Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #config-version=FGVMK6-6.2.0-FW-build0866-190328:opmode=0:vdom=0:user=admin
- #conf_file_ver=185280594225277
- #buildno=0866
- #global_vdom=1
- config system global
- set admintimeout 50
- set alias "FortiGate-VM64-KVM"
- set hostname "SERRINHA"
- set timezone 18
- end
- config system accprofile
- edit "super_admin"
- set secfabgrp read-write
- set ftviewgrp read-write
- set authgrp read-write
- set sysgrp read-write
- set netgrp read-write
- set loggrp read-write
- set fwgrp read-write
- set vpngrp read-write
- set utmgrp read-write
- set wanoptgrp read-write
- set wifi read-write
- next
- edit "prof_admin"
- set secfabgrp read-write
- set ftviewgrp read-write
- set authgrp read-write
- set sysgrp read-write
- set netgrp read-write
- set loggrp read-write
- set fwgrp read-write
- set vpngrp read-write
- set utmgrp read-write
- set wanoptgrp read-write
- set wifi read-write
- next
- end
- config system interface
- edit "port1"
- set vdom "root"
- set mode dhcp
- set allowaccess ping ssh http
- set type physical
- set snmp-index 1
- next
- edit "port2"
- set vdom "root"
- set ip 192.168.253.10 255.255.255.0
- set allowaccess ping ssh http
- set type physical
- set snmp-index 2
- next
- edit "port3"
- set vdom "root"
- set ip 192.168.228.1 255.255.255.0
- set allowaccess ping ssh http
- set type physical
- set snmp-index 3
- next
- edit "port4"
- set vdom "root"
- set type physical
- set snmp-index 4
- next
- edit "port5"
- set vdom "root"
- set type physical
- set snmp-index 5
- next
- edit "port6"
- set vdom "root"
- set type physical
- set snmp-index 6
- next
- edit "port7"
- set vdom "root"
- set type physical
- set snmp-index 7
- next
- edit "port8"
- set vdom "root"
- set type physical
- set snmp-index 8
- next
- edit "port9"
- set vdom "root"
- set type physical
- set snmp-index 9
- next
- edit "port10"
- set vdom "root"
- set type physical
- set snmp-index 10
- next
- edit "ssl.root"
- set vdom "root"
- set type tunnel
- set alias "SSL VPN interface"
- set snmp-index 11
- next
- edit "toDC-CURITIBA"
- set vdom "root"
- set ip 10.10.228.2 255.255.255.255
- set allowaccess ping
- set type tunnel
- set remote-ip 10.10.228.1 255.255.255.255
- set snmp-index 12
- set interface "port1"
- next
- edit "toDC-CTA-TERR"
- set vdom "root"
- set ip 10.20.228.2 255.255.255.255
- set allowaccess ping
- set type tunnel
- set remote-ip 10.20.228.1 255.255.255.255
- set snmp-index 13
- set interface "port2"
- next
- end
- config system custom-language
- edit "en"
- set filename "en"
- next
- edit "fr"
- set filename "fr"
- next
- edit "sp"
- set filename "sp"
- next
- edit "pg"
- set filename "pg"
- next
- edit "x-sjis"
- set filename "x-sjis"
- next
- edit "big5"
- set filename "big5"
- next
- edit "GB2312"
- set filename "GB2312"
- next
- edit "euc-kr"
- set filename "euc-kr"
- next
- end
- config system admin
- edit "admin"
- set accprofile "super_admin"
- set vdom "root"
- config gui-dashboard
- edit 1
- set name "Status"
- set vdom "root"
- set permanent enable
- config widget
- edit 1
- set width 1
- set height 1
- next
- edit 2
- set type licinfo
- set x-pos 1
- set width 1
- set height 1
- next
- edit 3
- set type vminfo
- set x-pos 2
- set width 1
- set height 1
- next
- edit 4
- set type forticloud
- set x-pos 3
- set width 1
- set height 1
- next
- edit 5
- set type security-fabric
- set x-pos 4
- set width 1
- set height 1
- next
- edit 6
- set type security-fabric-ranking
- set x-pos 5
- set width 1
- set height 1
- next
- edit 7
- set type admins
- set x-pos 6
- set width 1
- set height 1
- next
- edit 8
- set type cpu-usage
- set x-pos 7
- set width 2
- set height 1
- next
- edit 9
- set type memory-usage
- set x-pos 8
- set width 2
- set height 1
- next
- edit 10
- set type sessions
- set x-pos 9
- set width 2
- set height 1
- next
- end
- next
- edit 2
- set name "Top Usage LAN/DMZ"
- set vdom "root"
- set layout-type fixed
- set columns 12
- config widget
- edit 1
- set type fortiview
- set width 6
- set height 3
- set fortiview-type "source"
- set fortiview-sort-by "bytes"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- edit 2
- set type fortiview
- set x-pos 1
- set width 6
- set height 3
- set fortiview-type "destination"
- set fortiview-sort-by "sessions"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- edit 3
- set type fortiview
- set x-pos 2
- set width 6
- set height 3
- set fortiview-type "application"
- set fortiview-sort-by "bytes"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- edit 4
- set type fortiview
- set x-pos 3
- set width 6
- set height 3
- set fortiview-type "website"
- set fortiview-sort-by "sessions"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- end
- next
- edit 3
- set name "Security"
- set vdom "root"
- set layout-type fixed
- set columns 12
- config widget
- edit 1
- set type fortiview
- set width 6
- set height 3
- set fortiview-type "compromisedHosts"
- set fortiview-sort-by "verdict"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- edit 2
- set type fortiview
- set x-pos 1
- set width 6
- set height 3
- set fortiview-type "threats"
- set fortiview-sort-by "threatLevel"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- edit 3
- set type vulnerability-summary
- set x-pos 2
- set width 3
- set height 3
- next
- edit 4
- set type host-scan-summary
- set x-pos 3
- set width 3
- set height 3
- next
- edit 5
- set type fortiview
- set x-pos 4
- set width 6
- set height 3
- set fortiview-type "endpointDevices"
- set fortiview-sort-by "vulnerabilities"
- set fortiview-timeframe "hour"
- set fortiview-visualization "table"
- next
- end
- next
- end
- next
- end
- config system sso-admin
- end
- config system ha
- set override disable
- end
- config system storage
- edit "Virtual-Disk"
- set status enable
- set media-status enable
- set order 1
- set partition "LOGUSEDXABA32AD6"
- set device "/dev/vdb1"
- set size 30236
- set usage log
- next
- end
- config system dns
- set primary 208.91.112.53
- set secondary 208.91.112.52
- end
- config system replacemsg-image
- edit "logo_fnet"
- set image-type gif
- set image-base64 ''
- next
- edit "logo_fguard_wf"
- set image-type gif
- set image-base64 ''
- next
- edit "logo_fw_auth"
- set image-base64 ''
- next
- edit "logo_v2_fnet"
- set image-base64 ''
- next
- edit "logo_v2_fguard_wf"
- set image-base64 ''
- next
- edit "logo_v2_fguard_app"
- set image-base64 ''
- next
- end
- config system replacemsg mail "email-av-fail"
- end
- config system replacemsg mail "email-block"
- end
- config system replacemsg mail "email-dlp-subject"
- end
- config system replacemsg mail "email-dlp-ban"
- end
- config system replacemsg mail "email-filesize"
- end
- config system replacemsg mail "email-file-filter"
- end
- config system replacemsg mail "partial"
- end
- config system replacemsg mail "smtp-block"
- end
- config system replacemsg mail "smtp-filesize"
- end
- config system replacemsg mail "email-decompress-limit"
- end
- config system replacemsg mail "smtp-decompress-limit"
- end
- config system replacemsg http "bannedword"
- end
- config system replacemsg http "url-block"
- end
- config system replacemsg http "urlfilter-err"
- end
- config system replacemsg http "infcache-block"
- end
- config system replacemsg http "http-block"
- end
- config system replacemsg http "http-filesize"
- end
- config system replacemsg http "http-dlp-ban"
- end
- config system replacemsg http "http-archive-block"
- end
- config system replacemsg http "http-contenttypeblock"
- end
- config system replacemsg http "https-invalid-cert-block"
- end
- config system replacemsg http "https-untrusted-cert-block"
- end
- config system replacemsg http "https-blacklisted-cert-block"
- end
- config system replacemsg http "http-client-block"
- end
- config system replacemsg http "http-client-filesize"
- end
- config system replacemsg http "http-client-bannedword"
- end
- config system replacemsg http "http-post-block"
- end
- config system replacemsg http "http-client-archive-block"
- end
- config system replacemsg http "switching-protocols-block"
- end
- config system replacemsg webproxy "deny"
- end
- config system replacemsg webproxy "user-limit"
- end
- config system replacemsg webproxy "auth-challenge"
- end
- config system replacemsg webproxy "auth-login-fail"
- end
- config system replacemsg webproxy "auth-group-info-fail"
- end
- config system replacemsg webproxy "http-err"
- end
- config system replacemsg webproxy "auth-ip-blackout"
- end
- config system replacemsg ftp "ftp-av-fail"
- end
- config system replacemsg ftp "ftp-dl-blocked"
- end
- config system replacemsg ftp "ftp-dl-filesize"
- end
- config system replacemsg ftp "ftp-dl-dlp-ban"
- end
- config system replacemsg ftp "ftp-explicit-banner"
- end
- config system replacemsg ftp "ftp-dl-archive-block"
- end
- config system replacemsg nntp "nntp-av-fail"
- end
- config system replacemsg nntp "nntp-dl-blocked"
- end
- config system replacemsg nntp "nntp-dl-filesize"
- end
- config system replacemsg nntp "nntp-dlp-subject"
- end
- config system replacemsg nntp "nntp-dlp-ban"
- end
- config system replacemsg nntp "email-decompress-limit"
- end
- config system replacemsg fortiguard-wf "ftgd-block"
- end
- config system replacemsg fortiguard-wf "http-err"
- end
- config system replacemsg fortiguard-wf "ftgd-ovrd"
- end
- config system replacemsg fortiguard-wf "ftgd-quota"
- end
- config system replacemsg fortiguard-wf "ftgd-warning"
- end
- config system replacemsg spam "ipblocklist"
- end
- config system replacemsg spam "smtp-spam-dnsbl"
- end
- config system replacemsg spam "smtp-spam-feip"
- end
- config system replacemsg spam "smtp-spam-helo"
- end
- config system replacemsg spam "smtp-spam-emailblack"
- end
- config system replacemsg spam "smtp-spam-mimeheader"
- end
- config system replacemsg spam "reversedns"
- end
- config system replacemsg spam "smtp-spam-bannedword"
- end
- config system replacemsg spam "smtp-spam-ase"
- end
- config system replacemsg spam "submit"
- end
- config system replacemsg alertmail "alertmail-virus"
- end
- config system replacemsg alertmail "alertmail-block"
- end
- config system replacemsg alertmail "alertmail-nids-event"
- end
- config system replacemsg alertmail "alertmail-crit-event"
- end
- config system replacemsg alertmail "alertmail-disk-full"
- end
- config system replacemsg admin "pre_admin-disclaimer-text"
- end
- config system replacemsg admin "post_admin-disclaimer-text"
- end
- config system replacemsg auth "auth-disclaimer-page-1"
- end
- config system replacemsg auth "auth-disclaimer-page-2"
- end
- config system replacemsg auth "auth-disclaimer-page-3"
- end
- config system replacemsg auth "auth-reject-page"
- end
- config system replacemsg auth "auth-login-page"
- end
- config system replacemsg auth "auth-login-failed-page"
- end
- config system replacemsg auth "auth-token-login-page"
- end
- config system replacemsg auth "auth-token-login-failed-page"
- end
- config system replacemsg auth "auth-success-msg"
- end
- config system replacemsg auth "auth-challenge-page"
- end
- config system replacemsg auth "auth-keepalive-page"
- end
- config system replacemsg auth "auth-portal-page"
- end
- config system replacemsg auth "auth-password-page"
- end
- config system replacemsg auth "auth-fortitoken-page"
- end
- config system replacemsg auth "auth-next-fortitoken-page"
- end
- config system replacemsg auth "auth-email-token-page"
- end
- config system replacemsg auth "auth-sms-token-page"
- end
- config system replacemsg auth "auth-email-harvesting-page"
- end
- config system replacemsg auth "auth-email-failed-page"
- end
- config system replacemsg auth "auth-cert-passwd-page"
- end
- config system replacemsg auth "auth-guest-print-page"
- end
- config system replacemsg auth "auth-guest-email-page"
- end
- config system replacemsg auth "auth-success-page"
- end
- config system replacemsg auth "auth-block-notification-page"
- end
- config system replacemsg auth "auth-quarantine-page"
- end
- config system replacemsg auth "auth-qtn-reject-page"
- end
- config system replacemsg sslvpn "sslvpn-login"
- end
- config system replacemsg sslvpn "sslvpn-header"
- end
- config system replacemsg sslvpn "sslvpn-limit"
- end
- config system replacemsg sslvpn "hostcheck-error"
- end
- config system replacemsg device-detection-portal "device-detection-failure"
- end
- config system replacemsg nac-quar "nac-quar-virus"
- end
- config system replacemsg nac-quar "nac-quar-dos"
- end
- config system replacemsg nac-quar "nac-quar-ips"
- end
- config system replacemsg nac-quar "nac-quar-dlp"
- end
- config system replacemsg nac-quar "nac-quar-admin"
- end
- config system replacemsg nac-quar "nac-quar-app"
- end
- config system replacemsg traffic-quota "per-ip-shaper-block"
- end
- config system replacemsg utm "virus-html"
- end
- config system replacemsg utm "client-virus-html"
- end
- config system replacemsg utm "virus-text"
- end
- config system replacemsg utm "dlp-html"
- end
- config system replacemsg utm "dlp-text"
- end
- config system replacemsg utm "appblk-html"
- end
- config system replacemsg utm "ipsblk-html"
- end
- config system replacemsg utm "ipsfail-html"
- end
- config system replacemsg utm "exe-text"
- end
- config system replacemsg utm "waf-html"
- end
- config system replacemsg utm "outbreak-prevention-html"
- end
- config system replacemsg utm "outbreak-prevention-text"
- end
- config system replacemsg icap "icap-req-resp"
- end
- config system snmp sysinfo
- end
- config firewall internet-service-definition
- end
- config firewall internet-service-cat-definition
- end
- config system cluster-sync
- end
- config system fortiguard
- set update-server-location usa
- set sdns-server-ip "208.91.112.220"
- end
- config ips global
- end
- config system email-server
- set server "notification.fortinet.net"
- set port 465
- set security smtps
- end
- config system session-helper
- edit 1
- set name pptp
- set protocol 6
- set port 1723
- next
- edit 2
- set name h323
- set protocol 6
- set port 1720
- next
- edit 3
- set name ras
- set protocol 17
- set port 1719
- next
- edit 4
- set name tns
- set protocol 6
- set port 1521
- next
- edit 5
- set name tftp
- set protocol 17
- set port 69
- next
- edit 6
- set name rtsp
- set protocol 6
- set port 554
- next
- edit 7
- set name rtsp
- set protocol 6
- set port 7070
- next
- edit 8
- set name rtsp
- set protocol 6
- set port 8554
- next
- edit 9
- set name ftp
- set protocol 6
- set port 21
- next
- edit 10
- set name mms
- set protocol 6
- set port 1863
- next
- edit 11
- set name pmap
- set protocol 6
- set port 111
- next
- edit 12
- set name pmap
- set protocol 17
- set port 111
- next
- edit 13
- set name sip
- set protocol 17
- set port 5060
- next
- edit 14
- set name dns-udp
- set protocol 17
- set port 53
- next
- edit 15
- set name rsh
- set protocol 6
- set port 514
- next
- edit 16
- set name rsh
- set protocol 6
- set port 512
- next
- edit 17
- set name dcerpc
- set protocol 6
- set port 135
- next
- edit 18
- set name dcerpc
- set protocol 17
- set port 135
- next
- edit 19
- set name mgcp
- set protocol 17
- set port 2427
- next
- edit 20
- set name mgcp
- set protocol 17
- set port 2727
- next
- end
- config system auto-install
- set auto-install-config enable
- set auto-install-image enable
- end
- config system ntp
- set ntpsync enable
- end
- config system object-tagging
- edit "default"
- next
- end
- config switch-controller traffic-policy
- edit "quarantine"
- set description "Rate control for quarantined traffic"
- set guaranteed-bandwidth 163840
- set guaranteed-burst 8192
- set maximum-burst 163840
- set cos-queue 0
- set id 1
- next
- edit "sniffer"
- set description "Rate control for sniffer mirrored traffic"
- set guaranteed-bandwidth 50000
- set guaranteed-burst 8192
- set maximum-burst 163840
- set cos-queue 0
- set id 2
- next
- end
- config system settings
- end
- config system dhcp server
- edit 1
- set dns-service default
- set default-gateway 192.168.228.1
- set netmask 255.255.255.0
- set interface "port3"
- config ip-range
- edit 1
- set start-ip 192.168.228.2
- set end-ip 192.168.228.254
- next
- end
- set timezone-option default
- next
- end
- config firewall address
- edit "none"
- set uuid a39ab858-574f-51ea-74f9-9e214dabefd6
- set subnet 0.0.0.0 255.255.255.255
- next
- edit "login.microsoftonline.com"
- set uuid a39ac3fc-574f-51ea-6c98-fee2ef77aa17
- set type fqdn
- set fqdn "login.microsoftonline.com"
- next
- edit "login.microsoft.com"
- set uuid a39acff0-574f-51ea-9c25-02af6b7db87b
- set type fqdn
- set fqdn "login.microsoft.com"
- next
- edit "login.windows.net"
- set uuid a39ad8f6-574f-51ea-0dc0-2c1721836660
- set type fqdn
- set fqdn "login.windows.net"
- next
- edit "gmail.com"
- set uuid a39ae0f8-574f-51ea-3716-c16e8c898341
- set type fqdn
- set fqdn "gmail.com"
- next
- edit "wildcard.google.com"
- set uuid a39aea8a-574f-51ea-a3a4-6eb02427c8dc
- set type wildcard-fqdn
- set wildcard-fqdn "*.google.com"
- next
- edit "wildcard.dropbox.com"
- set uuid a39af692-574f-51ea-44d5-08dc2df08eb6
- set type wildcard-fqdn
- set wildcard-fqdn "*.dropbox.com"
- next
- edit "all"
- set uuid a3abef9c-574f-51ea-b1a7-0d9a66a65dea
- next
- edit "FIREWALL_AUTH_PORTAL_ADDRESS"
- set uuid a3abf2a8-574f-51ea-9e38-aff6c5152dfc
- set visibility disable
- next
- edit "FABRIC_DEVICE"
- set uuid a3abf550-574f-51ea-42ff-a3fb817e1768
- set comment "IPv4 addresses of Fabric Devices."
