Manual 22

#config-version=FGVM64-6.0.
2-FW-build0163-180725:opmode=0:vdom=0:user=admin
#conf_file_ver=329827718605817
#buildno=0163
#global_vdom=1
config system global
set admin-https-redirect disable
set admintimeout 30
set alias "FortiGate-VM64"
set gui-theme red
set hostname "FGT2"
set timezone 12
end
config system accprofile
edit "prof_admin"
set secfabgrp read-write
set ftviewgrp read-write
set authgrp read-write
set sysgrp read-write
set netgrp read-write
set loggrp read-write
set fwgrp read-write
set vpngrp read-write
set utmgrp read-write
set wanoptgrp read-write
set wifi read-write
next
end
config system interface
edit "port1"
set vdom "root"
set ip 192.168.0.12 255.255.255.0
set allowaccess ping https ssh http
set type physical
set snmp-index 1
next
edit "port2"
set vdom "root"
set ip 192.168.103.1 255.255.255.0
set allowaccess ping
set type physical
set alias "wan3"
set snmp-index 2
next
edit "port3"
set vdom "root"
set ip 192.168.104.1 255.255.255.0
set type physical
set alias "wan4"
set snmp-index 3
next
edit "port4"
set vdom "root"
set ip 192.168.20.1 255.255.255.0
set type physical
set alias "dmz"
set fortiheartbeat enable
set snmp-index 4
next
edit "port5"
set vdom "root"
set type physical
set snmp-index 5
next
edit "port6"
set vdom "root"
set type physical
set snmp-index 6
next
edit "port7"
set vdom "root"
set type physical
set snmp-index 7
next
edit "port8"
set vdom "root"
set type physical
set snmp-index 8
next
edit "port9"
set vdom "root"
set type physical
set snmp-index 9
next
edit "port10"
set vdom "root"
set type physical
set snmp-index 10
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 11
next
edit "FGT02-FGT01"
set vdom "root"
set ip 10.10.10.2 255.255.255.255
set type tunnel
set remote-ip 10.10.10.1 255.255.255.255
set alias "VPN_Tunnel"
set fortiheartbeat enable
set snmp-index 12
set interface "port2"
next
end
config system custom-language
edit "en"
set filename "en"
next
edit "fr"
set filename "fr"
next
edit "sp"
set filename "sp"
next
edit "pg"
set filename "pg"
next
edit "x-sjis"
set filename "x-sjis"
next
edit "big5"
set filename "big5"
next
edit "GB2312"
set filename "GB2312"
next
edit "euc-kr"
set filename "euc-kr"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Main"
config widget
edit 1
set x-pos 1
set y-pos 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 2
set y-pos 1
set width 1
set height 1
next
edit 3
set type vminfo
set x-pos 3
set y-pos 1
set width 1
set height 1
next
edit 4
set type forticloud
set x-pos 4
set y-pos 1
set width 1
set height 1
next
edit 5
set type security-fabric
set x-pos 5
set y-pos 1
set width 1
set height 1
next
edit 6
set type security-fabric-ranking
set x-pos 6
set y-pos 1
set width 1
set height 1
next
edit 7
set type admins
set x-pos 7
set y-pos 1
set width 1
set height 1
next
edit 8
set type cpu-usage
set x-pos 8
set y-pos 1
set width 2
set height 1
next
edit 9
set type memory-usage
set x-pos 9
set y-pos 1
set width 2
set height 1
next
edit 10
set type sessions
set x-pos 10
set y-pos 1
set width 2
set height 1
next
end
next
end
next
end
config system ha
set override disable
end
config system storage
edit "Virtual-Disk"
set status enable
set media-status enable
set order 1
set partition "MIXEDXXXD91606DF"
set device "/dev/sdb1"
set size 8616
set usage mix
set wanopt-mode mix
next
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system replacemsg-image
edit "logo_fnet"
set image-type gif
set image-base64 ''
next
edit "logo_fguard_wf"
set image-type gif
set image-base64 ''
next
edit "logo_fw_auth"
set image-base64 ''
next
edit "logo_v2_fnet"
set image-base64 ''
next
edit "logo_v2_fguard_wf"
set image-base64 ''
next
edit "logo_v2_fguard_app"
set image-base64 ''
next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg mail "email-decompress-limit"
end
config system replacemsg mail "smtp-decompress-limit"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-authorization-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg nntp "email-decompress-limit"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
end
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg auth "auth-quarantine-page"
end
config system replacemsg auth "auth-qtn-reject-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-linux"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg ec "endpt-warning-portal"
end
config system replacemsg ec "endpt-warning-portal-mac"
end
config system replacemsg ec "endpt-warning-portal-linux"
end
config system replacemsg ec "endpt-remedy-inst"
end
config system replacemsg ec "endpt-remedy-reg"
end
config system replacemsg ec "endpt-remedy-ftcl-autofix"
end
config system replacemsg ec "endpt-remedy-av-3rdp"
end
config system replacemsg ec "endpt-remedy-ver"
end
config system replacemsg ec "endpt-remedy-os-ver"
end
config system replacemsg ec "endpt-remedy-vuln"
end
config system replacemsg ec "endpt-remedy-sig-ids"
end
config system replacemsg ec "endpt-remedy-ems-online"
end
config system replacemsg ec "endpt-ftcl-incompat"
end
config system replacemsg ec "endpt-download-ftcl"
end
config system replacemsg ec "endpt-quarantine-portal"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "ipsfail-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system replacemsg utm "outbreak-prevention-html"
end
config system replacemsg utm "outbreak-prevention-text"
end
config system replacemsg icap "icap-req-resp"
end
config system snmp sysinfo
end
config user device-category
edit "android-phone"
next
edit "android-tablet"
next
edit "blackberry-phone"
next
edit "blackberry-playbook"
next
edit "forticam"
next
edit "fortifone"
next
edit "fortinet"
next
edit "gaming-console"
next
edit "ip-phone"
next
edit "ipad"
next
edit "iphone"
next
edit "linux-pc"
next
edit "mac"
next
edit "media-streaming"
next
edit "printer"
next
edit "router-nat-device"
next
edit "windows-pc"
next
edit "windows-phone"
next
edit "windows-tablet"
next
edit "other-network-device"
next
edit "collected-emails"
next
edit "amazon-device"
next
edit "android-device"
next
edit "blackberry-device"
next
edit "fortinet-device"
next
edit "ios-device"
next
edit "windows-device"
next
edit "all"
next
end
config system cluster-sync
end
config system fortiguard
set update-server-location usa
set sdns-server-ip "208.91.112.220"
end
config ips global
end
config log fortianalyzer setting
set status enable
set server "192.168.1.6"
set upload-option realtime
set reliable enable
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
end
config system fortisandbox
set status enable
set server "192.168.1.7"
end
config system csf
set status enable
set upstream-ip 10.10.10.1
set group-name "SecFabLab"
set group-password ENC
+dQkTB3Bg6yvbFlv+BHwmh3/0NYYZbVHN4OuVq9jPapfDyhh3UK7fVULGi/q2pMqH6nDWb918ObRKGqvvi4
87zuvdLsQ4oi27tKX2Nw+y0YdunXOG7SSnoPWIwhRIaAe1AtBxXmwM1zYfJq2PBbP4EHCwAh5UW6z0DQKNK
pIBCVNzC8qMClzehIVtVpebYrvOWl4ww==
set management-ip 10.10.10.2
set fixed-key ENC
I/gdS5CdYYS5cT/bSZXDHBCeMqcoPWojat7GsCzFhOtIuVxcspw8QvNUW4IbJqLgdSWg4VetF+ctH8qkgMC
D4aFi8yERqWIYThV79vlmLtO1/D6tt6TsyZULGpA5YAZdY7tdcaVZ994Lqmm4rS+BfCPyfRf6IaJttaCqNh
MdaEcypbVoJ4BYoV9YW8YSGumpZT0Q7g==
end
config system object-tagging
edit "default"
next
end
config system settings
set inspection-mode flow
end
config firewall address
edit "none"
set uuid a1c41ae4-a32a-51e4-dcc3-0c5d6ffa3635
set subnet 0.0.0.0 255.255.255.255
next
edit "autoupdate.opera.com"
set uuid a1c42048-a32a-51e4-95cf-2148299d0cca
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "google-play"
set uuid a1c42c46-a32a-51e4-9fea-6e291576db88
set type fqdn
set fqdn "play.google.com"
next
edit "swscan.apple.com"
set uuid a1c430d8-a32a-51e4-014a-231fe5b6abfc
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid a1c4352e-a32a-51e4-a495-ca8f408fb7ba
set type fqdn
set fqdn "update.microsoft.com"
next
edit "all"
set uuid a1eb1824-a32a-51e4-3e6c-f966220877b1
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid a1eb19a0-a32a-51e4-bf63-f23507810e0c
set visibility disable
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid a1eba97e-a32a-51e4-373f-da1b7c2ee4ce
set type iprange
set associated-interface "ssl.root"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "dmz2-range"
set uuid 16d86626-ba99-51e8-e1d4-01ba797bbd5c
set associated-interface "port4"
set subnet 192.168.20.0 255.255.255.0
next
edit "FGT02-FGT01_local_subnet_1"
set uuid ffe0a574-d176-51e8-2453-f40e40e792e4
set allow-routing enable
set subnet 192.168.20.0 255.255.255.0
next
edit "FGT02-FGT01_remote_subnet_1"
set uuid fffc0bb6-d176-51e8-090d-b5883422b990
set subnet 192.168.1.0 255.255.255.0
next
edit "FGT02_Tunnel_Interface"
set uuid 0b119092-d17d-51e8-19cf-95a78c4b1c86
set subnet 10.10.10.2 255.255.255.255
next
edit "FGT01_Tunnel_Interface"
set uuid 1eb92858-d17d-51e8-992a-399a9f4fe169
set subnet 10.10.10.1 255.255.255.255
next
edit "FortiAnalyzer"
set uuid b76813ba-d17e-51e8-b15e-6e15c29e3335
set subnet 192.168.1.6 255.255.255.255
next
edit "FortiSandbox"
set uuid 9b94241a-d180-51e8-459e-e69eb9e77cb5
set subnet 192.168.1.7 255.255.255.255
next
end
config firewall multicast-address
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
edit "all_hosts"
set end-ip 224.0.0.1
next
edit "all_routers"
next
edit "Bonjour"
set end-ip 224.0.0.251
next
edit "EIGRP"
set end-ip 224.0.0.10
next
edit "OSPF"
next
end
config firewall address6
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid a1ebac9e-a32a-51e4-0aa5-a7e293fffb60
set ip6 fdff:ffff::/120
next
edit "all"
set uuid a2d5bb04-a32a-51e4-47a3-7c77de466249
next
edit "none"
set uuid a2d5c428-a32a-51e4-8d2f-87212583a0b6
set ip6 ::/128
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall addrgrp
edit "FGT02-FGT01_local"
set uuid ffee0b06-d176-51e8-34d0-c70fe4edef0a
set member "FGT02-FGT01_local_subnet_1"
set comment "VPN: FGT02-FGT01 (Created by VPN wizard)"
next
edit "FGT02-FGT01_remote"
