#config-version=FGVMK6-6.2.0-FW-build0866-190328:opmode=0:vdom=0:user=admin#co

1. #config-version=FGVMK6-6.2.0-FW-build0866-190328:opmode=0:vdom=0:user=admin
2. #conf_file_ver=185280594225277
3. #buildno=0866
4. #global_vdom=1
5. config system global
6. set admintimeout 50
7. set alias "FortiGate-VM64-KVM"
8. set hostname "SERRINHA"
9. set timezone 18
10. end
11. config system accprofile
12. edit "super_admin"
13. set secfabgrp read-write
14. set ftviewgrp read-write
15. set authgrp read-write
16. set sysgrp read-write
17. set netgrp read-write
18. set loggrp read-write
19. set fwgrp read-write
20. set vpngrp read-write
21. set utmgrp read-write
22. set wanoptgrp read-write
23. set wifi read-write
24. next
25. edit "prof_admin"
26. set secfabgrp read-write
27. set ftviewgrp read-write
28. set authgrp read-write
29. set sysgrp read-write
30. set netgrp read-write
31. set loggrp read-write
32. set fwgrp read-write
33. set vpngrp read-write
34. set utmgrp read-write
35. set wanoptgrp read-write
36. set wifi read-write
37. next
38. end
39. config system interface
40. edit "port1"
41. set vdom "root"
42. set mode dhcp
43. set allowaccess ping ssh http
44. set type physical
45. set snmp-index 1
46. next
47. edit "port2"
48. set vdom "root"
49. set ip 192.168.253.10 255.255.255.0
50. set allowaccess ping ssh http
51. set type physical
52. set snmp-index 2
53. next
54. edit "port3"
55. set vdom "root"
56. set ip 192.168.228.1 255.255.255.0
57. set allowaccess ping ssh http
58. set type physical
59. set snmp-index 3
60. next
61. edit "port4"
62. set vdom "root"
63. set type physical
64. set snmp-index 4
65. next
66. edit "port5"
67. set vdom "root"
68. set type physical
69. set snmp-index 5
70. next
71. edit "port6"
72. set vdom "root"
73. set type physical
74. set snmp-index 6
75. next
76. edit "port7"
77. set vdom "root"
78. set type physical
79. set snmp-index 7
80. next
81. edit "port8"
82. set vdom "root"
83. set type physical
84. set snmp-index 8
85. next
86. edit "port9"
87. set vdom "root"
88. set type physical
89. set snmp-index 9
90. next
91. edit "port10"
92. set vdom "root"
93. set type physical
94. set snmp-index 10
95. next
96. edit "ssl.root"
97. set vdom "root"
98. set type tunnel
99. set alias "SSL VPN interface"
100. set snmp-index 11
101. next
102. edit "toDC-CURITIBA"
103. set vdom "root"
104. set ip 10.10.228.2 255.255.255.255
105. set allowaccess ping
106. set type tunnel
107. set remote-ip 10.10.228.1 255.255.255.255
108. set snmp-index 12
109. set interface "port1"
110. next
111. edit "toDC-CTA-TERR"
112. set vdom "root"
113. set ip 10.20.228.2 255.255.255.255
114. set allowaccess ping
115. set type tunnel
116. set remote-ip 10.20.228.1 255.255.255.255
117. set snmp-index 13
118. set interface "port2"
119. next
120. end
121. config system custom-language
122. edit "en"
123. set filename "en"
124. next
125. edit "fr"
126. set filename "fr"
127. next
128. edit "sp"
129. set filename "sp"
130. next
131. edit "pg"
132. set filename "pg"
133. next
134. edit "x-sjis"
135. set filename "x-sjis"
136. next
137. edit "big5"
138. set filename "big5"
139. next
140. edit "GB2312"
141. set filename "GB2312"
142. next
143. edit "euc-kr"
144. set filename "euc-kr"
145. next
146. end
147. config system admin
148. edit "admin"
149. set accprofile "super_admin"
150. set vdom "root"
151. config gui-dashboard
152. edit 1
153. set name "Status"
154. set vdom "root"
155. set permanent enable
156. config widget
157. edit 1
158. set width 1
159. set height 1
160. next
161. edit 2
162. set type licinfo
163. set x-pos 1
164. set width 1
165. set height 1
166. next
167. edit 3
168. set type vminfo
169. set x-pos 2
170. set width 1
171. set height 1
172. next
173. edit 4
174. set type forticloud
175. set x-pos 3
176. set width 1
177. set height 1
178. next
179. edit 5
180. set type security-fabric
181. set x-pos 4
182. set width 1
183. set height 1
184. next
185. edit 6
186. set type security-fabric-ranking
187. set x-pos 5
188. set width 1
189. set height 1
190. next
191. edit 7
192. set type admins
193. set x-pos 6
194. set width 1
195. set height 1
196. next
197. edit 8
198. set type cpu-usage
199. set x-pos 7
200. set width 2
201. set height 1
202. next
203. edit 9
204. set type memory-usage
205. set x-pos 8
206. set width 2
207. set height 1
208. next
209. edit 10
210. set type sessions
211. set x-pos 9
212. set width 2
213. set height 1
214. next
215. end
216. next
217. edit 2
218. set name "Top Usage LAN/DMZ"
219. set vdom "root"
220. set layout-type fixed
221. set columns 12
222. config widget
223. edit 1
224. set type fortiview
225. set width 6
226. set height 3
227. set fortiview-type "source"
228. set fortiview-sort-by "bytes"
229. set fortiview-timeframe "hour"
230. set fortiview-visualization "table"
231. next
232. edit 2
233. set type fortiview
234. set x-pos 1
235. set width 6
236. set height 3
237. set fortiview-type "destination"
238. set fortiview-sort-by "sessions"
239. set fortiview-timeframe "hour"
240. set fortiview-visualization "table"
241. next
242. edit 3
243. set type fortiview
244. set x-pos 2
245. set width 6
246. set height 3
247. set fortiview-type "application"
248. set fortiview-sort-by "bytes"
249. set fortiview-timeframe "hour"
250. set fortiview-visualization "table"
251. next
252. edit 4
253. set type fortiview
254. set x-pos 3
255. set width 6
256. set height 3
257. set fortiview-type "website"
258. set fortiview-sort-by "sessions"
259. set fortiview-timeframe "hour"
260. set fortiview-visualization "table"
261. next
262. end
263. next
264. edit 3
265. set name "Security"
266. set vdom "root"
267. set layout-type fixed
268. set columns 12
269. config widget
270. edit 1
271. set type fortiview
272. set width 6
273. set height 3
274. set fortiview-type "compromisedHosts"
275. set fortiview-sort-by "verdict"
276. set fortiview-timeframe "hour"
277. set fortiview-visualization "table"
278. next
279. edit 2
280. set type fortiview
281. set x-pos 1
282. set width 6
283. set height 3
284. set fortiview-type "threats"
285. set fortiview-sort-by "threatLevel"
286. set fortiview-timeframe "hour"
287. set fortiview-visualization "table"
288. next
289. edit 3
290. set type vulnerability-summary
291. set x-pos 2
292. set width 3
293. set height 3
294. next
295. edit 4
296. set type host-scan-summary
297. set x-pos 3
298. set width 3
299. set height 3
300. next
301. edit 5
302. set type fortiview
303. set x-pos 4
304. set width 6
305. set height 3
306. set fortiview-type "endpointDevices"
307. set fortiview-sort-by "vulnerabilities"
308. set fortiview-timeframe "hour"
309. set fortiview-visualization "table"
310. next
311. end
312. next
313. end
314. next
315. end
316. config system sso-admin
317. end
318. config system ha
319. set override disable
320. end
321. config system storage
322. edit "Virtual-Disk"
323. set status enable
324. set media-status enable
325. set order 1
326. set partition "LOGUSEDXABA32AD6"
327. set device "/dev/vdb1"
328. set size 30236
329. set usage log
330. next
331. end
332. config system dns
333. set primary 208.91.112.53
334. set secondary 208.91.112.52
335. end
336. config system replacemsg-image
337. edit "logo_fnet"
338. set image-type gif
339. set image-base64 ''
340. next
341. edit "logo_fguard_wf"
342. set image-type gif
343. set image-base64 ''
344. next
345. edit "logo_fw_auth"
346. set image-base64 ''
347. next
348. edit "logo_v2_fnet"
349. set image-base64 ''
350. next
351. edit "logo_v2_fguard_wf"
352. set image-base64 ''
353. next
354. edit "logo_v2_fguard_app"
355. set image-base64 ''
356. next
357. end
358. config system replacemsg mail "email-av-fail"
359. end
360. config system replacemsg mail "email-block"
361. end
362. config system replacemsg mail "email-dlp-subject"
363. end
364. config system replacemsg mail "email-dlp-ban"
365. end
366. config system replacemsg mail "email-filesize"
367. end
368. config system replacemsg mail "email-file-filter"
369. end
370. config system replacemsg mail "partial"
371. end
372. config system replacemsg mail "smtp-block"
373. end
374. config system replacemsg mail "smtp-filesize"
375. end
376. config system replacemsg mail "email-decompress-limit"
377. end
378. config system replacemsg mail "smtp-decompress-limit"
379. end
380. config system replacemsg http "bannedword"
381. end
382. config system replacemsg http "url-block"
383. end
384. config system replacemsg http "urlfilter-err"
385. end
386. config system replacemsg http "infcache-block"
387. end
388. config system replacemsg http "http-block"
389. end
390. config system replacemsg http "http-filesize"
391. end
392. config system replacemsg http "http-dlp-ban"
393. end
394. config system replacemsg http "http-archive-block"
395. end
396. config system replacemsg http "http-contenttypeblock"
397. end
398. config system replacemsg http "https-invalid-cert-block"
399. end
400. config system replacemsg http "https-untrusted-cert-block"
401. end
402. config system replacemsg http "https-blacklisted-cert-block"
403. end
404. config system replacemsg http "http-client-block"
405. end
406. config system replacemsg http "http-client-filesize"
407. end
408. config system replacemsg http "http-client-bannedword"
409. end
410. config system replacemsg http "http-post-block"
411. end
412. config system replacemsg http "http-client-archive-block"
413. end
414. config system replacemsg http "switching-protocols-block"
415. end
416. config system replacemsg webproxy "deny"
417. end
418. config system replacemsg webproxy "user-limit"
419. end
420. config system replacemsg webproxy "auth-challenge"
421. end
422. config system replacemsg webproxy "auth-login-fail"
423. end
424. config system replacemsg webproxy "auth-group-info-fail"
425. end
426. config system replacemsg webproxy "http-err"
427. end
428. config system replacemsg webproxy "auth-ip-blackout"
429. end
430. config system replacemsg ftp "ftp-av-fail"
431. end
432. config system replacemsg ftp "ftp-dl-blocked"
433. end
434. config system replacemsg ftp "ftp-dl-filesize"
435. end
436. config system replacemsg ftp "ftp-dl-dlp-ban"
437. end
438. config system replacemsg ftp "ftp-explicit-banner"
439. end
440. config system replacemsg ftp "ftp-dl-archive-block"
441. end
442. config system replacemsg nntp "nntp-av-fail"
443. end
444. config system replacemsg nntp "nntp-dl-blocked"
445. end
446. config system replacemsg nntp "nntp-dl-filesize"
447. end
448. config system replacemsg nntp "nntp-dlp-subject"
449. end
450. config system replacemsg nntp "nntp-dlp-ban"
451. end
452. config system replacemsg nntp "email-decompress-limit"
453. end
454. config system replacemsg fortiguard-wf "ftgd-block"
455. end
456. config system replacemsg fortiguard-wf "http-err"
457. end
458. config system replacemsg fortiguard-wf "ftgd-ovrd"
459. end
460. config system replacemsg fortiguard-wf "ftgd-quota"
461. end
462. config system replacemsg fortiguard-wf "ftgd-warning"
463. end
464. config system replacemsg spam "ipblocklist"
465. end
466. config system replacemsg spam "smtp-spam-dnsbl"
467. end
468. config system replacemsg spam "smtp-spam-feip"
469. end
470. config system replacemsg spam "smtp-spam-helo"
471. end
472. config system replacemsg spam "smtp-spam-emailblack"
473. end
474. config system replacemsg spam "smtp-spam-mimeheader"
475. end
476. config system replacemsg spam "reversedns"
477. end
478. config system replacemsg spam "smtp-spam-bannedword"
479. end
480. config system replacemsg spam "smtp-spam-ase"
481. end
482. config system replacemsg spam "submit"
483. end
484. config system replacemsg alertmail "alertmail-virus"
485. end
486. config system replacemsg alertmail "alertmail-block"
487. end
488. config system replacemsg alertmail "alertmail-nids-event"
489. end
490. config system replacemsg alertmail "alertmail-crit-event"
491. end
492. config system replacemsg alertmail "alertmail-disk-full"
493. end
494. config system replacemsg admin "pre_admin-disclaimer-text"
495. end
496. config system replacemsg admin "post_admin-disclaimer-text"
497. end
498. config system replacemsg auth "auth-disclaimer-page-1"
499. end
500. config system replacemsg auth "auth-disclaimer-page-2"
501. end
502. config system replacemsg auth "auth-disclaimer-page-3"
503. end
504. config system replacemsg auth "auth-reject-page"
505. end
506. config system replacemsg auth "auth-login-page"
507. end
508. config system replacemsg auth "auth-login-failed-page"
509. end
510. config system replacemsg auth "auth-token-login-page"
511. end
512. config system replacemsg auth "auth-token-login-failed-page"
513. end
514. config system replacemsg auth "auth-success-msg"
515. end
516. config system replacemsg auth "auth-challenge-page"
517. end
518. config system replacemsg auth "auth-keepalive-page"
519. end
520. config system replacemsg auth "auth-portal-page"
521. end
522. config system replacemsg auth "auth-password-page"
523. end
524. config system replacemsg auth "auth-fortitoken-page"
525. end
526. config system replacemsg auth "auth-next-fortitoken-page"
527. end
528. config system replacemsg auth "auth-email-token-page"
529. end
530. config system replacemsg auth "auth-sms-token-page"
531. end
532. config system replacemsg auth "auth-email-harvesting-page"
533. end
534. config system replacemsg auth "auth-email-failed-page"
535. end
536. config system replacemsg auth "auth-cert-passwd-page"
537. end
538. config system replacemsg auth "auth-guest-print-page"
539. end
540. config system replacemsg auth "auth-guest-email-page"
541. end
542. config system replacemsg auth "auth-success-page"
543. end
544. config system replacemsg auth "auth-block-notification-page"
545. end
546. config system replacemsg auth "auth-quarantine-page"
547. end
548. config system replacemsg auth "auth-qtn-reject-page"
549. end
550. config system replacemsg sslvpn "sslvpn-login"
551. end
552. config system replacemsg sslvpn "sslvpn-header"
553. end
554. config system replacemsg sslvpn "sslvpn-limit"
555. end
556. config system replacemsg sslvpn "hostcheck-error"
557. end
558. config system replacemsg device-detection-portal "device-detection-failure"
559. end
560. config system replacemsg nac-quar "nac-quar-virus"
561. end
562. config system replacemsg nac-quar "nac-quar-dos"
563. end
564. config system replacemsg nac-quar "nac-quar-ips"
565. end
566. config system replacemsg nac-quar "nac-quar-dlp"
567. end
568. config system replacemsg nac-quar "nac-quar-admin"
569. end
570. config system replacemsg nac-quar "nac-quar-app"
571. end
572. config system replacemsg traffic-quota "per-ip-shaper-block"
573. end
574. config system replacemsg utm "virus-html"
575. end
576. config system replacemsg utm "client-virus-html"
577. end
578. config system replacemsg utm "virus-text"
579. end
580. config system replacemsg utm "dlp-html"
581. end
582. config system replacemsg utm "dlp-text"
583. end
584. config system replacemsg utm "appblk-html"
585. end
586. config system replacemsg utm "ipsblk-html"
587. end
588. config system replacemsg utm "ipsfail-html"
589. end
590. config system replacemsg utm "exe-text"
591. end
592. config system replacemsg utm "waf-html"
593. end
594. config system replacemsg utm "outbreak-prevention-html"
595. end
596. config system replacemsg utm "outbreak-prevention-text"
597. end
598. config system replacemsg icap "icap-req-resp"
599. end
600. config system snmp sysinfo
601. end
602. config firewall internet-service-definition
603. end
604. config firewall internet-service-cat-definition
605. end
606. config system cluster-sync
607. end
608. config system fortiguard
609. set update-server-location usa
610. set sdns-server-ip "208.91.112.220"
611. end
612. config ips global
613. end
614. config system email-server
615. set server "notification.fortinet.net"
616. set port 465
617. set security smtps
618. end
619. config system session-helper
620. edit 1
621. set name pptp
622. set protocol 6
623. set port 1723
624. next
625. edit 2
626. set name h323
627. set protocol 6
628. set port 1720
629. next
630. edit 3
631. set name ras
632. set protocol 17
633. set port 1719
634. next
635. edit 4
636. set name tns
637. set protocol 6
638. set port 1521
639. next
640. edit 5
641. set name tftp
642. set protocol 17
643. set port 69
644. next
645. edit 6
646. set name rtsp
647. set protocol 6
648. set port 554
649. next
650. edit 7
651. set name rtsp
652. set protocol 6
653. set port 7070
654. next
655. edit 8
656. set name rtsp
657. set protocol 6
658. set port 8554
659. next
660. edit 9
661. set name ftp
662. set protocol 6
663. set port 21
664. next
665. edit 10
666. set name mms
667. set protocol 6
668. set port 1863
669. next
670. edit 11
671. set name pmap
672. set protocol 6
673. set port 111
674. next
675. edit 12
676. set name pmap
677. set protocol 17
678. set port 111
679. next
680. edit 13
681. set name sip
682. set protocol 17
683. set port 5060
684. next
685. edit 14
686. set name dns-udp
687. set protocol 17
688. set port 53
689. next
690. edit 15
691. set name rsh
692. set protocol 6
693. set port 514
694. next
695. edit 16
696. set name rsh
697. set protocol 6
698. set port 512
699. next
700. edit 17
701. set name dcerpc
702. set protocol 6
703. set port 135
704. next
705. edit 18
706. set name dcerpc
707. set protocol 17
708. set port 135
709. next
710. edit 19
711. set name mgcp
712. set protocol 17
713. set port 2427
714. next
715. edit 20
716. set name mgcp
717. set protocol 17
718. set port 2727
719. next
720. end
721. config system auto-install
722. set auto-install-config enable
723. set auto-install-image enable
724. end
725. config system ntp
726. set ntpsync enable
727. end
728. config system object-tagging
729. edit "default"
730. next
731. end
732. config switch-controller traffic-policy
733. edit "quarantine"
734. set description "Rate control for quarantined traffic"
735. set guaranteed-bandwidth 163840
736. set guaranteed-burst 8192
737. set maximum-burst 163840
738. set cos-queue 0
739. set id 1
740. next
741. edit "sniffer"
742. set description "Rate control for sniffer mirrored traffic"
743. set guaranteed-bandwidth 50000
744. set guaranteed-burst 8192
745. set maximum-burst 163840
746. set cos-queue 0
747. set id 2
748. next
749. end
750. config system settings
751. end
752. config system dhcp server
753. edit 1
754. set dns-service default
755. set default-gateway 192.168.228.1
756. set netmask 255.255.255.0
757. set interface "port3"
758. config ip-range
759. edit 1
760. set start-ip 192.168.228.2
761. set end-ip 192.168.228.254
762. next
763. end
764. set timezone-option default
765. next
766. end
767. config firewall address
768. edit "none"
769. set uuid a39ab858-574f-51ea-74f9-9e214dabefd6
770. set subnet 0.0.0.0 255.255.255.255
771. next
772. edit "login.microsoftonline.com"
773. set uuid a39ac3fc-574f-51ea-6c98-fee2ef77aa17
774. set type fqdn
775. set fqdn "login.microsoftonline.com"
776. next
777. edit "login.microsoft.com"
778. set uuid a39acff0-574f-51ea-9c25-02af6b7db87b
779. set type fqdn
780. set fqdn "login.microsoft.com"
781. next
782. edit "login.windows.net"
783. set uuid a39ad8f6-574f-51ea-0dc0-2c1721836660
784. set type fqdn
785. set fqdn "login.windows.net"
786. next
787. edit "gmail.com"
788. set uuid a39ae0f8-574f-51ea-3716-c16e8c898341
789. set type fqdn
790. set fqdn "gmail.com"
791. next
792. edit "wildcard.google.com"
793. set uuid a39aea8a-574f-51ea-a3a4-6eb02427c8dc
794. set type wildcard-fqdn
795. set wildcard-fqdn "*.google.com"
796. next
797. edit "wildcard.dropbox.com"
798. set uuid a39af692-574f-51ea-44d5-08dc2df08eb6
799. set type wildcard-fqdn
800. set wildcard-fqdn "*.dropbox.com"
801. next
802. edit "all"
803. set uuid a3abef9c-574f-51ea-b1a7-0d9a66a65dea
804. next
805. edit "FIREWALL_AUTH_PORTAL_ADDRESS"
806. set uuid a3abf2a8-574f-51ea-9e38-aff6c5152dfc
807. set visibility disable
808. next
809. edit "FABRIC_DEVICE"
810. set uuid a3abf550-574f-51ea-42ff-a3fb817e1768
811. set comment "IPv4 addresses of Fabric Devices."
