set firewall name public-lan rule 800 destination group address-group 'mgmtfromlan'
- set firewall name public-lan rule 800 destination group port-group 'pg-rdp'
- set firewall name public-lan rule 800 log 'enable'
- set firewall name public-lan rule 800 protocol 'tcp_udp'
- set firewall name public-lan rule 800 source group network-group 'vpnusers'
- set firewall name public-mgmt default-action 'drop'
- set firewall name public-mgmt enable-default-log
- set firewall name public-mgmt rule 1 action 'accept'
- set firewall name public-mgmt rule 1 state established 'enable'
- set firewall name public-mgmt rule 1 state related 'enable'
- set firewall name public-mgmt rule 2 action 'drop'
- set firewall name public-mgmt rule 2 log 'enable'
- set firewall name public-mgmt rule 2 state invalid 'enable'
- set firewall name public-mgmt rule 100 action 'accept'
- set firewall name public-mgmt rule 100 log 'enable'
- set firewall name public-mgmt rule 100 protocol 'icmp'
- set firewall name public-mgmt rule 100 source group network-group 'vpnusers'
- set firewall name public-mgmt rule 200 action 'accept'
- set firewall name public-mgmt rule 200 destination group port-group 'pg-web'
- set firewall name public-mgmt rule 200 log 'enable'
- set firewall name public-mgmt rule 200 protocol 'tcp'
- set firewall name public-mgmt rule 200 source group network-group 'vpnusers'
- set firewall name public-mgmt rule 230 action 'accept'
- set firewall name public-mgmt rule 230 destination group address-group 'ag-omada'
- set firewall name public-mgmt rule 230 destination group port-group 'pg-omada'
- set firewall name public-mgmt rule 230 log 'enable'
- set firewall name public-mgmt rule 230 protocol 'tcp'
- set firewall name public-mgmt rule 230 source group network-group 'vpnusers'
- set firewall name public-mgmt rule 400 action 'accept'
- set firewall name public-mgmt rule 400 destination group address-group 'ntpservers'
- set firewall name public-mgmt rule 400 destination group port-group 'pg-ntp'
- set firewall name public-mgmt rule 400 log 'enable'
- set firewall name public-mgmt rule 400 protocol 'udp'
- set firewall name public-mgmt rule 456 action 'accept'
- set firewall name public-mgmt rule 456 destination group address-group 'ag-vcenter'
- set firewall name public-mgmt rule 456 destination group port-group 'pg-vcenter'
- set firewall name public-mgmt rule 456 log 'enable'
- set firewall name public-mgmt rule 456 protocol 'tcp'
- set firewall name public-mgmt rule 456 source group network-group 'vpnusers'
- set firewall name public-mgmt rule 633 action 'accept'
- set firewall name public-mgmt rule 633 destination group address-group 'ag-portainer'
- set firewall name public-mgmt rule 633 destination group port-group 'pg-portainer'
- set firewall name public-mgmt rule 633 log 'enable'
- set firewall name public-mgmt rule 633 protocol 'tcp'
- set firewall name public-mgmt rule 633 source group network-group 'vpnusers'
- set firewall name public-mgmt rule 800 action 'accept'
- set firewall name public-mgmt rule 800 destination group port-group 'pg-rdp'
- set firewall name public-mgmt rule 800 log 'enable'
- set firewall name public-mgmt rule 800 protocol 'tcp_udp'
- set firewall name public-mgmt rule 800 source group network-group 'vpnusers'
- set firewall name public-mgmt rule 900 action 'accept'
- set firewall name public-mgmt rule 900 destination group port-group 'pg-ssh'
- set firewall name public-mgmt rule 900 log 'enable'
- set firewall name public-mgmt rule 900 protocol 'tcp'
- set firewall name public-mgmt rule 900 source group network-group 'vpnusers'
- set firewall name public-wan default-action 'drop'
- set firewall name public-wan enable-default-log
- set firewall name public-wan rule 1 action 'accept'
- set firewall name public-wan rule 1 state established 'enable'
- set firewall name public-wan rule 1 state related 'enable'