set uuid 00092f4e-d177-51e8-3a6a-acd8939b379a
set member "FGT02-FGT01_remote_subnet_1"
next
end
config firewall wildcard-fqdn custom
edit "adobe"
set uuid a1ec8cd6-a32a-51e4-e460-934b67747d91
set wildcard-fqdn "*.adobe.com"
next
edit "Adobe Login"
set uuid a1ec8e16-a32a-51e4-f0a7-7f5c63bc2caf
set wildcard-fqdn "*.adobelogin.com"
next
edit "android"
set uuid a1ec8f24-a32a-51e4-49fb-9127b1fe4fbf
set wildcard-fqdn "*.android.com"
next
edit "apple"
set uuid a1ec9032-a32a-51e4-9395-d90602ac8a0a
set wildcard-fqdn "*.apple.com"
next
edit "appstore"
set uuid a1ec9140-a32a-51e4-5e20-dc98957dabcd
set wildcard-fqdn "*.appstore.com"
next
edit "auth.gfx.ms"
set uuid a1ec926c-a32a-51e4-0365-45c5e413be64
set wildcard-fqdn "*.auth.gfx.ms"
next
edit "citrix"
set uuid a1ec937a-a32a-51e4-ea18-a0594ca37b8d
set wildcard-fqdn "*.citrixonline.com"
next
edit "dropbox.com"
set uuid a1ec9488-a32a-51e4-2c28-c270e04aba0f
set wildcard-fqdn "*.dropbox.com"
next
edit "eease"
set uuid a1ec95a0-a32a-51e4-7e01-d5afb21084b6
set wildcard-fqdn "*.eease.com"
next
edit "firefox update server"
set uuid a1ec96ae-a32a-51e4-b036-8c987faed07a
set wildcard-fqdn "aus*.mozilla.org"
next
edit "fortinet"
set uuid a1ec97bc-a32a-51e4-ea6b-e88a1a5942d6
set wildcard-fqdn "*.fortinet.com"
next
edit "googleapis.com"
set uuid a1ec98e8-a32a-51e4-f675-cdd4eb93ca72
set wildcard-fqdn "*.googleapis.com"
next
edit "google-drive"
set uuid a1ec99f6-a32a-51e4-01cf-ebee46f5d423
set wildcard-fqdn "*drive.google.com"
next
edit "google-play2"
set uuid a1ec9b0e-a32a-51e4-7715-e06da84ca969
set wildcard-fqdn "*.ggpht.com"
next
edit "google-play3"
set uuid a1ec9cc6-a32a-51e4-4d83-e21ecbc12b46
set wildcard-fqdn "*.books.google.com"
next
edit "Gotomeeting"
set uuid a1ec9de8-a32a-51e4-e97c-7ee77ebe8c11
set wildcard-fqdn "*.gotomeeting.com"
next
edit "icloud"
set uuid a1ec9fbe-a32a-51e4-e92f-3af400439f25
set wildcard-fqdn "*.icloud.com"
next
edit "itunes"
set uuid a1eca112-a32a-51e4-0d3b-911af61f56d7
set wildcard-fqdn "*itunes.apple.com"
next
edit "microsoft"
set uuid a1eca22a-a32a-51e4-15b6-fca64d32454b
set wildcard-fqdn "*.microsoft.com"
next
edit "skype"
set uuid a1eca342-a32a-51e4-d102-cf73db62e8a0
set wildcard-fqdn "*.messenger.live.com"
next
edit "softwareupdate.vmware.com"
set uuid a1eca45a-a32a-51e4-69b6-80004c3a4b0c
set wildcard-fqdn "*.softwareupdate.vmware.com"
next
edit "verisign"
set uuid a1eca572-a32a-51e4-8935-4689fd423e5b
set wildcard-fqdn "*.verisign.com"
next
edit "Windows update 2"
set uuid a1eca680-a32a-51e4-b384-d83ea685de3e
set wildcard-fqdn "*.windowsupdate.com"
next
edit "live.com"
set uuid a1eca82e-a32a-51e4-cf07-652384e3a17d
set wildcard-fqdn "*.live.com"
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set protocol IP
next
edit "ESP"
set protocol IP
next
edit "AOL"
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
next
edit "DNS"
set udp-portrange 53
next
edit "FINGER"
next
edit "FTP"
set category "File Access"
next
edit "FTP_GET"
next
edit "FTP_PUT"
next
edit "GOPHER"
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
next
edit "HTTP"
set category "Web Access"
next
edit "HTTPS"
set category "Web Access"
next
edit "IKE"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
next
edit "IMAPS"
next
edit "Internet-Locator-Service"
next
edit "IRC"
next
edit "L2TP"
next
edit "LDAP"
set category "Authentication"
next
edit "NetMeeting"
next
edit "NFS"
next
edit "NNTP"
next
edit "NTP"
next
edit "OSPF"
set protocol IP
next
edit "PC-Anywhere"
set category "Remote Access"
next
edit "PING"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
next
edit "DCE-RPC"
next
edit "POP3"
next
edit "POP3S"
next
edit "PPTP"
next
edit "QUAKE"
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
next
edit "REXEC"
next
edit "RIP"
next
edit "RLOGIN"
set tcp-portrange 513:512-1023
next
edit "RSH"
set tcp-portrange 514:512-1023
next
edit "SCCP"
next
edit "SIP"
next
edit "SIP-MSNmessenger"
next
edit "SAMBA"
next
edit "SMTP"
next
edit "SMTPS"
next
edit "SNMP"
next
edit "SSH"
next
edit "SYSLOG"
next
edit "TALK"
next
edit "TELNET"
next
edit "TFTP"
next
edit "MGCP"
next
edit "UUCP"
next
edit "VDOLIVE"
next
edit "WAIS"
next
edit "WINFRAME"
next
edit "X-WINDOWS"
next
edit "PING6"
set protocol ICMP6
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
next
edit "MYSQL"
next
edit "RDP"
next
edit "VNC"
next
edit "DHCP6"
next
edit "SQUID"
next
edit "SOCKS"
next
edit "WINS"
next
edit "RADIUS"
next
edit "RADIUS-OLD"
next
edit "CVSPSERVER"
next
edit "AFS3"
next
edit "TRACEROUTE"
next
edit "RTSP"
set tcp-portrange 554 7070 8554
next
edit "MMS"
next
edit "KERBEROS"
next
edit "LDAP_UDP"
next
edit "SMB"
next
edit "NONE"
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config ips sensor
edit "default"
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "sniffer-profile"
set comment "Monitor IPS attacks."
config entries
edit 1
next
end
next
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config entries
edit 1
next
end
next
edit "all_default"
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity
vulnerabilities"
set block-malicious-url enable
config entries
edit 1
set status enable
set action block
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set priority medium
next
edit "low-priority"
set priority low
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
next
edit "shared-1M-pipe"
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit "default"
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
set comment "Monitor all applications."
unset options
config entries
edit 1
set action pass
next
end
next
edit "wifi-default"
set deep-app-inspection disable
config entries
edit 1
set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 30 31
set action pass
set log disable
next
end
next
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set file-type exe
next
edit "elf"
set file-type elf
next
edit "hta"
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "default"
set comment "Default sensor."
next
set comment "Log a summary of email and web traffic."
set flow-based enable
set summary-proto smtp pop3 imap http-get http-post
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set password ENC
dDEy5ChpUcYfFxilRuwY9As+mXa0u01cM88JZra64wPc1yx8T1hoSP/94rwkMwZAbQ6PTOC0vG9IwAQf3s4
Wz4WI7DaaPv4AU5ArAgWIC6bRldPogXf1dSKFI3HVBEW9u2Mz/8o84O3M/
+S2sDe5YQhzox+9jrMWyvq8bmkWtmX49gou03K3EV3yZWCUkZaujvJq7g==
set comments "This is the default CA certificate the SSL Inspection will
use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJ835nynXbnECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOGH1XO8NBjSBIIEyG0s5YZa35HZ
SXKjqefdGZSvLC5m+7wARpQtxCMuYX3DpisRW6mYbcDSeBZPS/k0dF+td3/wQBlv
Mc7wCtcBpU8JlqSBB16ugGxJOgCCZFvJReozAGlC0Ogv8nRE1/a8NbkshOZ5ekzE
B6qXE4XvO1kXP6xwH8FpL/b4t6tMAuQZnH2stXq/rb3suNI1ZUVekbPGJ6NwSSr8
vXQMuOlsX89Y8jcOMxhBR/ee2dAo2ckI5dKad/VpnGS+rDH8m6zPK7NJAQVEBP2m
EAvgUSzZiYBmFHPbiXVebuYxIuAaSfC7VAL2irAmnjZghC9nwe9/jHJqMYk3iLti
SxInECYJQrx11j2gJtPEEqXIrgSUT968pUcECUHdJiGd/ShAleJ/buxMTbIUZJ/Y
qFdwPeWpEpatWwdrEuSiF6n0JG/pL5DTKDQL/fm2Vzohdowb4qWHuhl7nV3fyU0b
jApxoynf4NL8RLfCAZJdYD2rxiC6yrzA9tKgVnOQ86LE36Qy8OR0K2Z2308yv/x+
ao+BdDKSTGd+Wh3T5nTG8mVVcUmWczhiWyu35iqI+rPJDdNPhAwom7fJfmJzIAos
r4dgF69ckwfYrgPeZvcXCwpg2K8Tkj7mkVp7l5TTCwgZ+VoEfRBRnu+Bh4GU2gl7
1kY6sjLu1c3I83itDYcFPuIyJV9YDLLkKspyhs8M4/dynu/HDvgzHB64/cztwlP1
T3db6O5OV4vSly7BI6rj5cioGMBNp6X7uP51sAzJInLsggNgEAb/SLgdU/u+byNO
q52ynU+XeZmg4asZIROFhv2ydqQqfm/IiFJUWewNp970ztGDng053xeZtsHYBIod
x8af9gw65nJQtdrpVRvqw4cm7nMxjNqcSIX35AxeZfXT/2eMl5rLra+cvb5RDrh/
zAeV4FPoLQc6xD2KmHAlmvqHVNqgtaDo0pw3V3LkBxh+6kIuQGM3jWpRJOreAoC5
AXXQffeK02Oh5St8M1kcaa6fvdua3O65ofpfcB5aZmM2SQ5QGzTVD+kzftTuiYkL
/fofN0S8gC8NX9nPDbF6wizIh7FrQUgG4A+t/AC24xzadxsSrmBWPTKthR3blWvJ
otsm2s6YFWdNGNZhnfLPHq1whArZCMu461uZg7L1dphOpZVFv0GjQoP6Gv8JiNAE
7oUZZ9KQxgpjbN44b9HERD/FrBe7Sc6x0fFOewrdFdAzxsEbRFicxxSZH1RCGo8G
pK8zm12hJn4O563/eIXu8k1iv54UflGo7aqMKOFraKwHGdelpykHu6rpw0/rb/D2
chvwORCzoVbFNPmEIYf+PGrMV6zNGqpaSOxtK5mDGnkHPB/Yn3+Rt4W/RLMdrSmg
833AKZfoYZ6uouD/KHoZAN3vhssyE0wt9GOe3K2DG172oAkcJzP8C/AT8TDIjFS5
X1gWVb1lAJVx8GtRXLjsfGfAilcqdkkkB7x/auzyr9fvlYNZalL2gOwqa/T1KPrf
7Bg/1Nk3YxjQFlqLfJUgzHUm4y5G2IJ7e0qrmiLB9uRyfebnUgBi/SlLZjo0Kmu9
2ACITJfRsxnt9Axa11VvVrx74aJ0l6WV3sloE8ObHR7clfXlaFX6kFlq38p6itF9
kDE4uXeuZbCdlM2u6bnlxw==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID5jCCAs6gAwIBAgIII287ydeSBMwwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxGTAXBgNVBAMMEEZHVk0wMTAwMDAxNTI2ODAxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tMB4XDTE4MDkyODIzMjM1NFoXDTI4MDkyODIzMjM1
NFowgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk0wMTAwMDAxNTI2ODAxIzAhBgkq
hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAy+sMDbxzfzsV3e78My6DL93pM/uOoryQM+KSie6QDDzW
u5eRZsGnQDlYF7/H7ixBX5LwfJZS0u00PL8lWzh6Ec5SgYmdRdi0Ox0fL52SmA0E
0/9glU3pXuj/uKDMVId464t+3vj/3YXQHAI2CRW/TB92/CAke+3iTApZkK0i4Mpx
DJ5MOz6+XW8Ua9LqE/xDxGiQhHRZUsJ9i94kGZq8xUO7hq7jaLjcylcsClI8bqKO
5szrfA5Ni1f4XWDhqNWBqeXicDjX3aGfvI5TfPQU9j4T91oJoqn6jO3hjyKMJAMk
RB6wttrdbteofCNP0nlilu7MtxQ1fqg+yqvVbWc7bwIDAQABoxAwDjAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCx1wFrpIv1M4KNkk6SabDB6jYWGwBM
aEFaLjPLzhtxkJ9I5y0Bmh0akVFVfT7JsZSQMApwP1N4GuTWrJQxwP2Eo2FqpJQO
Ng9sTMCT/bZ9YPJ0x517vH/PKfuiMk2nA9Pg3K8WTkfRsJI/im1Q4s7j4657rS6n
pQWcF9/v/CmS3T3HMNW7c1olfbj0VxriAyXbpV7dRNeMKndmsNRhE0nPWOoMZRR3
yztpBPEGbrO/awgS81EymB1h7hE8RGhzYzN+xWozu7W71ApN7rFPEhIvF04NMVEW
Jk/U6yYT3dDeN35oDXOzOKZ8YlHGhSWWTkxPknUIQez/skeQHeqSmJu3
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1422036422
next
edit "Fortinet_CA_Untrusted"
set password ENC
LJTO8mz1osRZQTCoVbQe+/y9Q6ScyGyKkHXKu0oftJ52z1OLaBoUPaXLNWHfDf9DJmL4a+CH2iZHXB19dbA
AGChgofB2BNnN6kYQlI/lQD5P1J0GcbkRJDFl9jzT/lq0lJNpwh2ClRv+PZVA8VQQa7CFfagRZp3tXwYEJ/
cICP+b4YOoHKe0LPf2j+Q5efsCwF5V0A==
set comments "This is the default CA certificate the SSL Inspection will
use when generating new server certificates."
MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIqs1MBjn1xW0CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHlxOlDZ+mx/BIIBYJfglh3w5MPp
p8YbJhKV3vVEACKKMiqpDLSBnfpx0L3/C0iAJcOL1CRAeO92WsXxNktsFscaPw4B
RFuo/swhkiYVby2hUoazAh6ruc7u/5bloQA/Nc5bB0VoLDTUZExkaA3QOErNrEFz
oJ+5PqjTCt2UlMuejRQgRz00mNYW9yaLnbW46emO5OHOpkyXYCnI8vqeAN/od+ge
deBH8aN0vA3pnrqNC8nZEA70S/Gfhifh/IJnZL/Cf8L8HpQJQ3XCpyzdbU6gP50i
HppGu9C33pH5g9wYvKDENgFeZdWfAKbO0vImzFLVB+LfxJnG9g5Lk9MAcV3OG99h
G3i0fB5u9atSYYVLQSP8NReQBHRtq+0Ne+LYSdOU+HpO5dhCrt/LwD/2OlxUHrD7
jPvF2O1WFwtCF4kY0rRrjKt3gYt5KH8ZtMC7xHouWOWwV9odv4CobNlFdyOicsIF
UNlUhAoWrrs=
MIICZjCCAhCgAwIBAgIIBuUjM2HtQuQwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTUwMTIzMTgwNzAyWhcNMjUwMTIz
MTgwNzAyWjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG
SIb3DQEBAQUAA0sAMEgCQQDQvmobra3y1+KjIFOP5+X2uw9leSggnoZHCLmiukqI
Lbkxbo2v5ZlHehngzZns8q8tKZtI9/cQiBEMvRvH60tJAgMBAAGjEDAOMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQAvRo/MhVfizAhg6E9RU0vYJyWXvOKI
UHhXVcxsyGt4kXl4oOJ13u6AlJdRnZ8R1I5m6IPa2TaLlMWgV1ledfo5
set range global
set source factory
next
edit "Fortinet_SSL"
set password ENC
fV4g1jJQKavk3sGzcdG886Lp+KJEkMyupB4BlqzMp2mlqwJ4urJ4AM/c9hUFg+qYA0HGGgDpKiMydjGkaZ+
Ye2k64ihHoYu2HoIafM/j76ckNHgMmjk3oAfUH/OrHASExOFs6qryFtS7oZm5PXQm5Ti4z2V57JC9ElWziA
WLOyHF809Ir4ZBVtXx9hHYhJ+3U8PGEg==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIZZZgxdu3eAICAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECERR+Td+KMWHBIIEyCgHbOCB+rPk
d5HPjTCsixBVkakRizgDphnznlQw77aoxPQajKLtzkvJmJSZIAx77JC0AOafuQBI
2XkDeHp14FPjxk++Xxw7Fh3EIv0xcfPmz9f7VMaidnbY3AlSc9gVuhIQTLso56Fv
Qco4PexDV0Wn+3gPsoMLwe4cGJUuFbs002esBoFuKjyt1Kcq7t9ufjROQdj81m7y
wYicOmmLxI52waorW3RbZE3INZlCJmNiQecSMp/j64NbAtUSIJWx+7j8twNrbQFh
0WKDqMGJ3BCQDjNia7NtTiz7SuovnJyt7iRcdxb+76q67GEConh/ypJsl/npmcpv
rxu5SM14tPa5OnmWluqEt4DiWiDcolPnwjtP+yd7US0WW58cx0yivfixCiE4qQ2b
fmDd3TGk6LmPZKgd9Zr45Th7NuhSY9mtY922InoPce7kOHSFqUsM71jNHO+YAY/C
FP9DdZdFZc21sS9e0CfBX8EDqgF/f8ZL0ld3RU7BCTY0olPOxv4NQzkkL4oFCQNy
XACpab21jJTV1Spa2MMczaHJWHFY2AV9b9HjEztsmOQNmT0Qx6GVDDvo5g1iC/KS
GEe/rg00+9KcjuclGws248q5mq0QvPHsZ3yQjRi+fjJMS8GQKSdGOF12vAQKB8tW
uzLviuYwPE6xxrUna5g9/IQ5gQeI8Az8VpixcpzSUzQQ4T0JT8hGCSzAEEWWsVwJ
M/ICh7DUYBPS5U9xgKCFc10UjpJK8uJUIj4DpNPFTe4jqwykPoBPuCYvpIDNEDv1
qxwbS8lPpBH5Pl2A0v9jhoj/iRm1zLn5GdX9rQ5rXqJiyp08XOpzjAMPLBjXgr4G
jaQqP3amwYR/Gi/TMKWsibSIyTUJQ+l16KaS+MruDGFqL/HxJCiwSd4nCRH9mzK1
WPmlsAgaLLyJIMi0FkY6gmyqMM+aubDjDtpC8TfyrLQxPCHi54mXKLI/DgNy3E1X
XbmyiBuwSzgI72Gpo2LDKqWc/0V+AfKE4JfqYP2cYoFCzDZFJ3NizHZvc8n3VY3n
YjyWJ2OeGVLE3LltfNRRyGp8e7/MdJAie05Rhy5clOuTHdQ/rttwH52nYP2rGZ9A
FZdqd6BgJFHBG5QQSmmwM4h+HMROHc5EXlDZZjgMuMmCbjXFLknUf6+AdA9fQOst
UKJ17cr8gQF6KHq3kPVn7yygiMjNwGn+88votzfN134N/MAUuF2PfP1WzjNrtxI3
tuCJlExJR1YFJO/+NY/CpnNavOXjUxfB6XYtNRrq37MSukG1+8RFpUH4yq/y2X+p
vP6ZyaFrNsUfdUtzmYADtNqwVksiNVamec5j2WVn1zPvwf9Dywc60nGQ8x6pWDB3
aN3UVKEqxdEyittPzxqqit34Q4Sxzbrgc/MJpnMOM8lxt9lZwALTU1E6WTlbT23u
tpBfPtOdFpDF9+NQe27FCvqJ6qKnsxB/2kCQO2IABuFP2xBGIAA6ZTthlOVDPUYJ
uBhHZfe36Lc31+8YuB2kUqq4Qp6vysxWbpQ29QnMw2CtMrfNO3WWVZT+anqeHFPS
yu9ynJ/llFS2smToPxKjmLQpzPGr1evr063gqhQNdYDnDZwO/OgEYBEN/F27FNVI
iDlTtNtP1IIsOPdCFURCHQ==
MIIDyzCCArOgAwIBAgIIY6KYFDILVk8wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk0wMTAwMDAxNTI2ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMB4XDTE4MDkyODIzMjM1NFoXDTI4MDkyODIzMjM1NFowgZ0xCzAJBgNV
ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Rw2JIH4ZU1r
gLGk8SFSrhJfElLvZtvIh4fHYLYw84533JVHy9gtCDy0xV19KMcv+OlHMA1iqLpK
YoPXidLUwy4+8/oQWM7aRVveGmEG4LMRtc0BQp24dL6tik4z+6PkmbD/Ae0zR8wY
dLJsmHnCWwEh21bMvwxau3TbE3Y2g6xlLufR/3SWQSOS0S8P9leVUcIiM/9paTXc
pVB6OWpE26O/+QQTUUmw7ZTEr05gNTSaflouBKnIEnLUiGI9T1xin73/j0kge+Op
GjYkvAYXjlK0oq3BEacS15tqMx5reXzl7qLBim/QfVyv/UEVnE/akApSknDHOoHA
o1AsmUaaXQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA1
b6BwVUbbqUqca9Q95V5wKAmL0e3xLk9xx60lJz8PvDylHJWEAAvG/SEU+pacl05J
/puyisbFh9SsxIWmnHFP2ygnr68tm77U3ZUREgRvnBJ3aWqgd/2kK9RveOSuI5M4
ylNJLGWKJdDV84D9MKyHwzsdqqP0+pdz9K7d+lJWhyJjcA0Ug7s3Oyrg6sYwt6pf
d5Qbb1aN4Q7nbi/n0zualTL874nps709T3JOxFUuY/DnzcFqnOVV4aqTGngfbAT1
9lXkwh6+iX+FEnY99VKU7EaY0eZCtEYQHBUry3DANk5LBPeiP6XhBHxh2EDwAidl
gX/17SLLfV8NbdYSo3+V
set range global
set source factory
next
edit "Fortinet_SSL_RSA1024"
set password ENC
tLhtv7x3DF4gLUfTCt/n1g8BEi8OGdAM32Kh0dzN/eEaDZJDCavIeO6ZjBMS62pLw6tJQ8Xo+i5TcXYqpOM
VphUN2kMqTAY7q5rY4Yo8z3nISIf1SurWJVI5gqf1SqDuREXchkt+ECiSuXVf4pPG8NmWb4/YlykkWT+Mxy
OyONGKmtdDaynla0DAOw8Xr3Sq31xciw==
MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIjTvdrRrkPmwCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLoWNCqY5rRuBIICgDGAbA9bohzC
VkrhD7Opevd7TqOUuJ6/H1bDyOsoDTyQLJQTjavzqsNEYlY4vj5CM7DpM9Wr9nvN
2AH76EVLpu1ljhLsvWHveaxTakP298kRqHhviJjKmNK1XunA+qsyzS6LodLOpNMK
cBICmE8uP+t2vPdDGN8hCpzD1FcU9VVdqGDBarvA8+noiq8aAF0n0tMKSkDQm6b9
R/19+kZUCjFYCivjv7EyxX9VFvw62upTcMV2dNdP8b8yF/rsbh/Yd4bK5QeWjK8Z
B6wgjBaCMYhCVQQ98/K32SqkIG87IV3weSPQhLaXerjYw6nzbt+rBzSg3bl8GrNi
XP8mZfypr5oqrCaF49Bavz3VWLVc0ekE859WRi0EBWFQH6L21SDkuRrn2r2YFBC0
SdVCntnXHDkI2HzwsXdMU5wSELneSD73KaF/cU0Vjt1D2GT6ODyspDl5S+akVU5l
0dURW9fqbylDiac7ey9VWsfFyLoc6aW7icWUQ7AFQ8usDTLt5ZvSqFNg4S1r4gmx
6u4xx/zX79Lf1azlS42PMlYEhb04JR7lrbF1LNhi6bn5Yd1zrgIg+b8FeChrzhFW
jDcX0JsxfRRGz4G7EN1ZgvfWkTt1VRdT+CGlGU/BiOLWakc/fzppcRCthnCx2DQt
mrn6uRl1CUJsExy61G61VvUpCePoz59tESEbTOa13dW6VIwc6KevhH/AIlhmoZ5K
6m2Mdq3VXKNow8C/MYTY1fpw6/zZCmlNTlRzCE49l8keCiBaXZndXNoq14qpFNeS
X3Dh/VVJAN3TH52Nj4gqbqx8yrIAuxqsiIHDDIpegfdH2a2pD5mNX5kfErUwfxht
RrJq56qCiPU=
MIICxjCCAi+gAwIBAgIIA+yBmhQzJ+MwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
ZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvcoOKlsiaa/e0zqO9
YP9uqyAC4hzjEJzSbdFhwUBTmg96/kegplTmTrhm6X42OEK3zBTBTT1X2gz2RO76
3xNa/MXvGp0xqOuUF7EaFA4gkG4K5fmlgn3+3EwmanluVhQr4KlznMz0mf1Gh/lz
fVjMQCN0vDIvYJeICNTzWLMCUQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3
DQEBCwUAA4GBAHzKgfsPjNbBfDmMeHiiGMEjyJ2d5m8NZw05WdsauTPI3VbVoH1c
TP/9LPHecp77TfRUITOadrv6BBCeNrwMA2tnGhdZxcj4dZUb4yJqogzP9EmYU2ik
fUeV6hlBswmQmrY0R4iAS2RbHkso5A23C1EC2kYwBw5A+JXh0LKopN3D
set range global
set source factory
next
edit "Fortinet_SSL_RSA2048"
set password ENC
KB43d5MZF4SjitixHU6QSZ8u/PA9OTAx4tXaCIW/kBjL2CgXsv9uUujteGwryBKirJ0H2cnE1r1ki9IZ4eW
ppygvD+nv4/jSnAYMQsBZf+ESIIRybhfzY0V9RilhtOSmWkXHawTaXbk8002WQxxLTEIwjjb0EVEGY3jvXk
LUMr91dp6tFPMAiYzo5miUclDL3+Ru7A==
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIAmLQBG0rm8UCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJxCRzu1+8faBIIEyORuefT6JbCR
XEpRoi9q0yQBz9VaYwU6rJZDHGQkFrCVknPdthtT/zNscw+ZHPd5c/mwxdK+sRgh
b1iTHGmNrz6MYbqZl7M9bD9gBG04vvUK8K25YK+LMSe4QcqNhocIKVb/7pY7Sjpu
EE3R0E0kE+4ht5vwXT46icm4XKjdI6iuB+t+FxRmIvb99I49cvgQN7D+H7AGJDG3
5R4bJB+/h4KLyNxUcAFZav6ST8M+77ObiYHBRPJh6x513nZoqs1DdXjqnPKOM7F3
EEM+A4/ZLl3ZGrzZATkgboXuC8BdGLiU93X9WUii49yyh2SpuVfCINkF+Cad1xqM
tZauVJHwhBxdBaWuysO4tDd6eftVVJ74/yfF95v7ahf1QkO27YoVwH988e5KETTN
s9pBJhRqyWcd5ZsqiEDhsh6LjOqP86aQ3uPWqut4iMSNCqnddFVphDL/k8RJ3Uqv
YtHp/+NcopK5jT+2btDVEDLSbBXxa94iHV++q1xQ/iFTRq4r1IzKCSsXrHlXSrZA