- next
- edit "SSLVPN_TUNNEL_ADDR1"
- set uuid a3ae2762-574f-51ea-d3a7-79481719ea0a
- set type iprange
- set associated-interface "ssl.root"
- set start-ip 10.212.134.200
- set end-ip 10.212.134.210
- next
- edit "LAN-228"
- set uuid 6a4fe2d8-577e-51ea-51e2-1712503fa8fb
- set associated-interface "port3"
- set allow-routing enable
- set subnet 192.168.228.0 255.255.255.0
- next
- edit "SERVERS"
- set uuid 7cd16e4a-577e-51ea-4c00-3d0b71f1c36b
- set allow-routing enable
- set subnet 10.44.127.0 255.255.255.0
- next
- edit "SERVER2"
- set uuid 09878d82-5780-51ea-9c45-be28ae79d610
- set allow-routing enable
- set subnet 10.44.127.4 255.255.255.255
- next
- end
- config firewall multicast-address
- edit "all"
- set start-ip 224.0.0.0
- set end-ip 239.255.255.255
- next
- edit "all_hosts"
- set start-ip 224.0.0.1
- set end-ip 224.0.0.1
- next
- edit "all_routers"
- set start-ip 224.0.0.2
- set end-ip 224.0.0.2
- next
- edit "Bonjour"
- set start-ip 224.0.0.251
- set end-ip 224.0.0.251
- next
- edit "EIGRP"
- set start-ip 224.0.0.10
- set end-ip 224.0.0.10
- next
- edit "OSPF"
- set start-ip 224.0.0.5
- set end-ip 224.0.0.6
- next
- end
- config firewall address6
- edit "SSLVPN_TUNNEL_IPv6_ADDR1"
- set uuid a3ae2c9e-574f-51ea-d370-4a236a11727d
- set ip6 fdff:ffff::/120
- next
- edit "all"
- set uuid a59a63e2-574f-51ea-33e9-3c977cb78c26
- next
- edit "none"
- set uuid a59a74f4-574f-51ea-5d37-4cff18dc79c6
- set ip6 ::/128
- next
- end
- config firewall multicast-address6
- edit "all"
- set ip6 ff00::/8
- next
- end
- config firewall addrgrp
- edit "G Suite"
- set uuid a39b0b1e-574f-51ea-bc61-4cfe12f85f13
- set member "gmail.com" "wildcard.google.com"
- next
- edit "Microsoft Office 365"
- set uuid a39b1a64-574f-51ea-1492-5fde5b5f839f
- set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
- next
- end
- config firewall wildcard-fqdn custom
- edit "adobe"
- set uuid a412264a-574f-51ea-3e69-317947838aab
- set wildcard-fqdn "*.adobe.com"
- next
- edit "Adobe Login"
- set uuid a4122d3e-574f-51ea-ba6c-33651a6c7ec4
- set wildcard-fqdn "*.adobelogin.com"
- next
- edit "android"
- set uuid a41233c4-574f-51ea-c1f0-b5acf3c908f8
- set wildcard-fqdn "*.android.com"
- next
- edit "apple"
- set uuid a4123612-574f-51ea-1ede-bbd88d91db81
- set wildcard-fqdn "*.apple.com"
- next
- edit "appstore"
- set uuid a41237de-574f-51ea-ca3c-d705f8ae56d9
- set wildcard-fqdn "*.appstore.com"
- next
- edit "auth.gfx.ms"
- set uuid a4123cde-574f-51ea-b2d7-8a38dd85227e
- set wildcard-fqdn "*.auth.gfx.ms"
- next
- edit "citrix"
- set uuid a41245b2-574f-51ea-54da-c053b9c42ff5
- set wildcard-fqdn "*.citrixonline.com"
- next
- edit "dropbox.com"
- set uuid a4124882-574f-51ea-860d-a39411aaac59
- set wildcard-fqdn "*.dropbox.com"
- next
- edit "eease"
- set uuid a4124f44-574f-51ea-18e0-a9fc1ce0e5cd
- set wildcard-fqdn "*.eease.com"
- next
- edit "firefox update server"
- set uuid a4125656-574f-51ea-04ac-b78326a7e4fd
- set wildcard-fqdn "aus*.mozilla.org"
- next
- edit "fortinet"
- set uuid a4125886-574f-51ea-c1a7-d13383363a68
- set wildcard-fqdn "*.fortinet.com"
- next
- edit "googleapis.com"
- set uuid a41260b0-574f-51ea-bfb6-9acad985687e
- set wildcard-fqdn "*.googleapis.com"
- next
- edit "google-drive"
- set uuid a41269c0-574f-51ea-2ee2-0e1ed9334188
- set wildcard-fqdn "*drive.google.com"
- next
- edit "google-play2"
- set uuid a4126bc8-574f-51ea-22a9-f2bc4a1a9d78
- set wildcard-fqdn "*.ggpht.com"
- next
- edit "google-play3"
- set uuid a4127712-574f-51ea-aaee-bf17d36be0c1
- set wildcard-fqdn "*.books.google.com"
- next
- edit "Gotomeeting"
- set uuid a4127c44-574f-51ea-0336-65c4d9a28529
- set wildcard-fqdn "*.gotomeeting.com"
- next
- edit "icloud"
- set uuid a4128cca-574f-51ea-d2f7-b1441dc12a27
- set wildcard-fqdn "*.icloud.com"
- next
- edit "itunes"
- set uuid a4128fea-574f-51ea-f908-7891dfa931fc
- set wildcard-fqdn "*itunes.apple.com"
- next
- edit "microsoft"
- set uuid a412c62c-574f-51ea-7f53-282bf412ca49
- set wildcard-fqdn "*.microsoft.com"
- next
- edit "skype"
- set uuid a412cf28-574f-51ea-c607-c3ec202c97b0
- set wildcard-fqdn "*.messenger.live.com"
- next
- edit "softwareupdate.vmware.com"
- set uuid a412d5ea-574f-51ea-e46a-46e9a9619fef
- set wildcard-fqdn "*.softwareupdate.vmware.com"
- next
- edit "verisign"
- set uuid a412e292-574f-51ea-9b29-e2d2664db17a
- set wildcard-fqdn "*.verisign.com"
- next
- edit "Windows update 2"
- set uuid a412e5da-574f-51ea-7dc7-5d1674ff9a46
- set wildcard-fqdn "*.windowsupdate.com"
- next
- edit "live.com"
- set uuid a412ef80-574f-51ea-f10b-c08eb4e95506
- set wildcard-fqdn "*.live.com"
- next
- edit "google-play"
- set uuid a413129e-574f-51ea-c652-b69e192978b5
- set wildcard-fqdn "*play.google.com"
- next
- edit "update.microsoft.com"
- set uuid a41314d8-574f-51ea-190b-f5c54ab4a08b
- set wildcard-fqdn "*update.microsoft.com"
- next
- edit "swscan.apple.com"
- set uuid a413202c-574f-51ea-8b54-8677d0eae5e7
- set wildcard-fqdn "*swscan.apple.com"
- next
- edit "autoupdate.opera.com"
- set uuid a413293c-574f-51ea-1f10-953c1a650b0d
- set wildcard-fqdn "*autoupdate.opera.com"
- next
- end
- config firewall service category
- edit "General"
- set comment "General services."
- next
- edit "Web Access"
- set comment "Web access."
- next
- edit "File Access"
- set comment "File access."
- next
- edit "Email"
- set comment "Email services."
- next
- edit "Network Services"
- set comment "Network services."
- next
- edit "Authentication"
- set comment "Authentication service."
- next
- edit "Remote Access"
- set comment "Remote access."
- next
- edit "Tunneling"
- set comment "Tunneling service."
- next
- edit "VoIP, Messaging & Other Applications"
- set comment "VoIP, messaging, and other applications."
- next
- edit "Web Proxy"
- set comment "Explicit web proxy."
- next
- end
- config firewall service custom
- edit "ALL"
- set category "General"
- set protocol IP
- next
- edit "ALL_TCP"
- set category "General"
- set tcp-portrange 1-65535
- next
- edit "ALL_UDP"
- set category "General"
- set udp-portrange 1-65535
- next
- edit "ALL_ICMP"
- set category "General"
- set protocol ICMP
- unset icmptype
- next
- edit "ALL_ICMP6"
- set category "General"
- set protocol ICMP6
- unset icmptype
- next
- edit "GRE"
- set category "Tunneling"
- set protocol IP
- set protocol-number 47
- next
- edit "AH"
- set category "Tunneling"
- set protocol IP
- set protocol-number 51
- next
- edit "ESP"
- set category "Tunneling"
- set protocol IP
- set protocol-number 50
- next
- edit "AOL"
- set visibility disable
- set tcp-portrange 5190-5194
- next
- edit "BGP"
- set category "Network Services"
- set tcp-portrange 179
- next
- edit "DHCP"
- set category "Network Services"
- set udp-portrange 67-68
- next
- edit "DNS"
- set category "Network Services"
- set tcp-portrange 53
- set udp-portrange 53
- next
- edit "FINGER"
- set visibility disable
- set tcp-portrange 79
- next
- edit "FTP"
- set category "File Access"
- set tcp-portrange 21
- next
- edit "FTP_GET"
- set category "File Access"
- set tcp-portrange 21
- next
- edit "FTP_PUT"
- set category "File Access"
- set tcp-portrange 21
- next
- edit "GOPHER"
- set visibility disable
- set tcp-portrange 70
- next
- edit "H323"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 1720 1503
- set udp-portrange 1719
- next
- edit "HTTP"
- set category "Web Access"
- set tcp-portrange 80
- next
- edit "HTTPS"
- set category "Web Access"
- set tcp-portrange 443
- next
- edit "IKE"
- set category "Tunneling"
- set udp-portrange 500 4500
- next
- edit "IMAP"
- set category "Email"
- set tcp-portrange 143
- next
- edit "IMAPS"
- set category "Email"
- set tcp-portrange 993
- next
- edit "Internet-Locator-Service"
- set visibility disable
- set tcp-portrange 389
- next
- edit "IRC"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 6660-6669
- next
- edit "L2TP"
- set category "Tunneling"
- set tcp-portrange 1701
- set udp-portrange 1701
- next
- edit "LDAP"
- set category "Authentication"
- set tcp-portrange 389
- next
- edit "NetMeeting"
- set visibility disable
- set tcp-portrange 1720
- next
- edit "NFS"
- set category "File Access"
- set tcp-portrange 111 2049
- set udp-portrange 111 2049
- next
- edit "NNTP"
- set visibility disable
- set tcp-portrange 119
- next
- edit "NTP"
- set category "Network Services"
- set tcp-portrange 123
- set udp-portrange 123
- next
- edit "OSPF"
- set category "Network Services"
- set protocol IP
- set protocol-number 89
- next
- edit "PC-Anywhere"
- set category "Remote Access"
- set tcp-portrange 5631
- set udp-portrange 5632
- next
- edit "PING"
- set category "Network Services"
- set protocol ICMP
- set icmptype 8
- unset icmpcode
- next
- edit "TIMESTAMP"
- set protocol ICMP
- set visibility disable
- set icmptype 13
- unset icmpcode
- next
- edit "INFO_REQUEST"
- set protocol ICMP
- set visibility disable
- set icmptype 15
- unset icmpcode
- next
- edit "INFO_ADDRESS"
- set protocol ICMP
- set visibility disable
- set icmptype 17
- unset icmpcode
- next
- edit "ONC-RPC"
- set category "Remote Access"
- set tcp-portrange 111
- set udp-portrange 111
- next
- edit "DCE-RPC"
- set category "Remote Access"
- set tcp-portrange 135
- set udp-portrange 135
- next
- edit "POP3"
- set category "Email"
- set tcp-portrange 110
- next
- edit "POP3S"
- set category "Email"
- set tcp-portrange 995
- next
- edit "PPTP"
- set category "Tunneling"
- set tcp-portrange 1723
- next
- edit "QUAKE"
- set visibility disable
- set udp-portrange 26000 27000 27910 27960
- next
- edit "RAUDIO"
- set visibility disable
- set udp-portrange 7070
- next
- edit "REXEC"
- set visibility disable
- set tcp-portrange 512
- next
- edit "RIP"
- set category "Network Services"
- set udp-portrange 520
- next
- edit "RLOGIN"
- set visibility disable
- set tcp-portrange 513:512-1023
- next
- edit "RSH"
- set visibility disable
- set tcp-portrange 514:512-1023
- next
- edit "SCCP"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 2000
- next
- edit "SIP"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 5060
- set udp-portrange 5060
- next
- edit "SIP-MSNmessenger"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 1863
- next
- edit "SAMBA"
- set category "File Access"
- set tcp-portrange 139
- next
- edit "SMTP"
- set category "Email"
- set tcp-portrange 25
- next
- edit "SMTPS"
- set category "Email"
- set tcp-portrange 465
- next
- edit "SNMP"
- set category "Network Services"
- set tcp-portrange 161-162
- set udp-portrange 161-162
- next
- edit "SSH"
- set category "Remote Access"
- set tcp-portrange 22
- next
- edit "SYSLOG"
- set category "Network Services"
- set udp-portrange 514
- next
- edit "TALK"
- set visibility disable
- set udp-portrange 517-518
- next
- edit "TELNET"
- set category "Remote Access"
- set tcp-portrange 23
- next
- edit "TFTP"
- set category "File Access"
- set udp-portrange 69
- next
- edit "MGCP"
- set visibility disable
- set udp-portrange 2427 2727
- next
- edit "UUCP"
- set visibility disable
- set tcp-portrange 540
- next
- edit "VDOLIVE"
- set visibility disable
- set tcp-portrange 7000-7010
- next
- edit "WAIS"
- set visibility disable
- set tcp-portrange 210
- next
- edit "WINFRAME"
- set visibility disable
- set tcp-portrange 1494 2598
- next
- edit "X-WINDOWS"
- set category "Remote Access"
- set tcp-portrange 6000-6063
- next
- edit "PING6"
- set protocol ICMP6
- set visibility disable
- set icmptype 128
- unset icmpcode
- next
- edit "MS-SQL"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 1433 1434
- next
- edit "MYSQL"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 3306
- next
- edit "RDP"
- set category "Remote Access"
- set tcp-portrange 3389
- next
- edit "VNC"
- set category "Remote Access"
- set tcp-portrange 5900
- next
- edit "DHCP6"
- set category "Network Services"
- set udp-portrange 546 547
- next
- edit "SQUID"
- set category "Tunneling"
- set tcp-portrange 3128
- next
- edit "SOCKS"
- set category "Tunneling"
- set tcp-portrange 1080
- set udp-portrange 1080
- next
- edit "WINS"
- set category "Remote Access"
- set tcp-portrange 1512
- set udp-portrange 1512
- next
- edit "RADIUS"
- set category "Authentication"
- set udp-portrange 1812 1813
- next
- edit "RADIUS-OLD"
- set visibility disable
- set udp-portrange 1645 1646
- next
- edit "CVSPSERVER"
- set visibility disable
- set tcp-portrange 2401
- set udp-portrange 2401
- next
- edit "AFS3"
- set category "File Access"
- set tcp-portrange 7000-7009
- set udp-portrange 7000-7009
- next
- edit "TRACEROUTE"
- set category "Network Services"
- set udp-portrange 33434-33535
- next
- edit "RTSP"
- set category "VoIP, Messaging & Other Applications"
- set tcp-portrange 554 7070 8554
- set udp-portrange 554
- next
- edit "MMS"
- set visibility disable
- set tcp-portrange 1755
- set udp-portrange 1024-5000
- next
- edit "KERBEROS"
- set category "Authentication"
- set tcp-portrange 88 464
- set udp-portrange 88 464
- next
- edit "LDAP_UDP"
- set category "Authentication"
- set udp-portrange 389
- next
- edit "SMB"
- set category "File Access"
- set tcp-portrange 445
- next
- edit "NONE"
- set visibility disable
- set tcp-portrange 0
- next
- edit "webproxy"
- set proxy enable
- set category "Web Proxy"
- set protocol ALL
- set tcp-portrange 0-65535:0-65535
- next
- end
- config firewall service group
- edit "Email Access"
- set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
- next
- edit "Web Access"
- set member "DNS" "HTTP" "HTTPS"
- next
- edit "Windows AD"
- set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
- next
- edit "Exchange Server"
- set member "DCE-RPC" "DNS" "HTTPS"
- next
- end
- config vpn certificate ca
- end
- config vpn certificate local
- edit "Fortinet_CA_SSL"
- set password ENC qVGj8Xd+OCkrDrIBn3DOYsb+PJPQ1LKr9J+bPGgp79z6ekvA406LYgMpwB1AsEFiKycFB3hRl8fIBEgcnsnOhbfkFJBDCAFCMpyC+jxXDhJDkYgEVQJB198vcKwYJKwOX2piPdi/q6Oa+rxfJdr68ZcgjUZlu4deczZuBJxqmQAXNZgQPA0YZC13EJ46ncG5oAaHgQ==
- set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIw1notdRa36cCAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAVfg9hWziBRBIIBYGg6QZI6mE3F
- xfIPhbr/NgGi+/T7RGivWeYLkGhfV9OR1d/KZtOC1MYkezJjzV+3AogJ46jiVejV
- SF3PXre7Rt15iM6O4vANubnLS47yhkCOk3sgIYiBJ37bn3OpqUjDG170uo+YkHV6
- Lz1jTHUAbhNub4xvNWEaOBHowjRHSeOFELLnxR8T4rSX6KHhzVQOfz45fDgqvWF0
- H1mTwuq3CoarmGVcQMRi9G036qyANcpcpQ64hspCKBtVfH9pYycINcYpx1bkisQm