- set firewall name public-wan rule 2 action 'drop'
- set firewall name public-wan rule 2 log 'enable'
- set firewall name public-wan rule 2 state invalid 'enable'
- set firewall name public-wan rule 100 action 'accept'
- set firewall name public-wan rule 100 log 'enable'
- set firewall name public-wan rule 100 protocol 'icmp'
- set firewall name public-wan rule 200 action 'accept'
- set firewall name public-wan rule 200 destination group port-group 'pg-web'
- set firewall name public-wan rule 200 log 'enable'
- set firewall name public-wan rule 200 protocol 'tcp'
- set firewall name public-wan rule 200 source group address-group 'ag-vpn_servers'
- set firewall name public-wan rule 221 action 'accept'
- set firewall name public-wan rule 221 destination group port-group 'pg-web'
- set firewall name public-wan rule 221 log 'enable'
- set firewall name public-wan rule 221 protocol 'tcp'
- set firewall name public-wan rule 221 source group address-group 'ag-docker_pub'
- set firewall name public-wan rule 700 action 'accept'
- set firewall name public-wan rule 700 destination group port-group 'pg-ftp'
- set firewall name public-wan rule 700 log 'enable'
- set firewall name public-wan rule 700 protocol 'tcp'
- set firewall name public-wan rule 700 source group address-group 'ag-vpn_servers'
- set firewall name wan-cam default-action 'drop'
- set firewall name wan-cam enable-default-log
- set firewall name wan-cam rule 1 action 'accept'
- set firewall name wan-cam rule 1 state established 'enable'
- set firewall name wan-cam rule 1 state related 'enable'
- set firewall name wan-cam rule 2 action 'drop'
- set firewall name wan-cam rule 2 log 'enable'
- set firewall name wan-cam rule 2 state invalid 'enable'
- set firewall name wan-dmz default-action 'drop'
- set firewall name wan-dmz enable-default-log
- set firewall name wan-dmz rule 1 action 'accept'
- set firewall name wan-dmz rule 1 state established 'enable'
- set firewall name wan-dmz rule 1 state related 'enable'
- set firewall name wan-dmz rule 2 action 'drop'
- set firewall name wan-dmz rule 2 log 'enable'
- set firewall name wan-dmz rule 2 state invalid 'enable'
- set firewall name wan-download default-action 'drop'
- set firewall name wan-download enable-default-log
- set firewall name wan-download rule 1 action 'accept'
- set firewall name wan-download rule 1 state established 'enable'
- set firewall name wan-download rule 1 state related 'enable'
- set firewall name wan-download rule 2 action 'drop'
- set firewall name wan-download rule 2 log 'enable'
- set firewall name wan-download rule 2 state invalid 'enable'
- set firewall name wan-firewall default-action 'drop'
- set firewall name wan-firewall enable-default-log
- set firewall name wan-firewall rule 1 action 'accept'
- set firewall name wan-firewall rule 1 state established 'enable'
- set firewall name wan-firewall rule 1 state related 'enable'
- set firewall name wan-firewall rule 2 action 'drop'
- set firewall name wan-firewall rule 2 log 'enable'
- set firewall name wan-firewall rule 2 state invalid 'enable'
- set firewall name wan-firewall rule 600 action 'drop'
- set firewall name wan-firewall rule 600 description 'Disable ISP DHCP and dont log it'
- set firewall name wan-firewall rule 600 destination group address-group 'ag-bcast_limit'
- set firewall name wan-firewall rule 600 destination group port-group 'pg-dhcp'
- set firewall name wan-firewall rule 600 log 'disable'
- set firewall name wan-firewall rule 600 protocol 'udp'
- set firewall name wan-firewall rule 600 source group port-group 'pg-dhcp'
- set firewall name wan-guest default-action 'drop'
- set firewall name wan-guest enable-default-log
- set firewall name wan-guest rule 1 action 'accept'
- set firewall name wan-guest rule 1 state established 'enable'
- set firewall name wan-guest rule 1 state related 'enable'
- set firewall name wan-guest rule 2 action 'drop'