RZz+qEm4T2Si8B6ZC+FG6K+4mHGkJeniHFjD1SuU5tYph03ZbcBnUAvcc4nmZhFW
fChho3N95qQXzpuRZettHoToZRAmBDVor9Z/l+tM//O+fj4yNnS3xuqRc8YBOKvF
sH2jgheYoESnZjIAZEm4R+h2Kjj3VboV1yhD5J20kwV0sFDzq9mkJFByiC/nIkfu
Gz7fe1h8Myx2ZOx+MLYUcUUKQ7jb7mKeWc0+vWbrLVWP5qgeHncNIN+Nkrc366dz
FCMRvy/4uvgwrpHPOUelyUQ6i5oHbqIWcti9IhRUe91fbB5yclYs0wVvFyYddY2d
MPvDr7rfsuUoH5ZmfVreOMw10vP4L4+/zbnysBfj8MJhX40GTRG8RtIljV9nqm0o
z+sWbB/Jgu+crrMSIHbYWcWZoX/qSo5EEh4LlAGK3M6/P6v2cC3TfkfNYTbF6sQp
tqnFkg9AufwnUre9RVDy0m8YC3+jkMCyz8V9YTB3bdA2kf/uYxMbQmGQ3whzJ/2C
/bDTxiWCFF+gkeISd0wWGoC6FdVvMJwjGDPFKSO6ohk+Z5W0DVHpqWjjbTBzJX79
Ww5gXoxtsHEu/DKQNNk7kK8XniYZ6G14JOHiwzh4qG2saIoTLcAAMbculfRxGvUf
P8hUz/vmnkbVtyLUhFcv0Q3bEz/3mId1HWloy5BB8ZGG+4/EhjoCWZHBtF6LMuBX
DY6V7YfKGkvX8vTmNJstJAREF5fmMzTY3A5RkM5UafamnBIvpyxoRPyt5UMJqjgI
Srfmx7AQtjloSsAn5cKhoKgrmvG/iVecJooMbpG3GoT6aLR2jHxqImKFhrbFmX07
pg01G01syLVdbSTDqC2xF2vlVyOUYaij8Q7X1i3jUz8rMXiATJwKwtI75Zna/5v6
Br0mAd76P8e+CEEcQ2VXfaZjaqoUC7t71PNBsobcSuqJJKCAzsH18RUxgCwgwmp2
q5PZkq3Hk29da0Xp4Sv2vIojA8GVpDR8ZgtnCbf11oaSHYqNjJs8vQWk0UKqgSxq
QPSiaxdwZ6xubeZvFHe19huiwhPo45F26zByJC75/fs2pJFwb/4uVeg5sLM4cO33
mEDS4jVBorLg1h8wcww9UQ==
MIIDyzCCArOgAwIBAgIIEFH/bMXlmOQwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
ZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qPbNqKD9vNY
Fn2pXCa3E4Lo7Zjn49+U84MNAtOYApD0zvb8LRfOsUHJdl8gOtvl/Ty+z7gwT94g
GJBCOZpkKqVFSIEvb7/NsFXM4HwbsSW8yLUrvjpFi9VBn/eVJ9k54DCr4d5nH2BE
Az+b2RgNZk/PtaMSSVLtMw/TISwgMboyaGWVWlGQpZCifL/EnVLQcoFzS7DkBfw1
AkVlDdQxq7O7kqWezUUy1J/FLbO9X5Wu5GR2C7U97W+x6SrBOfy58707QIzyihtj
+SeoBpLhLlT2W2PJd7iJqrFYTPdbmjW6IhXDDdn09ycCeVdRa3PrNgREsvwimawB
JRqrsIz9QQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAY
QkeIP3ovDtWjBoKvpnLsi2TDEyeKiMofrqU6rGLi1LApZaBc+V5uL9t30eJE792W
ZqggtKO8/9iJPIWmqtaVSZ8kgBGzGOOgXfvQwbQQCQjnlUzVxNnciozJ+maT7jQo
B0ZtnQl1FDd1Zi+aI2v9VXjFZKTsrEfAQOFpNEIgVdk0UXTtl9jEpjH1q7ZX6Gv3
NZdJjbtucnLTYgVZpqwcP8dXPec7fzj2wA20dknwEY4DKcPtdHCclDF78fbCw2Ii
9mEuBGWGPSHFzv9VuBXk2NYg1RAU5cPPYjX1UEOR8xTjT82N1vl5Iq7NuKKfqfgY
oR8N/mWp6bae4sO7HdX8
set range global
set source factory
next
edit "Fortinet_SSL_DSA1024"
set password ENC
K8LrxtJ+Vy2R9rR8Ye+ZDdDWea2R1w8HVp4BwV+ABw24+FQPc879/8z033D8whZg+XiXY1NwbjIOVQXB+CQ
dBobzAErr8xLgLKL8fFHP+dBNBdC88ASAF6x/r6Bp8Ie7ZQjF/XmrNeqDG2YxPMe7FdFPHiX1e+AvG+Y3PJ
Js5EvcR5zZDpamit5l0g8XPNyQXZlQ6Q==
MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQImAWqBboYoScCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHzV70ILCcmpBIIBUJQq5P2pU+6o
3LebT8vqiYbRPjX4Vy1e6EGgWY78nJ92Nl4SleOuPMVd2u/dP64zrjaye1tEemNR
W3Vm33QwL+0sRxOfsBRujDYztM9CAS12tJGRl040B9n2X+kMycukGkfYVyDJcccD
3MPJQJX8XcW6sObicEUhf/pUHAKX4ZtyCR75HNfR4lz8yWyo8W0s7J3jtx8OF1ah
O5SoMqXh7TqKVryPJlGqHf3gCTDQ9fPrrbvBIj4Bcex/MgOuJvhaKb2tHJEUhCZh
B2UFW+n3so5g0oRjm9STY2iOuKg9zLkZ2xM4epp7rRUClFzS0H/OeSv3CJW/+L4b
v25S1AhOXU9V5/ENpU5eic3SMnr4JP2HTT5AIzZoYvoq6wtJzFP2OJfNzY+o2nYC
JpScW7YOCXV3a2pKLWvLESdfxh3BSGnXGY9yOOaNYnqnb9YEM1vrBg==
MIIDhzCCA0WgAwIBAgIIVM22O+rFao4wCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
R1ZNMDEwMDAwMTUyNjgwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
LmNvbTAeFw0xODA5MjgyMzIzNTRaFw0yODA5MjgyMzIzNTRaMIGdMQswCQYDVQQG
LmNvbTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDei6TqL7ieVdxZetUHKa2Yu64r
XEZfordMwk42HI95sURRqtsa9/vR1ACtkuraHHbHnuE9BWw/Ruvqygmn6qOR59Vh
WY2+pMx/NjJKcSv1vaG9+0jTrbLlpJd/eewZeHTMd6TuGaarvTasbFDto0MIcrag
G7wA3+W4BrIt2/JxvQIVAJz9MeSVIA774W5cqhrz+ncVRPntAoGAGPhnViRu4wir
AzUPU766Yexg1bRi0ssRk/WxaQ7JMj//KKLTJHrwE2viXA8uzbLpI9ET5/djOtCf
V2tFk6TPyhsNlIvbhut+ptClqM3dVU5ZUePrpdadxou9Ur0Ro9/YfYiRPFGgPYvs
BPdBouUvh2M/ah2qkDVR2FIaBUtaPgkDgYQAAoGALhjlSUTLdzHhyy2vutrltj/H
qMjDwviHDRBe1L2XIeqdgT051MmWsz7iyyRf0phu1iLcPMznsRQSi3f4fhhA+m7I
M1dH+CrRmScINLE2+BvxMYJ+wdN9mvkz4sYdwUZ5ruoCtznubD8koAYjHB8oalU+
CWxLhq9uOK7F4d6RMzGjDTALMAkGA1UdEwQCMAAwCwYJYIZIAWUDBAMCAy8AMCwC
FC+fQSIuX4lsHHkvCG4Em110SO93AhRGyTKi+Lh/J7RUp+rKouh9agWSOQ==
set range global
set source factory
next
edit "Fortinet_SSL_DSA2048"
set password ENC
x/6stjvTLAiQogyH9DwpHfqc7YwW/+0g2tTzeSbzOCG6QzztQtuIpj4dkAMFfFnzdNeQJ3xagB7obSz60Te
D3GlTYScN4AK3+S9xhAURn/GSaiFugfm+mR77PgCT2nwZn+SL8sP4HFln4I9abk7afFrY7S6oCpzYp4+Vts
85GS6jTopIakvq3d8enfNvKDjcjr0iXg==
MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQICd2Mt8DwZ28CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOnesOJ0HUWoBIICcG6Cm62iyKQK
vObFZzdCMcnuSWn1AAEMXnpoIBoggqZDwaSgR2u2OrtxbZBZ7hi6ZG85iQ8/W7qX
x5s9RXsh/v3YoABdSoVIIdIs6hAseoE/GB4dm3vpFMkTi4RRv5RZbL0OQRB/LTK1
HAaDqL7za3NkvlVlewOBHax1O4RHn7a9zH9vCC7fEYpQy2i6eB0Z1a4f8EOkaStx
7V6bPPLPaXT8IP5XIy5bhPCvYi8dHc0PZjRkRPH97u25V3eood2iVoDkMTFUhmE7
U9vt81AAUV6E8CkDhGn+ETbpbMEU2EVs6bkoraw8VRcC3g7JjxrcDMLP4AkxjnQR
eKOunj3PjEiaoq5Xrd/lFzR0djpDO9URAOkbJeBFjxGBcBXFnv/c2FXwxwPwxxMD
TYkWDZQBHZIRHVGqTryyezkL0Y8VY/EkXVysVlIwXPDVu29kRv1EAj3a0Cd9M20p
nmCnDxkSHGv+pzAjaRUF5pbguyu/Lkwd/qBSCKO1XiYJx2YJwEctqhks+r7eva7I
fPDar9UpujHl3xMd21niR0Zyyyi4+phjPADw+lbBmjn6nq/ywTO+ov1yOAefaDcZ
y0K8LvbgD/GpzLc86gxMEsdLRU+LP+N/sP3yiooW4EBWKYyaxj0pVsyObjnuXAUz
1qnwXlNjmE2RjvLQfY/6/NM09t9/heWjHh7C9lzv+Xw3xn5iEuSPJEVGkOjXZeLh
W0jiT3hn5k6S3cp6rF5FNL/Xz0hiOjZNINNFn4GlRFc+kX5l/AMpGmJWUoGtdNTm
phsjIDZ+TwEe4DFm6fBL1zxO1oJVtih+4vhJoNiR5wzmzVPIpebrdw==
MIIFMDCCBNWgAwIBAgIIP+hPPN1QeBowCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
LmNvbTAeFw0xODA5MjgyMzIzNTVaFw0yODA5MjgyMzIzNTVaMIGdMQswCQYDVQQG
LmNvbTCCA0YwggI5BgcqhkjOOAQBMIICLAKCAQEAv91EEuPM8VyAwZx/HJ9mscEN
Iy2170o9WboLLgrJRlEfbTqIuPYiZKczHqtg2aBztZ/NMiRFIeqlJlm+fRmoRmlV
g3LfKXpVkNnzs3iGdTmVXqXMIJ9tdvf3KIrGCPpxIDmgco6rMkdu9W5ox4BcH8YG
Aayx3+biNl4SpZ6ACdEol6bjswcq83vGCPFV3ZnkrE3UUVZeMlbD/SJYxe/FdP5u
XJ/N8t5BNo1Nq9ohkvaxVk8cDD0jr2vDXw4+T0mRPAdya4UKFosaDlEi8c5O1Pwq
uKrwz5oOTEECPL5vwoiXO3Qis5zyR8lUwSGPTSseDPqANKhlSOcvbFFcdmvAOwIh
AP8IcTF1Zmew3QGcMrb9sgqj/YRJ7gHql6iUOBODY0JVAoIBAGZgykzPpTR/wtN4
X6oEimCh3IOFdtWaSgoCP5Xgzbr3/0Xnz+LzMOU9DmqKwuPOzchpCE9bBwRpMIBC
dTHdbctkuuyrxMuQWimSPX9slZWznxtrm11AZc+OrVVFziJBgHLGBeQGCRndhD0J
B3KaAVo2x0lZD9dPkTXo0MGS+Li/rxlpeIp0L7ilGC39XKLY55ojdvYz3Mfys2DV
cavngbD2KnNopnsLIUg08hUUZgfRkDJvJbGg+Swcoh3LFad28LEQyXAkskFrqZLW
fkgPgkN6Vk4Mugmk9uSXp2CkiSTo+fnfLn415Piizc0QnvXuWv8HlXgqwH6pXE0L
HzDLvrcDggEFAAKCAQBDYx4sbrmC1UdqToMhfX2vZM86XK8dLjkVY3K1o8IW1pdS
ijQECgGl5W5niYd4F3GY1v3XcyRyPZmTfa5ia1dwgBxR/TBm9Ln7JyPIZbpkUYIK
4c+zpjUQa2Ku3hen37k9BzijAYM9FaPQg03AWNKT8CGR5iWW+SOL4QeaiGGSUHx4
u5lq/YhUBIPBKvgKGukfTpbt8//Gvd9RcDkpNrVeaMb933CPxDmSo6BNQLkPWEV8
aFTls+UoW4PQfA8ZcaM+qWjQNAQGOFlrSE7eKQOxceMJE/VxiEKZe0WQZkJ3uPEj
2zMBcVnxaVtyCGuXfs4U/BeE6KiOcClnJui1N5QOow0wCzAJBgNVHRMEAjAAMAsG
CWCGSAFlAwQDAgNIADBFAiEA2+n82G5HyP+ennhdBhGwfZi+5gJWEZ6wuoKS6xui
S7ACIEGX8vRQZKEkaAdN2pgtcnW+tKR7fVTAZwjIgCirDhoQ
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA256"
set password ENC
RjdfbPb5Y2+V+ZQOwABZ13HdjEJYfKyfexpYpMVv/RZJxWnAr4Yoc7qE4kaJZWQFG6Jysx61sYQncvUB0Qs
MnC+ivrJ6pvqpIOT61vitqBZ0pXT6RHZgLtQBgumvwW9A9y6JFW+
+xu+cPTph1K1o8ftTqxM5ho2A2Q9vWo1YeomXARiohZCeYDybpuzCKMGTpFXVKQ==
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgwBncvxBP3twICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkFHrTREqG/4EgZDLizzQ+B+IhHTr