- ikLLYzh7GaMbzoL5R/i/snuqrrrN258SNOafjHygLh6ub4d48hGvSs1h/jc2QN8b
- tsuiVj2wXQnnKxzd7mtn00Wi4lwLt8vj1mzLrLoVLnIgmKYubZb34xz/qlL5pjzB
- dqQozbFAYo7kAI7rRLZXU7kXGP+5jM71m7UeNqD5HHe0n0NydgZqP+jPCwj+9I/w
- HHOQU5Vuox8=
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICXDCCAgagAwIBAgIINV9bVNCGG78wDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
- dHkxGTAXBgNVBAMMEEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1
- cHBvcnRAZm9ydGluZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAx
- M1owgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
- DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
- Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkq
- hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMFwwDQYJKoZIhvcNAQEBBQAD
- SwAwSAJBAKPupHNHcqAR9rfd0hdrG+it/S14EeedPrTEEQJ38YrPcRDQYr20SgsL
- sicwOc1YcoUCqDrI2UtZbPf+AZhno1MCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
- BgkqhkiG9w0BAQsFAANBAApI53cI54BTdaagVIcwpsR7btsuvlZTVPHOEH6XVjU5
- Y7za+9jP5kk5dqQu9teYu4992LA67ERMiP2OxdPE4H0=
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_CA_Untrusted"
- set password ENC 1MUlL+WSVT6oSxGPsnyndomlLjquRTZQ2UPCKtXRw78enqHfS2iTtrf5DDhs7tDclcDUgpO9oKcmqTiQ4jRTgVIaJu0IsE/AFsFamOLBFBEqDvc4bH2OWbBilAyVPNd84l43NJ9kDzBHSQL5gwnnabIjV2Ycnh44XthqT2VlQd30QHRedFppzZUzUDeOMUrfAbMFpA==
- set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIG9uRNzwsBmECAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBknGT7raMraBIIBYGp+mf5rERbp
- rPjMfWZ02Bo9PODFRZ4pVfYNqa2ESiRDEgXLibFy0TJtmQa2oiV7pwGaGRJWNuhR
- ZiVDVAfbr8WHvHHbsWUJyt0/jDZbuSDNU4E8WnCBndXC8ItaBuicN6wkkvfWrsJi
- c5v20Oj+oBRddWI8EMp3D419ICNfFIsZL60kWSjDE41KtJ0elCiaTAQs++m/hWzk
- Tt7HsaS+TfTlj/mx2Kkt948dJq6wH/OpWesAQjrUavQDOYF/4ZURZvjR6t3Fo9Az
- JETwr5lKM5n0YMWLQ7TWyoULg/jJub1fN9yIFUoqtsqCdtby8tztc+vU9BWiFPso
- Q1xD1Hqf5uh15mkZWQHedp+vuNhf6w0mCB88wtz1TQSyGtdIYzsKvG2bppMWZoLR
- B+5Fpjm5t1GrhzbJ8iSqA/1zcw98ytQX8z1A+YDW3tosXvMHohiWav/IOTAM3ijU
- SlU8i8ybGTQ=
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICZjCCAhCgAwIBAgIIIF+6UNNe4qYwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
- dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
- ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwMjI0MjE1MDEzWhcNMzAwMjI0
- MjE1MDEzWjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
- BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
- cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
- IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG
- SIb3DQEBAQUAA0sAMEgCQQC4T0/b9vn42Gt6E6ARUW7T14uWuy48nYgzYZOS9SDc
- zmZOaM4Ig0FigXgg3lMGFioR7fqXS1RGViJtDe836uvDAgMBAAGjEDAOMAwGA1Ud
- EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQA4usG/kUf9/5C+Sz2/pqb16VUb0ymF
- wbSGnHQjk4CTxmsIZ8ybdx5L2ELAcqM6VcqoSdXBZSLcjyFb4fg2+C1M
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL"
- set password ENC dJulCh/XL26f13uwpvTShxn8c8C+loe7xAnTI/A9DY31T+7c5vT1YX8I4fmaVlgseoEST15o4UsIJ81FxW/dKyJ4b9cAbhk2Sh8WXL/pqqZzCp1pOlhF/KMNL0mGGm2kQCXfBP4MmPw3peONJBQMPraadyFA9wn4D3Bouyheb6fK9UBez6Y/aMa+P0nbiBMfmjVsDQ==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeEFCota4SMICAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMLXpDpXH4pcBIIBYJaqAPiTmv6x
- NqG3/33jRXwKxkVnTszLz7CuSD85nNfLo0nHNaTyoXX9RttyjYlWsLxGdrx/5qoY
- ykEz64l83XmLNaraE/p23+kJ3rXfrrOZZi2dZ1dkaej+tJMQtOeDbPcOEdDMmvBI
- QNkuNLzTxlbFCdpvLuZSY2xHDQOZV8akRqMdd7Img6xUgwHdH0c90TkEcM1iIvpC
- J7GsoHncScWLanQhn/Ny1hBZ/mDaTtF8VYn/A0VAVrkGUOG6K9aE7ZSP671Wgg48
- AaXO/3iLzqETc/IdjOejFWbHNtd1Gtky1zc1EfFWDlFOXLEHDEYjgOMtS8ZQZaTK
- DAFcWPZcf7d4rO0qJCRc3oTUlGKO8Y8mOG3LlS0IMH8N2JfL2TYftXWbbVEYS5eM
- j95SWXYQ4iU3a4hw6yor8jmP1lZMR1BftUYyu7FSUpqkZpCUW2e65STRV1ajGttY
- Ymg6XBodGko=
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICQTCCAeugAwIBAgIINB3oNygBTOIwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
- EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
- ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
- EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
- ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANzdx5xVQOBOjw1l5QGvUK0a
- eya79hzmMxtXL7fFoVsyeHVdjPbIenRXVIwQF14/MZjX1n4I6RjX/AdAOb3oSQkC
- AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAChW2PH4uqJwSbX5
- mGHIp9hur+27IlbVliyL6XufGgYut6upMng1YBZVsbhogtblULTZs2fm8m0ViXSX
- dF5ga9s=
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL_RSA1024"
- set password ENC 8DLHankv26c6DT8S2kcdDB3xwi2G7qc+MwD4l++eQc5uzAD4q73OyDFd8aQ9uyaXfmgc3zi243tkgT7y+J5pfRvpnqZJnIoZUR+4ZjDiBozGVCU80VSmv/UTdSiuN7hVGeRPxOZf/GYGCOSdMguuYfjDjTXxjsMbhPeKfVXQ32tqoe+uhij5qLFVr5q7UnQfH7IjTA==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsWOUvo/IbAoCAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDxWcahgIbH1BIIBYHwmvs2wvOpG
- 049frjzbcYZmQ9MUu7rZ3jVLuRZu+gqMBICeLIu8w2fSpHJviWvLTweCE4AwWQZ6
- U/hCOoPqdsa8qJIzwILuYKDj2C4m1xnAdE3AepAPKVhye4zMV2eykiqIFm1tO55C
- 8rLIMb9Vi/IT6bbFtgD739Ijty9v2PLLwuD2+xgkLfyIS35coe4Wv3aSkYdykheq
- yP7PQ2oNlc0aMZ0IIn8EedQZXbejUma6YnBIHwvklXnG76knIfYhnpljKw9BtZ55
- UnTVNRdrm4WVt/JM7FAa56KEm9KNOpU5tOCkIfOeWh7pe+c5zS+hM4OXej/2cZJM
- 6mugCBR0i6kdG2U0uSBhxClUEt6cV9Z7Ody8CzICECRZLJA+7fLByKTvMHVDJrEy
- w+hnHu3KW2FLNCTdmc2CxC7/2l6SP0rkAv6kSRiSqllLZ1pCXZ8VTK07WlimUC5z
- qoIs5rnXWaI=
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICQTCCAeugAwIBAgIITuU1BTAc8o0wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
- EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
- ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
- EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
- ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALS/Tyxy1AdFTSmESxnWuOP6
- 7S2Ef36hfSfLaW+qTd0qmNR88WIOB3IHXSnCEKzBa//8h20T66ssaZ6W7VHZxhMC
- AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBABSf3vjDIENYimJS
- A2xLcknZrsIJArzEdku9T/ISPOKEp2gTDqHaMGTw3ezgYnXx5KqTADBwcVgEpen5
- +bIHkk8=
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL_RSA2048"
- set password ENC jzKFKoZRSWrmbIk3LwWP+86uU91UwZ48QkyS4yh4XNgkaV4PFbVZV6AnEAPCdF8qHJIL4zl56JHihV30cOFe8oweF7iWso6YsPdY9C0zdia7SMEE5fCOA2YhNsiiL7jSFxTHDnrJAhN/EfxXiHOJ+W0ggHy8Rxyb7n1JyMeClM93lg7qVsa1z7HT9qC+gL2acN1vdw==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcnpWG5bGj2UCAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMJzA6t1IbiqBIIBYCsrw4fmiWOX
- 85VUWtBdXK8/3YHr+sQhk5IZjv2YowKo6ZttqpNseijQMPdmmjkGnAWkcJAnA9lQ
- U8H4MeEnA35ifg/AzIOr2Sp5gmDKIugZfMc9IVYVrfRy8QJ3pQXcAqIBhT+he6DF
- OgPjGmcXHOo5UB6Kgc6urQ80JuZEftHL9h78j8sMwVBdSvxkEBv3a/G5Mwx7p8LT
- ajpKZgX/jQB186yxAQub7mwVLDdpXSawES1D3IiKC4L+FfIvkkEST5hhFo8cY6jX
- iEjArjdNmdyEx80le2onnmnAziR1kJ0GcNiwk570roBGHbMVkLJ7aOjmnGh+fcy6
- nBtUrhmj8ONqErbNefD5w4cDcdgHAVkIjqofglZ0a7D+haE2v4PPqK20ocpLCf/B
- 9PKX7dp0Gu9JJ0S6W4aa+/fJwvcopQ/4hduq8fP3q2pq5rBbi6j72Rsrxsh/L/jb
- EYe1ZqAF43U=
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICQTCCAeugAwIBAgIIX8a3Eudj3eMwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
- EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
- ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
- BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
- ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
- EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
- ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOTcsUQKWfGyBUMolj+1uB/6
- tHzmBirJ5EE5U3lfkIj7V8fK8U6yGjcUIazYd7tzMJr2I7nOX+m0x1bRXOYzUZcC
- AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAGd/1czqXin81ui/
- 7rBNlfX09KEmBPzBM2HoyDNOTkBoON8iRUnIi/+LTJIhxoi9KsI3hQQoZKbkv2Kg
- pfrOeto=
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL_DSA1024"
- set password ENC V6Q3eSmPMiSFb0Mc0Q7vUb3kPK11LQfknZnjzdjGmfSSKZhR8gVL6i28d42iO/nPOeD7l3RO6FVGGFkPDzSLqdI/TpvwZLMJ9hkFYC9gCZqurJmMMuEl/Ra8HBkq3rINNrU9S2rCLp9L9JpOj56APlR1ydbel3sW+i7MLSCpSpRvypGh8oz35Rv+eC0WdU85VpQ7aA==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJqervJdp5RwCAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLZoqvb4POo9BIHQwyJwkQfpgVSR
- hka189ZLquE7GDRa420CkeHCIeWMKaimWxeXD8+xLCCzdQL0bRMTKWWcUfWnP4RK
- VDZ9ydsjtvV73a1JpzzMEAVNWbrHF5/+FuJ484bavm/nYP0vc6NI+Wop50k49Zzi
- GD9wlNW+H2S844ow5x6VPaFENbz7KA0/YII5rKW7qPDLP9ohPOWKsGYS+0K5R+2G
- AR0sInEThVynoQSepcwhCbSxTeIua/SpGVglmm5+NzajYnhmvvBaLlQbjZcXfvz4
- WpC2UGzouA==
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICwDCCAn6gAwIBAgIIO81eT0Y0brAwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
- EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
- DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
- R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
- LmNvbTAeFw0yMDAyMjQyMTUwMTNaFw0zMDAyMjQyMTUwMTNaMIGdMQswCQYDVQQG
- EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
- DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
- R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
- LmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJsIjdORkGk89t/EMmKQFxfXKGp+nRPA
- 43u8D5SznBW9OHYEaRsvqJy2nxjPHuP4ChdrT45/Rfqy+6SWgKXgaw0CFQDt6niL
- xAELeken+esco8pbcHxaXwJAFgzYwHv63iMLn5Gb7IUPq5a2T6kwZ0uiJjn7TIv9
- hf4oXnLC8xBeAYqypjofobt9e5dOfgS8muRRBeUBSR0yjANDAAJAaPKC/Ckdkm8y
- t8L+psXLc+Pu+kDSmOhk0hcFTVczUWiDbd8NJ4mPewRbnLAzmN2BNr+V97ZNuCME
- LW6EozuucaMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDLwAwLAIUDQ41rMtx
- /JLPydVFgyBWmUeEKr8CFDboeVsi62alnjK8ce82UtdHdKrw
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL_DSA2048"
- set password ENC mTYtePOB/xSsZ4sOspAaPxiCxtb60V1gGjRCkBNWwfh4SNQWnLbSeZqbTBfamCnFzi5cWH5h+MBeTVv5cepLx85JQX/Ilv4FTNFh1404ItMIjj2SgYnhkOYlXlFIV1JIafQWDq7zReXmdAaInoXPf74OuUn01N6R6avBJ39D1C6NgS36UpLB3i/LoKzJxx3PUUr1aw==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeNGLDtmtzXgCAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAE8F2KwvuzwBIHQ+mhmgjOJkrri
- bYbR4K8b0aWdX0K6r0s2iZDuVK9YVChTkzbZQqe8uEEwVfDG6rugpiIkFr2js66y
- cLItZHRPDixq5wBZTizmQbRvnbiKcO/EZJx6eQajAvkQFb0mUmENCPXfNX2AwkZ0
- bNjI1dtPzpZ2OqJn2A6AhvY33/BIKELGXUEHtxOG+bmNKMrHtD4xjEkX7yGcFsWg
- yQC3IwSAheV37+6UHNhNbWj+kA////1NnXvnCcZBQhatPV3Ccs3jx76VkaWn+366
- 18MSQCx2UQ==
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICxDCCAoCgAwIBAgIIZT00B2DTjGgwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
- EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
- DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
- R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
- LmNvbTAeFw0yMDAyMjQyMTUwMTNaFw0zMDAyMjQyMTUwMTNaMIGdMQswCQYDVQQG
- EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
- DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
- R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
- LmNvbTCB8jCBqQYHKoZIzjgEATCBnQJBANBLRl5vxi6xLwhr/73tuUJnikffIpWl
- ghnqo4oTJe6JdL/JuuprQG5e1NgVPhveo5orP0pyVXfnZTj2h0cW6aMCFQDdQaID
- lzWvqo5YsyI4VLpDKRKaKwJBAK4IBqcjeEn2sVYy4bCru6vz6DGi+27MMRlwwLes
- sEdx2OYMfKGFLISO8mY+S2rJITOx6364f7ETBKYGpb4BlwcDRAACQQCD9vMaF+KU
- /Os5UCCn5WLBCVyU/IPygiLj6poM3JS6LWHqh2lqc9TOEokABU+9z9ZmsvooOJaM
- sJ1wO1MKE29yow0wCzAJBgNVHRMEAjAAMAsGCWCGSAFlAwQDAgMxADAuAhUAhuk4
- xSLoqFO2+8f3J9WFEUNe82ACFQCfBQ6tkxDmdf9UPhcihr8AXNvC9Q==
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL_ECDSA256"
- set password ENC npT1uUJyYYIEnWQ+G4PFPGLXMGufbq3haH1Lt5mDuFzOe+dLrVB19unkzGFy2A4ZQuvTFSX0oh4k3ElMH3r6WB6P9v47OcCBN5Y88VggLprS1KFKfl/Mzx5e+8oTFOpNpvAejg8rNjEMGqDwmbv6nMWgFS8tR3w1FZCwBxLtqO2incLn6OUP4T7kmBbiikdRjHGbrw==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAipDE+PNyBoWAICCAAw
- DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkfgqatkjNmIEgZDWlXska/YJHQR7
- WYUQ8G3wTA3qFxdImM9ssyaWtNyxtchggrIeJOqbHC64t136RJkN27SCfNYW9Wv5
- 4qyzdkfc+xSY8qGPWjSoi7OCUh08/WrDAnT0hN7PokWmVmcvX5ndwbSjjHdPJi92
- sdFe0jnrKxVSZ1oPK+xoNa5Z26UsmfMUX0y2Cb62+TGQ64C5xUM=
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICPjCCAeWgAwIBAgIICVS/9sw0RT8wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
- AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
- BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
- Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
- Y29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNVBAYT
- AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
- BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
- Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
- Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEi9LBJPxIL5BIMgrdpV5JnbkL
- Y+sr/+gob43515vMBLFxUJsdJyqjOAdmnqMAav9yqWvEs1DecXGAKwO9XAnRbqMN
- MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNHADBEAiANqG1ivrfBdT2vI8F4+n2E
- gGqnowqzoDHg313WN9CqAQIgd98CXMxlaMCipPn/3Fw2VqInng94qkVYlNGOeye/
- Z0g=
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- edit "Fortinet_SSL_ECDSA384"
- set password ENC pdOIryXKo2gLCdz1OTau2BOZmrLAHEI+FslpbUS49Ou3etS0pSW8jVPiXQ/HC2dhsfGvdE4AsfgywzTI/JaBOEREF/jvxtgmW/AOnHR7poon2HTGTN2mQyExpK/AdrYrKPqE7rQmZYM2yuM3cd0a2OxmKhtwP/NXfe8KswkdY40P4RuBidOfSBFNjziDXYqNLeWhaw==
- set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
- set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIyygrzo6X4VoCAggA
- MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGeRdGqh2rUFBIHAcpRgzDXaA0Aq
- uVm265u64DM03P9xOPmqWuUFM7xpLHiaYs5oDab7Cc0XhMP1HNFu2U8+LS+Vx/GL
- kjPiYCybSOSM6WiXe/ox7CE05vAJbtrOTJWlHELxWI64NbEHlizWIwvvcQYotMOa
- +4/ZBgTVwMPbEIVFfRoEZZXnwB6I91du0K8uTLolWpibFJ+jrJpVN+x4hBuNF/OC
- hG+d+hZpeKWqNP0fcesN0LgdjJj3BrfID8YbLBRhKiwDlhnMrRLl
- -----END ENCRYPTED PRIVATE KEY-----"
- set certificate "-----BEGIN CERTIFICATE-----
- MIICfTCCAgKgAwIBAgIIZmRZ1535awIwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
- AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
- BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
- Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
- Y29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNVBAYT
- AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
- BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
- Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
- Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7dTElGm8XDrFGWrylY1ty2c211BB
- hYcUoI+iWHzB7MUCETu+aH3+3Iw4LRTvlY0gRO5muAXHLJbP0X/Vrzk8r09PMBlf
- 6tVGFf6a1fFQvOdtbN9ot/q99df8rg72043mow0wCzAJBgNVHRMEAjAAMAoGCCqG
- SM49BAMCA2kAMGYCMQDT9MaoRQmpYnvWP0EaHtCE6bKG+Z8A3lhS0r4R1WzExV21
- OmzKf2zrVhaR8+J8uTACMQC4WPR1Nisl6egolX1GQnL4ewQ+m253HyOuOg6YySjw
- 7rRTWNVF9HwLs6yduDvkovY=
- -----END CERTIFICATE-----"
- set range global
- set source factory
- set last-updated 1582581014
- next
- end
- config webfilter ftgd-local-cat
- edit "custom1"
- set id 140
- next
- edit "custom2"
- set id 141
- next
- end
- config ips sensor
- edit "default"
- set comment "Prevent critical attacks."