- set firewall name wan-guest rule 2 log 'enable'
- set firewall name wan-guest rule 2 state invalid 'enable'
- set firewall name wan-iot default-action 'drop'
- set firewall name wan-iot enable-default-log
- set firewall name wan-iot rule 1 action 'accept'
- set firewall name wan-iot rule 1 state established 'enable'
- set firewall name wan-iot rule 1 state related 'enable'
- set firewall name wan-iot rule 2 action 'drop'
- set firewall name wan-iot rule 2 log 'enable'
- set firewall name wan-iot rule 2 state invalid 'enable'
- set firewall name wan-lan default-action 'drop'
- set firewall name wan-lan enable-default-log
- set firewall name wan-lan rule 1 action 'accept'
- set firewall name wan-lan rule 1 state established 'enable'
- set firewall name wan-lan rule 1 state related 'enable'
- set firewall name wan-lan rule 2 action 'drop'
- set firewall name wan-lan rule 2 log 'enable'
- set firewall name wan-lan rule 2 state invalid 'enable'
- set firewall name wan-mgmt default-action 'drop'
- set firewall name wan-mgmt enable-default-log
- set firewall name wan-mgmt rule 1 action 'accept'
- set firewall name wan-mgmt rule 1 state established 'enable'
- set firewall name wan-mgmt rule 1 state related 'enable'
- set firewall name wan-mgmt rule 2 action 'drop'
- set firewall name wan-mgmt rule 2 log 'enable'
- set firewall name wan-mgmt rule 2 state invalid 'enable'
- set firewall name wan-public default-action 'drop'
- set firewall name wan-public enable-default-log
- set firewall name wan-public rule 1 action 'accept'
- set firewall name wan-public rule 1 state established 'enable'
- set firewall name wan-public rule 1 state related 'enable'
- set firewall name wan-public rule 2 action 'drop'
- set firewall name wan-public rule 2 log 'enable'
- set firewall name wan-public rule 2 state invalid 'enable'
- set firewall name wan-public rule 220 action 'accept'
- set firewall name wan-public rule 220 destination group address-group 'ag-vpn_pri'
- set firewall name wan-public rule 220 destination group port-group 'pg-vpn_pri'
- set firewall name wan-public rule 220 log 'enable'
- set firewall name wan-public rule 220 protocol 'tcp'
- set firewall name wan-public rule 221 action 'accept'
- set firewall name wan-public rule 221 destination group address-group 'ag-vpn_bck'
- set firewall name wan-public rule 221 destination group port-group 'pg-vpn_bck'
- set firewall name wan-public rule 221 log 'enable'
- set firewall name wan-public rule 221 protocol 'udp'
- set firewall receive-redirects 'disable'
- set firewall send-redirects 'enable'
- set firewall source-validation 'disable'
- set firewall syn-cookies 'enable'
- set firewall twa-hazards-protection 'disable'
- set high-availability vrrp group cam address 192.168.53.253/24
- set high-availability vrrp group cam advertise-interval '1'
- set high-availability vrrp group cam description 'Cam'
- set high-availability vrrp group cam interface 'eth0.53'
- set high-availability vrrp group cam preempt-delay '3'
- set high-availability vrrp group cam priority '254'
- set high-availability vrrp group cam rfc3768-compatibility
- set high-availability vrrp group cam vrid '53'
- set high-availability vrrp group dmz address 192.168.67.253/24
- set high-availability vrrp group dmz advertise-interval '1'
- set high-availability vrrp group dmz description 'DMZ'
- set high-availability vrrp group dmz interface 'eth0.67'
- set high-availability vrrp group dmz preempt-delay '3'
- set high-availability vrrp group dmz priority '254'
- set high-availability vrrp group dmz rfc3768-compatibility
- set high-availability vrrp group dmz vrid '67'
- set high-availability vrrp group download address 192.168.79.253/24
- set high-availability vrrp group download advertise-interval '1'
- set high-availability vrrp group download description 'Download'
- set high-availability vrrp group download interface 'eth0.79'