CanLrt5fYa2ydZFnGFSgK6PKPHqQFPFQz/KSwsMltj4cRqSqK5MG9187uuMZ6CLT
LaaJiSeAwVFKd/k6jp8wuAFotulSzwPI5MeOOGxwMslTZL17lvmNjWZO4yY1jq7T
jjcAnij4DfaO5BBvLIry21hh75CMq871/ZfH/i6w7n+j1aXXM+0=
MIICQDCCAeWgAwIBAgIINW7Sw+Y14wIwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
Vk0wMTAwMDAxNTI2ODAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
Y29tMB4XDTE4MDkyODIzMjM1NVoXDTI4MDkyODIzMjM1NVowgZ0xCzAJBgNVBAYT
Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8zw0h4vSLqfvEBy9dm+itoQv
fNRxSvXDLm0zbfteuuczZBeJle/wTvqc/jc/lJdpKSX2w5I5pV4Vxio5PICNaKMN
MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNJADBGAiEAwpbs0hTjc/f6JiQC2q7q
KYyWmCWSiI2/V8XNvit6cPMCIQCWER1sFvqtwDEXXrcXXdIzDoSxVBaKDkLdSN6D
b3Xrng==
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA384"
set password ENC
X4nRFzw5KubAYcqoW5aVx90Zj+7ntw957CMgH4VP7eXdbcdmGOX2pxlLaJMGzY3PqkgldN8xzsMDg1VsnSc
vrWv9WpCYkXylznLAd6es6A9IacXWMaUUIS1fbZ+L4rFa34mLAigDpaFIHN3O3DV6mHO4aZ/Sff1BSIGuEC
CPsav+kRxQHErKz8KhyCINujzJq1XmAA==
MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIdTHpQC/vQ8wCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECI6m1/u50W60BIHAZtNJzBvYxVr3
/69AeeyEpsNQfcHuJYxbNkqNAdsw7OZtQqQkWljMLXrhPrOnGsUOpS24yrsgs4na
ZySjmJ8lvunxm+vJ9ak6nVpCQDLTGZnCH4TqGjY/slDF6HU7m/l18OjC/m31m2nJ
LqNcmcXzwTZ2nQHPoVMtMz/BRkSnWqB/HeZrd1SW7Wbo2jbbZW4VyEvEfjq+qXY2
JgJldcgtpZ5vA0hWWy3CIaaiUvRxHqRv9DZkzXDI/oOFhs1/8vpF
MIICfDCCAgKgAwIBAgIIOVM8cNrjNSUwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
Y29tMB4XDTE4MDkyODIzMjM1NVoXDTI4MDkyODIzMjM1NVowgZ0xCzAJBgNVBAYT
Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqYMRTWti1Qj67E+jmI3Oyev2xx8Y
yETGgpu1dZcG+z5jCjl7pMqZGv2P4L8OTR35cVolLFHDbyShCXZq71fAvfsn9vw+
yVg7G/c1UYGlcLTpKYxjICD1cvCtjbBTJw0Row0wCzAJBgNVHRMEAjAAMAoGCCqG
SM49BAMCA2gAMGUCMDkmk++4Cy4hTxp+wGE3UERVyregKi77t2LUenPsRxOHlKs5
NMR/OHTePp+i5P34bgIxAMyJZOnWpVM2vphblNIBKJN3WCJ9NOTce97vSJ3VG4EH
i0TgKJayxDUBhjeJSbmEFw==
set range global
set source factory
next
end
config user fortitoken
edit "FTKMOB87046043CB"
set license "FTMTRIAL02159292"
next
edit "FTKMOB8766C1B509"
set license "FTMTRIAL02159292"
next
end
config user local
edit "guest"
set type password
set passwd ENC
7dQWWT2giEEbdjDhy1kfr5EotvxZDCf7SoDzsEktihNdtl4pjeLEjpKtTT/O3lk6Ngbm7B3bKsGJ2GpFf3u
MZ0N9ub1xCGaMt31h9AAK9s9FfNuAvCuXqTcRqfOny5Q7BZh9+IV38dJr/IBuU64ngQizRgHdwINFc4FYox
jBHCGMNlgINc/MGYMEFIXWYKLzk3kMDg==
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-
playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
edit "web-access"
set web-mode enable
next
edit "tunnel-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "self-sign"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter profile
edit "default"
set comment "Default web filtering."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 2
set action block
next
edit 2
set category 7
set action block
next
edit 3
set category 8
set action block
next
edit 4
set category 9
set action block
next
edit 5
set category 11
set action block
next
edit 6
set category 12
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
edit 11
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 63
set action block
next
edit 14
set category 64
set action block
next
edit 15
set category 65
set action block
next
edit 16
set category 66
set action block
next
edit 17
set category 67
set action block
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
set comment "Monitor web traffic."
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
next
edit "wifi-default"
set options block-invalid-url
set post-action block
config ftgd-wf
unset options
config filters
edit 1
next
edit 2
set category 2
set action block
next
edit 3
set category 7
set action block
next
edit 4
set category 8
set action block
next
edit 5
set category 9
set action block
next
edit 6
set category 11
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
edit 11
set category 26
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 61
set action block
next
edit 14
set category 63
set action block
next
edit 15
set category 64
set action block
next
edit 16
set category 65
set action block
next
edit 17
set category 66
set action block
next
edit 18
set category 67
set action block
next
edit 19
set category 86
set action block
next
edit 20
set category 88
set action block
next
edit 21
set category 90
set action block
next
edit 22
set category 91
set action block
next
end
end
next
edit "monitor-all"
set comment "Monitor and log all visited URLs, flow-based."
config ftgd-wf
unset options
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
set log-all-url enable
set web-content-log disable
set web-filter-activex-log disable
set web-filter-command-block-log disable
set web-filter-cookie-log disable
set web-filter-applet-log disable
set web-filter-jscript-log disable
set web-filter-js-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-referer-log disable
set web-filter-cookie-removal-log disable
set web-url-log disable
set web-invalid-domain-log disable
set web-ftgd-err-log disable
set web-ftgd-quota-usage disable
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*\\.youtube\\..*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config vpn ipsec phase1-interface
edit "FGT02-FGT01"
set peertype any
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: FGT02-FGT01 (Created by VPN wizard)"
set remote-gw 192.168.101.1
set psksecret ENC
aLWByocMezqHmXW5u8AEFHfCQ5sNAuBNTPHzl0J5Pbmx9TWphzHOb9GeUTr9EOFjub5NC1nr+o0psRnSyZp
WePKAjk52AcZdjDgF/Vempqew3dM58o8KPTzvdb2rcTeuqgPgaHsrjXFf/FHTlTf49nKi8U4GgXFxSDUmQ7
B447rFJ83WFMXD4hFMscIIoQEajwa3lA==
next
end
config vpn ipsec phase2-interface
edit "FGT02-FGT01"
set phase1name "FGT02-FGT01"
set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm
aes256gcm chacha20poly1305
set src-addr-type name
set dst-addr-type name
set src-name "FGT02-FGT01_local"
set dst-name "FGT02-FGT01_remote"
next
edit "FGT02_Tunnel-FGT01_Tunnel"
set src-name "FGT02_Tunnel_Interface"
set dst-name "FGT01_Tunnel_Interface"
next
edit "FGT02-FortiAnalyzer"
set dst-name "FortiAnalyzer"
next
edit "FGT02-FortiSandbox"
set dst-name "FortiSandbox"
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config antivirus settings
set grayware enable
end
config antivirus profile
edit "default"
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
end
config smtp
set options scan
end
next
set comment "Scan files and monitor viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
next
edit "wifi-default"
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
next
edit "FortiSandbox"
set ftgd-analytics everything
set analytics-db enable
config http
set options scan
set outbreak-prevention full-archive
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
config nntp
end
config smb
set options scan
end
next
end
config spamfilter profile
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
edit "default"
set comment "Malware and phishing URL filtering."