- config entries
- edit 1
- set severity medium high critical
- next
- end
- next
- edit "sniffer-profile"
- set comment "Monitor IPS attacks."
- config entries
- edit 1
- set severity medium high critical
- next
- end
- next
- edit "wifi-default"
- set comment "Default configuration for offloading WiFi traffic."
- config entries
- edit 1
- set severity medium high critical
- next
- end
- next
- edit "all_default"
- set comment "All predefined signatures with default setting."
- config entries
- edit 1
- next
- end
- next
- edit "all_default_pass"
- set comment "All predefined signatures with PASS action."
- config entries
- edit 1
- set action pass
- next
- end
- next
- edit "protect_http_server"
- set comment "Protect against HTTP server-side vulnerabilities."
- config entries
- edit 1
- set location server
- set protocol HTTP
- next
- end
- next
- edit "protect_email_server"
- set comment "Protect against email server-side vulnerabilities."
- config entries
- edit 1
- set location server
- set protocol SMTP POP3 IMAP
- next
- end
- next
- edit "protect_client"
- set comment "Protect against client-side vulnerabilities."
- config entries
- edit 1
- set location client
- next
- end
- next
- edit "high_security"
- set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
- set block-malicious-url enable
- config entries
- edit 1
- set severity medium high critical
- set status enable
- set action block
- next
- edit 2
- set severity low
- next
- end
- next
- end
- config firewall shaper traffic-shaper
- edit "high-priority"
- set maximum-bandwidth 1048576
- set per-policy enable
- next
- edit "medium-priority"
- set maximum-bandwidth 1048576
- set priority medium
- set per-policy enable
- next
- edit "low-priority"
- set maximum-bandwidth 1048576
- set priority low
- set per-policy enable
- next
- edit "guarantee-100kbps"
- set guaranteed-bandwidth 100
- set maximum-bandwidth 1048576
- set per-policy enable
- next
- edit "shared-1M-pipe"
- set maximum-bandwidth 1024
- next
- end
- config web-proxy global
- set proxy-fqdn "default.fqdn"
- end
- config application list
- edit "default"
- set comment "Monitor all applications."
- config entries
- edit 1
- set action pass
- next
- end
- next
- edit "sniffer-profile"
- set comment "Monitor all applications."
- unset options
- config entries
- edit 1
- set action pass
- next
- end
- next
- edit "wifi-default"
- set comment "Default configuration for offloading WiFi traffic."
- set deep-app-inspection disable
- config entries
- edit 1
- set action pass
- set log disable
- next
- end
- next
- edit "block-high-risk"
- config entries
- edit 1
- set category 2 6
- next
- edit 2
- set action pass
- next
- end
- next
- end
- config dlp filepattern
- edit 1
- set name "builtin-patterns"
- config entries
- edit "*.bat"
- next
- edit "*.com"
- next
- edit "*.dll"
- next
- edit "*.doc"
- next
- edit "*.exe"
- next
- edit "*.gz"
- next
- edit "*.hta"
- next
- edit "*.ppt"
- next
- edit "*.rar"
- next
- edit "*.scr"
- next
- edit "*.tar"
- next
- edit "*.tgz"
- next
- edit "*.vb?"
- next
- edit "*.wps"
- next
- edit "*.xl?"
- next
- edit "*.zip"
- next
- edit "*.pif"
- next
- edit "*.cpl"
- next
- end
- next
- edit 2
- set name "all_executables"
- config entries
- edit "bat"
- set filter-type type
- set file-type bat
- next
- edit "exe"
- set filter-type type
- set file-type exe
- next
- edit "elf"
- set filter-type type
- set file-type elf
- next
- edit "hta"
- set filter-type type
- set file-type hta
- next
- end
- next
- end
- config dlp sensitivity
- edit "Private"
- next
- edit "Critical"
- next
- edit "Warning"
- next
- end
- config dlp sensor
- edit "default"
- set comment "Default sensor."
- next
- edit "sniffer-profile"
- set comment "Log a summary of email and web traffic."
- set summary-proto smtp pop3 imap http-get http-post
- next
- end
- config webfilter ips-urlfilter-setting
- end
- config webfilter ips-urlfilter-setting6
- end
- config log threat-weight
- config web
- edit 1
- set category 26
- set level high
- next
- edit 2
- set category 61
- set level high
- next
- edit 3
- set category 86
- set level high
- next
- edit 4
- set category 1
- set level medium
- next
- edit 5
- set category 3
- set level medium
- next
- edit 6
- set category 4
- set level medium
- next
- edit 7
- set category 5
- set level medium
- next
- edit 8
- set category 6
- set level medium
- next
- edit 9
- set category 12
- set level medium
- next
- edit 10
- set category 59
- set level medium
- next
- edit 11
- set category 62
- set level medium
- next
- edit 12
- set category 83
- set level medium
- next
- edit 13
- set category 72
- next
- edit 14
- set category 14
- next
- end
- config application
- edit 1
- set category 2
- next
- edit 2
- set category 6
- set level medium
- next
- end
- end
- config icap profile
- edit "default"
- config icap-headers
- edit 1
- set name "X-Authenticated-User"
- set content "$user"
- next
- edit 2
- set name "X-Authenticated-Groups"
- set content "$local_grp"
- next
- end
- next
- end
- config user local
- edit "guest"
- set type password
- set passwd ENC 2rP7WdqHNrjaDruCFq9mvKeWQmazhD27AEhI/ip+eOFQDZXRKQZO/V4W1oo82trcBw3EG3j0G6eeldBYAgEflaGXYuD8IoDh//mVH8NUAhg31bSIol2q0DS97Wh1bLouGZq+cRSwWLIff7A9VNtWcO7cToVVyjcuH3FSRDXVq+Acx+o0lkx+4OEMHIYx99Keu1BURQ==
- next
- end
- config user setting
- set auth-cert "Fortinet_Factory"
- end
- config user group
- edit "SSO_Guest_Users"
- next
- edit "Guest-group"
- set member "guest"
- next
- end
- config vpn ssl web host-check-software
- edit "FortiClient-AV"
- set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
- next
- edit "FortiClient-FW"
- set type fw
- set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
- next
- edit "FortiClient-AV-Vista"
- set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
- next
- edit "FortiClient-FW-Vista"
- set type fw
- set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
- next
- edit "FortiClient-AV-Win7"
- set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
- next
- edit "AVG-Internet-Security-AV"
- set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
- next
- edit "AVG-Internet-Security-FW"
- set type fw
- set guid "8DECF618-9569-4340-B34A-D78D28969B66"
- next
- edit "AVG-Internet-Security-AV-Vista-Win7"
- set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
- next
- edit "AVG-Internet-Security-FW-Vista-Win7"
- set type fw
- set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
- next
- edit "CA-Anti-Virus"
- set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
- next
- edit "CA-Internet-Security-AV"
- set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
- next
- edit "CA-Internet-Security-FW"
- set type fw
- set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
- next
- edit "CA-Internet-Security-AV-Vista-Win7"
- set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
- next
- edit "CA-Internet-Security-FW-Vista-Win7"
- set type fw
- set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
- next
- edit "CA-Personal-Firewall"
- set type fw
- set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
- next
- edit "F-Secure-Internet-Security-AV"
- set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
- next
- edit "F-Secure-Internet-Security-FW"
- set type fw
- set guid "D4747503-0346-49EB-9262-997542F79BF4"
- next
- edit "F-Secure-Internet-Security-AV-Vista-Win7"
- set guid "15414183-282E-D62C-CA37-EF24860A2F17"
- next
- edit "F-Secure-Internet-Security-FW-Vista-Win7"
- set type fw
- set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
- next
- edit "Kaspersky-AV"
- set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
- next
- edit "Kaspersky-FW"
- set type fw
- set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
- next
- edit "Kaspersky-AV-Vista-Win7"
- set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
- next
- edit "Kaspersky-FW-Vista-Win7"
- set type fw
- set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
- next
- edit "McAfee-Internet-Security-Suite-AV"
- set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
- next
- edit "McAfee-Internet-Security-Suite-FW"
- set type fw
- set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
- next
- edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
- set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
- next
- edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
- set type fw
- set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
- next
- edit "McAfee-Virus-Scan-Enterprise"
- set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
- next
- edit "Norton-360-2.0-AV"
- set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
- next
- edit "Norton-360-2.0-FW"
- set type fw
- set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
- next
- edit "Norton-360-3.0-AV"
- set guid "E10A9785-9598-4754-B552-92431C1C35F8"
- next
- edit "Norton-360-3.0-FW"
- set type fw
- set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
- next
- edit "Norton-Internet-Security-AV"
- set guid "E10A9785-9598-4754-B552-92431C1C35F8"
- next
- edit "Norton-Internet-Security-FW"
- set type fw
- set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
- next
- edit "Norton-Internet-Security-AV-Vista-Win7"
- set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
- next
- edit "Norton-Internet-Security-FW-Vista-Win7"
- set type fw
- set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
- next
- edit "Symantec-Endpoint-Protection-AV"
- set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
- next
- edit "Symantec-Endpoint-Protection-FW"
- set type fw
- set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
- next
- edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
- set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
- next
- edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
- set type fw
- set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
- next
- edit "Panda-Antivirus+Firewall-2008-AV"
- set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
- next
- edit "Panda-Antivirus+Firewall-2008-FW"
- set type fw
- set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
- next
- edit "Panda-Internet-Security-AV"
- set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
- next
- edit "Panda-Internet-Security-2006~2007-FW"
- set type fw
- set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
- next
- edit "Panda-Internet-Security-2008~2009-FW"
- set type fw
- set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
- next
- edit "Sophos-Anti-Virus"
- set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
- next
- edit "Sophos-Enpoint-Secuirty-and-Control-FW"
- set type fw
- set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
- next
- edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
- set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
- next
- edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
- set type fw
- set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
- next
- edit "Trend-Micro-AV"
- set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
- next
- edit "Trend-Micro-FW"
- set type fw
- set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
- next
- edit "Trend-Micro-AV-Vista-Win7"
- set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
- next
- edit "Trend-Micro-FW-Vista-Win7"
- set type fw
- set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
- next
- edit "ZoneAlarm-AV"
- set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
- next
- edit "ZoneAlarm-FW"
- set type fw
- set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
- next
- edit "ZoneAlarm-AV-Vista-Win7"
- set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
- next
- edit "ZoneAlarm-FW-Vista-Win7"
- set type fw
- set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
- next
- edit "ESET-Smart-Security-AV"
- set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
- next
- edit "ESET-Smart-Security-FW"
- set type fw
- set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
- next
- end
- config vpn ssl web portal
- edit "full-access"
- set tunnel-mode enable
- set ipv6-tunnel-mode enable
- set web-mode enable
- set ip-pools "SSLVPN_TUNNEL_ADDR1"
- set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
- next
- end
- config vpn ssl settings
- set servercert "self-sign"
- set port 443
- end
- config voip profile
- edit "default"
- set comment "Default VoIP profile."
- next
- edit "strict"
- config sip
- set malformed-request-line discard
- set malformed-header-via discard
- set malformed-header-from discard
- set malformed-header-to discard
- set malformed-header-call-id discard
- set malformed-header-cseq discard
- set malformed-header-rack discard
- set malformed-header-rseq discard
- set malformed-header-contact discard
- set malformed-header-record-route discard
- set malformed-header-route discard
- set malformed-header-expires discard
- set malformed-header-content-type discard
- set malformed-header-content-length discard
- set malformed-header-max-forwards discard
- set malformed-header-allow discard
- set malformed-header-p-asserted-identity discard
- set malformed-header-sdp-v discard
- set malformed-header-sdp-o discard
- set malformed-header-sdp-s discard
- set malformed-header-sdp-i discard
- set malformed-header-sdp-c discard
- set malformed-header-sdp-b discard
- set malformed-header-sdp-z discard
- set malformed-header-sdp-k discard
- set malformed-header-sdp-a discard
- set malformed-header-sdp-t discard
- set malformed-header-sdp-r discard
- set malformed-header-sdp-m discard
- end
- next
- end
- config vpn ipsec phase1-interface
- edit "toDC-CURITIBA"
- set interface "port1"
- set peertype any
- set net-device enable
- set proposal des-sha256
- set nattraversal disable
- set remote-gw 10.1.2.2
- set psksecret ENC N+KxRL1BLtuISx2IPHN5NM/ipKLXKae5eMjVx/+q4sKLGnf+hxvnmp+rZFqxa7PdnXfvqXx+PTdnuP3VT3vE9aqR4RQBVwue+/EFS+DWIJxoP75zMllJAW1MvLO1vt6jFuZXzah8SUCDr96+wdS1ceMLq3eHGq3+hWftCUeMBDTs0THL48RKpHdY66a3W+tJcve2fw==
- next
- edit "toDC-CTA-TERR"
- set interface "port2"
- set peertype any
- set net-device enable
- set proposal des-sha256
- set nattraversal disable
- set remote-gw 10.44.112.33
- set psksecret ENC hjD5frclY1GmUkLLV8u9ARJljccM2GYSBoYKcp/SJuxuRuVoXCtEqKHmQI8K8og/Mb6JjgM5zs/CJiYjvhfW8EwEc7K31VWFiN7TLeUOaFRVXHUMJpYRBwgLV4Qsu1nmRxkU7ur3htSGCq46idaYWS38zcdmFTiGdMn9shPqs0v0owWLAvqAGKsamxf3eRSo0Nu6VQ==
- next
- end
- config vpn ipsec phase2-interface
- edit "toDC-CURITIBA"
- set phase1name "toDC-CURITIBA"
- set proposal des-md5 des-sha1
- next
- edit "toDC-CTA-TERR"
- set phase1name "toDC-CTA-TERR"
- set proposal des-md5 des-sha1
- next
- end
- config dnsfilter profile
- edit "default"
- set comment "Default dns filtering."