- set high-availability vrrp group download preempt-delay '3'
- set high-availability vrrp group download priority '254'
- set high-availability vrrp group download rfc3768-compatibility
- set high-availability vrrp group download vrid '79'
- set high-availability vrrp group guest address 192.168.131.253/24
- set high-availability vrrp group guest advertise-interval '1'
- set high-availability vrrp group guest description 'Guest'
- set high-availability vrrp group guest interface 'eth0.131'
- set high-availability vrrp group guest preempt-delay '3'
- set high-availability vrrp group guest priority '254'
- set high-availability vrrp group guest rfc3768-compatibility
- set high-availability vrrp group guest vrid '131'
- set high-availability vrrp group iot address 192.168.11.253/24
- set high-availability vrrp group iot advertise-interval '1'
- set high-availability vrrp group iot description 'IOT'
- set high-availability vrrp group iot interface 'eth0.11'
- set high-availability vrrp group iot preempt-delay '3'
- set high-availability vrrp group iot priority '254'
- set high-availability vrrp group iot rfc3768-compatibility
- set high-availability vrrp group iot vrid '11'
- set high-availability vrrp group lan address 192.168.13.253/24
- set high-availability vrrp group lan advertise-interval '1'
- set high-availability vrrp group lan description 'LAN'
- set high-availability vrrp group lan interface 'eth0.13'
- set high-availability vrrp group lan preempt-delay '3'
- set high-availability vrrp group lan priority '254'
- set high-availability vrrp group lan rfc3768-compatibility
- set high-availability vrrp group lan vrid '13'
- set high-availability vrrp group mgmt address 192.168.7.253/24
- set high-availability vrrp group mgmt advertise-interval '1'
- set high-availability vrrp group mgmt description 'Management'
- set high-availability vrrp group mgmt interface 'eth0.7'
- set high-availability vrrp group mgmt preempt-delay '3'
- set high-availability vrrp group mgmt priority '254'
- set high-availability vrrp group mgmt rfc3768-compatibility
- set high-availability vrrp group mgmt vrid '7'
- set high-availability vrrp group public address 192.168.17.253/24
- set high-availability vrrp group public advertise-interval '1'
- set high-availability vrrp group public description 'Public'
- set high-availability vrrp group public interface 'eth0.17'
- set high-availability vrrp group public preempt-delay '3'
- set high-availability vrrp group public priority '254'
- set high-availability vrrp group public rfc3768-compatibility
- set high-availability vrrp group public vrid '17'
- set high-availability vrrp sync-group sync member 'cam'
- set high-availability vrrp sync-group sync member 'guest'
- set high-availability vrrp sync-group sync member 'mgmt'
- set high-availability vrrp sync-group sync member 'lan'
- set high-availability vrrp sync-group sync member 'iot'
- set high-availability vrrp sync-group sync member 'public'
- set high-availability vrrp sync-group sync member 'dmz'
- set high-availability vrrp sync-group sync member 'download'
- set high-availability vrrp sync-group sync transition-script backup '/config/scripts/vrrp-trans-fail.sh backup'
- set high-availability vrrp sync-group sync transition-script fault '/config/scripts/vrrp-trans-fail.sh backup'
- set high-availability vrrp sync-group sync transition-script master '/config/scripts/vrrp-trans-master.sh master'
- set high-availability vrrp sync-group sync transition-script stop '/config/scripts/vrrp-trans-fail.sh backup'
- set interfaces ethernet eth0 duplex 'auto'
- set interfaces ethernet eth0 hw-id '00:50:56:9f:be:a5'
- set interfaces ethernet eth0 offload gro
- set interfaces ethernet eth0 offload gso
- set interfaces ethernet eth0 offload sg
- set interfaces ethernet eth0 offload tso
- set interfaces ethernet eth0 ring-buffer rx '4096'