812. next
813. edit "SSLVPN_TUNNEL_ADDR1"
814. set uuid a3ae2762-574f-51ea-d3a7-79481719ea0a
815. set type iprange
816. set associated-interface "ssl.root"
817. set start-ip 10.212.134.200
818. set end-ip 10.212.134.210
819. next
820. edit "LAN-228"
821. set uuid 6a4fe2d8-577e-51ea-51e2-1712503fa8fb
822. set associated-interface "port3"
823. set allow-routing enable
824. set subnet 192.168.228.0 255.255.255.0
825. next
826. edit "SERVERS"
827. set uuid 7cd16e4a-577e-51ea-4c00-3d0b71f1c36b
828. set allow-routing enable
829. set subnet 10.44.127.0 255.255.255.0
830. next
831. edit "SERVER2"
832. set uuid 09878d82-5780-51ea-9c45-be28ae79d610
833. set allow-routing enable
834. set subnet 10.44.127.4 255.255.255.255
835. next
836. end
837. config firewall multicast-address
838. edit "all"
839. set start-ip 224.0.0.0
840. set end-ip 239.255.255.255
841. next
842. edit "all_hosts"
843. set start-ip 224.0.0.1
844. set end-ip 224.0.0.1
845. next
846. edit "all_routers"
847. set start-ip 224.0.0.2
848. set end-ip 224.0.0.2
849. next
850. edit "Bonjour"
851. set start-ip 224.0.0.251
852. set end-ip 224.0.0.251
853. next
854. edit "EIGRP"
855. set start-ip 224.0.0.10
856. set end-ip 224.0.0.10
857. next
858. edit "OSPF"
859. set start-ip 224.0.0.5
860. set end-ip 224.0.0.6
861. next
862. end
863. config firewall address6
864. edit "SSLVPN_TUNNEL_IPv6_ADDR1"
865. set uuid a3ae2c9e-574f-51ea-d370-4a236a11727d
866. set ip6 fdff:ffff::/120
867. next
868. edit "all"
869. set uuid a59a63e2-574f-51ea-33e9-3c977cb78c26
870. next
871. edit "none"
872. set uuid a59a74f4-574f-51ea-5d37-4cff18dc79c6
873. set ip6 ::/128
874. next
875. end
876. config firewall multicast-address6
877. edit "all"
878. set ip6 ff00::/8
879. next
880. end
881. config firewall addrgrp
882. edit "G Suite"
883. set uuid a39b0b1e-574f-51ea-bc61-4cfe12f85f13
884. set member "gmail.com" "wildcard.google.com"
885. next
886. edit "Microsoft Office 365"
887. set uuid a39b1a64-574f-51ea-1492-5fde5b5f839f
888. set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
889. next
890. end
891. config firewall wildcard-fqdn custom
892. edit "adobe"
893. set uuid a412264a-574f-51ea-3e69-317947838aab
894. set wildcard-fqdn "*.adobe.com"
895. next
896. edit "Adobe Login"
897. set uuid a4122d3e-574f-51ea-ba6c-33651a6c7ec4
898. set wildcard-fqdn "*.adobelogin.com"
899. next
900. edit "android"
901. set uuid a41233c4-574f-51ea-c1f0-b5acf3c908f8
902. set wildcard-fqdn "*.android.com"
903. next
904. edit "apple"
905. set uuid a4123612-574f-51ea-1ede-bbd88d91db81
906. set wildcard-fqdn "*.apple.com"
907. next
908. edit "appstore"
909. set uuid a41237de-574f-51ea-ca3c-d705f8ae56d9
910. set wildcard-fqdn "*.appstore.com"
911. next
912. edit "auth.gfx.ms"
913. set uuid a4123cde-574f-51ea-b2d7-8a38dd85227e
914. set wildcard-fqdn "*.auth.gfx.ms"
915. next
916. edit "citrix"
917. set uuid a41245b2-574f-51ea-54da-c053b9c42ff5
918. set wildcard-fqdn "*.citrixonline.com"
919. next
920. edit "dropbox.com"
921. set uuid a4124882-574f-51ea-860d-a39411aaac59
922. set wildcard-fqdn "*.dropbox.com"
923. next
924. edit "eease"
925. set uuid a4124f44-574f-51ea-18e0-a9fc1ce0e5cd
926. set wildcard-fqdn "*.eease.com"
927. next
928. edit "firefox update server"
929. set uuid a4125656-574f-51ea-04ac-b78326a7e4fd
930. set wildcard-fqdn "aus*.mozilla.org"
931. next
932. edit "fortinet"
933. set uuid a4125886-574f-51ea-c1a7-d13383363a68
934. set wildcard-fqdn "*.fortinet.com"
935. next
936. edit "googleapis.com"
937. set uuid a41260b0-574f-51ea-bfb6-9acad985687e
938. set wildcard-fqdn "*.googleapis.com"
939. next
940. edit "google-drive"
941. set uuid a41269c0-574f-51ea-2ee2-0e1ed9334188
942. set wildcard-fqdn "*drive.google.com"
943. next
944. edit "google-play2"
945. set uuid a4126bc8-574f-51ea-22a9-f2bc4a1a9d78
946. set wildcard-fqdn "*.ggpht.com"
947. next
948. edit "google-play3"
949. set uuid a4127712-574f-51ea-aaee-bf17d36be0c1
950. set wildcard-fqdn "*.books.google.com"
951. next
952. edit "Gotomeeting"
953. set uuid a4127c44-574f-51ea-0336-65c4d9a28529
954. set wildcard-fqdn "*.gotomeeting.com"
955. next
956. edit "icloud"
957. set uuid a4128cca-574f-51ea-d2f7-b1441dc12a27
958. set wildcard-fqdn "*.icloud.com"
959. next
960. edit "itunes"
961. set uuid a4128fea-574f-51ea-f908-7891dfa931fc
962. set wildcard-fqdn "*itunes.apple.com"
963. next
964. edit "microsoft"
965. set uuid a412c62c-574f-51ea-7f53-282bf412ca49
966. set wildcard-fqdn "*.microsoft.com"
967. next
968. edit "skype"
969. set uuid a412cf28-574f-51ea-c607-c3ec202c97b0
970. set wildcard-fqdn "*.messenger.live.com"
971. next
972. edit "softwareupdate.vmware.com"
973. set uuid a412d5ea-574f-51ea-e46a-46e9a9619fef
974. set wildcard-fqdn "*.softwareupdate.vmware.com"
975. next
976. edit "verisign"
977. set uuid a412e292-574f-51ea-9b29-e2d2664db17a
978. set wildcard-fqdn "*.verisign.com"
979. next
980. edit "Windows update 2"
981. set uuid a412e5da-574f-51ea-7dc7-5d1674ff9a46
982. set wildcard-fqdn "*.windowsupdate.com"
983. next
984. edit "live.com"
985. set uuid a412ef80-574f-51ea-f10b-c08eb4e95506
986. set wildcard-fqdn "*.live.com"
987. next
988. edit "google-play"
989. set uuid a413129e-574f-51ea-c652-b69e192978b5
990. set wildcard-fqdn "*play.google.com"
991. next
992. edit "update.microsoft.com"
993. set uuid a41314d8-574f-51ea-190b-f5c54ab4a08b
994. set wildcard-fqdn "*update.microsoft.com"
995. next
996. edit "swscan.apple.com"
997. set uuid a413202c-574f-51ea-8b54-8677d0eae5e7
998. set wildcard-fqdn "*swscan.apple.com"
999. next
1000. edit "autoupdate.opera.com"
1001. set uuid a413293c-574f-51ea-1f10-953c1a650b0d
1002. set wildcard-fqdn "*autoupdate.opera.com"
1003. next
1004. end
1005. config firewall service category
1006. edit "General"
1007. set comment "General services."
1008. next
1009. edit "Web Access"
1010. set comment "Web access."
1011. next
1012. edit "File Access"
1013. set comment "File access."
1014. next
1015. edit "Email"
1016. set comment "Email services."
1017. next
1018. edit "Network Services"
1019. set comment "Network services."
1020. next
1021. edit "Authentication"
1022. set comment "Authentication service."
1023. next
1024. edit "Remote Access"
1025. set comment "Remote access."
1026. next
1027. edit "Tunneling"
1028. set comment "Tunneling service."
1029. next
1030. edit "VoIP, Messaging & Other Applications"
1031. set comment "VoIP, messaging, and other applications."
1032. next
1033. edit "Web Proxy"
1034. set comment "Explicit web proxy."
1035. next
1036. end
1037. config firewall service custom
1038. edit "ALL"
1039. set category "General"
1040. set protocol IP
1041. next
1042. edit "ALL_TCP"
1043. set category "General"
1044. set tcp-portrange 1-65535
1045. next
1046. edit "ALL_UDP"
1047. set category "General"
1048. set udp-portrange 1-65535
1049. next
1050. edit "ALL_ICMP"
1051. set category "General"
1052. set protocol ICMP
1053. unset icmptype
1054. next
1055. edit "ALL_ICMP6"
1056. set category "General"
1057. set protocol ICMP6
1058. unset icmptype
1059. next
1060. edit "GRE"
1061. set category "Tunneling"
1062. set protocol IP
1063. set protocol-number 47
1064. next
1065. edit "AH"
1066. set category "Tunneling"
1067. set protocol IP
1068. set protocol-number 51
1069. next
1070. edit "ESP"
1071. set category "Tunneling"
1072. set protocol IP
1073. set protocol-number 50
1074. next
1075. edit "AOL"
1076. set visibility disable
1077. set tcp-portrange 5190-5194
1078. next
1079. edit "BGP"
1080. set category "Network Services"
1081. set tcp-portrange 179
1082. next
1083. edit "DHCP"
1084. set category "Network Services"
1085. set udp-portrange 67-68
1086. next
1087. edit "DNS"
1088. set category "Network Services"
1089. set tcp-portrange 53
1090. set udp-portrange 53
1091. next
1092. edit "FINGER"
1093. set visibility disable
1094. set tcp-portrange 79
1095. next
1096. edit "FTP"
1097. set category "File Access"
1098. set tcp-portrange 21
1099. next
1100. edit "FTP_GET"
1101. set category "File Access"
1102. set tcp-portrange 21
1103. next
1104. edit "FTP_PUT"
1105. set category "File Access"
1106. set tcp-portrange 21
1107. next
1108. edit "GOPHER"
1109. set visibility disable
1110. set tcp-portrange 70
1111. next
1112. edit "H323"
1113. set category "VoIP, Messaging & Other Applications"
1114. set tcp-portrange 1720 1503
1115. set udp-portrange 1719
1116. next
1117. edit "HTTP"
1118. set category "Web Access"
1119. set tcp-portrange 80
1120. next
1121. edit "HTTPS"
1122. set category "Web Access"
1123. set tcp-portrange 443
1124. next
1125. edit "IKE"
1126. set category "Tunneling"
1127. set udp-portrange 500 4500
1128. next
1129. edit "IMAP"
1130. set category "Email"
1131. set tcp-portrange 143
1132. next
1133. edit "IMAPS"
1134. set category "Email"
1135. set tcp-portrange 993
1136. next
1137. edit "Internet-Locator-Service"
1138. set visibility disable
1139. set tcp-portrange 389
1140. next
1141. edit "IRC"
1142. set category "VoIP, Messaging & Other Applications"
1143. set tcp-portrange 6660-6669
1144. next
1145. edit "L2TP"
1146. set category "Tunneling"
1147. set tcp-portrange 1701
1148. set udp-portrange 1701
1149. next
1150. edit "LDAP"
1151. set category "Authentication"
1152. set tcp-portrange 389
1153. next
1154. edit "NetMeeting"
1155. set visibility disable
1156. set tcp-portrange 1720
1157. next
1158. edit "NFS"
1159. set category "File Access"
1160. set tcp-portrange 111 2049
1161. set udp-portrange 111 2049
1162. next
1163. edit "NNTP"
1164. set visibility disable
1165. set tcp-portrange 119
1166. next
1167. edit "NTP"
1168. set category "Network Services"
1169. set tcp-portrange 123
1170. set udp-portrange 123
1171. next
1172. edit "OSPF"
1173. set category "Network Services"
1174. set protocol IP
1175. set protocol-number 89
1176. next
1177. edit "PC-Anywhere"
1178. set category "Remote Access"
1179. set tcp-portrange 5631
1180. set udp-portrange 5632
1181. next
1182. edit "PING"
1183. set category "Network Services"
1184. set protocol ICMP
1185. set icmptype 8
1186. unset icmpcode
1187. next
1188. edit "TIMESTAMP"
1189. set protocol ICMP
1190. set visibility disable
1191. set icmptype 13
1192. unset icmpcode
1193. next
1194. edit "INFO_REQUEST"
1195. set protocol ICMP
1196. set visibility disable
1197. set icmptype 15
1198. unset icmpcode
1199. next
1200. edit "INFO_ADDRESS"
1201. set protocol ICMP
1202. set visibility disable
1203. set icmptype 17
1204. unset icmpcode
1205. next
1206. edit "ONC-RPC"
1207. set category "Remote Access"
1208. set tcp-portrange 111
1209. set udp-portrange 111
1210. next
1211. edit "DCE-RPC"
1212. set category "Remote Access"
1213. set tcp-portrange 135
1214. set udp-portrange 135
1215. next
1216. edit "POP3"
1217. set category "Email"
1218. set tcp-portrange 110
1219. next
1220. edit "POP3S"
1221. set category "Email"
1222. set tcp-portrange 995
1223. next
1224. edit "PPTP"
1225. set category "Tunneling"
1226. set tcp-portrange 1723
1227. next
1228. edit "QUAKE"
1229. set visibility disable
1230. set udp-portrange 26000 27000 27910 27960
1231. next
1232. edit "RAUDIO"
1233. set visibility disable
1234. set udp-portrange 7070
1235. next
1236. edit "REXEC"
1237. set visibility disable
1238. set tcp-portrange 512
1239. next
1240. edit "RIP"
1241. set category "Network Services"
1242. set udp-portrange 520
1243. next
1244. edit "RLOGIN"
1245. set visibility disable
1246. set tcp-portrange 513:512-1023
1247. next
1248. edit "RSH"
1249. set visibility disable
1250. set tcp-portrange 514:512-1023
1251. next
1252. edit "SCCP"
1253. set category "VoIP, Messaging & Other Applications"
1254. set tcp-portrange 2000
1255. next
1256. edit "SIP"
1257. set category "VoIP, Messaging & Other Applications"
1258. set tcp-portrange 5060
1259. set udp-portrange 5060
1260. next
1261. edit "SIP-MSNmessenger"
1262. set category "VoIP, Messaging & Other Applications"
1263. set tcp-portrange 1863
1264. next
1265. edit "SAMBA"
1266. set category "File Access"
1267. set tcp-portrange 139
1268. next
1269. edit "SMTP"
1270. set category "Email"
1271. set tcp-portrange 25
1272. next
1273. edit "SMTPS"
1274. set category "Email"
1275. set tcp-portrange 465
1276. next
1277. edit "SNMP"
1278. set category "Network Services"
1279. set tcp-portrange 161-162
1280. set udp-portrange 161-162
1281. next
1282. edit "SSH"
1283. set category "Remote Access"
1284. set tcp-portrange 22
1285. next
1286. edit "SYSLOG"
1287. set category "Network Services"
1288. set udp-portrange 514
1289. next
1290. edit "TALK"
1291. set visibility disable
1292. set udp-portrange 517-518
1293. next
1294. edit "TELNET"
1295. set category "Remote Access"
1296. set tcp-portrange 23
1297. next
1298. edit "TFTP"
1299. set category "File Access"
1300. set udp-portrange 69
1301. next
1302. edit "MGCP"
1303. set visibility disable
1304. set udp-portrange 2427 2727
1305. next
1306. edit "UUCP"
1307. set visibility disable
1308. set tcp-portrange 540
1309. next
1310. edit "VDOLIVE"
1311. set visibility disable
1312. set tcp-portrange 7000-7010
1313. next
1314. edit "WAIS"
1315. set visibility disable
1316. set tcp-portrange 210
1317. next
1318. edit "WINFRAME"
1319. set visibility disable
1320. set tcp-portrange 1494 2598
1321. next
1322. edit "X-WINDOWS"
1323. set category "Remote Access"
1324. set tcp-portrange 6000-6063
1325. next
1326. edit "PING6"
1327. set protocol ICMP6
1328. set visibility disable
1329. set icmptype 128
1330. unset icmpcode
1331. next
1332. edit "MS-SQL"
1333. set category "VoIP, Messaging & Other Applications"
1334. set tcp-portrange 1433 1434
1335. next
1336. edit "MYSQL"
1337. set category "VoIP, Messaging & Other Applications"
1338. set tcp-portrange 3306
1339. next
1340. edit "RDP"
1341. set category "Remote Access"
1342. set tcp-portrange 3389
1343. next
1344. edit "VNC"
1345. set category "Remote Access"
1346. set tcp-portrange 5900
1347. next
1348. edit "DHCP6"
1349. set category "Network Services"
1350. set udp-portrange 546 547
1351. next
1352. edit "SQUID"
1353. set category "Tunneling"
1354. set tcp-portrange 3128
1355. next
1356. edit "SOCKS"
1357. set category "Tunneling"
1358. set tcp-portrange 1080
1359. set udp-portrange 1080
1360. next
1361. edit "WINS"
1362. set category "Remote Access"
1363. set tcp-portrange 1512
1364. set udp-portrange 1512
1365. next
1366. edit "RADIUS"
1367. set category "Authentication"
1368. set udp-portrange 1812 1813
1369. next
1370. edit "RADIUS-OLD"
1371. set visibility disable
1372. set udp-portrange 1645 1646
1373. next
1374. edit "CVSPSERVER"
1375. set visibility disable
1376. set tcp-portrange 2401
1377. set udp-portrange 2401
1378. next
1379. edit "AFS3"
1380. set category "File Access"
1381. set tcp-portrange 7000-7009
1382. set udp-portrange 7000-7009
1383. next
1384. edit "TRACEROUTE"
1385. set category "Network Services"
1386. set udp-portrange 33434-33535
1387. next
1388. edit "RTSP"
1389. set category "VoIP, Messaging & Other Applications"
1390. set tcp-portrange 554 7070 8554
1391. set udp-portrange 554
1392. next
1393. edit "MMS"
1394. set visibility disable
1395. set tcp-portrange 1755
1396. set udp-portrange 1024-5000
1397. next
1398. edit "KERBEROS"
1399. set category "Authentication"
1400. set tcp-portrange 88 464
1401. set udp-portrange 88 464
1402. next
1403. edit "LDAP_UDP"
1404. set category "Authentication"
1405. set udp-portrange 389
1406. next
1407. edit "SMB"
1408. set category "File Access"
1409. set tcp-portrange 445
1410. next
1411. edit "NONE"
1412. set visibility disable
1413. set tcp-portrange 0
1414. next
1415. edit "webproxy"
1416. set proxy enable
1417. set category "Web Proxy"
1418. set protocol ALL
1419. set tcp-portrange 0-65535:0-65535
1420. next
1421. end
1422. config firewall service group
1423. edit "Email Access"
1424. set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
1425. next
1426. edit "Web Access"
1427. set member "DNS" "HTTP" "HTTPS"
1428. next
1429. edit "Windows AD"
1430. set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
1431. next
1432. edit "Exchange Server"
1433. set member "DCE-RPC" "DNS" "HTTPS"
1434. next
1435. end
1436. config vpn certificate ca
1437. end
1438. config vpn certificate local
1439. edit "Fortinet_CA_SSL"
1440. set password ENC qVGj8Xd+OCkrDrIBn3DOYsb+PJPQ1LKr9J+bPGgp79z6ekvA406LYgMpwB1AsEFiKycFB3hRl8fIBEgcnsnOhbfkFJBDCAFCMpyC+jxXDhJDkYgEVQJB198vcKwYJKwOX2piPdi/q6Oa+rxfJdr68ZcgjUZlu4deczZuBJxqmQAXNZgQPA0YZC13EJ46ncG5oAaHgQ==
1441. set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
1442. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1443. MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIw1notdRa36cCAggA
1444. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAVfg9hWziBRBIIBYGg6QZI6mE3F
1445. xfIPhbr/NgGi+/T7RGivWeYLkGhfV9OR1d/KZtOC1MYkezJjzV+3AogJ46jiVejV
1446. SF3PXre7Rt15iM6O4vANubnLS47yhkCOk3sgIYiBJ37bn3OpqUjDG170uo+YkHV6
1447. Lz1jTHUAbhNub4xvNWEaOBHowjRHSeOFELLnxR8T4rSX6KHhzVQOfz45fDgqvWF0
1448. H1mTwuq3CoarmGVcQMRi9G036qyANcpcpQ64hspCKBtVfH9pYycINcYpx1bkisQm
1449. ikLLYzh7GaMbzoL5R/i/snuqrrrN258SNOafjHygLh6ub4d48hGvSs1h/jc2QN8b
1450. tsuiVj2wXQnnKxzd7mtn00Wi4lwLt8vj1mzLrLoVLnIgmKYubZb34xz/qlL5pjzB
1451. dqQozbFAYo7kAI7rRLZXU7kXGP+5jM71m7UeNqD5HHe0n0NydgZqP+jPCwj+9I/w
1452. HHOQU5Vuox8=
1453. -----END ENCRYPTED PRIVATE KEY-----"
1454. set certificate "-----BEGIN CERTIFICATE-----
1455. MIICXDCCAgagAwIBAgIINV9bVNCGG78wDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
1456. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1457. ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
1458. dHkxGTAXBgNVBAMMEEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1
1459. cHBvcnRAZm9ydGluZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAx
1460. M1owgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
1461. DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
1462. Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkq
1463. hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMFwwDQYJKoZIhvcNAQEBBQAD
1464. SwAwSAJBAKPupHNHcqAR9rfd0hdrG+it/S14EeedPrTEEQJ38YrPcRDQYr20SgsL
1465. sicwOc1YcoUCqDrI2UtZbPf+AZhno1MCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
1466. BgkqhkiG9w0BAQsFAANBAApI53cI54BTdaagVIcwpsR7btsuvlZTVPHOEH6XVjU5
1467. Y7za+9jP5kk5dqQu9teYu4992LA67ERMiP2OxdPE4H0=
1468. -----END CERTIFICATE-----"
1469. set range global
1470. set source factory
1471. set last-updated 1582581014
1472. next
1473. edit "Fortinet_CA_Untrusted"
1474. set password ENC 1MUlL+WSVT6oSxGPsnyndomlLjquRTZQ2UPCKtXRw78enqHfS2iTtrf5DDhs7tDclcDUgpO9oKcmqTiQ4jRTgVIaJu0IsE/AFsFamOLBFBEqDvc4bH2OWbBilAyVPNd84l43NJ9kDzBHSQL5gwnnabIjV2Ycnh44XthqT2VlQd30QHRedFppzZUzUDeOMUrfAbMFpA==
1475. set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
1476. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1477. MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIG9uRNzwsBmECAggA
1478. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBknGT7raMraBIIBYGp+mf5rERbp
1479. rPjMfWZ02Bo9PODFRZ4pVfYNqa2ESiRDEgXLibFy0TJtmQa2oiV7pwGaGRJWNuhR
1480. ZiVDVAfbr8WHvHHbsWUJyt0/jDZbuSDNU4E8WnCBndXC8ItaBuicN6wkkvfWrsJi
1481. c5v20Oj+oBRddWI8EMp3D419ICNfFIsZL60kWSjDE41KtJ0elCiaTAQs++m/hWzk
1482. Tt7HsaS+TfTlj/mx2Kkt948dJq6wH/OpWesAQjrUavQDOYF/4ZURZvjR6t3Fo9Az
1483. JETwr5lKM5n0YMWLQ7TWyoULg/jJub1fN9yIFUoqtsqCdtby8tztc+vU9BWiFPso
1484. Q1xD1Hqf5uh15mkZWQHedp+vuNhf6w0mCB88wtz1TQSyGtdIYzsKvG2bppMWZoLR
1485. B+5Fpjm5t1GrhzbJ8iSqA/1zcw98ytQX8z1A+YDW3tosXvMHohiWav/IOTAM3ijU
1486. SlU8i8ybGTQ=
1487. -----END ENCRYPTED PRIVATE KEY-----"
1488. set certificate "-----BEGIN CERTIFICATE-----
1489. MIICZjCCAhCgAwIBAgIIIF+6UNNe4qYwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
1490. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1491. ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
1492. dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
1493. ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMjAwMjI0MjE1MDEzWhcNMzAwMjI0
1494. MjE1MDEzWjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
1495. BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
1496. cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
1497. IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG
1498. SIb3DQEBAQUAA0sAMEgCQQC4T0/b9vn42Gt6E6ARUW7T14uWuy48nYgzYZOS9SDc
1499. zmZOaM4Ig0FigXgg3lMGFioR7fqXS1RGViJtDe836uvDAgMBAAGjEDAOMAwGA1Ud
1500. EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQA4usG/kUf9/5C+Sz2/pqb16VUb0ymF
1501. wbSGnHQjk4CTxmsIZ8ybdx5L2ELAcqM6VcqoSdXBZSLcjyFb4fg2+C1M
1502. -----END CERTIFICATE-----"
1503. set range global
1504. set source factory
1505. set last-updated 1582581014
1506. next
1507. edit "Fortinet_SSL"
1508. set password ENC dJulCh/XL26f13uwpvTShxn8c8C+loe7xAnTI/A9DY31T+7c5vT1YX8I4fmaVlgseoEST15o4UsIJ81FxW/dKyJ4b9cAbhk2Sh8WXL/pqqZzCp1pOlhF/KMNL0mGGm2kQCXfBP4MmPw3peONJBQMPraadyFA9wn4D3Bouyheb6fK9UBez6Y/aMa+P0nbiBMfmjVsDQ==
1509. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1510. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1511. MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeEFCota4SMICAggA
1512. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMLXpDpXH4pcBIIBYJaqAPiTmv6x
1513. NqG3/33jRXwKxkVnTszLz7CuSD85nNfLo0nHNaTyoXX9RttyjYlWsLxGdrx/5qoY
1514. ykEz64l83XmLNaraE/p23+kJ3rXfrrOZZi2dZ1dkaej+tJMQtOeDbPcOEdDMmvBI
1515. QNkuNLzTxlbFCdpvLuZSY2xHDQOZV8akRqMdd7Img6xUgwHdH0c90TkEcM1iIvpC
1516. J7GsoHncScWLanQhn/Ny1hBZ/mDaTtF8VYn/A0VAVrkGUOG6K9aE7ZSP671Wgg48
1517. AaXO/3iLzqETc/IdjOejFWbHNtd1Gtky1zc1EfFWDlFOXLEHDEYjgOMtS8ZQZaTK
1518. DAFcWPZcf7d4rO0qJCRc3oTUlGKO8Y8mOG3LlS0IMH8N2JfL2TYftXWbbVEYS5eM
1519. j95SWXYQ4iU3a4hw6yor8jmP1lZMR1BftUYyu7FSUpqkZpCUW2e65STRV1ajGttY
1520. Ymg6XBodGko=
1521. -----END ENCRYPTED PRIVATE KEY-----"
1522. set certificate "-----BEGIN CERTIFICATE-----
1523. MIICQTCCAeugAwIBAgIINB3oNygBTOIwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
1524. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1525. ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1526. EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1527. ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
1528. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1529. ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1530. EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1531. ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANzdx5xVQOBOjw1l5QGvUK0a
1532. eya79hzmMxtXL7fFoVsyeHVdjPbIenRXVIwQF14/MZjX1n4I6RjX/AdAOb3oSQkC
1533. AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAChW2PH4uqJwSbX5
1534. mGHIp9hur+27IlbVliyL6XufGgYut6upMng1YBZVsbhogtblULTZs2fm8m0ViXSX
1535. dF5ga9s=
1536. -----END CERTIFICATE-----"
1537. set range global
1538. set source factory
1539. set last-updated 1582581014
1540. next
1541. edit "Fortinet_SSL_RSA1024"
1542. set password ENC 8DLHankv26c6DT8S2kcdDB3xwi2G7qc+MwD4l++eQc5uzAD4q73OyDFd8aQ9uyaXfmgc3zi243tkgT7y+J5pfRvpnqZJnIoZUR+4ZjDiBozGVCU80VSmv/UTdSiuN7hVGeRPxOZf/GYGCOSdMguuYfjDjTXxjsMbhPeKfVXQ32tqoe+uhij5qLFVr5q7UnQfH7IjTA==
1543. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1544. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1545. MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsWOUvo/IbAoCAggA
1546. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDxWcahgIbH1BIIBYHwmvs2wvOpG
1547. 049frjzbcYZmQ9MUu7rZ3jVLuRZu+gqMBICeLIu8w2fSpHJviWvLTweCE4AwWQZ6
1548. U/hCOoPqdsa8qJIzwILuYKDj2C4m1xnAdE3AepAPKVhye4zMV2eykiqIFm1tO55C
1549. 8rLIMb9Vi/IT6bbFtgD739Ijty9v2PLLwuD2+xgkLfyIS35coe4Wv3aSkYdykheq
1550. yP7PQ2oNlc0aMZ0IIn8EedQZXbejUma6YnBIHwvklXnG76knIfYhnpljKw9BtZ55
1551. UnTVNRdrm4WVt/JM7FAa56KEm9KNOpU5tOCkIfOeWh7pe+c5zS+hM4OXej/2cZJM
1552. 6mugCBR0i6kdG2U0uSBhxClUEt6cV9Z7Ody8CzICECRZLJA+7fLByKTvMHVDJrEy
1553. w+hnHu3KW2FLNCTdmc2CxC7/2l6SP0rkAv6kSRiSqllLZ1pCXZ8VTK07WlimUC5z
1554. qoIs5rnXWaI=
1555. -----END ENCRYPTED PRIVATE KEY-----"
1556. set certificate "-----BEGIN CERTIFICATE-----
1557. MIICQTCCAeugAwIBAgIITuU1BTAc8o0wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
1558. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1559. ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1560. EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1561. ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
1562. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1563. ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1564. EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1565. ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALS/Tyxy1AdFTSmESxnWuOP6
1566. 7S2Ef36hfSfLaW+qTd0qmNR88WIOB3IHXSnCEKzBa//8h20T66ssaZ6W7VHZxhMC
1567. AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBABSf3vjDIENYimJS
1568. A2xLcknZrsIJArzEdku9T/ISPOKEp2gTDqHaMGTw3ezgYnXx5KqTADBwcVgEpen5
1569. +bIHkk8=
1570. -----END CERTIFICATE-----"
1571. set range global
1572. set source factory
1573. set last-updated 1582581014
1574. next
1575. edit "Fortinet_SSL_RSA2048"
1576. set password ENC jzKFKoZRSWrmbIk3LwWP+86uU91UwZ48QkyS4yh4XNgkaV4PFbVZV6AnEAPCdF8qHJIL4zl56JHihV30cOFe8oweF7iWso6YsPdY9C0zdia7SMEE5fCOA2YhNsiiL7jSFxTHDnrJAhN/EfxXiHOJ+W0ggHy8Rxyb7n1JyMeClM93lg7qVsa1z7HT9qC+gL2acN1vdw==
1577. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1578. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1579. MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcnpWG5bGj2UCAggA
1580. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMJzA6t1IbiqBIIBYCsrw4fmiWOX
1581. 85VUWtBdXK8/3YHr+sQhk5IZjv2YowKo6ZttqpNseijQMPdmmjkGnAWkcJAnA9lQ
1582. U8H4MeEnA35ifg/AzIOr2Sp5gmDKIugZfMc9IVYVrfRy8QJ3pQXcAqIBhT+he6DF
1583. OgPjGmcXHOo5UB6Kgc6urQ80JuZEftHL9h78j8sMwVBdSvxkEBv3a/G5Mwx7p8LT
1584. ajpKZgX/jQB186yxAQub7mwVLDdpXSawES1D3IiKC4L+FfIvkkEST5hhFo8cY6jX
1585. iEjArjdNmdyEx80le2onnmnAziR1kJ0GcNiwk570roBGHbMVkLJ7aOjmnGh+fcy6
1586. nBtUrhmj8ONqErbNefD5w4cDcdgHAVkIjqofglZ0a7D+haE2v4PPqK20ocpLCf/B
1587. 9PKX7dp0Gu9JJ0S6W4aa+/fJwvcopQ/4hduq8fP3q2pq5rBbi6j72Rsrxsh/L/jb
1588. EYe1ZqAF43U=
1589. -----END ENCRYPTED PRIVATE KEY-----"
1590. set certificate "-----BEGIN CERTIFICATE-----
1591. MIICQTCCAeugAwIBAgIIX8a3Eudj3eMwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
1592. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1593. ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1594. EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1595. ZXQuY29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNV
1596. BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
1597. ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
1598. EEZHVk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
1599. ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOTcsUQKWfGyBUMolj+1uB/6
1600. tHzmBirJ5EE5U3lfkIj7V8fK8U6yGjcUIazYd7tzMJr2I7nOX+m0x1bRXOYzUZcC
1601. AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAGd/1czqXin81ui/
1602. 7rBNlfX09KEmBPzBM2HoyDNOTkBoON8iRUnIi/+LTJIhxoi9KsI3hQQoZKbkv2Kg
1603. pfrOeto=
1604. -----END CERTIFICATE-----"
1605. set range global
1606. set source factory
1607. set last-updated 1582581014
1608. next
1609. edit "Fortinet_SSL_DSA1024"
1610. set password ENC V6Q3eSmPMiSFb0Mc0Q7vUb3kPK11LQfknZnjzdjGmfSSKZhR8gVL6i28d42iO/nPOeD7l3RO6FVGGFkPDzSLqdI/TpvwZLMJ9hkFYC9gCZqurJmMMuEl/Ra8HBkq3rINNrU9S2rCLp9L9JpOj56APlR1ydbel3sW+i7MLSCpSpRvypGh8oz35Rv+eC0WdU85VpQ7aA==
1611. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1612. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1613. MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJqervJdp5RwCAggA
1614. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLZoqvb4POo9BIHQwyJwkQfpgVSR
1615. hka189ZLquE7GDRa420CkeHCIeWMKaimWxeXD8+xLCCzdQL0bRMTKWWcUfWnP4RK
1616. VDZ9ydsjtvV73a1JpzzMEAVNWbrHF5/+FuJ484bavm/nYP0vc6NI+Wop50k49Zzi
1617. GD9wlNW+H2S844ow5x6VPaFENbz7KA0/YII5rKW7qPDLP9ohPOWKsGYS+0K5R+2G
1618. AR0sInEThVynoQSepcwhCbSxTeIua/SpGVglmm5+NzajYnhmvvBaLlQbjZcXfvz4
1619. WpC2UGzouA==
1620. -----END ENCRYPTED PRIVATE KEY-----"
1621. set certificate "-----BEGIN CERTIFICATE-----
1622. MIICwDCCAn6gAwIBAgIIO81eT0Y0brAwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
1623. EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1624. DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1625. R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1626. LmNvbTAeFw0yMDAyMjQyMTUwMTNaFw0zMDAyMjQyMTUwMTNaMIGdMQswCQYDVQQG
1627. EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1628. DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1629. R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1630. LmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJsIjdORkGk89t/EMmKQFxfXKGp+nRPA
1631. 43u8D5SznBW9OHYEaRsvqJy2nxjPHuP4ChdrT45/Rfqy+6SWgKXgaw0CFQDt6niL
1632. xAELeken+esco8pbcHxaXwJAFgzYwHv63iMLn5Gb7IUPq5a2T6kwZ0uiJjn7TIv9
1633. hf4oXnLC8xBeAYqypjofobt9e5dOfgS8muRRBeUBSR0yjANDAAJAaPKC/Ckdkm8y
1634. t8L+psXLc+Pu+kDSmOhk0hcFTVczUWiDbd8NJ4mPewRbnLAzmN2BNr+V97ZNuCME
1635. LW6EozuucaMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDLwAwLAIUDQ41rMtx
1636. /JLPydVFgyBWmUeEKr8CFDboeVsi62alnjK8ce82UtdHdKrw
1637. -----END CERTIFICATE-----"
1638. set range global
1639. set source factory
1640. set last-updated 1582581014
1641. next
1642. edit "Fortinet_SSL_DSA2048"
1643. set password ENC mTYtePOB/xSsZ4sOspAaPxiCxtb60V1gGjRCkBNWwfh4SNQWnLbSeZqbTBfamCnFzi5cWH5h+MBeTVv5cepLx85JQX/Ilv4FTNFh1404ItMIjj2SgYnhkOYlXlFIV1JIafQWDq7zReXmdAaInoXPf74OuUn01N6R6avBJ39D1C6NgS36UpLB3i/LoKzJxx3PUUr1aw==
1644. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1645. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1646. MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeNGLDtmtzXgCAggA
1647. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAE8F2KwvuzwBIHQ+mhmgjOJkrri
1648. bYbR4K8b0aWdX0K6r0s2iZDuVK9YVChTkzbZQqe8uEEwVfDG6rugpiIkFr2js66y
1649. cLItZHRPDixq5wBZTizmQbRvnbiKcO/EZJx6eQajAvkQFb0mUmENCPXfNX2AwkZ0
1650. bNjI1dtPzpZ2OqJn2A6AhvY33/BIKELGXUEHtxOG+bmNKMrHtD4xjEkX7yGcFsWg
1651. yQC3IwSAheV37+6UHNhNbWj+kA////1NnXvnCcZBQhatPV3Ccs3jx76VkaWn+366
1652. 18MSQCx2UQ==
1653. -----END ENCRYPTED PRIVATE KEY-----"
1654. set certificate "-----BEGIN CERTIFICATE-----
1655. MIICxDCCAoCgAwIBAgIIZT00B2DTjGgwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
1656. EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1657. DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1658. R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1659. LmNvbTAeFw0yMDAyMjQyMTUwMTNaFw0zMDAyMjQyMTUwMTNaMIGdMQswCQYDVQQG
1660. EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
1661. DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
1662. R1ZNRVZPTUpQU0tfWTc0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
1663. LmNvbTCB8jCBqQYHKoZIzjgEATCBnQJBANBLRl5vxi6xLwhr/73tuUJnikffIpWl
1664. ghnqo4oTJe6JdL/JuuprQG5e1NgVPhveo5orP0pyVXfnZTj2h0cW6aMCFQDdQaID
1665. lzWvqo5YsyI4VLpDKRKaKwJBAK4IBqcjeEn2sVYy4bCru6vz6DGi+27MMRlwwLes
1666. sEdx2OYMfKGFLISO8mY+S2rJITOx6364f7ETBKYGpb4BlwcDRAACQQCD9vMaF+KU
1667. /Os5UCCn5WLBCVyU/IPygiLj6poM3JS6LWHqh2lqc9TOEokABU+9z9ZmsvooOJaM
1668. sJ1wO1MKE29yow0wCzAJBgNVHRMEAjAAMAsGCWCGSAFlAwQDAgMxADAuAhUAhuk4
1669. xSLoqFO2+8f3J9WFEUNe82ACFQCfBQ6tkxDmdf9UPhcihr8AXNvC9Q==
1670. -----END CERTIFICATE-----"
1671. set range global
1672. set source factory
1673. set last-updated 1582581014
1674. next
1675. edit "Fortinet_SSL_ECDSA256"
1676. set password ENC npT1uUJyYYIEnWQ+G4PFPGLXMGufbq3haH1Lt5mDuFzOe+dLrVB19unkzGFy2A4ZQuvTFSX0oh4k3ElMH3r6WB6P9v47OcCBN5Y88VggLprS1KFKfl/Mzx5e+8oTFOpNpvAejg8rNjEMGqDwmbv6nMWgFS8tR3w1FZCwBxLtqO2incLn6OUP4T7kmBbiikdRjHGbrw==
1677. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1678. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1679. MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAipDE+PNyBoWAICCAAw
1680. DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkfgqatkjNmIEgZDWlXska/YJHQR7
1681. WYUQ8G3wTA3qFxdImM9ssyaWtNyxtchggrIeJOqbHC64t136RJkN27SCfNYW9Wv5
1682. 4qyzdkfc+xSY8qGPWjSoi7OCUh08/WrDAnT0hN7PokWmVmcvX5ndwbSjjHdPJi92
1683. sdFe0jnrKxVSZ1oPK+xoNa5Z26UsmfMUX0y2Cb62+TGQ64C5xUM=
1684. -----END ENCRYPTED PRIVATE KEY-----"
1685. set certificate "-----BEGIN CERTIFICATE-----
1686. MIICPjCCAeWgAwIBAgIICVS/9sw0RT8wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
1687. AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1688. BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1689. Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1690. Y29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNVBAYT
1691. AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1692. BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1693. Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1694. Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEi9LBJPxIL5BIMgrdpV5JnbkL
1695. Y+sr/+gob43515vMBLFxUJsdJyqjOAdmnqMAav9yqWvEs1DecXGAKwO9XAnRbqMN
1696. MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNHADBEAiANqG1ivrfBdT2vI8F4+n2E
1697. gGqnowqzoDHg313WN9CqAQIgd98CXMxlaMCipPn/3Fw2VqInng94qkVYlNGOeye/
1698. Z0g=
1699. -----END CERTIFICATE-----"
1700. set range global
1701. set source factory
1702. set last-updated 1582581014
1703. next
1704. edit "Fortinet_SSL_ECDSA384"
1705. set password ENC pdOIryXKo2gLCdz1OTau2BOZmrLAHEI+FslpbUS49Ou3etS0pSW8jVPiXQ/HC2dhsfGvdE4AsfgywzTI/JaBOEREF/jvxtgmW/AOnHR7poon2HTGTN2mQyExpK/AdrYrKPqE7rQmZYM2yuM3cd0a2OxmKhtwP/NXfe8KswkdY40P4RuBidOfSBFNjziDXYqNLeWhaw==
1706. set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
1707. set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
1708. MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIyygrzo6X4VoCAggA
1709. MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGeRdGqh2rUFBIHAcpRgzDXaA0Aq
1710. uVm265u64DM03P9xOPmqWuUFM7xpLHiaYs5oDab7Cc0XhMP1HNFu2U8+LS+Vx/GL
1711. kjPiYCybSOSM6WiXe/ox7CE05vAJbtrOTJWlHELxWI64NbEHlizWIwvvcQYotMOa
1712. +4/ZBgTVwMPbEIVFfRoEZZXnwB6I91du0K8uTLolWpibFJ+jrJpVN+x4hBuNF/OC
1713. hG+d+hZpeKWqNP0fcesN0LgdjJj3BrfID8YbLBRhKiwDlhnMrRLl
1714. -----END ENCRYPTED PRIVATE KEY-----"
1715. set certificate "-----BEGIN CERTIFICATE-----
1716. MIICfTCCAgKgAwIBAgIIZmRZ1535awIwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
1717. AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1718. BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1719. Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1720. Y29tMB4XDTIwMDIyNDIxNTAxM1oXDTMwMDIyNDIxNTAxM1owgZ0xCzAJBgNVBAYT
1721. AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
1722. BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
1723. Vk1FVk9NSlBTS19ZNzQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
1724. Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7dTElGm8XDrFGWrylY1ty2c211BB
1725. hYcUoI+iWHzB7MUCETu+aH3+3Iw4LRTvlY0gRO5muAXHLJbP0X/Vrzk8r09PMBlf
1726. 6tVGFf6a1fFQvOdtbN9ot/q99df8rg72043mow0wCzAJBgNVHRMEAjAAMAoGCCqG
1727. SM49BAMCA2kAMGYCMQDT9MaoRQmpYnvWP0EaHtCE6bKG+Z8A3lhS0r4R1WzExV21
1728. OmzKf2zrVhaR8+J8uTACMQC4WPR1Nisl6egolX1GQnL4ewQ+m253HyOuOg6YySjw
1729. 7rRTWNVF9HwLs6yduDvkovY=
1730. -----END CERTIFICATE-----"
1731. set range global
1732. set source factory
1733. set last-updated 1582581014
1734. next
1735. end
1736. config webfilter ftgd-local-cat
1737. edit "custom1"
1738. set id 140
1739. next
1740. edit "custom2"
1741. set id 141
1742. next
1743. end
1744. config ips sensor
1745. edit "default"
1746. set comment "Prevent critical attacks."