next
end
config wanopt settings
set host-id "default-id"
end
config wanopt profile
edit "default"
set comments "Default WANopt profile."
next
end
config system virtual-wan-link
set status enable
config members
edit 1
set gateway 192.168.103.254
next
edit 2
set gateway 192.168.104.254
next
end
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
end
config pop3
set ports 110
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "android"
next
edit 8
set wildcard-fqdn "apple"
next
edit 9
set wildcard-fqdn "appstore"
next
edit 10
set wildcard-fqdn "citrix"
next
edit 11
set wildcard-fqdn "eease"
next
edit 12
set wildcard-fqdn "google-drive"
next
edit 13
set wildcard-fqdn "google-play2"
next
edit 14
next
edit 15
set wildcard-fqdn "Gotomeeting"
next
edit 16
set wildcard-fqdn "microsoft"
next
edit 17
set wildcard-fqdn "adobe"
next
edit 18
set wildcard-fqdn "Adobe Login"
next
edit 19
set wildcard-fqdn "dropbox.com"
next
edit 20
set wildcard-fqdn "fortinet"
next
edit 21
set wildcard-fqdn "googleapis.com"
next
edit 22
set wildcard-fqdn "icloud"
next
edit 23
set wildcard-fqdn "itunes"
next
edit 24
set wildcard-fqdn "skype"
next
edit 25
set wildcard-fqdn "verisign"
next
edit 26
set wildcard-fqdn "Windows update 2"
next
edit 27
set wildcard-fqdn "auth.gfx.ms"
next
edit 28
set wildcard-fqdn "softwareupdate.vmware.com"
next
edit 29
set wildcard-fqdn "firefox update server"
next
edit 30
set wildcard-fqdn "live.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
next
edit 2
next
edit 3
set type address
set address "google-play"
next
edit 4
set type address
set address "update.microsoft.com"
next
edit 5
set type address
set address "swscan.apple.com"
next
edit 6
set type address
set address "autoupdate.opera.com"
next
edit 7
set wildcard-fqdn "android"
next
edit 8
set wildcard-fqdn "apple"
next
edit 9
set wildcard-fqdn "appstore"
next
edit 10
set wildcard-fqdn "citrix"
next
edit 11
set wildcard-fqdn "eease"
next
edit 12
set wildcard-fqdn "google-drive"
next
edit 13
next
edit 14
next
edit 15
set wildcard-fqdn "Gotomeeting"
next
edit 16
set wildcard-fqdn "microsoft"
next
edit 17
set wildcard-fqdn "adobe"
next
edit 18
set wildcard-fqdn "Adobe Login"
next
edit 19
set wildcard-fqdn "dropbox.com"
next
edit 20
set wildcard-fqdn "fortinet"
next
edit 21
set wildcard-fqdn "googleapis.com"
next
edit 22
set wildcard-fqdn "icloud"
next
edit 23
set wildcard-fqdn "itunes"
next
edit 24
set wildcard-fqdn "skype"
next
edit 25
set wildcard-fqdn "verisign"
next
edit 26
set wildcard-fqdn "Windows update 2"
next
edit 27
set wildcard-fqdn "auth.gfx.ms"
next
edit 28
set wildcard-fqdn "softwareupdate.vmware.com"
next
edit 29
set wildcard-fqdn "firefox update server"
next
edit 30
set wildcard-fqdn "live.com"
next
end
next
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
end
set status enable
set action block
set severity high
end
end
set status enable
set action block
set severity high
end
end
set status enable
set action block
set severity high
end
set status enable
set severity low
end
set status enable
set severity high
end
set status enable
set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003
90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "lan to internet"
set uuid 8d4714ec-a332-51e4-f1ad-19e34e04d8eb
set srcintf "port4"
set dstintf "virtual-wan-link"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set service "ALL"
next
edit 2
set name "access to dmz"
set uuid 26c93222-ba99-51e8-422e-cd253910f753
set srcintf "virtual-wan-link"
set dstintf "port4"
set srcaddr "all"
set dstaddr "dmz2-range"
set action accept
set status enable
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
next
edit 3
set name "vpn_FGT02-FGT01_local"
set uuid 003f5178-d177-51e8-e6ef-f95e07aa506f
set srcintf "port4"
set dstintf "FGT02-FGT01"
set srcaddr "FGT02-FGT01_local" "FGT02_Tunnel_Interface"
set dstaddr "FGT02-FGT01_remote" "FGT01_Tunnel_Interface"
set action accept
set status enable
set service "ALL"
next
edit 4
set name "vpn_FGT02-FGT01_remote"
set uuid 004faf8c-d177-51e8-1827-0531c7fcfec0
set srcintf "FGT02-FGT01"
set dstintf "port4"
set srcaddr "FGT02-FGT01_remote" "FGT01_Tunnel_Interface"
set dstaddr "FGT02-FGT01_local" "FGT02_Tunnel_Interface"
set action accept
set status enable
set service "ALL"
next
edit 5
set name "LAN_WAN"
set uuid 9db83922-d250-51e8-c890-1ccf78bde397
set srcintf "port1"
set dstintf "virtual-wan-link"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set service "ALL"
set utm-status enable
set av-profile "FortiSandbox"
set ssl-ssh-profile "certificate-inspection"
set nat enable
next
end
config firewall ssh local-key
edit "Fortinet_SSH_RSA2048"
set password ENC
FiS8rzRdnogIyur+vVyd0WxKYI4dOHmNh/mPO4vhgkgsprJN+2ZJoz1i/lQ00AqoK+IdS4bksZ+pOCM4n8D
1iMW2bdqAaBdZxgLC7JKI8p1XUOIAcwfmHJOaQGD3XDQDoCCxl6irQBgovftYVBH0zZWnfQ1h7m6Tn+eSqZ
zU8JFCnqoVxtRgOABXxa+5jMEC7PsOFQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABClnL8+D6
tocb+RTLuWTrnGAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC2e8Wk58p8
Ouz+6BH1PcXUZVHtkh/F5Gn6mp90z2uuq0Vat1MifaczQnQZAVM8+ScamuLgYRMLmYfzA1
z5ucRGYzoIUo9vi2z5eVmuIKqbLUV/+itw0Nh3O6tHZHtf4t97Cao9xzUFSNJYfIsCe7n3
upfKhK637vKgka/+DcxFBG7tw+GmC9WchKfcHG5k2jSUEBcLFe9NDWVFz+6puh692CTtpL
od2+Vqy8qCQZAbPLOsvjf7mMtKdvZAPT0VCevwcwphNOU+P31KzmQCyi2zJvAnb8RHBRqV
YkYqTSNMESEBsJErMPlfIEpPaxpXfBzreSGXeSZmi1LwijcsUOxDAAADwJsh6NKjDd8XSy
VBoe/9UqZD4uttlJdzR9xWGCOD9/gKjiYNVHpyh8+iDa9akPlSS5w9vEHy94xBCAFC+4Qk
Uaf2aT32jqUI7REqliWwhsl4NaUGTF1Hn6giWQjnu5X0fQXGUrStdiU1BcE72hyNUnzN86
WMSXAmzctX6OF3uuC8O+CJ1LhyhCWl5vQAPrH4qLySUDQLcT9dKPpoJQu8aGHvEwdVabqv
xMitmHCIOuEAGx31JHFXFuZxug7Vm3Y1W84QFchWUft9B5ukCNE0IokYfh95xcJBIdKzy5
USIWe4P2MX9bOWyAjvIfpkvkFUjLS35xGEOB6VZaZCIc281YFh7UNawfF1LM2/r+4e3VoT
HCVcPdktyQvOx0TZmFqidfI8nS1g7Ydm+bFxEs7ffMK+Nn+pLx/qHWkDp27JgleH0YRVNn
o4UBN3il7qFpUEt+W12OoOCgQ7j1oOs3zqsbN4xtR0vLlsqvoCjYBNL6JEkNRKrwFBLOM9
BiuxnTfOxSgbaTqQpUSUZK+WO6XC3cGLz6qf1pOLF76hgM8wEB8uwIwQuS+A+nYdgjvJXU
LLL/FAAsaetztcOtSUSWnW8mXOr5zA1/hqZVTzRBEqaVzPGBI1D5JKy56pli1tpdrAtGpM
Nv4LYxrZ87zj5/NJa8BZAVFIhNKq76MglEUmcUseuJxlBEZFeoGCsK5qKrkf9kQawDOrp4
odWm1pwyUMDi31GWBbhn1zl6sWi6SWemU9pwwgdj0EZ/senaOb3AsZFPuD+Pe09LCiqHLS
l7PGKZgXIRzuYewDRZUGcU9er16S23n0wl7jQPryKgJ73lZN4RyQa75cZq0D3IYBp5Yf+Q
h/GyjCf60651jY8mYrn0kN5PeGne4ztRVqlm1G2U939xTx23RvxwrPjgBAXqXGZ3G4wEaX
ig+6Kfa+G/vlqIlvQvWwLY5Fne0jWbuP3DbU4amjFUwRooc1wndcZMSNwa0GM8VAyIPqI7
TtaxDG1/N8opcENXYQDJmxI1tcMaO/kQ0Ylv/3D+liyf7/iiNor6f+yVfhOVCFC9My3fqG
+TAG6fQ56gYPl90EJAtZD0coyLanelRdYHid9bGtnPn03XV5S9eNr55my6hg/ZkEc2QJWM
IahA9T8Ay8a/F3HhmIwhVY17Fi7gu9HcYQN2LPNdfP0tq9ox88zdPFDV8jbYP9TansrZvY
87fT3GJL1bdNjrKuKG5y5JZTkMJWdZPS88ozCJ54VFsdOQ9ciWibyVRgGDWQWtxDMRM+d7
cbJWIyeQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC2e8Wk58p8Ouz+6BH1PcXUZVHtkh/F5Gn6mp90z2uuq0Vat1Mifac
zQnQZAVM8+ScamuLgYRMLmYfzA1z5ucRGYzoIUo9vi2z5eVmuIKqbLUV/
+itw0Nh3O6tHZHtf4t97Cao9xzUFSNJYfIsCe7n3upfKhK637vKgka/
+DcxFBG7tw+GmC9WchKfcHG5k2jSUEBcLFe9NDWVFz+6puh692CTtpLod2+Vqy8qCQZAbPLOsvjf7mMtKdv
ZAPT0VCevwcwphNOU+P31KzmQCyi2zJvAnb8RHBRqVYkYqTSNMESEBsJErMPlfIEpPaxpXfBzreSGXeSZmi
1LwijcsUOxD"
set source built-in
next
edit "Fortinet_SSH_DSA1024"
set password ENC
30aw5QvPf1/hf+YwU1LyUtCT/kvY/ynFD7X2tqdMIO3it6+yrLBSlRlkosWsrDTF//ujDoo3FPLGhdAO6TK
OW2kYdtflrSloycmpI82cf2Xzmmh81BV1MZgENtIyHUv5gPXsWFTngvMsFU8CyQMWZEGTD69zI7knVxDwjV
hrD5ctaR0vlAlwLy7LssQQirZfxZGWuQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDJ+0FNPr
BmUhNrMsgX5ZZWAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAKcXGGMYuiidzpNRXTD7
PUFsw3du6dG/51557nHGQ0rvQxcMP1yOFaRT8bQo0Kzd1y+Njm/reP1U7sSStCQ3yxGcSo
PnBe8f7AB3MgLSKS8tg+m9lAvdCh4l7t1dB109MKdkRLJaignem9JvviZ8aciAKSNCoHJc
+jB2mV2jK95xAAAAFQCkjTJR0vahsdjK0jsMWKjgiUcnkwAAAIBH0msHdj7rLpFWNTlLuL
6bvUc/otuTp2JUS27jqhcOPVMO5XOBpiurSB5kQhhsI1FUe1TugV/YW9xfNqsdvt+LK+Wr
T6q3XAAGTRHODf0NISSSGQY42g47QakKVNcom9Q0zBFD6gdArw0W1S8okdOmUbE1W2LrTP
+2nsrnvLiqkAAAAIA0wfV0aC5LbIlTwOVsFhf3R0KOH4rnXIemglTeQnnXSEoMP5Bz8osn
ESkOHQasJaJ9OmHMB2dQyWAE7BQpidlJcXDJV/d2xus3DP2a8mr+JumrEpEOZywn6J7Z5u
A2THBH/aaBMhDzkVQt3hI7n5O7xdNejKF3zv7IhmuSkyRDsQAAAeBritCm/afDsYnJslZb
/HZLAMmq8x+71YkmjykzlEJ4vt9shsDvwWjwOKj90F7LVbZgWxOKWo/VJGJlNWBh9IlnY3
/3A/hv9jspGhZeqzx3cTHCmhHW2TqWahTtCfSGhjAU8BfVpO71WHLlgK3jeBNF7JfewYKM
XPZq+CKPSRPIgvxMND4PkhaOdG54WGF1sza7xJYyLT3o3x7TpMNzashzRvuuH5Q0p3vK3J
H9CgMX6goShEuI6RQ7g/V5NEdNFx9GfCvnlSuVffW2/b8ISd0lbZaqaqzNqS2zzfkK5kYv
Bk6qsolDm4YSouuDGTXDHu5g2+ej9K5kdWt277JOmXq8uFtFLXohhzlIRGKa8sFWZroQVJ
I2qGlbzDwUL59m4pqOPpZkw+AQxZTeUMb2P5nVFx1L5olGe8DKp/e6hGoxLLf4+r/P2OAn
4ohVzDoyAiob/UGXtiVBWA+MCPwK9SOdLvXnd7xPktZ61fO88Y69uA49Y5Z12/MlEPamd1
QVb9kQb3r8lqUABpfELw/MkjEK6Ld6JSlSUZL23N7S2jn0PPSE9rj5zl0y8GktBCaMs88Z
htLMkDn34LQvnp508QaYzKokufUQ4ccCIh6UwodgdWTpJzy3uAyeyOSeeGr3LKQ=
"
set public-key "ssh-dss
AAAAB3NzaC1kc3MAAACBAKcXGGMYuiidzpNRXTD7PUFsw3du6dG/51557nHGQ0rvQxcMP1yOFaRT8bQo0Kz
d1y+Njm/reP1U7sSStCQ3yxGcSoPnBe8f7AB3MgLSKS8tg+m9lAvdCh4l7t1dB109MKdkRLJaignem9Jvvi
Z8aciAKSNCoHJc+jB2mV2jK95xAAAAFQCkjTJR0vahsdjK0jsMWKjgiUcnkwAAAIBH0msHdj7rLpFWNTlLu
L6bvUc/otuTp2JUS27jqhcOPVMO5XOBpiurSB5kQhhsI1FUe1TugV/YW9xfNqsdvt+LK+WrT6q3XAAGTRHO
Df0NISSSGQY42g47QakKVNcom9Q0zBFD6gdArw0W1S8okdOmUbE1W2LrTP+2nsrnvLiqkAAAAIA0wfV0aC5
LbIlTwOVsFhf3R0KOH4rnXIemglTeQnnXSEoMP5Bz8osnESkOHQasJaJ9OmHMB2dQyWAE7BQpidlJcXDJV/
d2xus3DP2a8mr+JumrEpEOZywn6J7Z5uA2THBH/aaBMhDzkVQt3hI7n5O7xdNejKF3zv7IhmuSkyRDsQ=="
set source built-in
next
edit "Fortinet_SSH_ECDSA256"
set password ENC
PSdQ+Y2b9fLV1xkY6RASd5vzZO7IbwWERJI7luiC0+kfIaDp3ecwwMvYXPis625Sn+6LL1t+2n7yO8LybMM
FsdZJaQief8zykFP4oNZ5u40YgMJfQ8xEWtFRb6i+DwQ3wBdd+cWOI7+rELYV/37oHNulAkyDOdks+FwKlW
ikJLYcmNW8CllclxoG1McsS3ZfZ1TfbQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBgMS/o/A
ZLsDLMD7sxM98UAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
dHAyNTYAAABBBCI883UfwMkMqqEYKlEGlCpsBJJ2Y+SWsob9JGYz8k2ePjy5yHoVqkfBTO
q60DzWrmIyHK1oL4oF96ONvU/GDfMAAACg7J2Oqk1rzGttHGoLboroHY3bRt9tTWsEHe5F
t7CJaWbYAyfg1Y0S+HK4KhYNamf2JjCIuV8vLRx+O684Uodgz5olaqKoSc6JszTEaes92B
XDfp9frXsU6d6sDHlqtH7L2GBTRuCOwGKF08Eb9K/w2VJn2T1p7610B3LFGU1eQgFBvdyX
nNyFxLUwRAKxK6cfk7oENMb4IsX/S+JAHkw6pA==
"
set public-key "ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCI883UfwMkMqqEYKlEGlCpsBJJ2Y+S
Wsob9JGYz8k2ePjy5yHoVqkfBTOq60DzWrmIyHK1oL4oF96ONvU/GDfM="
set source built-in
next
set password ENC
zzlvl1v11skcs/4jzsHGs+ooPoz5XkHqYVKVX/Udj+SUn9iEl6B7mKptdzjtgbqprt/
+a2MTu4kaQff454LDAisRELNQXxGZlM+azmNiW0+9TzOR8DqHk1D44aJx5OnlkrNsQle1COjOKz2s12CJCu
lCs7Mj8BF7QC8vpd5TTTObT1e3ePLWH3OA4vkAvdH4VRTSQQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDr/vk/SK
De9NQgefyS0cBgAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
dHAzODQAAABhBGMK2K2HjduGptJb+II2F1uftk4rlcMvMT2/WsROckkUMyFXV1ah8Y3Luc
4flaQaSzClsd5ye34lSWhwrUbWvPgusAz4EMX+W7dlAVAJOSpbPThkf9UKbfvE8NekPro3
HwAAANAYTkKAYY3PHJZRv7CEr7j4bWzRSzRCOFLOwhg5R/VVyemBQvjOCobldQAbdAVBtR
wBSVMslqci4YEZMtSLKyep4aJ1zrc2bpdanUtzOSskyMR7Wut14Yj3C0EunsxJ2tQWqX6U
9qQmhcMFKHN2nwBDGA4Vs7lywUbRrB70Yzip5QsLFDhv9Hyae43bQQXXiEexNaq4mdKChY
GIWCRv2KhrJd2zX8P6qLh87OwWSS9fIY3LTFP0sDCJewJvTzewh38e7st/Agypt7eN9xWp
vYhj
"
AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGMK2K2HjduGptJb+II2F1uftk4rlcM
vMT2/WsROckkUMyFXV1ah8Y3Luc4flaQaSzClsd5ye34lSWhwrUbWvPgusAz4EMX+W7dlAVAJOSpbPThkf9
UKbfvE8NekPro3Hw=="
set source built-in
next
set password ENC
YBAqR8J26u9O+HvS6nfZJc8azsRoR8tez6cLVKq4HlwlCtdxfJ3/+TawrKN0UgYiCi2m3NTR8gKZfneN81+
wLdW0WoPlMJcdRF8STiu5Ru+on2zdSzcdr6qyXUF7YQpVKOih9xpSnMRnpTRw1eIh3OVJ/yrJdiAtZH+0AQ
cgumCNURR0KTvG3p8tRIm1J14ovxEykQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD4ojQ9mw
fsBupJB/HjdpSoAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
dHA1MjEAAACFBAFRxExkUecWO7lUYY+vfSMgzVyrWYM2BEt+4wVwYQK7h0MZve05Z4TREu
nDJufkmZCFXgs3UeVCYzRbt6act5QjDABh0QxSfE8Vw+WIdPiRB6AO5Ub/v2hZ3yzZWXno
C+XqCsZM6js4dVUej9o+pxOG5wVkqLohSh5Q/v4D3wDOPJk/7gAAAQD1FHvrVgICl4KsmM
nrMeO0R64dnSv3bbweidtU0CDehQR0RVUJksJjJlYhyS/GPNEwI+hxx/DDCCle+ND/AieV
e1bQ0XNSfTCzpUsa+zqephGPVhnP0KXCfgDfhqtU24BuRcf8vM3g38T4lRmnSsGKPWezc1
BnwTm7Tnr0cHFpRJPXyu2ONrzxgayhfFZ1pHchrH+RJ2s4fn+O0B+ay4+/El1EX4/Qba98
1Qs9BbPVZys6ii4F3//Pri/urkXyrpRZTUsQIqd6CPYD8jqZtpR0Z1CBhKNCEGgao7IUmp
KV1yWQipxCL4NC+AjL5e+MEpn4glJ11NnKrwquPc6X2QRo
"
AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFRxExkUecWO7lUYY+vfSMgzVyrWYM
2BEt+4wVwYQK7h0MZve05Z4TREunDJufkmZCFXgs3UeVCYzRbt6act5QjDABh0QxSfE8Vw+WIdPiRB6AO5U
b/v2hZ3yzZWXnoC+XqCsZM6js4dVUej9o+pxOG5wVkqLohSh5Q/v4D3wDOPJk/7g=="
set source built-in
next
edit "Fortinet_SSH_ED25519"
set password ENC
eUujCEOXLBFnsH/Ht0wQTEu7/eKSl5bACUP/8n2PGS4d2A+mBbgbCdQSqNe2NgMBi7LrmYJ6OLrPAPnCPx9
9kGIJPqe64rVP7uhP3C/MmGRS9wsnYA5o+ZXxYzJwNOid6R+xGhJcuWscBjHW6AKwrlMLHc3MO2JfQLPC6/
mdrreQGfwXJOoGsZHp9OGROFKxJgpm0A==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBmM2gY4A
NpxMr0F+hoph4TAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDw/dZ+M9qlwSvit
HfwRF7ht3IrVnn3KMvRohI29wXg9AAAAkDdDAGZkvYTIGoRKDjdc/UYiWQaIaOMx4IcNUC
v627hpdb1ufdCGxIofYZUx1SSjCtzYb0lWPX5ctZbvIjXk75tTjC3rmpMlV3gubQFe3tZt
LVgLR2cdeqJUSyZLmgmBqnx5nUMcMA22MhUP6FamlHePkgWuaIZb8+wdOVODnulPj+N3g+
VxVeqn0/SCQ7Juug==
"
set public-key "ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIDw/dZ+M9qlwSvitHfwRF7ht3IrVnn3KMvRohI29wXg9"
set source built-in
next
end
config firewall ssh local-ca
edit "Fortinet_SSH_CA"
set password ENC
zPiPy3RCLjlHMkLhNsNPr+JZT+VfMhfWC77MPy8+YP2qnoBCpvpDkx17O0TwuOJA3NYU/SuRrcofzk/rL8g
b9XFaB3aAIr96QK+mbRBvaqJ2KFf9eJWnX9Stl3fS1uJweS7kpCQoslxv/WDgczoC0vaJj2UM86Ho+d3EPq
a3CtDxiUe7iQEN1lnMbfxPX+HRcCWlUw==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBCuSEYiG
Z5xBFnRtJ6CayqAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQC+NGNfINge
aR/dWVscnqv447X5qLlCxLvs5UNCfv/N987kmNYE/IpvCe3lr9cdM5O7LM3O6huPjul/Kn
7EL2AXBPAKT6WDXOBLTgGgX0vyMn+GYvgQkM42UQy7VqObUk2FJif/aGWcK7a36d/0GmRA
bY9p6UUlnnzCFW5RAmr3wuvDV+aCly5CJJeqnwBRvx0PRRSsatYHqpJP3ycVkBiEGqACZX
P+HhXmktE1iGg4es4ZCB1SOQv3dO3W3WB047I1mqHF9WW+ku0mF2nQyId3gKUhLaIEZIwI
vTUC+4A/QoBOrqwDGoLr4jKm6/G0t0Cvd+GA1Ioawite75ojDop/AAADwDS/qmmq68z6BY
l6j5xRcJ1NIzzsP9kMRBmG4IIDlGCfKpvRvr/6sN8iPg1fjqAj4zjCv9/+vns8bYYsOXZy
3fU7tUXnHbatXd1hWolUGqu7FfB6k1UgEnLTmLXcfF+trIYVfHHQl++tagwtE2WYeA8bwK
tEpFQGdZI3SerOBgccUuNjzPaaNRCH5K+et/tiT6QsR1ft4+l405nxC2thcGvoOyaxSDio
r/q9zw/dUeKjb6bCI+F0YSSflakyf4bO/TmVqUZ/5m3REMm0gvfEnML0PiY5n5fg9wibws
sDONX8wdWeV0lLqk4UKyKlE36q9p/E+1S4scpy7IhkK/L6ZVkaBq5TM6ZTx/LhL9on1N/M
z9EPfFMuIvPUCVu1H/r7u6Cb9+gF9qGn/ceNBcn3JGhilRtb3ValgL4kkb9G6QZ4PpV9Wt
Ma4t5B6E3NIKcMocwAAZtkpt9vBoMR23srQZu151A+z84lL0b0rZMczheY0lWckX6Gt9H4
ykjprqcDvZ11vxqitGQKOMIbN0y2YlgkisMSDUwHKYcHHVrl8cD5rBdUbEIEfoj75Fn80X
Yhg3b8h1DTjwvbbf2ME0AcSwja6gQHFpzN2ld4IZ17M1H0ww0J02U5RXU4ScgF5mSk/FTI
ASgly7a6/mX8+vecU0JCvt9zABg73m14wMuW8SEnAR+BHZ3FSndmN0SRD9l/vZ6TFn93Uo
zk6KrCAuIYyHtuKXmI7xFIUgbIpYk/FYXSHfOlbN2WtxZAOnJmtLKYNo8I1QaynX9dlEDw
+M+RHUk0Op1fFQMHR5Sk0lGaCJ7v0Ll/P7q49jqXXn2It2aWKG3XEG5Z7dB6FZ5EqEPy/y
BojuAlvDgXmtHR+c3VMmZ/C/W7FlZyweuoMY/k24S1CiHlXoCpDu068ze5BxymcFIRyLCO
C/cWyC/1ZE8BNt+zSmHNNzKaDjfWwERe17zMVejMGkp+X0b0dPPRBDae1HeAaI+IrfuIHB
gNmHbbvpb2kRVW2gNdf/zC/MiJK928VdVnbvE70Zg0l22Sr74ufUyvgx6DZOj8Usgrxrnm