- set interfaces ethernet eth0 ring-buffer tx '4096'
- set interfaces ethernet eth0 speed 'auto'
- set interfaces ethernet eth0 vif 7 address '192.168.7.252/24'
- set interfaces ethernet eth0 vif 7 description 'Management'
- set interfaces ethernet eth0 vif 11 address '192.168.11.252/24'
- set interfaces ethernet eth0 vif 11 description 'IOT'
- set interfaces ethernet eth0 vif 13 address '192.168.13.252/24'
- set interfaces ethernet eth0 vif 13 description 'LAN'
- set interfaces ethernet eth0 vif 17 address '192.168.17.252/24'
- set interfaces ethernet eth0 vif 17 description 'Public'
- set interfaces ethernet eth0 vif 53 address '192.168.53.252/24'
- set interfaces ethernet eth0 vif 53 description 'Cam'
- set interfaces ethernet eth0 vif 67 address '192.168.67.252/24'
- set interfaces ethernet eth0 vif 67 description 'DMZ'
- set interfaces ethernet eth0 vif 79 address '192.168.79.252/24'
- set interfaces ethernet eth0 vif 79 description 'Download'
- set interfaces ethernet eth0 vif 131 address '192.168.131.252/24'
- set interfaces ethernet eth0 vif 131 description 'Guest'
- set interfaces ethernet eth0 vif 167 address 'dhcp'
- set interfaces ethernet eth0 vif 167 description 'WAN'
- set interfaces ethernet eth0 vif 197 address 'dhcp'
- set interfaces ethernet eth0 vif 197 description 'WAN_BCK'
- set interfaces loopback lo
- set load-balancing wan enable-local-traffic
- set load-balancing wan flush-connections
- set load-balancing wan interface-health eth0.167 failure-count '3'
- set load-balancing wan interface-health eth0.167 nexthop 'dhcp'
- set load-balancing wan interface-health eth0.167 success-count '1'
- set load-balancing wan interface-health eth0.167 test 10 resp-time '5'
- set load-balancing wan interface-health eth0.167 test 10 target '1.0.0.1'
- set load-balancing wan interface-health eth0.167 test 10 ttl-limit '1'
- set load-balancing wan interface-health eth0.167 test 10 type 'ping'
- set load-balancing wan interface-health eth0.197 failure-count '3'
- set load-balancing wan interface-health eth0.197 nexthop 'dhcp'
- set load-balancing wan interface-health eth0.197 success-count '1'
- set load-balancing wan interface-health eth0.197 test 10 resp-time '5'
- set load-balancing wan interface-health eth0.197 test 10 target '1.1.1.1'
- set load-balancing wan interface-health eth0.197 test 10 ttl-limit '1'
- set load-balancing wan interface-health eth0.197 test 10 type 'ping'
- set load-balancing wan rule 5 destination address '192.168.0.0/16'
- set load-balancing wan rule 5 exclude
- set load-balancing wan rule 5 inbound-interface 'eth+'
- set load-balancing wan rule 5 protocol 'all'
- set load-balancing wan rule 6 destination address '172.16.0.0/12'
- set load-balancing wan rule 6 exclude
- set load-balancing wan rule 6 inbound-interface 'eth+'
- set load-balancing wan rule 6 protocol 'all'
- set load-balancing wan rule 7 destination address '10.0.0.0/8'
- set load-balancing wan rule 7 exclude
- set load-balancing wan rule 7 inbound-interface 'eth+'
- set load-balancing wan rule 7 protocol 'all'
- set load-balancing wan rule 10 failover
- set load-balancing wan rule 10 inbound-interface 'eth0.7v7'
- set load-balancing wan rule 10 interface eth0.167 weight '10'
- set load-balancing wan rule 10 interface eth0.197 weight '1'
- set load-balancing wan rule 10 protocol 'all'
- set load-balancing wan rule 20 failover
- set load-balancing wan rule 20 inbound-interface 'eth0.11v11'
- set load-balancing wan rule 20 interface eth0.167 weight '10'
- set load-balancing wan rule 20 interface eth0.197 weight '1'
- set load-balancing wan rule 20 protocol 'all'
- set load-balancing wan rule 30 failover
- set load-balancing wan rule 30 inbound-interface 'eth0.13v13'
- set load-balancing wan rule 30 interface eth0.167 weight '10'
- set load-balancing wan rule 30 interface eth0.197 weight '1'
- set load-balancing wan rule 30 protocol 'all'