1747. config entries
1748. edit 1
1749. set severity medium high critical
1750. next
1751. end
1752. next
1753. edit "sniffer-profile"
1754. set comment "Monitor IPS attacks."
1755. config entries
1756. edit 1
1757. set severity medium high critical
1758. next
1759. end
1760. next
1761. edit "wifi-default"
1762. set comment "Default configuration for offloading WiFi traffic."
1763. config entries
1764. edit 1
1765. set severity medium high critical
1766. next
1767. end
1768. next
1769. edit "all_default"
1770. set comment "All predefined signatures with default setting."
1771. config entries
1772. edit 1
1773. next
1774. end
1775. next
1776. edit "all_default_pass"
1777. set comment "All predefined signatures with PASS action."
1778. config entries
1779. edit 1
1780. set action pass
1781. next
1782. end
1783. next
1784. edit "protect_http_server"
1785. set comment "Protect against HTTP server-side vulnerabilities."
1786. config entries
1787. edit 1
1788. set location server
1789. set protocol HTTP
1790. next
1791. end
1792. next
1793. edit "protect_email_server"
1794. set comment "Protect against email server-side vulnerabilities."
1795. config entries
1796. edit 1
1797. set location server
1798. set protocol SMTP POP3 IMAP
1799. next
1800. end
1801. next
1802. edit "protect_client"
1803. set comment "Protect against client-side vulnerabilities."
1804. config entries
1805. edit 1
1806. set location client
1807. next
1808. end
1809. next
1810. edit "high_security"
1811. set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
1812. set block-malicious-url enable
1813. config entries
1814. edit 1
1815. set severity medium high critical
1816. set status enable
1817. set action block
1818. next
1819. edit 2
1820. set severity low
1821. next
1822. end
1823. next
1824. end
1825. config firewall shaper traffic-shaper
1826. edit "high-priority"
1827. set maximum-bandwidth 1048576
1828. set per-policy enable
1829. next
1830. edit "medium-priority"
1831. set maximum-bandwidth 1048576
1832. set priority medium
1833. set per-policy enable
1834. next
1835. edit "low-priority"
1836. set maximum-bandwidth 1048576
1837. set priority low
1838. set per-policy enable
1839. next
1840. edit "guarantee-100kbps"
1841. set guaranteed-bandwidth 100
1842. set maximum-bandwidth 1048576
1843. set per-policy enable
1844. next
1845. edit "shared-1M-pipe"
1846. set maximum-bandwidth 1024
1847. next
1848. end
1849. config web-proxy global
1850. set proxy-fqdn "default.fqdn"
1851. end
1852. config application list
1853. edit "default"
1854. set comment "Monitor all applications."
1855. config entries
1856. edit 1
1857. set action pass
1858. next
1859. end
1860. next
1861. edit "sniffer-profile"
1862. set comment "Monitor all applications."
1863. unset options
1864. config entries
1865. edit 1
1866. set action pass
1867. next
1868. end
1869. next
1870. edit "wifi-default"
1871. set comment "Default configuration for offloading WiFi traffic."
1872. set deep-app-inspection disable
1873. config entries
1874. edit 1
1875. set action pass
1876. set log disable
1877. next
1878. end
1879. next
1880. edit "block-high-risk"
1881. config entries
1882. edit 1
1883. set category 2 6
1884. next
1885. edit 2
1886. set action pass
1887. next
1888. end
1889. next
1890. end
1891. config dlp filepattern
1892. edit 1
1893. set name "builtin-patterns"
1894. config entries
1895. edit "*.bat"
1896. next
1897. edit "*.com"
1898. next
1899. edit "*.dll"
1900. next
1901. edit "*.doc"
1902. next
1903. edit "*.exe"
1904. next
1905. edit "*.gz"
1906. next
1907. edit "*.hta"
1908. next
1909. edit "*.ppt"
1910. next
1911. edit "*.rar"
1912. next
1913. edit "*.scr"
1914. next
1915. edit "*.tar"
1916. next
1917. edit "*.tgz"
1918. next
1919. edit "*.vb?"
1920. next
1921. edit "*.wps"
1922. next
1923. edit "*.xl?"
1924. next
1925. edit "*.zip"
1926. next
1927. edit "*.pif"
1928. next
1929. edit "*.cpl"
1930. next
1931. end
1932. next
1933. edit 2
1934. set name "all_executables"
1935. config entries
1936. edit "bat"
1937. set filter-type type
1938. set file-type bat
1939. next
1940. edit "exe"
1941. set filter-type type
1942. set file-type exe
1943. next
1944. edit "elf"
1945. set filter-type type
1946. set file-type elf
1947. next
1948. edit "hta"
1949. set filter-type type
1950. set file-type hta
1951. next
1952. end
1953. next
1954. end
1955. config dlp sensitivity
1956. edit "Private"
1957. next
1958. edit "Critical"
1959. next
1960. edit "Warning"
1961. next
1962. end
1963. config dlp sensor
1964. edit "default"
1965. set comment "Default sensor."
1966. next
1967. edit "sniffer-profile"
1968. set comment "Log a summary of email and web traffic."
1969. set summary-proto smtp pop3 imap http-get http-post
1970. next
1971. end
1972. config webfilter ips-urlfilter-setting
1973. end
1974. config webfilter ips-urlfilter-setting6
1975. end
1976. config log threat-weight
1977. config web
1978. edit 1
1979. set category 26
1980. set level high
1981. next
1982. edit 2
1983. set category 61
1984. set level high
1985. next
1986. edit 3
1987. set category 86
1988. set level high
1989. next
1990. edit 4
1991. set category 1
1992. set level medium
1993. next
1994. edit 5
1995. set category 3
1996. set level medium
1997. next
1998. edit 6
1999. set category 4
2000. set level medium
2001. next
2002. edit 7
2003. set category 5
2004. set level medium
2005. next
2006. edit 8
2007. set category 6
2008. set level medium
2009. next
2010. edit 9
2011. set category 12
2012. set level medium
2013. next
2014. edit 10
2015. set category 59
2016. set level medium
2017. next
2018. edit 11
2019. set category 62
2020. set level medium
2021. next
2022. edit 12
2023. set category 83
2024. set level medium
2025. next
2026. edit 13
2027. set category 72
2028. next
2029. edit 14
2030. set category 14
2031. next
2032. end
2033. config application
2034. edit 1
2035. set category 2
2036. next
2037. edit 2
2038. set category 6
2039. set level medium
2040. next
2041. end
2042. end
2043. config icap profile
2044. edit "default"
2045. config icap-headers
2046. edit 1
2047. set name "X-Authenticated-User"
2048. set content "$user"
2049. next
2050. edit 2
2051. set name "X-Authenticated-Groups"
2052. set content "$local_grp"
2053. next
2054. end
2055. next
2056. end
2057. config user local
2058. edit "guest"
2059. set type password
2060. set passwd ENC 2rP7WdqHNrjaDruCFq9mvKeWQmazhD27AEhI/ip+eOFQDZXRKQZO/V4W1oo82trcBw3EG3j0G6eeldBYAgEflaGXYuD8IoDh//mVH8NUAhg31bSIol2q0DS97Wh1bLouGZq+cRSwWLIff7A9VNtWcO7cToVVyjcuH3FSRDXVq+Acx+o0lkx+4OEMHIYx99Keu1BURQ==
2061. next
2062. end
2063. config user setting
2064. set auth-cert "Fortinet_Factory"
2065. end
2066. config user group
2067. edit "SSO_Guest_Users"
2068. next
2069. edit "Guest-group"
2070. set member "guest"
2071. next
2072. end
2073. config vpn ssl web host-check-software
2074. edit "FortiClient-AV"
2075. set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
2076. next
2077. edit "FortiClient-FW"
2078. set type fw
2079. set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
2080. next
2081. edit "FortiClient-AV-Vista"
2082. set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
2083. next
2084. edit "FortiClient-FW-Vista"
2085. set type fw
2086. set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
2087. next
2088. edit "FortiClient-AV-Win7"
2089. set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
2090. next
2091. edit "AVG-Internet-Security-AV"
2092. set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
2093. next
2094. edit "AVG-Internet-Security-FW"
2095. set type fw
2096. set guid "8DECF618-9569-4340-B34A-D78D28969B66"
2097. next
2098. edit "AVG-Internet-Security-AV-Vista-Win7"
2099. set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
2100. next
2101. edit "AVG-Internet-Security-FW-Vista-Win7"
2102. set type fw
2103. set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
2104. next
2105. edit "CA-Anti-Virus"
2106. set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
2107. next
2108. edit "CA-Internet-Security-AV"
2109. set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
2110. next
2111. edit "CA-Internet-Security-FW"
2112. set type fw
2113. set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
2114. next
2115. edit "CA-Internet-Security-AV-Vista-Win7"
2116. set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
2117. next
2118. edit "CA-Internet-Security-FW-Vista-Win7"
2119. set type fw
2120. set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
2121. next
2122. edit "CA-Personal-Firewall"
2123. set type fw
2124. set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
2125. next
2126. edit "F-Secure-Internet-Security-AV"
2127. set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
2128. next
2129. edit "F-Secure-Internet-Security-FW"
2130. set type fw
2131. set guid "D4747503-0346-49EB-9262-997542F79BF4"
2132. next
2133. edit "F-Secure-Internet-Security-AV-Vista-Win7"
2134. set guid "15414183-282E-D62C-CA37-EF24860A2F17"
2135. next
2136. edit "F-Secure-Internet-Security-FW-Vista-Win7"
2137. set type fw
2138. set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
2139. next
2140. edit "Kaspersky-AV"
2141. set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
2142. next
2143. edit "Kaspersky-FW"
2144. set type fw
2145. set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
2146. next
2147. edit "Kaspersky-AV-Vista-Win7"
2148. set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
2149. next
2150. edit "Kaspersky-FW-Vista-Win7"
2151. set type fw
2152. set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
2153. next
2154. edit "McAfee-Internet-Security-Suite-AV"
2155. set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
2156. next
2157. edit "McAfee-Internet-Security-Suite-FW"
2158. set type fw
2159. set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
2160. next
2161. edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
2162. set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
2163. next
2164. edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
2165. set type fw
2166. set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
2167. next
2168. edit "McAfee-Virus-Scan-Enterprise"
2169. set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
2170. next
2171. edit "Norton-360-2.0-AV"
2172. set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
2173. next
2174. edit "Norton-360-2.0-FW"
2175. set type fw
2176. set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
2177. next
2178. edit "Norton-360-3.0-AV"
2179. set guid "E10A9785-9598-4754-B552-92431C1C35F8"
2180. next
2181. edit "Norton-360-3.0-FW"
2182. set type fw
2183. set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
2184. next
2185. edit "Norton-Internet-Security-AV"
2186. set guid "E10A9785-9598-4754-B552-92431C1C35F8"
2187. next
2188. edit "Norton-Internet-Security-FW"
2189. set type fw
2190. set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
2191. next
2192. edit "Norton-Internet-Security-AV-Vista-Win7"
2193. set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
2194. next
2195. edit "Norton-Internet-Security-FW-Vista-Win7"
2196. set type fw
2197. set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
2198. next
2199. edit "Symantec-Endpoint-Protection-AV"
2200. set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
2201. next
2202. edit "Symantec-Endpoint-Protection-FW"
2203. set type fw
2204. set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
2205. next
2206. edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
2207. set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
2208. next
2209. edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
2210. set type fw
2211. set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
2212. next
2213. edit "Panda-Antivirus+Firewall-2008-AV"
2214. set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
2215. next
2216. edit "Panda-Antivirus+Firewall-2008-FW"
2217. set type fw
2218. set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
2219. next
2220. edit "Panda-Internet-Security-AV"
2221. set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
2222. next
2223. edit "Panda-Internet-Security-2006~2007-FW"
2224. set type fw
2225. set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
2226. next
2227. edit "Panda-Internet-Security-2008~2009-FW"
2228. set type fw
2229. set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
2230. next
2231. edit "Sophos-Anti-Virus"
2232. set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
2233. next
2234. edit "Sophos-Enpoint-Secuirty-and-Control-FW"
2235. set type fw
2236. set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
2237. next
2238. edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
2239. set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
2240. next
2241. edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
2242. set type fw
2243. set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
2244. next
2245. edit "Trend-Micro-AV"
2246. set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
2247. next
2248. edit "Trend-Micro-FW"
2249. set type fw
2250. set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
2251. next
2252. edit "Trend-Micro-AV-Vista-Win7"
2253. set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
2254. next
2255. edit "Trend-Micro-FW-Vista-Win7"
2256. set type fw
2257. set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
2258. next
2259. edit "ZoneAlarm-AV"
2260. set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
2261. next
2262. edit "ZoneAlarm-FW"
2263. set type fw
2264. set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
2265. next
2266. edit "ZoneAlarm-AV-Vista-Win7"
2267. set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
2268. next
2269. edit "ZoneAlarm-FW-Vista-Win7"
2270. set type fw
2271. set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
2272. next
2273. edit "ESET-Smart-Security-AV"
2274. set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
2275. next
2276. edit "ESET-Smart-Security-FW"
2277. set type fw
2278. set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
2279. next
2280. end
2281. config vpn ssl web portal
2282. edit "full-access"
2283. set tunnel-mode enable
2284. set ipv6-tunnel-mode enable
2285. set web-mode enable
2286. set ip-pools "SSLVPN_TUNNEL_ADDR1"
2287. set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
2288. next
2289. end
2290. config vpn ssl settings
2291. set servercert "self-sign"
2292. set port 443
2293. end
2294. config voip profile
2295. edit "default"
2296. set comment "Default VoIP profile."
2297. next
2298. edit "strict"
2299. config sip
2300. set malformed-request-line discard
2301. set malformed-header-via discard
2302. set malformed-header-from discard
2303. set malformed-header-to discard
2304. set malformed-header-call-id discard
2305. set malformed-header-cseq discard
2306. set malformed-header-rack discard
2307. set malformed-header-rseq discard
2308. set malformed-header-contact discard
2309. set malformed-header-record-route discard
2310. set malformed-header-route discard
2311. set malformed-header-expires discard
2312. set malformed-header-content-type discard
2313. set malformed-header-content-length discard
2314. set malformed-header-max-forwards discard
2315. set malformed-header-allow discard
2316. set malformed-header-p-asserted-identity discard
2317. set malformed-header-sdp-v discard
2318. set malformed-header-sdp-o discard
2319. set malformed-header-sdp-s discard
2320. set malformed-header-sdp-i discard
2321. set malformed-header-sdp-c discard
2322. set malformed-header-sdp-b discard
2323. set malformed-header-sdp-z discard
2324. set malformed-header-sdp-k discard
2325. set malformed-header-sdp-a discard
2326. set malformed-header-sdp-t discard
2327. set malformed-header-sdp-r discard
2328. set malformed-header-sdp-m discard
2329. end
2330. next
2331. end
2332. config vpn ipsec phase1-interface
2333. edit "toDC-CURITIBA"
2334. set interface "port1"
2335. set peertype any
2336. set net-device enable
2337. set proposal des-sha256
2338. set nattraversal disable
2339. set remote-gw 10.1.2.2
2340. set psksecret ENC N+KxRL1BLtuISx2IPHN5NM/ipKLXKae5eMjVx/+q4sKLGnf+hxvnmp+rZFqxa7PdnXfvqXx+PTdnuP3VT3vE9aqR4RQBVwue+/EFS+DWIJxoP75zMllJAW1MvLO1vt6jFuZXzah8SUCDr96+wdS1ceMLq3eHGq3+hWftCUeMBDTs0THL48RKpHdY66a3W+tJcve2fw==
2341. next
2342. edit "toDC-CTA-TERR"
2343. set interface "port2"
2344. set peertype any
2345. set net-device enable
2346. set proposal des-sha256
2347. set nattraversal disable
2348. set remote-gw 10.44.112.33
2349. set psksecret ENC hjD5frclY1GmUkLLV8u9ARJljccM2GYSBoYKcp/SJuxuRuVoXCtEqKHmQI8K8og/Mb6JjgM5zs/CJiYjvhfW8EwEc7K31VWFiN7TLeUOaFRVXHUMJpYRBwgLV4Qsu1nmRxkU7ur3htSGCq46idaYWS38zcdmFTiGdMn9shPqs0v0owWLAvqAGKsamxf3eRSo0Nu6VQ==
2350. next
2351. end
2352. config vpn ipsec phase2-interface
2353. edit "toDC-CURITIBA"
2354. set phase1name "toDC-CURITIBA"
2355. set proposal des-md5 des-sha1
2356. next
2357. edit "toDC-CTA-TERR"
2358. set phase1name "toDC-CTA-TERR"
2359. set proposal des-md5 des-sha1
2360. next
2361. end
2362. config dnsfilter profile
2363. edit "default"
2364. set comment "Default dns filtering."
2365. config ftgd-dns
2366. config filters
2367. edit 1
2368. set category 2
2369. next
2370. edit 2
2371. set category 7
2372. next
2373. edit 3
2374. set category 8
2375. next
2376. edit 4
2377. set category 9
2378. next
2379. edit 5
2380. set category 11
2381. next
2382. edit 6
2383. set category 12
2384. next
2385. edit 7
2386. set category 13
2387. next
2388. edit 8
2389. set category 14
2390. next
2391. edit 9
2392. set category 15
2393. next
2394. edit 10
2395. set category 16
2396. next
2397. edit 11
2398. next
2399. edit 12
2400. set category 57
2401. next
2402. edit 13
2403. set category 63
2404. next
2405. edit 14
2406. set category 64
2407. next
2408. edit 15
2409. set category 65
2410. next
2411. edit 16
2412. set category 66
2413. next
2414. edit 17
2415. set category 67
2416. next
2417. edit 18
2418. set category 26
2419. set action block
2420. next
2421. edit 19
2422. set category 61
2423. set action block
2424. next
2425. edit 20
2426. set category 86
2427. set action block
2428. next
2429. edit 21
2430. set category 88
2431. set action block
2432. next
2433. edit 22
2434. set category 90
2435. set action block
2436. next
2437. edit 23
2438. set category 91
2439. set action block
2440. next
2441. end
2442. end
2443. set block-botnet enable
2444. next
2445. end
2446. config antivirus settings
2447. set grayware enable
2448. end
2449. config antivirus profile
2450. edit "default"
2451. set comment "Scan files and block viruses."
2452. config http
2453. set options scan
2454. end
2455. config ftp
2456. set options scan
2457. end
2458. config imap
2459. set options scan
2460. set executables virus
2461. end
2462. config pop3
2463. set options scan
2464. set executables virus
2465. end
2466. config smtp
2467. set options scan
2468. set executables virus
2469. end
2470. next
2471. edit "sniffer-profile"
2472. set comment "Scan files and monitor viruses."