OqLTz1oJU4tUX/ohDVNEqZrNF8yTJR2wqnvStxzSTb9quBP5h87yUHCoG71SKLZpNHy1Mr
eFFLIj0kmiZhmQ7UV6iqLRSRKGNBcdPS0HBg2Ti3mWIuw8+3KsQLAuSWb9yulIrEUwUQrb
VLXuOWG/RPf18uyZNAskTegqBH0UeF7dCV7CbWrTPqkIllcK5rcUo4VoI1Z3VoQipJOnlb
2czRkf6A==
"
AAAAB3NzaC1yc2EAAAADAQABAAABAQC+NGNfINgeaR/dWVscnqv447X5qLlCxLvs5UNCfv/N987kmNYE/Ip
vCe3lr9cdM5O7LM3O6huPjul/Kn7EL2AXBPAKT6WDXOBLTgGgX0vyMn+GYvgQkM42UQy7VqObUk2FJif/aG
WcK7a36d/0GmRAbY9p6UUlnnzCFW5RAmr3wuvDV+aCly5CJJeqnwBRvx0PRRSsatYHqpJP3ycVkBiEGqACZ
XP+HhXmktE1iGg4es4ZCB1SOQv3dO3W3WB047I1mqHF9WW+ku0mF2nQyId3gKUhLaIEZIwIvTUC+4A/QoBO
rqwDGoLr4jKm6/G0t0Cvd+GA1Ioawite75ojDop/"
set source built-in
next
edit "Fortinet_SSH_CA_Untrusted"
set password ENC
wH9/beiOBzAVP2gyWSvqKRJhG07gZAbstHitFobZp9Fz8YXn/c06yqaRbycH2MSbWv0bdbv6vNY3cFxWWKk
cpqUgtSqQN7P7LxEQra2NGMaUe6tWfnUrzYGvmaL8+EpY3qLG6gVg/VmeCu3OnSoqyoFa63oKsi6Kgfp93B
Lk+Jk2ue0LPxvyBS4YTtnJOzMs2bxNWQ==
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDsigHiEd
aHa58bYbzDGZnAAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDfTkSWchfg
LS2PgCHFO+9mk2uT7bJ82w+AeL4p6qqOZfK2Iquh/lIPF8owJc1TsVWrq52ZC6Y2F9QMfm
EFEwXN+PhYA1aOG5PZQR8hbmWs2xoX7SWiVnMzdl5XYNMktmSyatJAtyCov74qql9zA5O9
BaTOuJdUQWms0+gUIl2tPoiXedkIhifSDIy6AObBSDCXh9k3Kv54obapbKHyC5wytB815A
Ly258zELbuCApU9ECaw9ysweAYBPeXLHZaHMq8nPWketEhgzvQSp46cQEUuhbL7Ha4l6So
cLwGKNUx96I4BKEAqJ3xFkt+nYmtUECqoU5obb+pNnsZlLPhsgb9AAADwIzSMB3TkpySI7
gIvDbHXMYLXI1f7AcxFvMIiwCCmUF1rS5rFjpV1UKoJhoNh+c+LZm9OtjAutJ7OHWltP5D
SmgW9exKkqzPg8R2oE8jqegluyJohCqKMrh24/i0Z8IvixjSYNUsk/fID0EUYCdCQeGz4w
211QVsuUiVWXLbIvVuf1q+YNa6eUxfDuf6Jq1GmMX3mgRZboliKBGN+1IyFChZi+8dOa7O
GhhOJ1avxOVel/p1M2j1RUPW9fbDy02jpeSGD1M1fEoL0Jhqvg9ROzmt56JEO1YxJNiP9b
Kcdi2zwWF1rQX5uhTnsSeBYjfkcsofUWKJNTbk4TavNhKoahHcg8ZdSuJk2Vo54aAW7t1R
q9y2xtNkmzY5Y3bn/jKZesX0toDKYL5qWwiA/oBo7r5j3x7y0gKQvoe6A7nc6KK32kYRVs
xih/snQNeV9P1keqgmXZtMTipM1rg9QPyPKJ2cu+cqXAAij2YrU6a6KU+bv/f5wifrAZi9
aXN5WqWZALSHZu352LtK32p3jTzTJnQ1pXS/WXzi0XwBCnWEdQRi/mQNnCxKCDyx8bWnGH
srpWQm+rlUHlB77rE48DWxrDUn6TA4rCbo7LoQMjmT/Ef1r2VKSjy0FD1Qt5FjZePHUBGJ
W9gQdN+Z4CDfJMDN6ydr7BVT9lD/kzc5wel5WYKteMOXQalEClBvFVHYkvgCCvcTusEOkW
L8ooMc3LfDWXcW7xDGE+G/v42vY6Y1L9XF2rlF1YKBQeWKf+zxjyNcLKRt7nvJ7HUj3v6B
v48hc83GT7MYtiQMDWjAUt6vZVvG/kBd6SvZTI/g1fxfIf581sLCTdg0DOgH+Rqft1p+l9
1ODlj1837MJDX0bSp2VPCVh2toaFqAIlaWSkX2pjqLev9k4xfcCfhAhVj8xhmUaR/jGz8R
rpBdNjkR6NDAStg0Pz2AtSbixoNt3soyR+lQBaKj0GwXfK8EW4iMtxT1NEycJHMqJD/ut0
7Gl6MLpnI8rV5OlpFEdoS6BO3a2RdtrDfFeyPl9qxu24+n3WzNZZeIejW3NCzBDqp4AOvQ
wmCF1QcVfxAtAkQHEg/Mivn3xdK9IFFyeM6CArkYZYTRppmdeSFgUD+tnuwWROzEb6u7wy
i0VQddqdpxyhizML3lv9/V4h/1VPDxuWuAHq3VPND08njad0BUaj5yGpFiAzhvUgQChyWt
0NGAdl1As7BG1xobWt44LfoTVgfy5/2v46UFOrANz3IRI3Iq6opnvpmfJZ47tqkg11O89Q
5uL5s6fA==
"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDfTkSWchfgLS2PgCHFO+9mk2uT7bJ82w+AeL4p6qqOZfK2Iquh/lI
PF8owJc1TsVWrq52ZC6Y2F9QMfmEFEwXN+PhYA1aOG5PZQR8hbmWs2xoX7SWiVnMzdl5XYNMktmSyatJAty
Cov74qql9zA5O9BaTOuJdUQWms0+gUIl2tPoiXedkIhifSDIy6AObBSDCXh9k3Kv54obapbKHyC5wytB815
ALy258zELbuCApU9ECaw9ysweAYBPeXLHZaHMq8nPWketEhgzvQSp46cQEUuhbL7Ha4l6SocLwGKNUx96I4
BKEAqJ3xFkt+nYmtUECqoU5obb+pNnsZlLPhsgb9"
set source built-in
next
end
config firewall ssh setting
set caname "Fortinet_SSH_CA"
set untrusted-caname "Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
set hostkey-ed25519 "Fortinet_SSH_ED25519"
end
config switch-controller switch-profile
edit "default"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU323EV-default"
config platform
set type U323EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U321EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U223EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U221EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
config platform
set type U422EV
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set ap-country US
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
config platform
set type S221E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 223E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 222E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 221E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 423E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 421E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S423E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S422E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S421E
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S322CR
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S321CR
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set ap-country US
config radio-1
set band 802.11ac
end
next
config platform
set type S311C
end
set ap-country US
config radio-1
set band 802.11ac
end
next
config platform
set type S323C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S322C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type S321C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 223C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set ap-country US
config radio-1
end
next
config platform
set type 24D
end
set ap-country US
config radio-1
end
next
config platform
set type 21D
end
set ap-country US
config radio-1
end
next
edit "FK214B-default"
config platform
set type 214B
end
set ap-country US
config radio-1
end
next
config platform
set type 224D
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
config platform
set type 222C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 25D
end
set ap-country US
config radio-1
end
next
config platform
set type 221C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 320C
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11ac
end
next
config platform
set type 28C
end
set ap-country US
config radio-1
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
config platform
set type 14C
end
set ap-country US
config radio-1
end
next
config platform
set type 11C
end
set ap-country US
config radio-1
end
next
config platform
set type 320B
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
config platform
set type 112B
end
set ap-country US
config radio-1
end
next
config platform
set type 222B
end
set ap-country US
config radio-1
end
config radio-2
set band 802.11n-5G
end
next
config platform
set type 210B
end
set ap-country US
config radio-1
end
next
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set ap-country US
config radio-1
end
next
end
config wireless-controller utm-profile
edit "wifi-default"
set ips-sensor "wifi-default"
set application-list "wifi-default"
set antivirus-profile "wifi-default"
set webfilter-profile "wifi-default"
next
end
config log memory setting
set status enable
end
config log disk setting
set status disable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
end
end
end
end
end
end
config router static
edit 1
set distance 1
set virtual-wan-link enable
next
edit 2
set device "FGT02-FGT01"
set dstaddr "FGT02-FGT01_remote"
next
edit 3
set distance 254
set blackhole enable
set dstaddr "FGT02-FGT01_remote"
next
edit 4
set dstaddr "FGT01_Tunnel_Interface"
next
edit 5
set dstaddr "FortiAnalyzer"
next
edit 6
set dstaddr "FortiSandbox"
next
end
config router ospf
end
end
config redistribute "rip"
end
end
end
end
config router ospf6
end
end
end
end
end
end
config router bgp
end
end
end
end
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
end
end
end
end
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end

Manual 22

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual 22

Uploaded by

Copyright:

Available Formats

#config-version=FGVM64-6.0.

You might also like