- set load-balancing wan rule 40 failover
- set load-balancing wan rule 40 inbound-interface 'eth0.17v17'
- set load-balancing wan rule 40 interface eth0.167 weight '10'
- set load-balancing wan rule 40 interface eth0.197 weight '1'
- set load-balancing wan rule 40 protocol 'all'
- set load-balancing wan rule 50 failover
- set load-balancing wan rule 50 inbound-interface 'eth0.67v67'
- set load-balancing wan rule 50 interface eth0.167 weight '10'
- set load-balancing wan rule 50 interface eth0.197 weight '1'
- set load-balancing wan rule 50 protocol 'all'
- set load-balancing wan rule 70 failover
- set load-balancing wan rule 70 inbound-interface 'eth0.131v131'
- set load-balancing wan rule 70 interface eth0.167 weight '10'
- set load-balancing wan rule 70 interface eth0.197 weight '1'
- set load-balancing wan rule 70 protocol 'all'
- set load-balancing wan sticky-connections inbound
- set nat destination rule 200 description 'Redirect port for primary VPN server'
- set nat destination rule 200 destination port '443'
- set nat destination rule 200 inbound-interface 'eth0.167'
- set nat destination rule 200 log
- set nat destination rule 200 protocol 'tcp'
- set nat destination rule 200 translation address '192.168.17.100'
- set nat destination rule 200 translation port '443'
- set nat destination rule 201 description 'Redirect port for backup VPN server'
- set nat destination rule 201 destination port '443'
- set nat destination rule 201 inbound-interface 'eth0.167'
- set nat destination rule 201 log
- set nat destination rule 201 protocol 'udp'
- set nat destination rule 201 translation address '192.168.17.100'
- set nat destination rule 201 translation port '443'
- set nat destination rule 399 description 'Redirect DNS iot VLAN'
- set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
- set nat destination rule 399 destination port '53'
- set nat destination rule 399 inbound-interface 'eth0.11v11'
- set nat destination rule 399 log
- set nat destination rule 399 protocol 'tcp_udp'
- set nat destination rule 399 translation address '192.168.67.243'
- set nat destination rule 399 translation port '53'
- set nat source rule 5010 description 'Masquerade for WAN'
- set nat source rule 5010 outbound-interface 'eth0.167'
- set nat source rule 5010 translation address 'masquerade'
- set nat source rule 5020 description 'Masquerade for WAN_BCK'
- set nat source rule 5020 outbound-interface 'eth0.197'
- set nat source rule 5020 translation address 'masquerade'
- set protocols static route 0.0.0.0/0 dhcp-interface 'eth0.167'
- set protocols static route 10.168.17.0/24 next-hop 192.168.17.100
- set protocols static route 10.168.19.0/24 next-hop 192.168.17.100
- set protocols static route 192.168.0.0/16 blackhole distance '254'
- set protocols static route 192.168.100.0/24 interface eth0.167
- set protocols static route 192.168.197.0/24 interface eth0.197
- set service conntrack-sync disable-external-cache
- set service conntrack-sync event-listen-queue-size '16'
- set service conntrack-sync failover-mechanism vrrp sync-group 'sync'
- set service conntrack-sync interface eth0.7
- set service conntrack-sync listen-address '192.168.7.252'
- set service conntrack-sync mcast-group '224.0.0.50'
- set service conntrack-sync sync-queue-size '16'
- set service dhcp-relay interface 'eth0.67'
- set service dhcp-relay interface 'eth0.11'
- set service dhcp-relay interface 'eth0.13'
- set service dhcp-relay interface 'eth0.131'
- set service dhcp-relay relay-options relay-agents-packets 'discard'
- set service dhcp-relay server '192.168.67.241'
- set service dhcp-relay server '192.168.67.242'
- set service dns dynamic interface eth0.167 service namecheap host-name 'is'
- set service dns dynamic interface eth0.167 service namecheap login 'flawed.network'
- set service dns dynamic interface eth0.167 service namecheap password 'takeaguess...'