2473. config http
2474. set options scan
2475. end
2476. config ftp
2477. set options scan
2478. end
2479. config imap
2480. set options scan
2481. set executables virus
2482. end
2483. config pop3
2484. set options scan
2485. set executables virus
2486. end
2487. config smtp
2488. set options scan
2489. set executables virus
2490. end
2491. next
2492. edit "wifi-default"
2493. set comment "Default configuration for offloading WiFi traffic."
2494. config http
2495. set options scan
2496. end
2497. config ftp
2498. set options scan
2499. end
2500. config imap
2501. set options scan
2502. set executables virus
2503. end
2504. config pop3
2505. set options scan
2506. set executables virus
2507. end
2508. config smtp
2509. set options scan
2510. set executables virus
2511. end
2512. next
2513. end
2514. config webfilter profile
2515. edit "default"
2516. set comment "Default web filtering."
2517. config ftgd-wf
2518. unset options
2519. config filters
2520. edit 1
2521. set action block
2522. next
2523. edit 2
2524. set category 2
2525. set action block
2526. next
2527. edit 3
2528. set category 7
2529. set action block
2530. next
2531. edit 4
2532. set category 8
2533. set action block
2534. next
2535. edit 5
2536. set category 9
2537. set action block
2538. next
2539. edit 6
2540. set category 11
2541. set action block
2542. next
2543. edit 7
2544. set category 12
2545. set action block
2546. next
2547. edit 8
2548. set category 13
2549. set action block
2550. next
2551. edit 9
2552. set category 14
2553. set action block
2554. next
2555. edit 10
2556. set category 15
2557. set action block
2558. next
2559. edit 11
2560. set category 16
2561. set action block
2562. next
2563. edit 12
2564. set category 26
2565. set action block
2566. next
2567. edit 13
2568. set category 57
2569. set action block
2570. next
2571. edit 14
2572. set category 61
2573. set action block
2574. next
2575. edit 15
2576. set category 63
2577. set action block
2578. next
2579. edit 16
2580. set category 64
2581. set action block
2582. next
2583. edit 17
2584. set category 65
2585. set action block
2586. next
2587. edit 18
2588. set category 66
2589. set action block
2590. next
2591. edit 19
2592. set category 67
2593. set action block
2594. next
2595. edit 20
2596. set category 86
2597. set action block
2598. next
2599. edit 21
2600. set category 88
2601. set action block
2602. next
2603. edit 22
2604. set category 90
2605. set action block
2606. next
2607. edit 23
2608. set category 91
2609. set action block
2610. next
2611. end
2612. end
2613. next
2614. edit "sniffer-profile"
2615. set comment "Monitor web traffic."
2616. config ftgd-wf
2617. config filters
2618. edit 1
2619. next
2620. edit 2
2621. set category 1
2622. next
2623. edit 3
2624. set category 2
2625. next
2626. edit 4
2627. set category 3
2628. next
2629. edit 5
2630. set category 4
2631. next
2632. edit 6
2633. set category 5
2634. next
2635. edit 7
2636. set category 6
2637. next
2638. edit 8
2639. set category 7
2640. next
2641. edit 9
2642. set category 8
2643. next
2644. edit 10
2645. set category 9
2646. next
2647. edit 11
2648. set category 11
2649. next
2650. edit 12
2651. set category 12
2652. next
2653. edit 13
2654. set category 13
2655. next
2656. edit 14
2657. set category 14
2658. next
2659. edit 15
2660. set category 15
2661. next
2662. edit 16
2663. set category 16
2664. next
2665. edit 17
2666. set category 17
2667. next
2668. edit 18
2669. set category 18
2670. next
2671. edit 19
2672. set category 19
2673. next
2674. edit 20
2675. set category 20
2676. next
2677. edit 21
2678. set category 23
2679. next
2680. edit 22
2681. set category 24
2682. next
2683. edit 23
2684. set category 25
2685. next
2686. edit 24
2687. set category 26
2688. next
2689. edit 25
2690. set category 28
2691. next
2692. edit 26
2693. set category 29
2694. next
2695. edit 27
2696. set category 30
2697. next
2698. edit 28
2699. set category 31
2700. next
2701. edit 29
2702. set category 33
2703. next
2704. edit 30
2705. set category 34
2706. next
2707. edit 31
2708. set category 35
2709. next
2710. edit 32
2711. set category 36
2712. next
2713. edit 33
2714. set category 37
2715. next
2716. edit 34
2717. set category 38
2718. next
2719. edit 35
2720. set category 39
2721. next
2722. edit 36
2723. set category 40
2724. next
2725. edit 37
2726. set category 41
2727. next
2728. edit 38
2729. set category 42
2730. next
2731. edit 39
2732. set category 43
2733. next
2734. edit 40
2735. set category 44
2736. next
2737. edit 41
2738. set category 46
2739. next
2740. edit 42
2741. set category 47
2742. next
2743. edit 43
2744. set category 48
2745. next
2746. edit 44
2747. set category 49
2748. next
2749. edit 45
2750. set category 50
2751. next
2752. edit 46
2753. set category 51
2754. next
2755. edit 47
2756. set category 52
2757. next
2758. edit 48
2759. set category 53
2760. next
2761. edit 49
2762. set category 54
2763. next
2764. edit 50
2765. set category 55
2766. next
2767. edit 51
2768. set category 56
2769. next
2770. edit 52
2771. set category 57
2772. next
2773. edit 53
2774. set category 58
2775. next
2776. edit 54
2777. set category 59
2778. next
2779. edit 55
2780. set category 61
2781. next
2782. edit 56
2783. set category 62
2784. next
2785. edit 57
2786. set category 63
2787. next
2788. edit 58
2789. set category 64
2790. next
2791. edit 59
2792. set category 65
2793. next
2794. edit 60
2795. set category 66
2796. next
2797. edit 61
2798. set category 67
2799. next
2800. edit 62
2801. set category 68
2802. next
2803. edit 63
2804. set category 69
2805. next
2806. edit 64
2807. set category 70
2808. next
2809. edit 65
2810. set category 71
2811. next
2812. edit 66
2813. set category 72
2814. next
2815. edit 67
2816. set category 75
2817. next
2818. edit 68
2819. set category 76
2820. next
2821. edit 69
2822. set category 77
2823. next
2824. edit 70
2825. set category 78
2826. next
2827. edit 71
2828. set category 79
2829. next
2830. edit 72
2831. set category 80
2832. next
2833. edit 73
2834. set category 81
2835. next
2836. edit 74
2837. set category 82
2838. next
2839. edit 75
2840. set category 83
2841. next
2842. edit 76
2843. set category 84
2844. next
2845. edit 77
2846. set category 85
2847. next
2848. edit 78
2849. set category 86
2850. next
2851. edit 79
2852. set category 87
2853. next
2854. edit 80
2855. set category 88
2856. next
2857. edit 81
2858. set category 89
2859. next
2860. edit 82
2861. set category 90
2862. next
2863. edit 83
2864. set category 91
2865. next
2866. edit 84
2867. set category 92
2868. next
2869. edit 85
2870. set category 93
2871. next
2872. edit 86
2873. set category 94
2874. next
2875. edit 87
2876. set category 95
2877. next
2878. end
2879. end
2880. next
2881. edit "wifi-default"
2882. set comment "Default configuration for offloading WiFi traffic."
2883. set options block-invalid-url
2884. config ftgd-wf
2885. unset options
2886. config filters
2887. edit 1
2888. next
2889. edit 2
2890. set category 2
2891. set action block
2892. next
2893. edit 3
2894. set category 7
2895. set action block
2896. next
2897. edit 4
2898. set category 8
2899. set action block
2900. next
2901. edit 5
2902. set category 9
2903. set action block
2904. next
2905. edit 6
2906. set category 11
2907. set action block
2908. next
2909. edit 7
2910. set category 12
2911. set action block
2912. next
2913. edit 8
2914. set category 13
2915. set action block
2916. next
2917. edit 9
2918. set category 14
2919. set action block
2920. next
2921. edit 10
2922. set category 15
2923. set action block
2924. next
2925. edit 11
2926. set category 16
2927. set action block
2928. next
2929. edit 12
2930. set category 26
2931. set action block
2932. next
2933. edit 13
2934. set category 57
2935. set action block
2936. next
2937. edit 14
2938. set category 61
2939. set action block
2940. next
2941. edit 15
2942. set category 63
2943. set action block
2944. next
2945. edit 16
2946. set category 64
2947. set action block
2948. next
2949. edit 17
2950. set category 65
2951. set action block
2952. next
2953. edit 18
2954. set category 66
2955. set action block
2956. next
2957. edit 19
2958. set category 67
2959. set action block
2960. next
2961. edit 20
2962. set category 86
2963. set action block
2964. next
2965. edit 21
2966. set category 88
2967. set action block
2968. next
2969. edit 22
2970. set category 90
2971. set action block
2972. next
2973. edit 23
2974. set category 91
2975. set action block
2976. next
2977. end
2978. end
2979. next
2980. edit "monitor-all"
2981. set comment "Monitor and log all visited URLs, flow-based."
2982. config ftgd-wf
2983. unset options
2984. config filters
2985. edit 1
2986. set category 1
2987. next
2988. edit 2
2989. set category 3
2990. next
2991. edit 3
2992. set category 4
2993. next
2994. edit 4
2995. set category 5
2996. next
2997. edit 5
2998. set category 6
2999. next
3000. edit 6
3001. set category 12
3002. next
3003. edit 7
3004. set category 59
3005. next
3006. edit 8
3007. set category 62
3008. next
3009. edit 9
3010. set category 83
3011. next
3012. edit 10
3013. set category 2
3014. next
3015. edit 11
3016. set category 7
3017. next
3018. edit 12
3019. set category 8
3020. next
3021. edit 13
3022. set category 9
3023. next
3024. edit 14
3025. set category 11
3026. next
3027. edit 15
3028. set category 13
3029. next
3030. edit 16
3031. set category 14
3032. next
3033. edit 17
3034. set category 15
3035. next
3036. edit 18
3037. set category 16
3038. next
3039. edit 19
3040. set category 57
3041. next
3042. edit 20
3043. set category 63
3044. next
3045. edit 21
3046. set category 64
3047. next
3048. edit 22
3049. set category 65
3050. next
3051. edit 23
3052. set category 66
3053. next
3054. edit 24
3055. set category 67
3056. next
3057. edit 25
3058. set category 19
3059. next
3060. edit 26
3061. set category 24
3062. next
3063. edit 27
3064. set category 25
3065. next
3066. edit 28
3067. set category 72
3068. next
3069. edit 29
3070. set category 75
3071. next
3072. edit 30
3073. set category 76
3074. next
3075. edit 31
3076. set category 26
3077. next
3078. edit 32
3079. set category 61
3080. next
3081. edit 33
3082. set category 86
3083. next
3084. edit 34
3085. set category 17
3086. next
3087. edit 35
3088. set category 18
3089. next
3090. edit 36
3091. set category 20
3092. next
3093. edit 37
3094. set category 23
3095. next
3096. edit 38
3097. set category 28
3098. next
3099. edit 39
3100. set category 29
3101. next
3102. edit 40
3103. set category 30
3104. next
3105. edit 41
3106. set category 33
3107. next
3108. edit 42
3109. set category 34
3110. next
3111. edit 43
3112. set category 35
3113. next
3114. edit 44
3115. set category 36
3116. next
3117. edit 45
3118. set category 37
3119. next
3120. edit 46
3121. set category 38
3122. next
3123. edit 47
3124. set category 39
3125. next
3126. edit 48
3127. set category 40
3128. next
3129. edit 49
3130. set category 42
3131. next
3132. edit 50
3133. set category 44
3134. next
3135. edit 51
3136. set category 46
3137. next
3138. edit 52
3139. set category 47
3140. next
3141. edit 53
3142. set category 48
3143. next
3144. edit 54
3145. set category 54
3146. next
3147. edit 55
3148. set category 55
3149. next
3150. edit 56
3151. set category 58
3152. next
3153. edit 57
3154. set category 68
3155. next
3156. edit 58
3157. set category 69
3158. next
3159. edit 59
3160. set category 70
3161. next
3162. edit 60
3163. set category 71
3164. next
3165. edit 61
3166. set category 77
3167. next
3168. edit 62
3169. set category 78
3170. next
3171. edit 63
3172. set category 79
3173. next
3174. edit 64
3175. set category 80
3176. next
3177. edit 65
3178. set category 82
3179. next
3180. edit 66
3181. set category 85
3182. next
3183. edit 67
3184. set category 87
3185. next
3186. edit 68
3187. set category 31
3188. next
3189. edit 69
3190. set category 41
3191. next
3192. edit 70
3193. set category 43
3194. next
3195. edit 71
3196. set category 49
3197. next
3198. edit 72
3199. set category 50
3200. next
3201. edit 73
3202. set category 51
3203. next
3204. edit 74
3205. set category 52
3206. next
3207. edit 75
3208. set category 53
3209. next
3210. edit 76
3211. set category 56
3212. next
3213. edit 77
3214. set category 81
3215. next
3216. edit 78
3217. set category 84
3218. next
3219. edit 79
3220. next
3221. edit 80
3222. set category 88
3223. next
3224. edit 81
3225. set category 89
3226. next
3227. edit 82
3228. set category 90
3229. next
3230. edit 83
3231. set category 91
3232. next
3233. edit 84
3234. set category 92
3235. next
3236. edit 85
3237. set category 93
3238. next
3239. edit 86
3240. set category 94
3241. next
3242. edit 87
3243. set category 95
3244. next
3245. end
3246. end
3247. set log-all-url enable
3248. set web-content-log disable
3249. set web-filter-activex-log disable
3250. set web-filter-command-block-log disable
3251. set web-filter-cookie-log disable
3252. set web-filter-applet-log disable
3253. set web-filter-jscript-log disable
3254. set web-filter-js-log disable
3255. set web-filter-vbs-log disable
3256. set web-filter-unknown-log disable
3257. set web-filter-referer-log disable
3258. set web-filter-cookie-removal-log disable
3259. set web-url-log disable
3260. set web-invalid-domain-log disable
3261. set web-ftgd-err-log disable
3262. set web-ftgd-quota-usage disable
3263. next
3264. end
3265. config webfilter search-engine
3266. edit "google"
3267. set hostname ".*\\.google\\..*"
3268. set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
3269. set query "q="
3270. set safesearch url
3271. set safesearch-str "&safe=active"
3272. next
3273. edit "yahoo"
3274. set hostname ".*\\.yahoo\\..*"
3275. set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
3276. set query "p="
3277. set safesearch url
3278. set safesearch-str "&vm=r"
3279. next
3280. edit "bing"
3281. set hostname ".*\\.bing\\..*"
3282. set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
3283. set query "q="
3284. set safesearch header
3285. next
3286. edit "yandex"
3287. set hostname "yandex\\..*"
3288. set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
3289. set query "text="
3290. set safesearch url
3291. set safesearch-str "&family=yes"
3292. next
3293. edit "youtube"
3294. set hostname ".*youtube.*"
3295. set safesearch header
3296. next
3297. edit "baidu"
3298. set hostname ".*\\.baidu\\.com"
3299. set url "^\\/s?\\?"
3300. set query "wd="
3301. next
3302. edit "baidu2"
3303. set hostname ".*\\.baidu\\.com"
3304. set url "^\\/(ns|q|m|i|v)\\?"
3305. set query "word="
3306. next
3307. edit "baidu3"
3308. set hostname "tieba\\.baidu\\.com"
3309. set url "^\\/f\\?"
3310. set query "kw="
3311. next
3312. end
3313. config emailfilter profile
3314. edit "sniffer-profile"
3315. set comment "Malware and phishing URL monitoring."
3316. next
3317. edit "default"
3318. set comment "Malware and phishing URL filtering."
3319. next
3320. end
3321. config report layout
3322. edit "default"
3323. set title "FortiGate System Analysis Report"
3324. set style-theme "default-report"
3325. set options include-table-of-content view-chart-as-heading
3326. config page
3327. set paper letter
3328. set page-break-before heading1
3329. config header
3330. config header-item
3331. edit 1
3332. set type image
3333. set style "header-image"
3334. set img-src "fortinet_logo_small.png"
3335. next
3336. end
3337. end
3338. config footer
3339. config footer-item
3340. edit 1
3341. set style "footer-text"
3342. set content "FortiGate ${schedule_type} Security Report - Host Name: ${hostname}"
3343. next
3344. edit 2
3345. set style "footer-pageno"
3346. next
3347. end
3348. end
3349. end
3350. config body-item
3351. edit 101
3352. set type image
3353. set style "report-cover1"
3354. set img-src "fortigate_log.png"
3355. next
3356. edit 103
3357. set style "report-cover2"
3358. set content "FortiGate ${schedule_type} Security Report"
3359. next
3360. edit 105
3361. set style "report-cover3"
3362. set content "Report Date: ${started_time}"
3363. next
3364. edit 107
3365. set style "report-cover3"
3366. set content "Data Range: ${report_data_range} (${hostname})"
3367. next
3368. edit 109
3369. set style "report-cover3"
3370. set content "${vdom}"
3371. next
3372. edit 111
3373. set type image
3374. set style "report-cover4"
3375. set img-src "fortinet_logo_small.png"
3376. next
3377. edit 121
3378. set type misc
3379. set misc-component page-break
3380. next
3381. edit 301
3382. set text-component heading1
3383. set content "Bandwidth and Applications"
3384. next
3385. edit 311
3386. set type chart
3387. set chart "traffic.bandwidth.history_c"
3388. next
3389. edit 321
3390. set type chart
3391. set chart "traffic.sessions.history_c"
3392. next
3393. edit 331
3394. set type chart
3395. set chart "traffic.statistics"
3396. next
3397. edit 411
3398. set type chart
3399. set chart "traffic.bandwidth.apps_c"
3400. next
3401. edit 421
3402. set type chart
3403. set chart "traffic.bandwidth.cats_c"
3404. next
3405. edit 511
3406. set type chart
3407. set chart "traffic.bandwidth.users_c"
3408. next
3409. edit 521
3410. set type chart
3411. set chart "traffic.users.history.hour_c"
3412. next
3413. edit 611
3414. set type chart
3415. set chart "traffic.bandwidth.destinations_tab"
3416. next
3417. edit 1001
3418. set text-component heading1
3419. set content "Web Usage"
3420. next
3421. edit 1011
3422. set type chart
3423. set chart "web.allowed-request.sites_c"
3424. next
3425. edit 1021
3426. set type chart
3427. set chart "web.bandwidth.sites_c"
3428. next
3429. edit 1031
3430. set type chart
3431. set chart "web.blocked-request.sites_c"
3432. next
3433. edit 1041
3434. set type chart
3435. set chart "web.blocked-request.users_c"
3436. next
3437. edit 1051
3438. set type chart
3439. set chart "web.requests.users_c"
3440. next
3441. edit 1061
3442. set type chart
3443. set chart "web.bandwidth.users_c"
3444. next
3445. edit 1071
3446. set type chart
3447. set chart "web.bandwidth.stream-sites_c"
3448. next
3449. edit 1301
3450. set text-component heading1
3451. set content "Emails"
3452. next
3453. edit 1311
3454. set type chart
3455. set chart "email.request.senders_c"
3456. next
3457. edit 1321
3458. set type chart
3459. set chart "email.bandwidth.senders_c"
3460. next
3461. edit 1331
3462. set type chart
3463. set chart "email.request.recipients_c"
3464. next
3465. edit 1341
3466. set type chart
3467. set chart "email.bandwidth.recipients_c"
3468. next
3469. edit 1501
3470. set text-component heading1
3471. set content "Threats"
3472. next
3473. edit 1511
3474. set type chart
3475. set top-n 80
3476. set chart "virus.count.viruses_c"
3477. next
3478. edit 1531
3479. set type chart
3480. set top-n 80
3481. set chart "virus.count.users_c"
3482. next
3483. edit 1541
3484. set type chart
3485. set top-n 80
3486. set chart "virus.count.sources_c"
3487. next
3488. edit 1551
3489. set type chart
3490. set chart "virus.count.history_c"
3491. next
3492. edit 1561
3493. set type chart
3494. set top-n 80
3495. set chart "botnet.count_c"
3496. next
3497. edit 1571
3498. set type chart
3499. set top-n 80
3500. set chart "botnet.count.users_c"
3501. next
3502. edit 1581
3503. set type chart
3504. set top-n 80
3505. set chart "botnet.count.sources_c"
3506. next
3507. edit 1591
3508. set type chart
3509. set chart "botnet.count.history_c"
3510. next
3511. edit 1601
3512. set type chart
3513. set top-n 80
3514. set chart "attack.count.attacks_c"
3515. next
3516. edit 1611
3517. set type chart
3518. set top-n 80
3519. set chart "attack.count.victims_c"
3520. next
3521. edit 1621
3522. set type chart
3523. set top-n 80
3524. set chart "attack.count.source_bar_c"
3525. next
3526. edit 1631
3527. set type chart
3528. set chart "attack.count.blocked_attacks_c"
3529. next
3530. edit 1641
3531. set type chart
3532. set chart "attack.count.severity_c"
3533. next
3534. edit 1651
3535. set type chart
3536. set chart "attack.count.history_c"
3537. next
3538. edit 1701
3539. set text-component heading1
3540. set content "VPN Usage"
3541. next
3542. edit 1711
3543. set type chart
3544. set top-n 80
3545. set chart "vpn.bandwidth.static-tunnels_c"
3546. next
3547. edit 1721
3548. set type chart
3549. set top-n 80
3550. set chart "vpn.bandwidth.dynamic-tunnels_c"
3551. next
3552. edit 1731
3553. set type chart
3554. set top-n 80
3555. set chart "vpn.bandwidth.ssl-tunnel.users_c"
3556. next
3557. edit 1741
3558. set type chart
3559. set top-n 80
3560. set chart "vpn.bandwidth.ssl-web.users_c"
3561. next
3562. edit 1901
3563. set text-component heading1
3564. set content "Admin Login and System Events"
3565. next
3566. edit 1911
3567. set type chart
3568. set top-n 80
3569. set chart "event.login.summary_c"
3570. next
3571. edit 1931
3572. set type chart
3573. set top-n 80
3574. set chart "event.failed.login_c"
3575. next
3576. edit 1961
3577. set type chart
3578. set top-n 80
3579. set chart "event.system.group_events_c"
3580. next
3581. end
3582. next
3583. end
3584. config wanopt settings
3585. set host-id "default-id"
3586. end
3587. config wanopt profile
3588. edit "default"
3589. set comments "Default WANopt profile."