- config ftgd-dns
- config filters
- edit 1
- set category 2
- next
- edit 2
- set category 7
- next
- edit 3
- set category 8
- next
- edit 4
- set category 9
- next
- edit 5
- set category 11
- next
- edit 6
- set category 12
- next
- edit 7
- set category 13
- next
- edit 8
- set category 14
- next
- edit 9
- set category 15
- next
- edit 10
- set category 16
- next
- edit 11
- next
- edit 12
- set category 57
- next
- edit 13
- set category 63
- next
- edit 14
- set category 64
- next
- edit 15
- set category 65
- next
- edit 16
- set category 66
- next
- edit 17
- set category 67
- next
- edit 18
- set category 26
- set action block
- next
- edit 19
- set category 61
- set action block
- next
- edit 20
- set category 86
- set action block
- next
- edit 21
- set category 88
- set action block
- next
- edit 22
- set category 90
- set action block
- next
- edit 23
- set category 91
- set action block
- next
- end
- end
- set block-botnet enable
- next
- end
- config antivirus settings
- set grayware enable
- end
- config antivirus profile
- edit "default"
- set comment "Scan files and block viruses."
- config http
- set options scan
- end
- config ftp
- set options scan
- end
- config imap
- set options scan
- set executables virus
- end
- config pop3
- set options scan
- set executables virus
- end
- config smtp
- set options scan
- set executables virus
- end
- next
- edit "sniffer-profile"
- set comment "Scan files and monitor viruses."
- config http
- set options scan
- end
- config ftp
- set options scan
- end
- config imap
- set options scan
- set executables virus
- end
- config pop3
- set options scan
- set executables virus
- end
- config smtp
- set options scan
- set executables virus
- end
- next
- edit "wifi-default"
- set comment "Default configuration for offloading WiFi traffic."
- config http
- set options scan
- end
- config ftp
- set options scan
- end
- config imap
- set options scan
- set executables virus
- end
- config pop3
- set options scan
- set executables virus
- end
- config smtp
- set options scan
- set executables virus
- end
- next
- end
- config webfilter profile
- edit "default"
- set comment "Default web filtering."
- config ftgd-wf
- unset options
- config filters
- edit 1
- set action block
- next
- edit 2
- set category 2
- set action block
- next
- edit 3
- set category 7
- set action block
- next
- edit 4
- set category 8
- set action block
- next
- edit 5
- set category 9
- set action block
- next
- edit 6
- set category 11
- set action block
- next
- edit 7
- set category 12
- set action block
- next
- edit 8
- set category 13
- set action block
- next
- edit 9
- set category 14
- set action block
- next
- edit 10
- set category 15
- set action block
- next
- edit 11
- set category 16
- set action block
- next
- edit 12
- set category 26
- set action block
- next
- edit 13
- set category 57
- set action block
- next
- edit 14
- set category 61
- set action block
- next
- edit 15
- set category 63
- set action block
- next
- edit 16
- set category 64
- set action block
- next
- edit 17
- set category 65
- set action block
- next
- edit 18
- set category 66
- set action block
- next
- edit 19
- set category 67
- set action block
- next
- edit 20
- set category 86
- set action block
- next
- edit 21
- set category 88
- set action block
- next
- edit 22
- set category 90
- set action block
- next
- edit 23
- set category 91
- set action block
- next
- end
- end
- next
- edit "sniffer-profile"
- set comment "Monitor web traffic."
- config ftgd-wf
- config filters
- edit 1
- next
- edit 2
- set category 1
- next
- edit 3
- set category 2
- next
- edit 4
- set category 3
- next
- edit 5
- set category 4
- next
- edit 6
- set category 5
- next
- edit 7
- set category 6
- next
- edit 8
- set category 7
- next
- edit 9
- set category 8
- next
- edit 10
- set category 9
- next
- edit 11
- set category 11
- next
- edit 12
- set category 12
- next
- edit 13
- set category 13
- next
- edit 14
- set category 14
- next
- edit 15
- set category 15
- next
- edit 16
- set category 16
- next
- edit 17
- set category 17
- next
- edit 18
- set category 18
- next
- edit 19
- set category 19
- next
- edit 20
- set category 20
- next
- edit 21
- set category 23
- next
- edit 22
- set category 24
- next
- edit 23
- set category 25
- next
- edit 24
- set category 26
- next
- edit 25
- set category 28
- next
- edit 26
- set category 29
- next
- edit 27
- set category 30
- next
- edit 28
- set category 31
- next
- edit 29
- set category 33
- next
- edit 30
- set category 34
- next
- edit 31
- set category 35
- next
- edit 32
- set category 36
- next
- edit 33
- set category 37
- next
- edit 34
- set category 38
- next
- edit 35
- set category 39
- next
- edit 36
- set category 40
- next
- edit 37
- set category 41
- next
- edit 38
- set category 42
- next
- edit 39
- set category 43
- next
- edit 40
- set category 44
- next
- edit 41
- set category 46
- next
- edit 42
- set category 47
- next
- edit 43
- set category 48
- next
- edit 44
- set category 49
- next
- edit 45
- set category 50
- next
- edit 46
- set category 51
- next
- edit 47
- set category 52
- next
- edit 48
- set category 53
- next
- edit 49
- set category 54
- next
- edit 50
- set category 55
- next
- edit 51
- set category 56
- next
- edit 52
- set category 57
- next
- edit 53
- set category 58
- next
- edit 54
- set category 59
- next
- edit 55
- set category 61
- next
- edit 56
- set category 62
- next
- edit 57
- set category 63
- next
- edit 58
- set category 64
- next
- edit 59
- set category 65
- next
- edit 60
- set category 66
- next
- edit 61
- set category 67
- next
- edit 62
- set category 68
- next
- edit 63
- set category 69
- next
- edit 64
- set category 70
- next
- edit 65
- set category 71
- next
- edit 66
- set category 72
- next
- edit 67
- set category 75
- next
- edit 68
- set category 76
- next
- edit 69
- set category 77
- next
- edit 70
- set category 78
- next
- edit 71
- set category 79
- next
- edit 72
- set category 80
- next
- edit 73
- set category 81
- next
- edit 74
- set category 82
- next
- edit 75
- set category 83
- next
- edit 76
- set category 84
- next
- edit 77
- set category 85
- next
- edit 78
- set category 86
- next
- edit 79
- set category 87
- next
- edit 80
- set category 88
- next
- edit 81
- set category 89
- next
- edit 82
- set category 90
- next
- edit 83
- set category 91
- next
- edit 84
- set category 92
- next
- edit 85
- set category 93
- next
- edit 86
- set category 94
- next
- edit 87
- set category 95
- next
- end
- end
- next
- edit "wifi-default"
- set comment "Default configuration for offloading WiFi traffic."
- set options block-invalid-url
- config ftgd-wf
- unset options
- config filters
- edit 1
- next
- edit 2
- set category 2
- set action block
- next
- edit 3
- set category 7
- set action block
- next
- edit 4
- set category 8
- set action block
- next
- edit 5
- set category 9
- set action block
- next
- edit 6
- set category 11
- set action block
- next
- edit 7
- set category 12
- set action block
- next
- edit 8
- set category 13
- set action block
- next
- edit 9
- set category 14
- set action block
- next
- edit 10
- set category 15
- set action block
- next
- edit 11
- set category 16
- set action block
- next
- edit 12
- set category 26
- set action block
- next
- edit 13
- set category 57
- set action block
- next
- edit 14
- set category 61
- set action block
- next
- edit 15
- set category 63
- set action block
- next
- edit 16
- set category 64
- set action block
- next
- edit 17
- set category 65
- set action block
- next
- edit 18
- set category 66
- set action block
- next
- edit 19
- set category 67
- set action block
- next
- edit 20
- set category 86
- set action block
- next
- edit 21
- set category 88
- set action block
- next
- edit 22
- set category 90
- set action block
- next
- edit 23
- set category 91
- set action block
- next
- end
- end
- next
- edit "monitor-all"
- set comment "Monitor and log all visited URLs, flow-based."
- config ftgd-wf
- unset options
- config filters
- edit 1
- set category 1
- next
- edit 2
- set category 3
- next
- edit 3
- set category 4
- next
- edit 4
- set category 5
- next
- edit 5
- set category 6
- next
- edit 6
- set category 12
- next
- edit 7
- set category 59
- next
- edit 8
- set category 62
- next
- edit 9
- set category 83
- next
- edit 10
- set category 2
- next
- edit 11
- set category 7
- next
- edit 12
- set category 8
- next
- edit 13
- set category 9
- next
- edit 14
- set category 11
- next
- edit 15
- set category 13
- next
- edit 16
- set category 14
- next
- edit 17
- set category 15
- next
- edit 18
- set category 16
- next
- edit 19
- set category 57
- next
- edit 20
- set category 63
- next
- edit 21
- set category 64
- next
- edit 22
- set category 65
- next
- edit 23
- set category 66
- next
- edit 24
- set category 67
- next
- edit 25
- set category 19
- next
- edit 26
- set category 24
- next
- edit 27
- set category 25
- next
- edit 28
- set category 72
- next
- edit 29
- set category 75
- next
- edit 30
- set category 76
- next
- edit 31
- set category 26
- next
- edit 32
- set category 61
- next
- edit 33
- set category 86
- next
- edit 34
- set category 17
- next
- edit 35
- set category 18
- next
- edit 36
- set category 20
- next
- edit 37
- set category 23
- next
- edit 38
- set category 28
- next
- edit 39
- set category 29
- next
- edit 40
- set category 30
- next
- edit 41
- set category 33
- next
- edit 42
- set category 34
- next
- edit 43
- set category 35
- next
- edit 44
- set category 36
- next
- edit 45
- set category 37
- next
- edit 46
- set category 38
- next
- edit 47
- set category 39
- next
- edit 48
- set category 40
- next
- edit 49
- set category 42
- next
- edit 50
- set category 44
- next
- edit 51
- set category 46
- next
- edit 52
- set category 47
- next
- edit 53
- set category 48
- next
- edit 54
- set category 54
- next
- edit 55
- set category 55
- next
- edit 56
- set category 58
- next
- edit 57
- set category 68
- next
- edit 58
- set category 69
- next
- edit 59
- set category 70
- next
- edit 60
- set category 71
- next
- edit 61
- set category 77
- next
- edit 62
- set category 78
- next
- edit 63
- set category 79
- next
- edit 64
- set category 80
- next
- edit 65
- set category 82
- next
- edit 66
- set category 85
- next
- edit 67
- set category 87
- next
- edit 68
- set category 31
- next
- edit 69
- set category 41
- next
- edit 70
- set category 43
- next
- edit 71
- set category 49
- next
- edit 72
- set category 50
- next
- edit 73
- set category 51
- next
- edit 74
- set category 52
- next
- edit 75
- set category 53
- next
- edit 76
- set category 56
- next
- edit 77
- set category 81
- next
- edit 78
- set category 84
- next
- edit 79
- next
- edit 80
- set category 88
- next
- edit 81
- set category 89
- next
- edit 82
- set category 90
- next
- edit 83
- set category 91
- next
- edit 84
- set category 92
- next
- edit 85
- set category 93
- next
- edit 86
- set category 94
- next
- edit 87
- set category 95
- next
- end
- end
- set log-all-url enable
- set web-content-log disable
- set web-filter-activex-log disable
- set web-filter-command-block-log disable
- set web-filter-cookie-log disable
- set web-filter-applet-log disable
- set web-filter-jscript-log disable
- set web-filter-js-log disable
- set web-filter-vbs-log disable
- set web-filter-unknown-log disable
- set web-filter-referer-log disable
- set web-filter-cookie-removal-log disable
- set web-url-log disable
- set web-invalid-domain-log disable
- set web-ftgd-err-log disable
- set web-ftgd-quota-usage disable
- next
- end
- config webfilter search-engine
- edit "google"
- set hostname ".*\\.google\\..*"
- set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
- set query "q="
- set safesearch url
- set safesearch-str "&safe=active"
- next
- edit "yahoo"
- set hostname ".*\\.yahoo\\..*"
- set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
- set query "p="
- set safesearch url
- set safesearch-str "&vm=r"
- next
- edit "bing"
- set hostname ".*\\.bing\\..*"
- set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
- set query "q="
- set safesearch header
- next
- edit "yandex"
- set hostname "yandex\\..*"
- set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
- set query "text="
- set safesearch url
- set safesearch-str "&family=yes"
- next
- edit "youtube"
- set hostname ".*youtube.*"
- set safesearch header
- next
- edit "baidu"
- set hostname ".*\\.baidu\\.com"
- set url "^\\/s?\\?"
- set query "wd="
- next
- edit "baidu2"
- set hostname ".*\\.baidu\\.com"
- set url "^\\/(ns|q|m|i|v)\\?"
- set query "word="
- next
- edit "baidu3"
- set hostname "tieba\\.baidu\\.com"
- set url "^\\/f\\?"
- set query "kw="
- next
- end
- config emailfilter profile
- edit "sniffer-profile"
- set comment "Malware and phishing URL monitoring."
- next
- edit "default"
- set comment "Malware and phishing URL filtering."
- next
- end
- config report layout
- edit "default"
- set title "FortiGate System Analysis Report"
- set style-theme "default-report"
- set options include-table-of-content view-chart-as-heading
- config page
- set paper letter
- set page-break-before heading1
- config header
- config header-item
- edit 1
- set type image
- set style "header-image"
- set img-src "fortinet_logo_small.png"
- next
- end
- end
- config footer
- config footer-item
- edit 1
- set style "footer-text"
- set content "FortiGate ${schedule_type} Security Report - Host Name: ${hostname}"
- next
- edit 2
- set style "footer-pageno"
- next
- end
- end
- end
- config body-item
- edit 101
- set type image
- set style "report-cover1"
- set img-src "fortigate_log.png"
- next
- edit 103
- set style "report-cover2"
- set content "FortiGate ${schedule_type} Security Report"
- next
- edit 105
- set style "report-cover3"
- set content "Report Date: ${started_time}"
- next
- edit 107
- set style "report-cover3"
- set content "Data Range: ${report_data_range} (${hostname})"
- next
- edit 109
- set style "report-cover3"
- set content "${vdom}"
- next
- edit 111
- set type image
- set style "report-cover4"
- set img-src "fortinet_logo_small.png"
- next
- edit 121
- set type misc
- set misc-component page-break
- next
- edit 301
- set text-component heading1
- set content "Bandwidth and Applications"
- next
- edit 311
- set type chart
- set chart "traffic.bandwidth.history_c"
- next
- edit 321
- set type chart
- set chart "traffic.sessions.history_c"
- next
- edit 331
- set type chart
- set chart "traffic.statistics"
- next
- edit 411
- set type chart
- set chart "traffic.bandwidth.apps_c"
- next
- edit 421
- set type chart
- set chart "traffic.bandwidth.cats_c"
- next
- edit 511
- set type chart
- set chart "traffic.bandwidth.users_c"
- next
- edit 521
- set type chart
- set chart "traffic.users.history.hour_c"
- next
- edit 611
- set type chart
- set chart "traffic.bandwidth.destinations_tab"
- next
- edit 1001
- set text-component heading1
- set content "Web Usage"
- next
- edit 1011
- set type chart
- set chart "web.allowed-request.sites_c"
- next
- edit 1021
- set type chart
- set chart "web.bandwidth.sites_c"
- next
- edit 1031
- set type chart
- set chart "web.blocked-request.sites_c"
- next
- edit 1041
- set type chart
- set chart "web.blocked-request.users_c"
- next
- edit 1051
- set type chart
- set chart "web.requests.users_c"
- next
- edit 1061
- set type chart
- set chart "web.bandwidth.users_c"
- next
- edit 1071
- set type chart
- set chart "web.bandwidth.stream-sites_c"
- next
- edit 1301
- set text-component heading1
- set content "Emails"
- next
- edit 1311
- set type chart
- set chart "email.request.senders_c"
- next
- edit 1321
- set type chart
- set chart "email.bandwidth.senders_c"
- next
- edit 1331
- set type chart
- set chart "email.request.recipients_c"
- next
- edit 1341
- set type chart
- set chart "email.bandwidth.recipients_c"
- next
- edit 1501
- set text-component heading1
- set content "Threats"
- next
- edit 1511
- set type chart
- set top-n 80
- set chart "virus.count.viruses_c"
- next
- edit 1531
- set type chart
- set top-n 80
- set chart "virus.count.users_c"
- next
- edit 1541
- set type chart
- set top-n 80
- set chart "virus.count.sources_c"
- next
- edit 1551
- set type chart
- set chart "virus.count.history_c"
- next
- edit 1561
- set type chart
- set top-n 80
- set chart "botnet.count_c"
- next
- edit 1571
- set type chart
- set top-n 80
- set chart "botnet.count.users_c"
- next
- edit 1581
- set type chart
- set top-n 80
- set chart "botnet.count.sources_c"
- next
- edit 1591
- set type chart
- set chart "botnet.count.history_c"
- next
- edit 1601
- set type chart
- set top-n 80
- set chart "attack.count.attacks_c"
- next
- edit 1611
- set type chart
- set top-n 80
- set chart "attack.count.victims_c"
- next
- edit 1621
- set type chart
- set top-n 80
- set chart "attack.count.source_bar_c"
- next
- edit 1631
- set type chart
- set chart "attack.count.blocked_attacks_c"
- next
- edit 1641
- set type chart
- set chart "attack.count.severity_c"
- next
- edit 1651
- set type chart
- set chart "attack.count.history_c"
- next
- edit 1701
- set text-component heading1
- set content "VPN Usage"
- next
- edit 1711
- set type chart
- set top-n 80
- set chart "vpn.bandwidth.static-tunnels_c"
- next
- edit 1721
- set type chart
- set top-n 80
- set chart "vpn.bandwidth.dynamic-tunnels_c"
- next
- edit 1731
- set type chart
- set top-n 80
- set chart "vpn.bandwidth.ssl-tunnel.users_c"
- next
- edit 1741
- set type chart
- set top-n 80
- set chart "vpn.bandwidth.ssl-web.users_c"
- next
- edit 1901
- set text-component heading1
- set content "Admin Login and System Events"
- next
- edit 1911
- set type chart
- set top-n 80
- set chart "event.login.summary_c"
- next
- edit 1931
- set type chart
- set top-n 80
- set chart "event.failed.login_c"
- next
- edit 1961
- set type chart
- set top-n 80
- set chart "event.system.group_events_c"
- next
- end
- next
- end
- config wanopt settings
- set host-id "default-id"
- end
- config wanopt profile
- edit "default"
- set comments "Default WANopt profile."
- next
- end
- config system virtual-wan-link
- set status enable
- config members
- edit 2
- set interface "toDC-CURITIBA"
- set gateway 10.10.228.1
- next
- edit 3
- set interface "toDC-CTA-TERR"
- set gateway 10.20.228.1
- next
- end
- config health-check
- edit "Teste_DC_Curitiba"
- set server "10.44.127.1"
- set failtime 10
- set recoverytime 10
- set update-static-route disable
- set members 3 2
- next
- end
- config service
- edit 2
- set name "toDC_Curitiba"
- set mode priority
- set dst "SERVERS"
- set src "LAN-228"
- set health-check "Teste_DC_Curitiba"
- set priority-members 3
- next
- end
- end
- config firewall schedule recurring
- edit "always"
- set day sunday monday tuesday wednesday thursday friday saturday
- next
- edit "none"
- next
- end
- config firewall profile-protocol-options
- edit "default"
- set comment "All default services."
- config http
- set ports 80
- unset options
- unset post-lang
- end
- config ftp
- set ports 21
- set options splice
- end
- config imap
- set ports 143
- set options fragmail
- end
- config mapi
- set ports 135
- set options fragmail
- end
- config pop3
- set ports 110
- set options fragmail
- end
- config smtp
- set ports 25
- set options fragmail splice
- end
- config nntp
- set ports 119
- set options splice
- end
- config dns
- set ports 53
- end
- config cifs
- set ports 445
- end
- next
- end
- config firewall ssl-ssh-profile
- edit "deep-inspection"
- set comment "Read-only deep inspection profile."
- config https
- set ports 443
- set status deep-inspection
- end
- config ftps
- set ports 990
- set status deep-inspection
- end
- config imaps
- set ports 993
- set status deep-inspection
- end
- config pop3s
- set ports 995
- set status deep-inspection
- end
- config smtps
- set ports 465
- set status deep-inspection
- end
- config ssh
- set ports 22
- set status disable
- end
- config ssl-exempt
- edit 1
- set fortiguard-category 31
- next
- edit 2
- set fortiguard-category 33
- next
- edit 3
- set type wildcard-fqdn
- set wildcard-fqdn "adobe"
- next
- edit 4
- set type wildcard-fqdn
- set wildcard-fqdn "Adobe Login"
- next
- edit 5
- set type wildcard-fqdn
- set wildcard-fqdn "android"
- next
- edit 6
- set type wildcard-fqdn
- set wildcard-fqdn "apple"
- next
- edit 7
- set type wildcard-fqdn
- set wildcard-fqdn "appstore"
- next
- edit 8
- set type wildcard-fqdn
- set wildcard-fqdn "auth.gfx.ms"
- next
- edit 9
- set type wildcard-fqdn
- set wildcard-fqdn "citrix"
- next
- edit 10
- set type wildcard-fqdn
- set wildcard-fqdn "dropbox.com"
- next
- edit 11
- set type wildcard-fqdn
- set wildcard-fqdn "eease"
- next
- edit 12
- set type wildcard-fqdn
- set wildcard-fqdn "firefox update server"
- next
- edit 13
- set type wildcard-fqdn
- set wildcard-fqdn "fortinet"
- next
- edit 14
- set type wildcard-fqdn
- set wildcard-fqdn "googleapis.com"
- next
- edit 15
- set type wildcard-fqdn
- set wildcard-fqdn "google-drive"
- next
- edit 16
- set type wildcard-fqdn
- set wildcard-fqdn "google-play2"
- next
- edit 17
- set type wildcard-fqdn
- set wildcard-fqdn "google-play3"
- next
- edit 18
- set type wildcard-fqdn
- set wildcard-fqdn "Gotomeeting"
- next
- edit 19
- set type wildcard-fqdn
- set wildcard-fqdn "icloud"
- next
- edit 20
- set type wildcard-fqdn
- set wildcard-fqdn "itunes"
- next
- edit 21
- set type wildcard-fqdn
- set wildcard-fqdn "microsoft"
- next
- edit 22
- set type wildcard-fqdn
- set wildcard-fqdn "skype"
- next
- edit 23
- set type wildcard-fqdn
- set wildcard-fqdn "softwareupdate.vmware.com"
- next
- edit 24
- set type wildcard-fqdn
- set wildcard-fqdn "verisign"
- next
- edit 25
- set type wildcard-fqdn
- set wildcard-fqdn "Windows update 2"
- next
- edit 26
- set type wildcard-fqdn
- set wildcard-fqdn "live.com"
- next
- edit 27
- set type wildcard-fqdn
- set wildcard-fqdn "google-play"
- next
- edit 28
- set type wildcard-fqdn
- set wildcard-fqdn "update.microsoft.com"
- next
- edit 29
- set type wildcard-fqdn
- set wildcard-fqdn "swscan.apple.com"
- next
- edit 30
- set type wildcard-fqdn
- set wildcard-fqdn "autoupdate.opera.com"
- next
- end
- next
- edit "custom-deep-inspection"
- set comment "Customizable deep inspection profile."
- config https
- set ports 443
- set status deep-inspection
- end
- config ftps
- set ports 990
- set status deep-inspection
- end
- config imaps
- set ports 993
- set status deep-inspection
- end
- config pop3s
- set ports 995
- set status deep-inspection
- end
- config smtps
- set ports 465
- set status deep-inspection
- end
- config ssh
- set ports 22
- set status disable
- end
- config ssl-exempt
- edit 1
- set fortiguard-category 31
- next
- edit 2
- set fortiguard-category 33
- next
- edit 3
- set type wildcard-fqdn
- set wildcard-fqdn "adobe"
- next
- edit 4
- set type wildcard-fqdn
- set wildcard-fqdn "Adobe Login"
- next
- edit 5
- set type wildcard-fqdn
- set wildcard-fqdn "android"
- next
- edit 6
- set type wildcard-fqdn
- set wildcard-fqdn "apple"
- next
- edit 7
- set type wildcard-fqdn
- set wildcard-fqdn "appstore"
- next
- edit 8
- set type wildcard-fqdn
- set wildcard-fqdn "auth.gfx.ms"
- next
- edit 9
- set type wildcard-fqdn
- set wildcard-fqdn "citrix"
- next
- edit 10
- set type wildcard-fqdn
- set wildcard-fqdn "dropbox.com"
- next
- edit 11
- set type wildcard-fqdn
- set wildcard-fqdn "eease"
- next
- edit 12
- set type wildcard-fqdn
- set wildcard-fqdn "firefox update server"
- next
- edit 13
- set type wildcard-fqdn
- set wildcard-fqdn "fortinet"
- next
- edit 14
- set type wildcard-fqdn
- set wildcard-fqdn "googleapis.com"
- next
- edit 15
- set type wildcard-fqdn
- set wildcard-fqdn "google-drive"
- next
- edit 16
- set type wildcard-fqdn
- set wildcard-fqdn "google-play2"
- next
- edit 17
- set type wildcard-fqdn
- set wildcard-fqdn "google-play3"
- next
- edit 18
- set type wildcard-fqdn
- set wildcard-fqdn "Gotomeeting"
- next
- edit 19
- set type wildcard-fqdn
- set wildcard-fqdn "icloud"
- next
- edit 20
- set type wildcard-fqdn
- set wildcard-fqdn "itunes"
- next
- edit 21
- set type wildcard-fqdn
- set wildcard-fqdn "microsoft"
- next
- edit 22
- set type wildcard-fqdn
- set wildcard-fqdn "skype"
- next
- edit 23
- set type wildcard-fqdn
- set wildcard-fqdn "softwareupdate.vmware.com"
- next
- edit 24
- set type wildcard-fqdn
- set wildcard-fqdn "verisign"
- next
- edit 25
- set type wildcard-fqdn
- set wildcard-fqdn "Windows update 2"
- next
- edit 26
- set type wildcard-fqdn
- set wildcard-fqdn "live.com"
- next
- edit 27
- set type wildcard-fqdn
- set wildcard-fqdn "google-play"
- next
- edit 28
- set type wildcard-fqdn
- set wildcard-fqdn "update.microsoft.com"
- next
- edit 29
- set type wildcard-fqdn
- set wildcard-fqdn "swscan.apple.com"
- next
- edit 30
- set type wildcard-fqdn
- set wildcard-fqdn "autoupdate.opera.com"
- next
- end
- next
- edit "no-inspection"
- set comment "Read-only profile that does no inspection."
- config https
- set status disable
- end
- config ftps
- set status disable
- end
- config imaps
- set status disable
- end
- config pop3s
- set status disable
- end
- config smtps
- set status disable
- end
- config ssh
- set ports 22
- set status disable
- end
- next
- edit "certificate-inspection"
- set comment "Read-only SSL handshake inspection profile."
- config https
- set ports 443
- set status certificate-inspection
- end
- config ftps
- set status disable
- end
- config imaps
- set status disable
- end
- config pop3s
- set status disable
- end
- config smtps
- set status disable
- end
- config ssh
- set ports 22
- set status disable
- end
- next
- end
- config waf profile
- edit "default"
- config signature
- config main-class 100000000
- set action block
- set severity high
- end
- config main-class 20000000
- end
- config main-class 30000000
- set status enable
- set action block
- set severity high
- end
- config main-class 40000000
- end
- config main-class 50000000
- set status enable
- set action block
- set severity high
- end
- config main-class 60000000
- end
- config main-class 70000000
- set status enable
- set action block
- set severity high
- end
- config main-class 80000000
- set status enable
- set severity low
- end
- config main-class 110000000
- set status enable
- set severity high
- end
- config main-class 90000000
- set status enable
- set action block
- set severity high
- end
- set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
- end
- config constraint
- config header-length
- set status enable
- set log enable
- set severity low
- end
- config content-length
- set status enable
- set log enable
- set severity low
- end
- config param-length
- set status enable
- set log enable
- set severity low
- end
- config line-length
- set status enable
- set log enable
- set severity low
- end
- config url-param-length
- set status enable
- set log enable
- set severity low
- end
- config version
- set log enable
- end
- config method
- set action block
- set log enable
- end
- config hostname
- set action block
- set log enable
- end
- config malformed
- set log enable
- end
- config max-cookie
- set status enable
- set log enable
- set severity low
- end
- config max-header-line
- set status enable
- set log enable
- set severity low
- end
- config max-url-param
- set status enable
- set log enable
- set severity low
- end
- config max-range-segment
- set status enable
- set log enable
- set severity high
- end
- end
- next
- end
- config firewall policy
- edit 1
- set name "fromLAN"
- set uuid 4ff61d2a-577f-51ea-fea1-5727940db2f7
- set srcintf "port3"
- set dstintf "virtual-wan-link"
- set srcaddr "all"
- set dstaddr "all"
- set action accept
- set schedule "always"
- set service "ALL"
- set fsso disable
- set nat enable
- next
- edit 2
- set name "fromTuns"
- set uuid da4794f0-58af-51ea-8e7f-d604335f694d
- set srcintf "virtual-wan-link"
- set dstintf "port3"
- set srcaddr "all"
- set dstaddr "all"
- set action accept
- set schedule "always"
- set service "ALL"
- set fsso disable
- next
- end
- config firewall ssh local-key
- edit "Fortinet_SSH_RSA2048"
- set password ENC fwAAAEkqNsqX5uUqFvmLH1a8ZTaadGamlnFC6aJutilGI65KRGZN3agSNRnJ7nBAIW/fC1gw5hvPNyjgtOZLVhazuqOyHrUPdWipJCp7nHSs2TXo+lEuUZVU+yLHolSnXoZ6MMfbejZEy5G4holngtN4xLyxEcgY1o1a8/seLPxx1OGo5iALRbe8dv4XjhWA5oSKdw==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAEnx191T
- R1EtHniAxv0EqrAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDx0vfhYC/F
- YSWWW4UfRK/kNUrrWLrolvEgveOwvj98lrZ4e+DsManJcMiHVQoxbUXPyXW07SUDNB5gsq
- 045XorNqN8BlW8TKsoNPRO4XvoUvuY6ITfufYPusJY5sxl4eSOZ7EfCFGHn8IA2a/p3zH9
- 2hOPuXfxoNOAj6b31NQnvpDTkUDywAF2A/WYauMZL1Ms7QCrMayjPHqkVu/ah42oyiQhuu
- a4m3AXHlAkrfj88kfH3NmlqhOx0cWQKMnr9BOBX/joEhlgHnS5Aol8lYNQTBtV8s5b2gEZ
- Hk9zEkhmYSnfBaitq4ZgSyVXCWYskyTQycq8vifoQBZh2y1Z7NpZAAADwFENpFxRIgoc1y
- ORBq08JdoTHccUdFqt0E1WkdqlqPke7UTzzDxpP2Rue1H3wqxN1r/KxSBH5QQESPE4RVP5
- bulbYPoQhxQngLRu8GkNABac5+wfC0T99jsRnKFQScNBepvbyLkpYo8pAnOVCPFyDftyu9
- wV3FwvqhDK4OK13F3OqSwLqDQozyHqzffGa3nU/FYK5yGn45msJVURpo5yHhl03+zqw1Tk
- zj/2W+wEPDY4SgMgNplU0xtoJyGHP0ZNJOTtk0jK+pVLO1eYzlOs+z6UmXJ892p9nb7hA1
- AN7+fqL4J4BMzwtyrm5IByKniXw6JTJjywUBI3GL4uLikHO4EXPthNZDLoMGZU2P/Y6oG+
- KWa816W/34Xngs7a/3+CqjxR5w3Xy8Pi94t5EVGgq3bDFXxEciXS1cHm4D8wOTpdZPanYh
- zMe9z0a98NPKu7DGzMKt0DgaWGxiVhApT1AvmUqGYJ5UAKd9bsmsxD6TGO/zxBa5vRA60s
- pGN8hb9cDEM1UFtQUtJn/OEoRFdRJBI7VuHHhJuTxpGaOWuQgpL1s817sYGrvn28xZaJOm
- HE5dqio3bY0Pa0Jc9SRMHKUvRhlpaogNaL9droHJSZnwJG8vm/quhb1h0Yrpzc3ViiUIWy
- RbtZpE++5wx4XBhoZ7A4fo6u+w+2rfJqD/4MoFuogvu7zDfM+99Tx+oSmmvdbRbD/Rak+M
- vvK7ui9O+lk+JGNYbiyrf9742Zom2LYiXKKg8bFUmy75MjnApmM6+TPJZfOx3uRk6Z/60V
- d95mz0woWueOkODrmcbd9lYDhx9P/6ad28cpaBzYpz7feFn8XEl7T9ANbo0zdUFTGD5x30
- i2bmtwm3mc6vL6/fErbY0tFFKBVoJsb0CvPvDGIRFCsn1K9ObZRQOPPKKuYce3vlNDD9LZ
- zu9iRZt88I9G8lO4iiN3QlwFkDzphehkZQXaxT2ZFjkHJyC9mwIWH49gNwkl1IptRORTQI
- vIya1eAWGCqZQPj1ecOF8fejtww9Ybs+Sen4u+5UpM9B+xUAYkbPYu+0BY1023qhZjELnP