- set service dns dynamic interface eth0.167 service namecheap protocol 'namecheap'
- set service dns dynamic interface eth0.167 service namecheap server 'dynamicdns.park-your-domain.com'
- set service mdns repeater interface 'eth0.11v11'
- set service mdns repeater interface 'eth0.13v13'
- set service mdns repeater interface 'eth0.131v131'
- set service ssh listen-address '192.168.7.252'
- set service ssh port '22'
- set system config-management commit-revisions '1000'
- set system conntrack expect-table-size '2048'
- set system conntrack hash-size '32768'
- set system conntrack modules ftp
- set system conntrack modules h323
- set system conntrack table-size '3145728'
- set system domain-name 'on.flawed.network'
- set system host-name 'vyos007'
- set system login user person1 authentication encrypted-password 'takeaguess...'
- set system name-server '192.168.67.241'
- set system name-server '192.168.67.242'
- set system ntp listen-address '192.168.67.252'
- set system ntp server 192.168.67.241
- set system ntp server 192.168.67.242
- set system sysctl parameter net.netfilter.nf_conntrack_buckets value '1572864'
- set system syslog global facility all level 'info'
- set system syslog global facility protocols level 'debug'
- set system time-zone 'Australia/Melbourne'
- set zone-policy zone cam default-action 'drop'
- set zone-policy zone cam from dmz firewall name 'dmz-cam'
- set zone-policy zone cam from download firewall name 'download-cam'
- set zone-policy zone cam from firewall firewall name 'firewall-cam'
- set zone-policy zone cam from guest firewall name 'guest-cam'
- set zone-policy zone cam from lan firewall name 'lan-cam'
- set zone-policy zone cam from mgmt firewall name 'mgmt-cam'
- set zone-policy zone cam from public firewall name 'public-cam'
- set zone-policy zone cam from wan firewall name 'wan-cam'
- set zone-policy zone cam interface 'eth0.53v53'
- set zone-policy zone cam interface 'eth0.53'
- set zone-policy zone dmz default-action 'drop'
- set zone-policy zone dmz from cam firewall name 'cam-dmz'
- set zone-policy zone dmz from download firewall name 'download-dmz'
- set zone-policy zone dmz from firewall firewall name 'firewall-dmz'
- set zone-policy zone dmz from guest firewall name 'guest-dmz'
- set zone-policy zone dmz from iot firewall name 'iot-dmz'
- set zone-policy zone dmz from lan firewall name 'lan-dmz'
- set zone-policy zone dmz from mgmt firewall name 'mgmt-dmz'
- set zone-policy zone dmz from public firewall name 'public-dmz'
- set zone-policy zone dmz from wan firewall name 'wan-dmz'
- set zone-policy zone dmz interface 'eth0.67'
- set zone-policy zone dmz interface 'eth0.67v67'
- set zone-policy zone download default-action 'drop'
- set zone-policy zone download from cam firewall name 'cam-download'
- set zone-policy zone download from dmz firewall name 'dmz-download'
- set zone-policy zone download from firewall firewall name 'firewall-download'
- set zone-policy zone download from guest firewall name 'guest-download'
- set zone-policy zone download from lan firewall name 'lan-download'
- set zone-policy zone download from mgmt firewall name 'mgmt-download'
- set zone-policy zone download from public firewall name 'public-download'
- set zone-policy zone download from wan firewall name 'wan-download'
- set zone-policy zone download interface 'eth0.79'
- set zone-policy zone download interface 'eth0.79v79'
- set zone-policy zone firewall default-action 'drop'
- set zone-policy zone firewall from cam firewall name 'cam-firewall'
- set zone-policy zone firewall from dmz firewall name 'dmz-firewall'
- set zone-policy zone firewall from download firewall name 'download-firewall'
- set zone-policy zone firewall from guest firewall name 'guest-firewall'
- set zone-policy zone firewall from iot firewall name 'iot-firewall'
- set zone-policy zone firewall from lan firewall name 'lan-firewall'
- set zone-policy zone firewall from mgmt firewall name 'mgmt-firewall'
- set zone-policy zone firewall from public firewall name 'public-firewall'
- set zone-policy zone firewall from wan firewall name 'wan-firewall'