3590. next
3591. end
3592. config system virtual-wan-link
3593. set status enable
3594. config members
3595. edit 2
3596. set interface "toDC-CURITIBA"
3597. set gateway 10.10.228.1
3598. next
3599. edit 3
3600. set interface "toDC-CTA-TERR"
3601. set gateway 10.20.228.1
3602. next
3603. end
3604. config health-check
3605. edit "Teste_DC_Curitiba"
3606. set server "10.44.127.1"
3607. set failtime 10
3608. set recoverytime 10
3609. set update-static-route disable
3610. set members 3 2
3611. next
3612. end
3613. config service
3614. edit 2
3615. set name "toDC_Curitiba"
3616. set mode priority
3617. set dst "SERVERS"
3618. set src "LAN-228"
3619. set health-check "Teste_DC_Curitiba"
3620. set priority-members 3
3621. next
3622. end
3623. end
3624. config firewall schedule recurring
3625. edit "always"
3626. set day sunday monday tuesday wednesday thursday friday saturday
3627. next
3628. edit "none"
3629. next
3630. end
3631. config firewall profile-protocol-options
3632. edit "default"
3633. set comment "All default services."
3634. config http
3635. set ports 80
3636. unset options
3637. unset post-lang
3638. end
3639. config ftp
3640. set ports 21
3641. set options splice
3642. end
3643. config imap
3644. set ports 143
3645. set options fragmail
3646. end
3647. config mapi
3648. set ports 135
3649. set options fragmail
3650. end
3651. config pop3
3652. set ports 110
3653. set options fragmail
3654. end
3655. config smtp
3656. set ports 25
3657. set options fragmail splice
3658. end
3659. config nntp
3660. set ports 119
3661. set options splice
3662. end
3663. config dns
3664. set ports 53
3665. end
3666. config cifs
3667. set ports 445
3668. end
3669. next
3670. end
3671. config firewall ssl-ssh-profile
3672. edit "deep-inspection"
3673. set comment "Read-only deep inspection profile."
3674. config https
3675. set ports 443
3676. set status deep-inspection
3677. end
3678. config ftps
3679. set ports 990
3680. set status deep-inspection
3681. end
3682. config imaps
3683. set ports 993
3684. set status deep-inspection
3685. end
3686. config pop3s
3687. set ports 995
3688. set status deep-inspection
3689. end
3690. config smtps
3691. set ports 465
3692. set status deep-inspection
3693. end
3694. config ssh
3695. set ports 22
3696. set status disable
3697. end
3698. config ssl-exempt
3699. edit 1
3700. set fortiguard-category 31
3701. next
3702. edit 2
3703. set fortiguard-category 33
3704. next
3705. edit 3
3706. set type wildcard-fqdn
3707. set wildcard-fqdn "adobe"
3708. next
3709. edit 4
3710. set type wildcard-fqdn
3711. set wildcard-fqdn "Adobe Login"
3712. next
3713. edit 5
3714. set type wildcard-fqdn
3715. set wildcard-fqdn "android"
3716. next
3717. edit 6
3718. set type wildcard-fqdn
3719. set wildcard-fqdn "apple"
3720. next
3721. edit 7
3722. set type wildcard-fqdn
3723. set wildcard-fqdn "appstore"
3724. next
3725. edit 8
3726. set type wildcard-fqdn
3727. set wildcard-fqdn "auth.gfx.ms"
3728. next
3729. edit 9
3730. set type wildcard-fqdn
3731. set wildcard-fqdn "citrix"
3732. next
3733. edit 10
3734. set type wildcard-fqdn
3735. set wildcard-fqdn "dropbox.com"
3736. next
3737. edit 11
3738. set type wildcard-fqdn
3739. set wildcard-fqdn "eease"
3740. next
3741. edit 12
3742. set type wildcard-fqdn
3743. set wildcard-fqdn "firefox update server"
3744. next
3745. edit 13
3746. set type wildcard-fqdn
3747. set wildcard-fqdn "fortinet"
3748. next
3749. edit 14
3750. set type wildcard-fqdn
3751. set wildcard-fqdn "googleapis.com"
3752. next
3753. edit 15
3754. set type wildcard-fqdn
3755. set wildcard-fqdn "google-drive"
3756. next
3757. edit 16
3758. set type wildcard-fqdn
3759. set wildcard-fqdn "google-play2"
3760. next
3761. edit 17
3762. set type wildcard-fqdn
3763. set wildcard-fqdn "google-play3"
3764. next
3765. edit 18
3766. set type wildcard-fqdn
3767. set wildcard-fqdn "Gotomeeting"
3768. next
3769. edit 19
3770. set type wildcard-fqdn
3771. set wildcard-fqdn "icloud"
3772. next
3773. edit 20
3774. set type wildcard-fqdn
3775. set wildcard-fqdn "itunes"
3776. next
3777. edit 21
3778. set type wildcard-fqdn
3779. set wildcard-fqdn "microsoft"
3780. next
3781. edit 22
3782. set type wildcard-fqdn
3783. set wildcard-fqdn "skype"
3784. next
3785. edit 23
3786. set type wildcard-fqdn
3787. set wildcard-fqdn "softwareupdate.vmware.com"
3788. next
3789. edit 24
3790. set type wildcard-fqdn
3791. set wildcard-fqdn "verisign"
3792. next
3793. edit 25
3794. set type wildcard-fqdn
3795. set wildcard-fqdn "Windows update 2"
3796. next
3797. edit 26
3798. set type wildcard-fqdn
3799. set wildcard-fqdn "live.com"
3800. next
3801. edit 27
3802. set type wildcard-fqdn
3803. set wildcard-fqdn "google-play"
3804. next
3805. edit 28
3806. set type wildcard-fqdn
3807. set wildcard-fqdn "update.microsoft.com"
3808. next
3809. edit 29
3810. set type wildcard-fqdn
3811. set wildcard-fqdn "swscan.apple.com"
3812. next
3813. edit 30
3814. set type wildcard-fqdn
3815. set wildcard-fqdn "autoupdate.opera.com"
3816. next
3817. end
3818. next
3819. edit "custom-deep-inspection"
3820. set comment "Customizable deep inspection profile."
3821. config https
3822. set ports 443
3823. set status deep-inspection
3824. end
3825. config ftps
3826. set ports 990
3827. set status deep-inspection
3828. end
3829. config imaps
3830. set ports 993
3831. set status deep-inspection
3832. end
3833. config pop3s
3834. set ports 995
3835. set status deep-inspection
3836. end
3837. config smtps
3838. set ports 465
3839. set status deep-inspection
3840. end
3841. config ssh
3842. set ports 22
3843. set status disable
3844. end
3845. config ssl-exempt
3846. edit 1
3847. set fortiguard-category 31
3848. next
3849. edit 2
3850. set fortiguard-category 33
3851. next
3852. edit 3
3853. set type wildcard-fqdn
3854. set wildcard-fqdn "adobe"
3855. next
3856. edit 4
3857. set type wildcard-fqdn
3858. set wildcard-fqdn "Adobe Login"
3859. next
3860. edit 5
3861. set type wildcard-fqdn
3862. set wildcard-fqdn "android"
3863. next
3864. edit 6
3865. set type wildcard-fqdn
3866. set wildcard-fqdn "apple"
3867. next
3868. edit 7
3869. set type wildcard-fqdn
3870. set wildcard-fqdn "appstore"
3871. next
3872. edit 8
3873. set type wildcard-fqdn
3874. set wildcard-fqdn "auth.gfx.ms"
3875. next
3876. edit 9
3877. set type wildcard-fqdn
3878. set wildcard-fqdn "citrix"
3879. next
3880. edit 10
3881. set type wildcard-fqdn
3882. set wildcard-fqdn "dropbox.com"
3883. next
3884. edit 11
3885. set type wildcard-fqdn
3886. set wildcard-fqdn "eease"
3887. next
3888. edit 12
3889. set type wildcard-fqdn
3890. set wildcard-fqdn "firefox update server"
3891. next
3892. edit 13
3893. set type wildcard-fqdn
3894. set wildcard-fqdn "fortinet"
3895. next
3896. edit 14
3897. set type wildcard-fqdn
3898. set wildcard-fqdn "googleapis.com"
3899. next
3900. edit 15
3901. set type wildcard-fqdn
3902. set wildcard-fqdn "google-drive"
3903. next
3904. edit 16
3905. set type wildcard-fqdn
3906. set wildcard-fqdn "google-play2"
3907. next
3908. edit 17
3909. set type wildcard-fqdn
3910. set wildcard-fqdn "google-play3"
3911. next
3912. edit 18
3913. set type wildcard-fqdn
3914. set wildcard-fqdn "Gotomeeting"
3915. next
3916. edit 19
3917. set type wildcard-fqdn
3918. set wildcard-fqdn "icloud"
3919. next
3920. edit 20
3921. set type wildcard-fqdn
3922. set wildcard-fqdn "itunes"
3923. next
3924. edit 21
3925. set type wildcard-fqdn
3926. set wildcard-fqdn "microsoft"
3927. next
3928. edit 22
3929. set type wildcard-fqdn
3930. set wildcard-fqdn "skype"
3931. next
3932. edit 23
3933. set type wildcard-fqdn
3934. set wildcard-fqdn "softwareupdate.vmware.com"
3935. next
3936. edit 24
3937. set type wildcard-fqdn
3938. set wildcard-fqdn "verisign"
3939. next
3940. edit 25
3941. set type wildcard-fqdn
3942. set wildcard-fqdn "Windows update 2"
3943. next
3944. edit 26
3945. set type wildcard-fqdn
3946. set wildcard-fqdn "live.com"
3947. next
3948. edit 27
3949. set type wildcard-fqdn
3950. set wildcard-fqdn "google-play"
3951. next
3952. edit 28
3953. set type wildcard-fqdn
3954. set wildcard-fqdn "update.microsoft.com"
3955. next
3956. edit 29
3957. set type wildcard-fqdn
3958. set wildcard-fqdn "swscan.apple.com"
3959. next
3960. edit 30
3961. set type wildcard-fqdn
3962. set wildcard-fqdn "autoupdate.opera.com"
3963. next
3964. end
3965. next
3966. edit "no-inspection"
3967. set comment "Read-only profile that does no inspection."
3968. config https
3969. set status disable
3970. end
3971. config ftps
3972. set status disable
3973. end
3974. config imaps
3975. set status disable
3976. end
3977. config pop3s
3978. set status disable
3979. end
3980. config smtps
3981. set status disable
3982. end
3983. config ssh
3984. set ports 22
3985. set status disable
3986. end
3987. next
3988. edit "certificate-inspection"
3989. set comment "Read-only SSL handshake inspection profile."
3990. config https
3991. set ports 443
3992. set status certificate-inspection
3993. end
3994. config ftps
3995. set status disable
3996. end
3997. config imaps
3998. set status disable
3999. end
4000. config pop3s
4001. set status disable
4002. end
4003. config smtps
4004. set status disable
4005. end
4006. config ssh
4007. set ports 22
4008. set status disable
4009. end
4010. next
4011. end
4012. config waf profile
4013. edit "default"
4014. config signature
4015. config main-class 100000000
4016. set action block
4017. set severity high
4018. end
4019. config main-class 20000000
4020. end
4021. config main-class 30000000
4022. set status enable
4023. set action block
4024. set severity high
4025. end
4026. config main-class 40000000
4027. end
4028. config main-class 50000000
4029. set status enable
4030. set action block
4031. set severity high
4032. end
4033. config main-class 60000000
4034. end
4035. config main-class 70000000
4036. set status enable
4037. set action block
4038. set severity high
4039. end
4040. config main-class 80000000
4041. set status enable
4042. set severity low
4043. end
4044. config main-class 110000000
4045. set status enable
4046. set severity high
4047. end
4048. config main-class 90000000
4049. set status enable
4050. set action block
4051. set severity high
4052. end
4053. set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
4054. end
4055. config constraint
4056. config header-length
4057. set status enable
4058. set log enable
4059. set severity low
4060. end
4061. config content-length
4062. set status enable
4063. set log enable
4064. set severity low
4065. end
4066. config param-length
4067. set status enable
4068. set log enable
4069. set severity low
4070. end
4071. config line-length
4072. set status enable
4073. set log enable
4074. set severity low
4075. end
4076. config url-param-length
4077. set status enable
4078. set log enable
4079. set severity low
4080. end
4081. config version
4082. set log enable
4083. end
4084. config method
4085. set action block
4086. set log enable
4087. end
4088. config hostname
4089. set action block
4090. set log enable
4091. end
4092. config malformed
4093. set log enable
4094. end
4095. config max-cookie
4096. set status enable
4097. set log enable
4098. set severity low
4099. end
4100. config max-header-line
4101. set status enable
4102. set log enable
4103. set severity low
4104. end
4105. config max-url-param
4106. set status enable
4107. set log enable
4108. set severity low
4109. end
4110. config max-range-segment
4111. set status enable
4112. set log enable
4113. set severity high
4114. end
4115. end
4116. next
4117. end
4118. config firewall policy
4119. edit 1
4120. set name "fromLAN"
4121. set uuid 4ff61d2a-577f-51ea-fea1-5727940db2f7
4122. set srcintf "port3"
4123. set dstintf "virtual-wan-link"
4124. set srcaddr "all"
4125. set dstaddr "all"
4126. set action accept
4127. set schedule "always"
4128. set service "ALL"
4129. set fsso disable
4130. set nat enable
4131. next
4132. edit 2
4133. set name "fromTuns"
4134. set uuid da4794f0-58af-51ea-8e7f-d604335f694d
4135. set srcintf "virtual-wan-link"
4136. set dstintf "port3"
4137. set srcaddr "all"
4138. set dstaddr "all"
4139. set action accept
4140. set schedule "always"
4141. set service "ALL"
4142. set fsso disable
4143. next
4144. end
4145. config firewall ssh local-key
4146. edit "Fortinet_SSH_RSA2048"
4147. set password ENC fwAAAEkqNsqX5uUqFvmLH1a8ZTaadGamlnFC6aJutilGI65KRGZN3agSNRnJ7nBAIW/fC1gw5hvPNyjgtOZLVhazuqOyHrUPdWipJCp7nHSs2TXo+lEuUZVU+yLHolSnXoZ6MMfbejZEy5G4holngtN4xLyxEcgY1o1a8/seLPxx1OGo5iALRbe8dv4XjhWA5oSKdw==
4148. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4149. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAEnx191T
4150. R1EtHniAxv0EqrAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDx0vfhYC/F
4151. YSWWW4UfRK/kNUrrWLrolvEgveOwvj98lrZ4e+DsManJcMiHVQoxbUXPyXW07SUDNB5gsq
4152. 045XorNqN8BlW8TKsoNPRO4XvoUvuY6ITfufYPusJY5sxl4eSOZ7EfCFGHn8IA2a/p3zH9
4153. 2hOPuXfxoNOAj6b31NQnvpDTkUDywAF2A/WYauMZL1Ms7QCrMayjPHqkVu/ah42oyiQhuu
4154. a4m3AXHlAkrfj88kfH3NmlqhOx0cWQKMnr9BOBX/joEhlgHnS5Aol8lYNQTBtV8s5b2gEZ
4155. Hk9zEkhmYSnfBaitq4ZgSyVXCWYskyTQycq8vifoQBZh2y1Z7NpZAAADwFENpFxRIgoc1y
4156. ORBq08JdoTHccUdFqt0E1WkdqlqPke7UTzzDxpP2Rue1H3wqxN1r/KxSBH5QQESPE4RVP5
4157. bulbYPoQhxQngLRu8GkNABac5+wfC0T99jsRnKFQScNBepvbyLkpYo8pAnOVCPFyDftyu9
4158. wV3FwvqhDK4OK13F3OqSwLqDQozyHqzffGa3nU/FYK5yGn45msJVURpo5yHhl03+zqw1Tk
4159. zj/2W+wEPDY4SgMgNplU0xtoJyGHP0ZNJOTtk0jK+pVLO1eYzlOs+z6UmXJ892p9nb7hA1
4160. AN7+fqL4J4BMzwtyrm5IByKniXw6JTJjywUBI3GL4uLikHO4EXPthNZDLoMGZU2P/Y6oG+
4161. KWa816W/34Xngs7a/3+CqjxR5w3Xy8Pi94t5EVGgq3bDFXxEciXS1cHm4D8wOTpdZPanYh
4162. zMe9z0a98NPKu7DGzMKt0DgaWGxiVhApT1AvmUqGYJ5UAKd9bsmsxD6TGO/zxBa5vRA60s
4163. pGN8hb9cDEM1UFtQUtJn/OEoRFdRJBI7VuHHhJuTxpGaOWuQgpL1s817sYGrvn28xZaJOm
4164. HE5dqio3bY0Pa0Jc9SRMHKUvRhlpaogNaL9droHJSZnwJG8vm/quhb1h0Yrpzc3ViiUIWy
4165. RbtZpE++5wx4XBhoZ7A4fo6u+w+2rfJqD/4MoFuogvu7zDfM+99Tx+oSmmvdbRbD/Rak+M
4166. vvK7ui9O+lk+JGNYbiyrf9742Zom2LYiXKKg8bFUmy75MjnApmM6+TPJZfOx3uRk6Z/60V
4167. d95mz0woWueOkODrmcbd9lYDhx9P/6ad28cpaBzYpz7feFn8XEl7T9ANbo0zdUFTGD5x30
4168. i2bmtwm3mc6vL6/fErbY0tFFKBVoJsb0CvPvDGIRFCsn1K9ObZRQOPPKKuYce3vlNDD9LZ
4169. zu9iRZt88I9G8lO4iiN3QlwFkDzphehkZQXaxT2ZFjkHJyC9mwIWH49gNwkl1IptRORTQI
4170. vIya1eAWGCqZQPj1ecOF8fejtww9Ybs+Sen4u+5UpM9B+xUAYkbPYu+0BY1023qhZjELnP
4171. PcaL+KgdjHAnnBALfhgJ1019iBBTPD3XvnUNtfJUoKc622nL3ZHGxnvH6I1sJYZx8dT51d
4172. Q76QDgSmOCYVueaMhC8L1hy5lyll6nCTlMMSWxYfPje1PjeSTUZoLwgR63flXB7hkoMgMp
4173. mlezdA2WSYsGySh0750DYzlFGcDy5UALS72RJWAu8VpYF5cYlqYmDS1a64Le55mnpv5Qj+
4174. 2kxK5Bgg==
4175. -----END OPENSSH PRIVATE KEY-----
4176. "
4177. set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDx0vfhYC/FYSWWW4UfRK/kNUrrWLrolvEgveOwvj98lrZ4e+DsManJcMiHVQoxbUXPyXW07SUDNB5gsq045XorNqN8BlW8TKsoNPRO4XvoUvuY6ITfufYPusJY5sxl4eSOZ7EfCFGHn8IA2a/p3zH92hOPuXfxoNOAj6b31NQnvpDTkUDywAF2A/WYauMZL1Ms7QCrMayjPHqkVu/ah42oyiQhuua4m3AXHlAkrfj88kfH3NmlqhOx0cWQKMnr9BOBX/joEhlgHnS5Aol8lYNQTBtV8s5b2gEZHk9zEkhmYSnfBaitq4ZgSyVXCWYskyTQycq8vifoQBZh2y1Z7NpZ"
4178. set source built-in
4179. next
4180. edit "Fortinet_SSH_DSA1024"
4181. set password ENC fwAAANTU7ZYdZh6rXFnXg0Dn/IapZhFgs5MPLtFGNpJal7x9RDuJwgzpYpWEJe+FIEKxZqyAGV3NMU8nWmlSZS26wSz33yQ34Ce6zAd3yD28F3QBvZRR8qdluzSiQOQrqRBSEQvWVs6dLw10mLLW0EbO4V2DbMD3jEGhWj9Cm4vdo2i6cnAdm18FnHsj3qUD/61YSA==
4182. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4183. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBuslvQ0b
4184. akeWJ1fqckSUNyAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAIF2XFvtuXbcVxGuPhhe
4185. m/jO3rZ2G/ADnCTYDdSHDf1tak/PXEDlzTivSBNevkR6noeik+R/UawOn4R/jOgWGYDKgM
4186. fE7ywaNfeIMmaNDqlyHYuruHfbTgZSuPR+Gwg0Lh5CMe1xKXUxsY4XEQOQuEyhzoaWeGka
4187. SSDwRTHs8xItAAAAFQDKZJyd36OXJ4sPdA/TplD2Rf/UJQAAAIA1E2jBkmGN0hnlvJc/8y
4188. L/7LYP4Fgl8p51VasSZ3Uv7hXkv49sx6KBhgh0TyzCAcj3hhspgvs4dQpkY0WTv18pxl02
4189. i5D4EX8P7zhOcrGdTeC1kB4XrkcqhpNeJ6auCUOVvEGsP3EyPfoWLVyfO91GE+l5PCrqYB
4190. DZiJHI0xqw8gAAAIAZoLMCrN+/QnSNM13rcLjif0qegcersulN5DuUyslm+2sSOlKq2mca
4191. 5RuP7i47vGs2IXwmvZobPYtwDmyja6o2wtYaNpcpRptYcaLXYf2gDlAjElpqOZEnC+ZUOw
4192. /NafBuZ7D1PKkehApR2aBl0O1OWtHXOuRTGqvtROREL+mBJwAAAeAwD/oVwgTNtcCk1IHD
4193. iZY/JPwLeEMF0hY2jELtogxNdErzhkSZsJmwHglYMJk3pb9GfGQ8wJ91L5r4tLXWuaaoA6
4194. evEmgVETooZ8Ot7e1IbVjAY+RsSJF0i4b8iayizj2IzNcsUQbdtd8Sf9c/ErWjd188/Z7u
4195. U4S9xwwE5Czmzy8jb5pmNtvWSP2N2UlcztjM/WWp94rxLiUXZXOIAimQ0+epHVrNjmMlgn
4196. 1CaLstBshx5IqBTGLHc+sSnH+Gntovp4NMWQFVHEGsFqVCKzceDL7NfHcOSA81nSSv3F4I
4197. rKo7VllfF2aO2JBqni0/Dg9TZkNq6fVjE1iFhB+kZ6YrMOaPpR9u5f+9FuGhJ4ppuh4BPc
4198. BSp2y+FyRRtjVkpw/CUK9ASBHjad/+zevbHkb3gEar2RHnR/d/uhR7nYqSj87e//Uk2Ywl
4199. 6F8ISPA4ZfACbmyDEv3/L9OQnAYu1jURK/9pZ12OMHleazn0P9H9Xvf9ES6agKK8ba1N6w
4200. Qu3Lyd1Q5k2LKVj+ph59wifUkNUpTwiaCM/fxVw8QhbAI8Z+IodPUo+sN9wws6/TUCP8ug
4201. Q0nqPjgXD+pCVeI9aYihbU/Em4BWElWhHaRVPXJULibTqdFDxMWDwKvnSjwKf/U=
4202. -----END OPENSSH PRIVATE KEY-----
4203. "
4204. set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAIF2XFvtuXbcVxGuPhhem/jO3rZ2G/ADnCTYDdSHDf1tak/PXEDlzTivSBNevkR6noeik+R/UawOn4R/jOgWGYDKgMfE7ywaNfeIMmaNDqlyHYuruHfbTgZSuPR+Gwg0Lh5CMe1xKXUxsY4XEQOQuEyhzoaWeGkaSSDwRTHs8xItAAAAFQDKZJyd36OXJ4sPdA/TplD2Rf/UJQAAAIA1E2jBkmGN0hnlvJc/8yL/7LYP4Fgl8p51VasSZ3Uv7hXkv49sx6KBhgh0TyzCAcj3hhspgvs4dQpkY0WTv18pxl02i5D4EX8P7zhOcrGdTeC1kB4XrkcqhpNeJ6auCUOVvEGsP3EyPfoWLVyfO91GE+l5PCrqYBDZiJHI0xqw8gAAAIAZoLMCrN+/QnSNM13rcLjif0qegcersulN5DuUyslm+2sSOlKq2mca5RuP7i47vGs2IXwmvZobPYtwDmyja6o2wtYaNpcpRptYcaLXYf2gDlAjElpqOZEnC+ZUOw/NafBuZ7D1PKkehApR2aBl0O1OWtHXOuRTGqvtROREL+mBJw=="
4205. set source built-in
4206. next
4207. edit "Fortinet_SSH_ECDSA256"
4208. set password ENC fwAAAIJwXODNsTOCeLdRJwDAFHzR3L3S1aubYVvWa9fQJYvkGatXZi466ATzN0AzO+ZIZC3ypZ0lSOgXxkLT+Y7GZdJYSQwViIH2rF6BQFJdCwNNDZGSye3iULnCnVUMnFX5c486BrE/ImDRXsQ5hOn8gai8xv9eGgevrCTWTH+ayC3ruLHo65IDelEQXa0s9pTE9g==
4209. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4210. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA0YLHj+Q
4211. xdPg2i0soD92dFAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
4212. dHAyNTYAAABBBAX1xn2UkeXxzvgJZg5iTBEujKPOpH0GtQtKOOaNWXkSUgPcqiERXiGsXz
4213. 1e05qbVgP1PKNddukBxglats54JX4AAACgBdVlmWL9PsjOWgc5mHOsDBjK8G2VSHEHb6X6
4214. kY6qCVo2oNmCl1RRuPUTNMTEuwAkTtjpSFwHGqLvwktPR+/2zl74v40nYdkYU86Nxs4DqL
4215. MOgtrDBSG+U8ACpv0PG/BfGMhyb/U8zSIKGRJxzJkK7JhYeNxmQ/3R9Ne0xdnpKZVuX4mS
4216. Jo9bahma+IT4xl2v5UMI/FJaR0OVmPiSLWcdTA==
4217. -----END OPENSSH PRIVATE KEY-----
4218. "
4219. set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAX1xn2UkeXxzvgJZg5iTBEujKPOpH0GtQtKOOaNWXkSUgPcqiERXiGsXz1e05qbVgP1PKNddukBxglats54JX4="
4220. set source built-in
4221. next
4222. edit "Fortinet_SSH_ECDSA384"
4223. set password ENC fwAAACDS526hDsCPYHkKBM7sp5PUHbD4Quo7/11S4jHFIPiqokkszpLCz/5fmZU1FZJAoP9UnUxL7Zp1+kuGxh3vUdHdWbrz+Ygm8NSirIAPrr9PC7cn9V/C9eJtfCjNEgXpUL9z0tbOoQq7RpJZK5DYc1TtjwT42pMGDNYYFElttnMTuuHxgOuQF5vcvAgE16Tntw==
4224. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4225. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCi3I6qVb
4226. UKbCUXKF8z9E2fAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
4227. dHAzODQAAABhBGHTLvlIAIACs+24KY1z2oLfp0wat2Y80CJVGrBWUE1O4nMWE9wWatyi2T
4228. 0C6dxdhdSfjCgd2zEd4QHdF0D+ot4+8aUaQbwczTrFdlCSkS1PAiNmvV7PRYf7exlyqZuP
4229. JwAAAND2eMgW5HLSBvmRT00mGyAhGy7eF0Behq0t1JYvmW0EbcEjjFm1giOl67zJHnE2+y
4230. I2byCNODyrjCeJYmQ3Sx+QXpeAX8zzO5i9j3BaBt+SM8XcMR11OE//PgOGVscq2J2hauNH
4231. 43Bztr0SxSSQ4sCc01IhqlcqCC8eGTDJQn8P2Tw6pq0LNacKBp2RnnMVGXgVQZyvDXio/m
4232. 7j9c+Lyws0KpcSU71HXm6ELHNLVpDMWD+lrdBWCfBXDwhilm15xyz6kkqOotRP6mww05bp
4233. mzOP
4234. -----END OPENSSH PRIVATE KEY-----
4235. "
4236. set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGHTLvlIAIACs+24KY1z2oLfp0wat2Y80CJVGrBWUE1O4nMWE9wWatyi2T0C6dxdhdSfjCgd2zEd4QHdF0D+ot4+8aUaQbwczTrFdlCSkS1PAiNmvV7PRYf7exlyqZuPJw=="
4237. set source built-in
4238. next
4239. edit "Fortinet_SSH_ECDSA521"
4240. set password ENC fwAAACkH6+9KxvFzYS2i/qoThic8UvESMNglIrcoDLznYrSyeC4QifkxAbr7Gs7NN/EIx7V22JcsK7x9xB+TlXdFcl04loJWZCV2SkesxoVyZ/kleLKPY3T3vz76BQrZrvYPP9+WKv6aLSWtkhqpJn71lb/UnYWnywHnJh/E9v7pwQSkdFQV992gASrhh5xq6+VdLQ==
4241. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4242. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCJaKQd7u
4243. kpgGAyP80PBVcFAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
4244. dHA1MjEAAACFBAD+ABKtGeSzO0RffmFn4HOl/3HEfn1eW7k208b/w3E0NYzcmQOPRUQiFm
4245. /0mIEKumoSwsUl3vRQmlHtizZSjcJwsgCR0iEB/ZsMWbMhN2NIVTc2+EJzYo+8qC2GBOzK
4246. bQIu2PcYwtnlYqXwQXgF5Pm7RRPOGd0g7qcCV/qOE66JywDFowAAAQDuaUyqgefDGLKjJx
4247. VKifGN7Yy6dxOaq8ZKu4UzUypFqVgaTNb1dftGK8V5vJOUrJgrjJyZP+WL+sqPARFarP0P
4248. f7TpC9VQ1RwvmGcv1KnhikoO1x93zxX/sUe19xPXc7zP8LxXZSvx69ibyeHcpwI4oBVkZR
4249. feCc5iKiEeAZCUiRVCqPM3kJpcfXOMuwASoGX+MJtqfZWiCSWoPaiF3m0Um2Wyz51ahkU8
4250. GYTMMf+XCWc46z2hS/uzlIk/wED5fIBZBHv4Bn7h4Dq9XpyvuLYaKKS1wVL7x77To5Pz/T
4251. 7ydzd/o8anJRsA3jB78zk2n8Cw6s94MwrU3up+v0qDmAUZ
4252. -----END OPENSSH PRIVATE KEY-----
4253. "
4254. set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD+ABKtGeSzO0RffmFn4HOl/3HEfn1eW7k208b/w3E0NYzcmQOPRUQiFm/0mIEKumoSwsUl3vRQmlHtizZSjcJwsgCR0iEB/ZsMWbMhN2NIVTc2+EJzYo+8qC2GBOzKbQIu2PcYwtnlYqXwQXgF5Pm7RRPOGd0g7qcCV/qOE66JywDFow=="
4255. set source built-in
4256. next
4257. edit "Fortinet_SSH_ED25519"
4258. set password ENC BhS9m3AvTQdFkudwJSo1e4BEXSvZWNkDlz0FbPUDzGAP9COY/aFErHRoHHAPlvilhxMI3WRNJBv55egnK3f+K1dA1Ulq7zrlxAYforLMGliSJC0776/gOsrlKgY7hMD1UuVmJeQUE6xD+v/R6gJcVcLcUFTi8Yjv2Rx5v8n1mM6MAz9c1RO4TWHF9UcN55pQYEvHhg==
4259. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4260. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCLjF9TKd
4261. 6oLKzrixqPZ+IlAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAICP0toHH6bnc52uu
4262. r1NBCn8wleyu6jUggMXHX7yBQxlkAAAAkI93vDKt+zQ2eUT1XLG7wOFavN+wdt5UE0U9Rs
4263. Z8Fz9ly9RLA0ZlLA8nasTEvd9H0CV0uhg/7LNIOMPm0FIv0dtDPFohos7c3Aq4Hc6DHAyv
4264. r9lf9OycGPQ2LLk0jiksHUl66Ilxg2lh8eo4TVXC8k49iH/oL/BfYc3NdGWRutFID01oWj
4265. y98hS8mWvn8p9Lkw==
4266. -----END OPENSSH PRIVATE KEY-----
4267. "
4268. set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICP0toHH6bnc52uur1NBCn8wleyu6jUggMXHX7yBQxlk"
4269. set source built-in
4270. next
4271. end
4272. config firewall ssh local-ca
4273. edit "Fortinet_SSH_CA"
4274. set password ENC AAAAAflE3MAcob9XGpnFGQ1BTWTc2iLTHquKUe2kmd0uFw1c/YDc9I62jfplHig9enm/C97orOYjYlm842tZYc1+jo1eAbaJXP6QWCIMZm+0Gao46ZOptXnvBubDG1IQzX6ufldhweWbs251qPuBxyVQfB8EmdM7cGKncsCyOL8PZgQBvvDhGqE2Zg/1crqnBMhcPw==
4275. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4276. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDcR914L3
4277. 5GJmTNRyUg7E1+AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD53F7IKNvL
4278. 1MsEh63GtQTNnKQBlukISw/zy1eidac8xSj1STtDlYSFKlsbW+FHB6ZNgxXCjJDYea+dFD
4279. unEWdtcz11PxK8o2m6b0KAeOcuVpmBbnkivAtLg6YGDIyobt7JDUiaRxdI/R6Vd9wsuv6N
4280. uDYxZ3CX+WaEEoEr5HWUHnRqb5c7/tM1j3C2cfcziB0k9xmRNLGmNbt3q+qCe17imzaDp5
4281. xQKV8UkqCi1yJTdhD+tbQ3Yv1TeEWzRuNAu54WR6NMlAU2/2RrexB6dTVdaoyHB7oc44XZ
4282. P1pWtS3343Cgg3TIeKYclRsUM3gWBtPePASNI5qkdnY0JaKhscNHAAADwJ4MvkFGYN0XOP
4283. 1qS/kesUUwdVEgGFp+X+NTfn0Vx48zz9H1mgSwB6a8BQnUvcAH1yMJsAUIa0Rg9OGqXZiP
4284. XmPoCVoLynX1OQ8wF8oGGNXy9i3rY+eYRQoFpwHSYbX68XFeiTnj08NicBo0m+nQ/c73Ci
4285. wDhFUJarzgXWrSKjwWDbzpdiMEMccJsDW7lubeRMw/FW3f49bTw82YMucXXArBicnZukNA
4286. Z3K/O10QYKhkzvRicg6kchlyKqAkG8Vl/wIa9YpZtVwO0K2gyOpQkmkCCzr1reXdu+HUSs
4287. avk8NGQ60BbURY6qLRZ04QleFkXPYbpkk3IeVKeeWABLxCEQmRuB5KdhDmFffUuVTE8jTF
4288. mCGw/Ogekkev0eJJrOJjE8tp266rvZkgKNhvyD4q0suFYvWw0dkcmUwMB0xQMEt+Trq2FT
4289. 0KIoKRQjIJqhchGSzn3AlwB5yy8IJoinlAHWZ4mCUJE2gzZIf0DHpSjnXm3km1D5RjvHFi
4290. OC3c3ZZY9fn3F6fqmYT5ZUyl4wGldfLjv8yd+KsADBHYBVT8+tBvjBtal7TYbBmfBLl2yX
4291. iCe3qDABgQdwHx6u4yVH/g3UUq/mwZ91yXJyP3wMO9L5nVB2mG6fAlMW2ZmNAoFEJXfdWG
4292. at7QdwR9EWjNy+FkkkAlOkswdrMMzbiDuZYAQenZFs/AFLCADUpEYIRUyMDFfd+9+Sn9/D
4293. UV4HY9NndWwWq5T7/A/d5kAJvGIduJqzbVDsWtHTCvixDxHPflWCPwkoLolHJ+eiQuP7k6
4294. oIJ+u75TpZObNKikfrW5zGlD6m7HOTifH9diYURNZhNRV4xfwH+W4KfZah+9U1s+JqKzPy
4295. Vl6jFhLobm7HyJODfBKO7IcWtj35JEw8wIXe2Bxd7pWbEkuGpcJPKwk5eQoA1VRvxeePy9
4296. IafNiOtQ3JlSDv+f6HlH95zbixBfu69vB9nqhNqDYFiWDZulID19/p4+vWJHDzP1lLQdzG
4297. 6el+VW9YttVA+aqE4ICR+tZzJdPv4tw6hHI8jZIKhrcR4Ijq9DrS1uR/89KqYzNqnb82Pc
4298. pV0Y+3hdqBg0eKJT2XtO5xKsgeq18Ket7Xkkh3KZlZ3l2hn4GMXo0A3s++6OloRKw8G0rn
4299. OyajMp6NVZCkZh23n/asHY8Z5sFBvK8NkEqtCduEACdBR8adeFVxUKQVEpYwkid8hrgErW
4300. mLJxa/VYSdZWjvueabn5M3yxnOn/wcACpZ6vSDMPw9+V+HJIljSO9lmjg0rin3LQhunp1k
4301. UKbBm4Cw==
4302. -----END OPENSSH PRIVATE KEY-----
4303. "
4304. set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD53F7IKNvL1MsEh63GtQTNnKQBlukISw/zy1eidac8xSj1STtDlYSFKlsbW+FHB6ZNgxXCjJDYea+dFDunEWdtcz11PxK8o2m6b0KAeOcuVpmBbnkivAtLg6YGDIyobt7JDUiaRxdI/R6Vd9wsuv6NuDYxZ3CX+WaEEoEr5HWUHnRqb5c7/tM1j3C2cfcziB0k9xmRNLGmNbt3q+qCe17imzaDp5xQKV8UkqCi1yJTdhD+tbQ3Yv1TeEWzRuNAu54WR6NMlAU2/2RrexB6dTVdaoyHB7oc44XZP1pWtS3343Cgg3TIeKYclRsUM3gWBtPePASNI5qkdnY0JaKhscNH"
4305. set source built-in
4306. next
4307. edit "Fortinet_SSH_CA_Untrusted"
4308. set password ENC AAAAAUZbPlCdaPFjawlRi/OV0YrhQux9guPfeNCCy32B/dqj1c/t3L0xETVtwYK1ZsZ318fPS9kHaYHlJ2Mlxe/rYt4JCib8HqthUROgnpjNjzc9NAOOjMG57nWmD93ZJ87I5traXsugeBez+phVo04APAkU1Jc5r88Hu84JgHAXqNc8yhxj6Iajfluuv6YkIzFfCA==
4309. set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
4310. b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBWsXfgSx
4311. xJy69oc1NjwgwLAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDsq5p6258f
4312. pg2ILxSSNTZAK7aHhLIjW3F08h0ue0q2RTYW1Ni1nkdlsv2suSlLNtYusk4srLP4I1TcOA
4313. tyaSSVH3rDi/vvxou2YYwRGB/IJirwRFUnOgly3KbNZg6qxwXFtbKLcf+fom0uHazTDRta
4314. Civl57duRjasyPl9CKC8WYfbY/zG4P0iO6i6W2CLMBpaDPF02hMed63we1RB/VH28HPVGV
4315. tIOPsnzenj1h0igjwa+jxG1sNvEX7bZahZ2E8JtpOUgU5NmDe8HE8Isa/6WQeI0o+DOpZO
4316. JEtbx4J6eKfraAUmJODPz85LsFMpuU6MXDUj7gl6vqoi9rFkwwD1AAADwIzPYcWgyZ9soV
4317. NcDz5XDYWLze1p689PsmE5MXpgDbaRnqBaDpB7wwqy81u6grgj2j40/DGr3yDoemfOSCq4
4318. NaaLidMVq4GukCYtAUgR0ojEO+PDupIe6Wv4P4wkMmIU4vsFPSa7ICbqW12gdrU9p/LJkI
4319. o4WfrbMMiACQrL8F43uMD1yBeIW7nLnhyogEO+/1UIo/8m9A5P1742E24AE1i/DKoPIQvn
4320. wFxmlvyxrXMI6n4FyiWjRJ4csLBL+2VTeZww6DohZNBrMqmNcVVaZ+Gbf5o3mnv42xdZoJ
4321. qtOXa03Q+oNTssCM35IBYotuzNM7zk29EqN2enzQ8eGFVqHabg6zBeIvfhiY3IDsIs8iOE
4322. AHxMlrq5E+xghqTJTfQpt1ciUYWO5xQju5oCstbDqLrexSxpE9756otMxVeCtKYRb8s6mt
4323. Wso8bjE5LnmcPYhve5Zd7tSSu2TzStX0lgJBYWdZzmYcq0lIA5XnJRdSlcEOAtfSNV+hPq
4324. sRIX38+QT+eLBjuBLTr4MMHM9rAkLknhrntA/Hke2YHRc6aTKZPsX9sICj/jFxGvqin74D
4325. Jhq8Sz3AiRSJ5/YvmEncXx9sH4NmxXZrrdUFK7Rm/BxBKLD1/4+FIZSwqCXXCXWMtumDDz
4326. W0IMzx4m/ongZLir4QeOKJFJBSp6nGBa1oBcJPM2vF1Oc332tUqGxc01JEKQER54c3nYR9
4327. gvYCsbJ75/DTfhIy3ejK8Q3GL5jkPfIYe8/xZQXKg2ALCchQkfS8M5UB5Saa0R66x3RtID
4328. 3Om041B10XOjbhHheGzTUY83dkp1CR/oWOSdXSN1E6qNLsCyAysaRy934X8txDMIIQ7l1Q
4329. gp7DmPwkj1HbutOlBvC2j1qGswRqHcyTlxZvJVPZQRjzIo9CyejstX40KEoz1a02QGYMnp
4330. ZROuxraOfQSeMI5Wcu3w7sCwx3b787Sp955WGNpHZkr2xpN9nd7bVOBvG9ET34mm2Al6ra
4331. rjbaCdxbmw9b0qGVI7Y46GeQ/sCnlc22PbHAlpzmSjwcCMSh2HTSgE0eKJzY5ZdSWjyJuK
4332. kfUfPmbRYKp4tQKHhnO/juW4x0XhDR9S2ZuiN45kZhADToo6/EIBbAef0FLNmIN5iC9uA7
4333. XIvFTtmgmiCVeekBQxvVzSMqi3MbNzM/M8Y0SCCb0wE9KXX/tGRMIEsYBUZ+jCXRT5evp1
4334. iERiJL8Maer+GpT/jdkxo5O4lDgWzZMJabbXGW1zkgeuTm+qBE8CKMUn3CZojh6D5eToZh
4335. d5xO65bQ==
4336. -----END OPENSSH PRIVATE KEY-----
4337. "
4338. set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsq5p6258fpg2ILxSSNTZAK7aHhLIjW3F08h0ue0q2RTYW1Ni1nkdlsv2suSlLNtYusk4srLP4I1TcOAtyaSSVH3rDi/vvxou2YYwRGB/IJirwRFUnOgly3KbNZg6qxwXFtbKLcf+fom0uHazTDRtaCivl57duRjasyPl9CKC8WYfbY/zG4P0iO6i6W2CLMBpaDPF02hMed63we1RB/VH28HPVGVtIOPsnzenj1h0igjwa+jxG1sNvEX7bZahZ2E8JtpOUgU5NmDe8HE8Isa/6WQeI0o+DOpZOJEtbx4J6eKfraAUmJODPz85LsFMpuU6MXDUj7gl6vqoi9rFkwwD1"
4339. set source built-in
4340. next
4341. end
4342. config firewall ssh setting
4343. set caname "Fortinet_SSH_CA"
4344. set untrusted-caname "Fortinet_SSH_CA_Untrusted"
4345. set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
4346. set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
4347. set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
4348. set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384"
4349. set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521"
4350. set hostkey-ed25519 "Fortinet_SSH_ED25519"
4351. end
4352. config switch-controller security-policy 802-1X
4353. edit "802-1X-policy-default"
4354. set user-group "SSO_Guest_Users"
4355. set mac-auth-bypass disable
4356. set open-auth disable
4357. set eap-passthru enable
4358. set guest-vlan disable
4359. set auth-fail-vlan disable
4360. set framevid-apply enable
4361. set radius-timeout-overwrite disable
4362. next
4363. end
4364. config switch-controller security-policy local-access
4365. edit "default"
4366. set mgmt-allowaccess https ping ssh
4367. set internal-allowaccess https ping ssh
4368. next
4369. end
4370. config switch-controller lldp-profile
4371. edit "default"
4372. set med-tlvs inventory-management network-policy location-identification
4373. set auto-isl disable
4374. next
4375. edit "default-auto-isl"
4376. next
4377. end
4378. config switch-controller qos dot1p-map
4379. edit "voice-dot1p"
4380. set priority-0 queue-4
4381. set priority-1 queue-4
4382. set priority-2 queue-3
4383. set priority-3 queue-2
4384. set priority-4 queue-3
4385. set priority-5 queue-1
4386. set priority-6 queue-2
4387. set priority-7 queue-2
4388. next
4389. end
4390. config switch-controller qos ip-dscp-map
4391. edit "voice-dscp"
4392. config map
4393. edit "1"
4394. set cos-queue 1
4395. set value 46
4396. next
4397. edit "2"
4398. set cos-queue 2
4399. set value 24,26,48,56
4400. next
4401. edit "5"
4402. set cos-queue 3
4403. set value 34
4404. next
4405. end
4406. next
4407. end
4408. config switch-controller qos queue-policy
4409. edit "default"
4410. set schedule round-robin
4411. set rate-by kbps
4412. config cos-queue
4413. edit "queue-0"
4414. next
4415. edit "queue-1"
4416. next
4417. edit "queue-2"
4418. next
4419. edit "queue-3"
4420. next
4421. edit "queue-4"
4422. next
4423. edit "queue-5"
4424. next
4425. edit "queue-6"
4426. next
4427. edit "queue-7"
4428. next
4429. end
4430. next
4431. edit "voice-egress"
4432. set schedule weighted
4433. set rate-by kbps
4434. config cos-queue
4435. edit "queue-0"
4436. next
4437. edit "queue-1"
4438. set weight 0
4439. next
4440. edit "queue-2"
4441. set weight 6
4442. next
4443. edit "queue-3"
4444. set weight 37
4445. next
4446. edit "queue-4"
4447. set weight 12
4448. next
4449. edit "queue-5"
4450. next
4451. edit "queue-6"
4452. next
4453. edit "queue-7"
4454. next
4455. end
4456. next
4457. end
4458. config switch-controller qos qos-policy
4459. edit "default"
4460. next
4461. edit "voice-qos"
4462. set trust-dot1p-map "voice-dot1p"
4463. set trust-ip-dscp-map "voice-dscp"
4464. set queue-policy "voice-egress"
4465. next
4466. end
4467. config switch-controller storm-control-policy
4468. edit "default"
4469. set description "default storm control on all port"
4470. next
4471. edit "auto-config"
4472. set description "storm control policy for fortilink-isl-icl port"
4473. set storm-control-mode disabled
4474. next
4475. end
4476. config switch-controller auto-config policy
4477. edit "default"
4478. next
4479. end
4480. config switch-controller auto-config default
4481. set fgt-policy "default"
4482. set isl-policy "default"
4483. set icl-policy "default"
4484. end
4485. config switch-controller switch-profile
4486. edit "default"
4487. next
4488. end
4489. config wireless-controller wids-profile
4490. edit "default"
4491. set comment "Default WIDS profile."
4492. set ap-scan enable
4493. set wireless-bridge enable
4494. set deauth-broadcast enable
4495. set null-ssid-probe-resp enable
4496. set long-duration-attack enable
4497. set invalid-mac-oui enable
4498. set weak-wep-iv enable
4499. set auth-frame-flood enable
4500. set assoc-frame-flood enable
4501. set spoofed-deauth enable
4502. set asleap-attack enable
4503. set eapol-start-flood enable
4504. set eapol-logoff-flood enable
4505. set eapol-succ-flood enable
4506. set eapol-fail-flood enable
4507. set eapol-pre-succ-flood enable
4508. set eapol-pre-fail-flood enable
4509. next
4510. edit "default-wids-apscan-enabled"
4511. set ap-scan enable
4512. next
4513. end
4514. config wireless-controller wtp-profile
4515. edit "FAPU323EV-default"
4516. config platform
4517. set type U323EV
4518. end
4519. config radio-1
4520. set band 802.11n
4521. end
4522. config radio-2
4523. set band 802.11ac
4524. end
4525. next
4526. edit "FAPU321EV-default"
4527. config platform
4528. set type U321EV
4529. end
4530. config radio-1
4531. set band 802.11n
4532. end
4533. config radio-2
4534. set band 802.11ac
4535. end
4536. next
4537. edit "FAPU24JEV-default"
4538. config platform
4539. set type U24JEV
4540. end
4541. config radio-1
4542. set band 802.11n
4543. end
4544. config radio-2
4545. set band 802.11ac
4546. end
4547. next
4548. edit "FAPU223EV-default"
4549. config platform
4550. set type U223EV
4551. end
4552. config radio-1
4553. set band 802.11n
4554. end
4555. config radio-2
4556. set band 802.11ac
4557. end
4558. next
4559. edit "FAPU221EV-default"
4560. config platform
4561. set type U221EV
4562. end
4563. config radio-1
4564. set band 802.11n
4565. end
4566. config radio-2
4567. set band 802.11ac
4568. end
4569. next
4570. edit "FAPU423E-default"
4571. config platform
4572. set type U423E
4573. end
4574. config radio-1
4575. set band 802.11n
4576. end
4577. config radio-2
4578. set band 802.11ac
4579. end
4580. next
4581. edit "FAPU422EV-default"
4582. config platform
4583. set type U422EV
4584. end
4585. config radio-1
4586. set band 802.11n
4587. end
4588. config radio-2
4589. set band 802.11ac
4590. end
4591. next
4592. edit "FAPU421E-default"
4593. config platform
4594. set type U421E
4595. end
4596. config radio-1
4597. set band 802.11n
4598. end
4599. config radio-2
4600. set band 802.11ac
4601. end
4602. next
4603. edit "FAP321E-default"
4604. config platform
4605. set type 321E
4606. end
4607. config radio-1
4608. set band 802.11n,g-only
4609. end
4610. config radio-2
4611. set band 802.11ac
4612. end
4613. next
4614. edit "FAPS223E-default"
4615. config platform
4616. set type S223E
4617. end
4618. config radio-1
4619. set band 802.11n,g-only
4620. end
4621. config radio-2
4622. set band 802.11ac
4623. end
4624. next
4625. edit "FAPS221E-default"
4626. config platform
4627. set type S221E
4628. end
4629. config radio-1
4630. set band 802.11n,g-only
4631. end
4632. config radio-2
4633. set band 802.11ac
4634. end
4635. next
4636. edit "FAP224E-default"
4637. config platform
4638. set type 224E
4639. end
4640. config radio-1
4641. set band 802.11n,g-only
4642. end
4643. config radio-2
4644. set band 802.11ac
4645. end
4646. next
4647. edit "FAP223E-default"
4648. config platform
4649. set type 223E
4650. end
4651. config radio-1
4652. set band 802.11n,g-only
4653. end
4654. config radio-2
4655. set band 802.11ac
4656. end
4657. next
4658. edit "FAP222E-default"
4659. config platform
4660. set type 222E
4661. end
4662. config radio-1
4663. set band 802.11n,g-only
4664. end
4665. config radio-2
4666. set band 802.11ac
4667. end
4668. next
4669. edit "FAP221E-default"
4670. config platform
4671. set type 221E
4672. end
4673. config radio-1
4674. set band 802.11n,g-only
4675. end
4676. config radio-2
4677. set band 802.11ac
4678. end
4679. next
4680. edit "FAP423E-default"
4681. config platform
4682. set type 423E
4683. end
4684. config radio-1
4685. set band 802.11n,g-only
4686. end
4687. config radio-2
4688. set band 802.11ac
4689. end
4690. next
4691. edit "FAP421E-default"
4692. config platform
4693. set type 421E
4694. end
4695. config radio-1
4696. set band 802.11n,g-only
4697. end
4698. config radio-2
4699. set band 802.11ac
4700. end
4701. next
4702. edit "FAPS423E-default"
4703. config platform
4704. set type S423E
4705. end
4706. config radio-1
4707. set band 802.11n,g-only
4708. end
4709. config radio-2
4710. set band 802.11ac
4711. end
4712. next
4713. edit "FAPS422E-default"
4714. config platform
4715. set type S422E
4716. end
4717. config radio-1
4718. set band 802.11n,g-only
4719. end
4720. config radio-2
4721. set band 802.11ac
4722. end
4723. next
4724. edit "FAPS421E-default"
4725. config platform
4726. set type S421E
4727. end
4728. config radio-1
4729. set band 802.11n,g-only
4730. end
4731. config radio-2
4732. set band 802.11ac
4733. end
4734. next
4735. edit "FAPS323CR-default"
4736. config platform
4737. set type S323CR
4738. end
4739. config radio-1
4740. set band 802.11n,g-only
4741. end
4742. config radio-2
4743. set band 802.11ac
4744. end
4745. next
4746. edit "FAPS322CR-default"
4747. config platform
4748. set type S322CR
4749. end
4750. config radio-1
4751. set band 802.11n,g-only
4752. end
4753. config radio-2
4754. set band 802.11ac
4755. end
4756. next
4757. edit "FAPS321CR-default"
4758. config platform
4759. set type S321CR
4760. end
4761. config radio-1
4762. set band 802.11n,g-only
4763. end
4764. config radio-2
4765. set band 802.11ac
4766. end
4767. next
4768. edit "FAPS313C-default"
4769. config platform
4770. set type S313C
4771. end
4772. config radio-1
4773. set band 802.11ac
4774. end
4775. next
4776. edit "FAPS311C-default"
4777. config platform
4778. set type S311C
4779. end
4780. config radio-1
4781. set band 802.11ac
4782. end
4783. next
4784. edit "FAPS323C-default"
4785. config platform
4786. set type S323C
4787. end
4788. config radio-1
4789. set band 802.11n,g-only
4790. end
4791. config radio-2
4792. set band 802.11ac
4793. end
4794. next
4795. edit "FAPS322C-default"
4796. config platform
4797. set type S322C
4798. end
4799. config radio-1
4800. set band 802.11n,g-only
4801. end
4802. config radio-2
4803. set band 802.11ac
4804. end
4805. next
4806. edit "FAPS321C-default"
4807. config platform
4808. set type S321C
4809. end
4810. config radio-1
4811. set band 802.11n,g-only
4812. end
4813. config radio-2
4814. set band 802.11ac
4815. end
4816. next
4817. edit "FAP321C-default"
4818. config platform
4819. set type 321C
4820. end
4821. config radio-1
4822. set band 802.11n,g-only
4823. end
4824. config radio-2
4825. set band 802.11ac
4826. end
4827. next
4828. edit "FAP223C-default"
4829. config platform
4830. set type 223C
4831. end
4832. config radio-1
4833. set band 802.11n,g-only
4834. end
4835. config radio-2
4836. set band 802.11ac
4837. end
4838. next
4839. edit "FAP112D-default"
4840. config platform
4841. set type 112D
4842. end
4843. config radio-1
4844. set band 802.11n,g-only
4845. end
4846. next
4847. edit "FAP24D-default"
4848. config platform
4849. set type 24D
4850. end
4851. config radio-1
4852. set band 802.11n,g-only
4853. end
4854. next
4855. edit "FAP21D-default"
4856. config platform
4857. set type 21D
4858. end
4859. config radio-1
4860. set band 802.11n,g-only
4861. end
4862. next
4863. edit "FK214B-default"
4864. config platform
4865. set type 214B
4866. end
4867. config radio-1
4868. set band 802.11n,g-only
4869. end
4870. next
4871. edit "FAP224D-default"
4872. config platform
4873. set type 224D
4874. end
4875. config radio-1
4876. set band 802.11n-5G
4877. end
4878. config radio-2
4879. set band 802.11n,g-only
4880. end
4881. next
4882. edit "FAP222C-default"
4883. config platform
4884. set type 222C
4885. end
4886. config radio-1
4887. set band 802.11n,g-only
4888. end
4889. config radio-2
4890. set band 802.11ac
4891. end
4892. next
4893. edit "FAP25D-default"
4894. config platform
4895. set type 25D
4896. end
4897. config radio-1
4898. set band 802.11n,g-only
4899. end
4900. next
4901. edit "FAP221C-default"
4902. config platform
4903. set type 221C
4904. end
4905. config radio-1
4906. set band 802.11n,g-only
4907. end
4908. config radio-2
4909. set band 802.11ac
4910. end
4911. next
4912. edit "FAP320C-default"
4913. config platform
4914. set type 320C
4915. end
4916. config radio-1
4917. set band 802.11n,g-only
4918. end
4919. config radio-2
4920. set band 802.11ac
4921. end
4922. next
4923. edit "FAP28C-default"
4924. config platform
4925. set type 28C
4926. end
4927. config radio-1
4928. set band 802.11n,g-only
4929. end
4930. next
4931. edit "FAP223B-default"
4932. config platform
4933. set type 223B
4934. end
4935. config radio-1
4936. set band 802.11n-5G
4937. end
4938. config radio-2
4939. set band 802.11n,g-only
4940. end
4941. next
4942. edit "FAP14C-default"
4943. config platform
4944. set type 14C
4945. end
4946. config radio-1
4947. set band 802.11n,g-only
4948. end
4949. next
4950. edit "FAP11C-default"
4951. config platform
4952. set type 11C
4953. end
4954. config radio-1
4955. set band 802.11n,g-only
4956. end
4957. next
4958. edit "FAP320B-default"
4959. config platform
4960. set type 320B
4961. end
4962. config radio-1
4963. set band 802.11n-5G
4964. end
4965. config radio-2
4966. set band 802.11n,g-only
4967. end
4968. next
4969. edit "FAP112B-default"
4970. config platform
4971. set type 112B
4972. end
4973. config radio-1
4974. set band 802.11n,g-only
4975. end
4976. next
4977. edit "FAP222B-default"
4978. config platform
4979. set type 222B
4980. end
4981. config radio-1
4982. set band 802.11n,g-only
4983. end
4984. config radio-2
4985. set band 802.11n-5G
4986. end
4987. next
4988. edit "FAP210B-default"
4989. config platform
4990. set type 210B
4991. end
4992. config radio-1
4993. set band 802.11n,g-only
4994. end
4995. next
4996. edit "FAP220B-default"
4997. config radio-1
4998. set band 802.11n-5G
4999. end
5000. config radio-2
5001. set band 802.11n,g-only
5002. end
5003. next
5004. edit "AP-11N-default"
5005. config platform
5006. set type AP-11N
5007. end
5008. config radio-1
5009. set band 802.11n,g-only
5010. end
5011. next
5012. end
5013. config wireless-controller utm-profile
5014. edit "wifi-default"
5015. set comment "Default configuration for offloading WiFi traffic."
5016. set ips-sensor "wifi-default"
5017. set application-list "wifi-default"
5018. set antivirus-profile "wifi-default"
5019. set webfilter-profile "wifi-default"
5020. next
5021. end
5022. config log memory setting
5023. set status enable
5024. end
5025. config log disk setting
5026. set status enable
5027. end
5028. config log null-device setting
5029. set status disable
5030. end
5031. config router rip
5032. config redistribute "connected"
5033. end
5034. config redistribute "static"
5035. end
5036. config redistribute "ospf"
5037. end
5038. config redistribute "bgp"
5039. end
5040. config redistribute "isis"
5041. end
5042. end
5043. config router ripng
5044. config redistribute "connected"
5045. end
5046. config redistribute "static"
5047. end
5048. config redistribute "ospf"
5049. end
5050. config redistribute "bgp"
5051. end
5052. config redistribute "isis"
5053. end
5054. end
5055. config router static
5056. edit 1
5057. set dst 10.44.112.32 255.255.255.240
5058. set gateway 192.168.253.1
5059. set device "port2"
5060. next
5061. edit 2
5062. set gateway 10.78.9.19
5063. set distance 1
5064. set device "port1"
5065. next
5066. edit 3
5067. set dst 10.44.127.0 255.255.255.0
5068. set distance 1
5069. set virtual-wan-link enable
5070. next
5071. end
5072. config router ospf
5073. config redistribute "connected"
5074. end
5075. config redistribute "static"
5076. end
5077. config redistribute "rip"
5078. end
5079. config redistribute "bgp"
5080. end
5081. config redistribute "isis"
5082. end
5083. end
5084. config router ospf6
5085. config redistribute "connected"
5086. end
5087. config redistribute "static"
5088. end
5089. config redistribute "rip"
5090. end
5091. config redistribute "bgp"
5092. end
5093. config redistribute "isis"
5094. end
5095. end
5096. config router bgp
5097. config redistribute "connected"
5098. end
5099. config redistribute "rip"
5100. end
5101. config redistribute "ospf"
5102. end
5103. config redistribute "static"
5104. end
5105. config redistribute "isis"
5106. end
5107. config redistribute6 "connected"
5108. end
5109. config redistribute6 "rip"
5110. end
5111. config redistribute6 "ospf"
5112. end
5113. config redistribute6 "static"
5114. end
5115. config redistribute6 "isis"
5116. end
5117. end
5118. config router isis
5119. config redistribute "connected"
5120. end
5121. config redistribute "rip"
5122. end
5123. config redistribute "ospf"
5124. end
5125. config redistribute "bgp"
5126. end
5127. config redistribute "static"
5128. end
5129. config redistribute6 "connected"
5130. end
5131. config redistribute6 "rip"
5132. end
5133. config redistribute6 "ospf"
5134. end
5135. config redistribute6 "bgp"
5136. end
5137. config redistribute6 "static"
5138. end
5139. end
5140. config router multicast
5141. end