- PcaL+KgdjHAnnBALfhgJ1019iBBTPD3XvnUNtfJUoKc622nL3ZHGxnvH6I1sJYZx8dT51d
- Q76QDgSmOCYVueaMhC8L1hy5lyll6nCTlMMSWxYfPje1PjeSTUZoLwgR63flXB7hkoMgMp
- mlezdA2WSYsGySh0750DYzlFGcDy5UALS72RJWAu8VpYF5cYlqYmDS1a64Le55mnpv5Qj+
- 2kxK5Bgg==
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDx0vfhYC/FYSWWW4UfRK/kNUrrWLrolvEgveOwvj98lrZ4e+DsManJcMiHVQoxbUXPyXW07SUDNB5gsq045XorNqN8BlW8TKsoNPRO4XvoUvuY6ITfufYPusJY5sxl4eSOZ7EfCFGHn8IA2a/p3zH92hOPuXfxoNOAj6b31NQnvpDTkUDywAF2A/WYauMZL1Ms7QCrMayjPHqkVu/ah42oyiQhuua4m3AXHlAkrfj88kfH3NmlqhOx0cWQKMnr9BOBX/joEhlgHnS5Aol8lYNQTBtV8s5b2gEZHk9zEkhmYSnfBaitq4ZgSyVXCWYskyTQycq8vifoQBZh2y1Z7NpZ"
- set source built-in
- next
- edit "Fortinet_SSH_DSA1024"
- set password ENC fwAAANTU7ZYdZh6rXFnXg0Dn/IapZhFgs5MPLtFGNpJal7x9RDuJwgzpYpWEJe+FIEKxZqyAGV3NMU8nWmlSZS26wSz33yQ34Ce6zAd3yD28F3QBvZRR8qdluzSiQOQrqRBSEQvWVs6dLw10mLLW0EbO4V2DbMD3jEGhWj9Cm4vdo2i6cnAdm18FnHsj3qUD/61YSA==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBuslvQ0b
- akeWJ1fqckSUNyAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAIF2XFvtuXbcVxGuPhhe
- m/jO3rZ2G/ADnCTYDdSHDf1tak/PXEDlzTivSBNevkR6noeik+R/UawOn4R/jOgWGYDKgM
- fE7ywaNfeIMmaNDqlyHYuruHfbTgZSuPR+Gwg0Lh5CMe1xKXUxsY4XEQOQuEyhzoaWeGka
- SSDwRTHs8xItAAAAFQDKZJyd36OXJ4sPdA/TplD2Rf/UJQAAAIA1E2jBkmGN0hnlvJc/8y
- L/7LYP4Fgl8p51VasSZ3Uv7hXkv49sx6KBhgh0TyzCAcj3hhspgvs4dQpkY0WTv18pxl02
- i5D4EX8P7zhOcrGdTeC1kB4XrkcqhpNeJ6auCUOVvEGsP3EyPfoWLVyfO91GE+l5PCrqYB
- DZiJHI0xqw8gAAAIAZoLMCrN+/QnSNM13rcLjif0qegcersulN5DuUyslm+2sSOlKq2mca
- 5RuP7i47vGs2IXwmvZobPYtwDmyja6o2wtYaNpcpRptYcaLXYf2gDlAjElpqOZEnC+ZUOw
- /NafBuZ7D1PKkehApR2aBl0O1OWtHXOuRTGqvtROREL+mBJwAAAeAwD/oVwgTNtcCk1IHD
- iZY/JPwLeEMF0hY2jELtogxNdErzhkSZsJmwHglYMJk3pb9GfGQ8wJ91L5r4tLXWuaaoA6
- evEmgVETooZ8Ot7e1IbVjAY+RsSJF0i4b8iayizj2IzNcsUQbdtd8Sf9c/ErWjd188/Z7u
- U4S9xwwE5Czmzy8jb5pmNtvWSP2N2UlcztjM/WWp94rxLiUXZXOIAimQ0+epHVrNjmMlgn
- 1CaLstBshx5IqBTGLHc+sSnH+Gntovp4NMWQFVHEGsFqVCKzceDL7NfHcOSA81nSSv3F4I
- rKo7VllfF2aO2JBqni0/Dg9TZkNq6fVjE1iFhB+kZ6YrMOaPpR9u5f+9FuGhJ4ppuh4BPc
- BSp2y+FyRRtjVkpw/CUK9ASBHjad/+zevbHkb3gEar2RHnR/d/uhR7nYqSj87e//Uk2Ywl
- 6F8ISPA4ZfACbmyDEv3/L9OQnAYu1jURK/9pZ12OMHleazn0P9H9Xvf9ES6agKK8ba1N6w
- Qu3Lyd1Q5k2LKVj+ph59wifUkNUpTwiaCM/fxVw8QhbAI8Z+IodPUo+sN9wws6/TUCP8ug
- Q0nqPjgXD+pCVeI9aYihbU/Em4BWElWhHaRVPXJULibTqdFDxMWDwKvnSjwKf/U=
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAIF2XFvtuXbcVxGuPhhem/jO3rZ2G/ADnCTYDdSHDf1tak/PXEDlzTivSBNevkR6noeik+R/UawOn4R/jOgWGYDKgMfE7ywaNfeIMmaNDqlyHYuruHfbTgZSuPR+Gwg0Lh5CMe1xKXUxsY4XEQOQuEyhzoaWeGkaSSDwRTHs8xItAAAAFQDKZJyd36OXJ4sPdA/TplD2Rf/UJQAAAIA1E2jBkmGN0hnlvJc/8yL/7LYP4Fgl8p51VasSZ3Uv7hXkv49sx6KBhgh0TyzCAcj3hhspgvs4dQpkY0WTv18pxl02i5D4EX8P7zhOcrGdTeC1kB4XrkcqhpNeJ6auCUOVvEGsP3EyPfoWLVyfO91GE+l5PCrqYBDZiJHI0xqw8gAAAIAZoLMCrN+/QnSNM13rcLjif0qegcersulN5DuUyslm+2sSOlKq2mca5RuP7i47vGs2IXwmvZobPYtwDmyja6o2wtYaNpcpRptYcaLXYf2gDlAjElpqOZEnC+ZUOw/NafBuZ7D1PKkehApR2aBl0O1OWtHXOuRTGqvtROREL+mBJw=="
- set source built-in
- next
- edit "Fortinet_SSH_ECDSA256"
- set password ENC fwAAAIJwXODNsTOCeLdRJwDAFHzR3L3S1aubYVvWa9fQJYvkGatXZi466ATzN0AzO+ZIZC3ypZ0lSOgXxkLT+Y7GZdJYSQwViIH2rF6BQFJdCwNNDZGSye3iULnCnVUMnFX5c486BrE/ImDRXsQ5hOn8gai8xv9eGgevrCTWTH+ayC3ruLHo65IDelEQXa0s9pTE9g==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA0YLHj+Q
- xdPg2i0soD92dFAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
- dHAyNTYAAABBBAX1xn2UkeXxzvgJZg5iTBEujKPOpH0GtQtKOOaNWXkSUgPcqiERXiGsXz
- 1e05qbVgP1PKNddukBxglats54JX4AAACgBdVlmWL9PsjOWgc5mHOsDBjK8G2VSHEHb6X6
- kY6qCVo2oNmCl1RRuPUTNMTEuwAkTtjpSFwHGqLvwktPR+/2zl74v40nYdkYU86Nxs4DqL
- MOgtrDBSG+U8ACpv0PG/BfGMhyb/U8zSIKGRJxzJkK7JhYeNxmQ/3R9Ne0xdnpKZVuX4mS
- Jo9bahma+IT4xl2v5UMI/FJaR0OVmPiSLWcdTA==
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAX1xn2UkeXxzvgJZg5iTBEujKPOpH0GtQtKOOaNWXkSUgPcqiERXiGsXz1e05qbVgP1PKNddukBxglats54JX4="
- set source built-in
- next
- edit "Fortinet_SSH_ECDSA384"
- set password ENC fwAAACDS526hDsCPYHkKBM7sp5PUHbD4Quo7/11S4jHFIPiqokkszpLCz/5fmZU1FZJAoP9UnUxL7Zp1+kuGxh3vUdHdWbrz+Ygm8NSirIAPrr9PC7cn9V/C9eJtfCjNEgXpUL9z0tbOoQq7RpJZK5DYc1TtjwT42pMGDNYYFElttnMTuuHxgOuQF5vcvAgE16Tntw==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCi3I6qVb
- UKbCUXKF8z9E2fAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
- dHAzODQAAABhBGHTLvlIAIACs+24KY1z2oLfp0wat2Y80CJVGrBWUE1O4nMWE9wWatyi2T
- 0C6dxdhdSfjCgd2zEd4QHdF0D+ot4+8aUaQbwczTrFdlCSkS1PAiNmvV7PRYf7exlyqZuP
- JwAAAND2eMgW5HLSBvmRT00mGyAhGy7eF0Behq0t1JYvmW0EbcEjjFm1giOl67zJHnE2+y
- I2byCNODyrjCeJYmQ3Sx+QXpeAX8zzO5i9j3BaBt+SM8XcMR11OE//PgOGVscq2J2hauNH
- 43Bztr0SxSSQ4sCc01IhqlcqCC8eGTDJQn8P2Tw6pq0LNacKBp2RnnMVGXgVQZyvDXio/m
- 7j9c+Lyws0KpcSU71HXm6ELHNLVpDMWD+lrdBWCfBXDwhilm15xyz6kkqOotRP6mww05bp
- mzOP
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGHTLvlIAIACs+24KY1z2oLfp0wat2Y80CJVGrBWUE1O4nMWE9wWatyi2T0C6dxdhdSfjCgd2zEd4QHdF0D+ot4+8aUaQbwczTrFdlCSkS1PAiNmvV7PRYf7exlyqZuPJw=="
- set source built-in
- next
- edit "Fortinet_SSH_ECDSA521"
- set password ENC fwAAACkH6+9KxvFzYS2i/qoThic8UvESMNglIrcoDLznYrSyeC4QifkxAbr7Gs7NN/EIx7V22JcsK7x9xB+TlXdFcl04loJWZCV2SkesxoVyZ/kleLKPY3T3vz76BQrZrvYPP9+WKv6aLSWtkhqpJn71lb/UnYWnywHnJh/E9v7pwQSkdFQV992gASrhh5xq6+VdLQ==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCJaKQd7u
- kpgGAyP80PBVcFAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
- dHA1MjEAAACFBAD+ABKtGeSzO0RffmFn4HOl/3HEfn1eW7k208b/w3E0NYzcmQOPRUQiFm
- /0mIEKumoSwsUl3vRQmlHtizZSjcJwsgCR0iEB/ZsMWbMhN2NIVTc2+EJzYo+8qC2GBOzK
- bQIu2PcYwtnlYqXwQXgF5Pm7RRPOGd0g7qcCV/qOE66JywDFowAAAQDuaUyqgefDGLKjJx
- VKifGN7Yy6dxOaq8ZKu4UzUypFqVgaTNb1dftGK8V5vJOUrJgrjJyZP+WL+sqPARFarP0P
- f7TpC9VQ1RwvmGcv1KnhikoO1x93zxX/sUe19xPXc7zP8LxXZSvx69ibyeHcpwI4oBVkZR
- feCc5iKiEeAZCUiRVCqPM3kJpcfXOMuwASoGX+MJtqfZWiCSWoPaiF3m0Um2Wyz51ahkU8
- GYTMMf+XCWc46z2hS/uzlIk/wED5fIBZBHv4Bn7h4Dq9XpyvuLYaKKS1wVL7x77To5Pz/T
- 7ydzd/o8anJRsA3jB78zk2n8Cw6s94MwrU3up+v0qDmAUZ
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD+ABKtGeSzO0RffmFn4HOl/3HEfn1eW7k208b/w3E0NYzcmQOPRUQiFm/0mIEKumoSwsUl3vRQmlHtizZSjcJwsgCR0iEB/ZsMWbMhN2NIVTc2+EJzYo+8qC2GBOzKbQIu2PcYwtnlYqXwQXgF5Pm7RRPOGd0g7qcCV/qOE66JywDFow=="
- set source built-in
- next
- edit "Fortinet_SSH_ED25519"
- set password ENC BhS9m3AvTQdFkudwJSo1e4BEXSvZWNkDlz0FbPUDzGAP9COY/aFErHRoHHAPlvilhxMI3WRNJBv55egnK3f+K1dA1Ulq7zrlxAYforLMGliSJC0776/gOsrlKgY7hMD1UuVmJeQUE6xD+v/R6gJcVcLcUFTi8Yjv2Rx5v8n1mM6MAz9c1RO4TWHF9UcN55pQYEvHhg==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCLjF9TKd
- 6oLKzrixqPZ+IlAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAICP0toHH6bnc52uu
- r1NBCn8wleyu6jUggMXHX7yBQxlkAAAAkI93vDKt+zQ2eUT1XLG7wOFavN+wdt5UE0U9Rs
- Z8Fz9ly9RLA0ZlLA8nasTEvd9H0CV0uhg/7LNIOMPm0FIv0dtDPFohos7c3Aq4Hc6DHAyv
- r9lf9OycGPQ2LLk0jiksHUl66Ilxg2lh8eo4TVXC8k49iH/oL/BfYc3NdGWRutFID01oWj
- y98hS8mWvn8p9Lkw==
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICP0toHH6bnc52uur1NBCn8wleyu6jUggMXHX7yBQxlk"
- set source built-in
- next
- end
- config firewall ssh local-ca
- edit "Fortinet_SSH_CA"
- set password ENC AAAAAflE3MAcob9XGpnFGQ1BTWTc2iLTHquKUe2kmd0uFw1c/YDc9I62jfplHig9enm/C97orOYjYlm842tZYc1+jo1eAbaJXP6QWCIMZm+0Gao46ZOptXnvBubDG1IQzX6ufldhweWbs251qPuBxyVQfB8EmdM7cGKncsCyOL8PZgQBvvDhGqE2Zg/1crqnBMhcPw==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDcR914L3
- 5GJmTNRyUg7E1+AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD53F7IKNvL
- 1MsEh63GtQTNnKQBlukISw/zy1eidac8xSj1STtDlYSFKlsbW+FHB6ZNgxXCjJDYea+dFD
- unEWdtcz11PxK8o2m6b0KAeOcuVpmBbnkivAtLg6YGDIyobt7JDUiaRxdI/R6Vd9wsuv6N
- uDYxZ3CX+WaEEoEr5HWUHnRqb5c7/tM1j3C2cfcziB0k9xmRNLGmNbt3q+qCe17imzaDp5
- xQKV8UkqCi1yJTdhD+tbQ3Yv1TeEWzRuNAu54WR6NMlAU2/2RrexB6dTVdaoyHB7oc44XZ
- P1pWtS3343Cgg3TIeKYclRsUM3gWBtPePASNI5qkdnY0JaKhscNHAAADwJ4MvkFGYN0XOP
- 1qS/kesUUwdVEgGFp+X+NTfn0Vx48zz9H1mgSwB6a8BQnUvcAH1yMJsAUIa0Rg9OGqXZiP
- XmPoCVoLynX1OQ8wF8oGGNXy9i3rY+eYRQoFpwHSYbX68XFeiTnj08NicBo0m+nQ/c73Ci
- wDhFUJarzgXWrSKjwWDbzpdiMEMccJsDW7lubeRMw/FW3f49bTw82YMucXXArBicnZukNA
- Z3K/O10QYKhkzvRicg6kchlyKqAkG8Vl/wIa9YpZtVwO0K2gyOpQkmkCCzr1reXdu+HUSs
- avk8NGQ60BbURY6qLRZ04QleFkXPYbpkk3IeVKeeWABLxCEQmRuB5KdhDmFffUuVTE8jTF
- mCGw/Ogekkev0eJJrOJjE8tp266rvZkgKNhvyD4q0suFYvWw0dkcmUwMB0xQMEt+Trq2FT
- 0KIoKRQjIJqhchGSzn3AlwB5yy8IJoinlAHWZ4mCUJE2gzZIf0DHpSjnXm3km1D5RjvHFi
- OC3c3ZZY9fn3F6fqmYT5ZUyl4wGldfLjv8yd+KsADBHYBVT8+tBvjBtal7TYbBmfBLl2yX
- iCe3qDABgQdwHx6u4yVH/g3UUq/mwZ91yXJyP3wMO9L5nVB2mG6fAlMW2ZmNAoFEJXfdWG
- at7QdwR9EWjNy+FkkkAlOkswdrMMzbiDuZYAQenZFs/AFLCADUpEYIRUyMDFfd+9+Sn9/D
- UV4HY9NndWwWq5T7/A/d5kAJvGIduJqzbVDsWtHTCvixDxHPflWCPwkoLolHJ+eiQuP7k6
- oIJ+u75TpZObNKikfrW5zGlD6m7HOTifH9diYURNZhNRV4xfwH+W4KfZah+9U1s+JqKzPy
- Vl6jFhLobm7HyJODfBKO7IcWtj35JEw8wIXe2Bxd7pWbEkuGpcJPKwk5eQoA1VRvxeePy9
- IafNiOtQ3JlSDv+f6HlH95zbixBfu69vB9nqhNqDYFiWDZulID19/p4+vWJHDzP1lLQdzG
- 6el+VW9YttVA+aqE4ICR+tZzJdPv4tw6hHI8jZIKhrcR4Ijq9DrS1uR/89KqYzNqnb82Pc
- pV0Y+3hdqBg0eKJT2XtO5xKsgeq18Ket7Xkkh3KZlZ3l2hn4GMXo0A3s++6OloRKw8G0rn
- OyajMp6NVZCkZh23n/asHY8Z5sFBvK8NkEqtCduEACdBR8adeFVxUKQVEpYwkid8hrgErW
- mLJxa/VYSdZWjvueabn5M3yxnOn/wcACpZ6vSDMPw9+V+HJIljSO9lmjg0rin3LQhunp1k
- UKbBm4Cw==
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD53F7IKNvL1MsEh63GtQTNnKQBlukISw/zy1eidac8xSj1STtDlYSFKlsbW+FHB6ZNgxXCjJDYea+dFDunEWdtcz11PxK8o2m6b0KAeOcuVpmBbnkivAtLg6YGDIyobt7JDUiaRxdI/R6Vd9wsuv6NuDYxZ3CX+WaEEoEr5HWUHnRqb5c7/tM1j3C2cfcziB0k9xmRNLGmNbt3q+qCe17imzaDp5xQKV8UkqCi1yJTdhD+tbQ3Yv1TeEWzRuNAu54WR6NMlAU2/2RrexB6dTVdaoyHB7oc44XZP1pWtS3343Cgg3TIeKYclRsUM3gWBtPePASNI5qkdnY0JaKhscNH"
- set source built-in
- next
- edit "Fortinet_SSH_CA_Untrusted"
- set password ENC AAAAAUZbPlCdaPFjawlRi/OV0YrhQux9guPfeNCCy32B/dqj1c/t3L0xETVtwYK1ZsZ318fPS9kHaYHlJ2Mlxe/rYt4JCib8HqthUROgnpjNjzc9NAOOjMG57nWmD93ZJ87I5traXsugeBez+phVo04APAkU1Jc5r88Hu84JgHAXqNc8yhxj6Iajfluuv6YkIzFfCA==
- set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBWsXfgSx
- xJy69oc1NjwgwLAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDsq5p6258f
- pg2ILxSSNTZAK7aHhLIjW3F08h0ue0q2RTYW1Ni1nkdlsv2suSlLNtYusk4srLP4I1TcOA
- tyaSSVH3rDi/vvxou2YYwRGB/IJirwRFUnOgly3KbNZg6qxwXFtbKLcf+fom0uHazTDRta
- Civl57duRjasyPl9CKC8WYfbY/zG4P0iO6i6W2CLMBpaDPF02hMed63we1RB/VH28HPVGV
- tIOPsnzenj1h0igjwa+jxG1sNvEX7bZahZ2E8JtpOUgU5NmDe8HE8Isa/6WQeI0o+DOpZO
- JEtbx4J6eKfraAUmJODPz85LsFMpuU6MXDUj7gl6vqoi9rFkwwD1AAADwIzPYcWgyZ9soV
- NcDz5XDYWLze1p689PsmE5MXpgDbaRnqBaDpB7wwqy81u6grgj2j40/DGr3yDoemfOSCq4
- NaaLidMVq4GukCYtAUgR0ojEO+PDupIe6Wv4P4wkMmIU4vsFPSa7ICbqW12gdrU9p/LJkI
- o4WfrbMMiACQrL8F43uMD1yBeIW7nLnhyogEO+/1UIo/8m9A5P1742E24AE1i/DKoPIQvn
- wFxmlvyxrXMI6n4FyiWjRJ4csLBL+2VTeZww6DohZNBrMqmNcVVaZ+Gbf5o3mnv42xdZoJ
- qtOXa03Q+oNTssCM35IBYotuzNM7zk29EqN2enzQ8eGFVqHabg6zBeIvfhiY3IDsIs8iOE
- AHxMlrq5E+xghqTJTfQpt1ciUYWO5xQju5oCstbDqLrexSxpE9756otMxVeCtKYRb8s6mt
- Wso8bjE5LnmcPYhve5Zd7tSSu2TzStX0lgJBYWdZzmYcq0lIA5XnJRdSlcEOAtfSNV+hPq
- sRIX38+QT+eLBjuBLTr4MMHM9rAkLknhrntA/Hke2YHRc6aTKZPsX9sICj/jFxGvqin74D
- Jhq8Sz3AiRSJ5/YvmEncXx9sH4NmxXZrrdUFK7Rm/BxBKLD1/4+FIZSwqCXXCXWMtumDDz
- W0IMzx4m/ongZLir4QeOKJFJBSp6nGBa1oBcJPM2vF1Oc332tUqGxc01JEKQER54c3nYR9
- gvYCsbJ75/DTfhIy3ejK8Q3GL5jkPfIYe8/xZQXKg2ALCchQkfS8M5UB5Saa0R66x3RtID
- 3Om041B10XOjbhHheGzTUY83dkp1CR/oWOSdXSN1E6qNLsCyAysaRy934X8txDMIIQ7l1Q
- gp7DmPwkj1HbutOlBvC2j1qGswRqHcyTlxZvJVPZQRjzIo9CyejstX40KEoz1a02QGYMnp
- ZROuxraOfQSeMI5Wcu3w7sCwx3b787Sp955WGNpHZkr2xpN9nd7bVOBvG9ET34mm2Al6ra
- rjbaCdxbmw9b0qGVI7Y46GeQ/sCnlc22PbHAlpzmSjwcCMSh2HTSgE0eKJzY5ZdSWjyJuK
- kfUfPmbRYKp4tQKHhnO/juW4x0XhDR9S2ZuiN45kZhADToo6/EIBbAef0FLNmIN5iC9uA7
- XIvFTtmgmiCVeekBQxvVzSMqi3MbNzM/M8Y0SCCb0wE9KXX/tGRMIEsYBUZ+jCXRT5evp1
- iERiJL8Maer+GpT/jdkxo5O4lDgWzZMJabbXGW1zkgeuTm+qBE8CKMUn3CZojh6D5eToZh
- d5xO65bQ==
- -----END OPENSSH PRIVATE KEY-----
- "
- set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsq5p6258fpg2ILxSSNTZAK7aHhLIjW3F08h0ue0q2RTYW1Ni1nkdlsv2suSlLNtYusk4srLP4I1TcOAtyaSSVH3rDi/vvxou2YYwRGB/IJirwRFUnOgly3KbNZg6qxwXFtbKLcf+fom0uHazTDRtaCivl57duRjasyPl9CKC8WYfbY/zG4P0iO6i6W2CLMBpaDPF02hMed63we1RB/VH28HPVGVtIOPsnzenj1h0igjwa+jxG1sNvEX7bZahZ2E8JtpOUgU5NmDe8HE8Isa/6WQeI0o+DOpZOJEtbx4J6eKfraAUmJODPz85LsFMpuU6MXDUj7gl6vqoi9rFkwwD1"
- set source built-in
- next
- end
- config firewall ssh setting
- set caname "Fortinet_SSH_CA"
- set untrusted-caname "Fortinet_SSH_CA_Untrusted"
- set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
- set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
- set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
- set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384"
- set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521"
- set hostkey-ed25519 "Fortinet_SSH_ED25519"
- end
- config switch-controller security-policy 802-1X
- edit "802-1X-policy-default"
- set user-group "SSO_Guest_Users"
- set mac-auth-bypass disable
- set open-auth disable
- set eap-passthru enable
- set guest-vlan disable
- set auth-fail-vlan disable
- set framevid-apply enable
- set radius-timeout-overwrite disable
- next
- end
- config switch-controller security-policy local-access
- edit "default"
- set mgmt-allowaccess https ping ssh
- set internal-allowaccess https ping ssh
- next
- end
- config switch-controller lldp-profile
- edit "default"
- set med-tlvs inventory-management network-policy location-identification
- set auto-isl disable
- next
- edit "default-auto-isl"
- next
- end
- config switch-controller qos dot1p-map
- edit "voice-dot1p"
- set priority-0 queue-4
- set priority-1 queue-4
- set priority-2 queue-3
- set priority-3 queue-2
- set priority-4 queue-3
- set priority-5 queue-1
- set priority-6 queue-2
- set priority-7 queue-2
- next
- end
- config switch-controller qos ip-dscp-map
- edit "voice-dscp"
- config map
- edit "1"
- set cos-queue 1
- set value 46
- next
- edit "2"
- set cos-queue 2
- set value 24,26,48,56
- next
- edit "5"
- set cos-queue 3
- set value 34
- next
- end
- next
- end
- config switch-controller qos queue-policy
- edit "default"
- set schedule round-robin
- set rate-by kbps
- config cos-queue
- edit "queue-0"
- next
- edit "queue-1"
- next
- edit "queue-2"
- next
- edit "queue-3"
- next
- edit "queue-4"
- next
- edit "queue-5"
- next
- edit "queue-6"
- next
- edit "queue-7"
- next
- end
- next
- edit "voice-egress"
- set schedule weighted
- set rate-by kbps
- config cos-queue
- edit "queue-0"
- next
- edit "queue-1"
- set weight 0
- next
- edit "queue-2"
- set weight 6
- next
- edit "queue-3"
- set weight 37
- next
- edit "queue-4"
- set weight 12
- next
- edit "queue-5"
- next
- edit "queue-6"
- next
- edit "queue-7"
- next
- end
- next
- end
- config switch-controller qos qos-policy
- edit "default"
- next
- edit "voice-qos"
- set trust-dot1p-map "voice-dot1p"
- set trust-ip-dscp-map "voice-dscp"
- set queue-policy "voice-egress"
- next
- end
- config switch-controller storm-control-policy
- edit "default"
- set description "default storm control on all port"
- next
- edit "auto-config"
- set description "storm control policy for fortilink-isl-icl port"
- set storm-control-mode disabled
- next
- end
- config switch-controller auto-config policy
- edit "default"
- next
- end
- config switch-controller auto-config default
- set fgt-policy "default"
- set isl-policy "default"
- set icl-policy "default"
- end
- config switch-controller switch-profile
- edit "default"
- next
- end
- config wireless-controller wids-profile
- edit "default"
- set comment "Default WIDS profile."
- set ap-scan enable
- set wireless-bridge enable
- set deauth-broadcast enable
- set null-ssid-probe-resp enable
- set long-duration-attack enable
- set invalid-mac-oui enable
- set weak-wep-iv enable
- set auth-frame-flood enable
- set assoc-frame-flood enable
- set spoofed-deauth enable
- set asleap-attack enable
- set eapol-start-flood enable
- set eapol-logoff-flood enable
- set eapol-succ-flood enable
- set eapol-fail-flood enable
- set eapol-pre-succ-flood enable
- set eapol-pre-fail-flood enable
- next
- edit "default-wids-apscan-enabled"
- set ap-scan enable
- next
- end
- config wireless-controller wtp-profile
- edit "FAPU323EV-default"
- config platform
- set type U323EV
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU321EV-default"
- config platform
- set type U321EV
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU24JEV-default"
- config platform
- set type U24JEV
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU223EV-default"
- config platform
- set type U223EV
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU221EV-default"
- config platform
- set type U221EV
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU423E-default"
- config platform
- set type U423E
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU422EV-default"
- config platform
- set type U422EV
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPU421E-default"
- config platform
- set type U421E
- end
- config radio-1
- set band 802.11n
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP321E-default"
- config platform
- set type 321E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS223E-default"
- config platform
- set type S223E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS221E-default"
- config platform
- set type S221E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP224E-default"
- config platform
- set type 224E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP223E-default"
- config platform
- set type 223E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP222E-default"
- config platform
- set type 222E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP221E-default"
- config platform
- set type 221E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP423E-default"
- config platform
- set type 423E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP421E-default"
- config platform
- set type 421E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS423E-default"
- config platform
- set type S423E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS422E-default"
- config platform
- set type S422E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS421E-default"
- config platform
- set type S421E
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS323CR-default"
- config platform
- set type S323CR
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS322CR-default"
- config platform
- set type S322CR
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS321CR-default"
- config platform
- set type S321CR
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS313C-default"
- config platform
- set type S313C
- end
- config radio-1
- set band 802.11ac
- end
- next
- edit "FAPS311C-default"
- config platform
- set type S311C
- end
- config radio-1
- set band 802.11ac
- end
- next
- edit "FAPS323C-default"
- config platform
- set type S323C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS322C-default"
- config platform
- set type S322C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAPS321C-default"
- config platform
- set type S321C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP321C-default"
- config platform
- set type 321C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP223C-default"
- config platform
- set type 223C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP112D-default"
- config platform
- set type 112D
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP24D-default"
- config platform
- set type 24D
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP21D-default"
- config platform
- set type 21D
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FK214B-default"
- config platform
- set type 214B
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP224D-default"
- config platform
- set type 224D
- end
- config radio-1
- set band 802.11n-5G
- end
- config radio-2
- set band 802.11n,g-only
- end
- next
- edit "FAP222C-default"
- config platform
- set type 222C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP25D-default"
- config platform
- set type 25D
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP221C-default"
- config platform
- set type 221C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP320C-default"
- config platform
- set type 320C
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11ac
- end
- next
- edit "FAP28C-default"
- config platform
- set type 28C
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP223B-default"
- config platform
- set type 223B
- end
- config radio-1
- set band 802.11n-5G
- end
- config radio-2
- set band 802.11n,g-only
- end
- next
- edit "FAP14C-default"
- config platform
- set type 14C
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP11C-default"
- config platform
- set type 11C
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP320B-default"
- config platform
- set type 320B
- end
- config radio-1
- set band 802.11n-5G
- end
- config radio-2
- set band 802.11n,g-only
- end
- next
- edit "FAP112B-default"
- config platform
- set type 112B
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP222B-default"
- config platform
- set type 222B
- end
- config radio-1
- set band 802.11n,g-only
- end
- config radio-2
- set band 802.11n-5G
- end
- next
- edit "FAP210B-default"
- config platform
- set type 210B
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- edit "FAP220B-default"
- config radio-1
- set band 802.11n-5G
- end
- config radio-2
- set band 802.11n,g-only
- end
- next
- edit "AP-11N-default"
- config platform
- set type AP-11N
- end
- config radio-1
- set band 802.11n,g-only
- end
- next
- end
- config wireless-controller utm-profile
- edit "wifi-default"
- set comment "Default configuration for offloading WiFi traffic."
- set ips-sensor "wifi-default"
- set application-list "wifi-default"
- set antivirus-profile "wifi-default"
- set webfilter-profile "wifi-default"
- next
- end
- config log memory setting
- set status enable
- end
- config log disk setting
- set status enable
- end
- config log null-device setting
- set status disable
- end
- config router rip
- config redistribute "connected"
- end
- config redistribute "static"
- end
- config redistribute "ospf"
- end
- config redistribute "bgp"
- end
- config redistribute "isis"
- end
- end
- config router ripng
- config redistribute "connected"
- end
- config redistribute "static"
- end
- config redistribute "ospf"
- end
- config redistribute "bgp"
- end
- config redistribute "isis"
- end
- end
- config router static
- edit 1
- set dst 10.44.112.32 255.255.255.240
- set gateway 192.168.253.1
- set device "port2"
- next
- edit 2
- set gateway 10.78.9.19
- set distance 1
- set device "port1"
- next
- edit 3
- set dst 10.44.127.0 255.255.255.0
- set distance 1
- set virtual-wan-link enable
- next
- end
- config router ospf
- config redistribute "connected"
- end
- config redistribute "static"
- end
- config redistribute "rip"
- end
- config redistribute "bgp"
- end
- config redistribute "isis"
- end
- end
- config router ospf6
- config redistribute "connected"
- end
- config redistribute "static"
- end
- config redistribute "rip"
- end
- config redistribute "bgp"
- end
- config redistribute "isis"
- end
- end
- config router bgp
- config redistribute "connected"
- end
- config redistribute "rip"
- end
- config redistribute "ospf"
- end
- config redistribute "static"
- end
- config redistribute "isis"
- end
- config redistribute6 "connected"
- end
- config redistribute6 "rip"
- end
- config redistribute6 "ospf"
- end
- config redistribute6 "static"
- end
- config redistribute6 "isis"
- end
- end
- config router isis
- config redistribute "connected"
- end
- config redistribute "rip"
- end
- config redistribute "ospf"
- end
- config redistribute "bgp"
- end
- config redistribute "static"
- end
- config redistribute6 "connected"
- end
- config redistribute6 "rip"
- end
- config redistribute6 "ospf"
- end
- config redistribute6 "bgp"
- end
- config redistribute6 "static"
- end
- end
- config router multicast
- end
Add Comment
Please, Sign In to add comment