- set zone-policy zone firewall local-zone
- set zone-policy zone guest default-action 'drop'
- set zone-policy zone guest from cam firewall name 'cam-guest'
- set zone-policy zone guest from dmz firewall name 'dmz-guest'
- set zone-policy zone guest from download firewall name 'download-guest'
- set zone-policy zone guest from firewall firewall name 'firewall-guest'
- set zone-policy zone guest from iot firewall name 'iot-guest'
- set zone-policy zone guest from lan firewall name 'lan-guest'
- set zone-policy zone guest from mgmt firewall name 'mgmt-guest'
- set zone-policy zone guest from public firewall name 'public-guest'
- set zone-policy zone guest from wan firewall name 'wan-guest'
- set zone-policy zone guest interface 'eth0.131'
- set zone-policy zone guest interface 'eth0.131v131'
- set zone-policy zone iot default-action 'drop'
- set zone-policy zone iot from dmz firewall name 'dmz-iot'
- set zone-policy zone iot from firewall firewall name 'firewall-iot'
- set zone-policy zone iot from guest firewall name 'guest-iot'
- set zone-policy zone iot from lan firewall name 'lan-iot'
- set zone-policy zone iot from wan firewall name 'wan-iot'
- set zone-policy zone iot interface 'eth0.11'
- set zone-policy zone iot interface 'eth0.11v11'
- set zone-policy zone lan default-action 'drop'
- set zone-policy zone lan from cam firewall name 'cam-lan'
- set zone-policy zone lan from dmz firewall name 'dmz-lan'
- set zone-policy zone lan from download firewall name 'download-lan'
- set zone-policy zone lan from firewall firewall name 'firewall-lan'
- set zone-policy zone lan from guest firewall name 'guest-lan'
- set zone-policy zone lan from iot firewall name 'iot-lan'
- set zone-policy zone lan from mgmt firewall name 'mgmt-lan'
- set zone-policy zone lan from public firewall name 'public-lan'
- set zone-policy zone lan from wan firewall name 'wan-lan'
- set zone-policy zone lan interface 'eth0.13'
- set zone-policy zone lan interface 'eth0.13v13'
- set zone-policy zone mgmt default-action 'drop'
- set zone-policy zone mgmt from cam firewall name 'cam-mgmt'
- set zone-policy zone mgmt from dmz firewall name 'dmz-mgmt'
- set zone-policy zone mgmt from download firewall name 'download-mgmt'
- set zone-policy zone mgmt from firewall firewall name 'firewall-mgmt'
- set zone-policy zone mgmt from guest firewall name 'guest-mgmt'
- set zone-policy zone mgmt from lan firewall name 'lan-mgmt'
- set zone-policy zone mgmt from public firewall name 'public-mgmt'
- set zone-policy zone mgmt from wan firewall name 'wan-mgmt'
- set zone-policy zone mgmt interface 'eth0.7'
- set zone-policy zone mgmt interface 'eth0.7v7'
- set zone-policy zone public default-action 'drop'
- set zone-policy zone public from cam firewall name 'cam-public'
- set zone-policy zone public from dmz firewall name 'dmz-public'
- set zone-policy zone public from download firewall name 'download-public'
- set zone-policy zone public from firewall firewall name 'firewall-public'
- set zone-policy zone public from guest firewall name 'guest-public'
- set zone-policy zone public from lan firewall name 'lan-public'
- set zone-policy zone public from mgmt firewall name 'mgmt-public'
- set zone-policy zone public from wan firewall name 'wan-public'
- set zone-policy zone public interface 'eth0.17'
- set zone-policy zone public interface 'eth0.17v17'
- set zone-policy zone wan default-action 'drop'
- set zone-policy zone wan from cam firewall name 'cam-wan'
- set zone-policy zone wan from dmz firewall name 'dmz-wan'
- set zone-policy zone wan from download firewall name 'download-wan'
- set zone-policy zone wan from firewall firewall name 'firewall-wan'
- set zone-policy zone wan from guest firewall name 'guest-wan'
- set zone-policy zone wan from iot firewall name 'iot-wan'
- set zone-policy zone wan from lan firewall name 'lan-wan'
- set zone-policy zone wan from mgmt firewall name 'mgmt-wan'
- set zone-policy zone wan from public firewall name 'public-wan'
- set zone-policy zone wan interface 'eth0.167'
- set zone-policy zone wan interface 'eth0.197'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement