#config-version=FGVM64-5.

04-FW-build1138-170531:opmode=0:vdom=0:user=admin
#conf_file_ver=152660317603976
#buildno=1138
#global_vdom=1
config system global
set admin-server-cert "Fortinet_Factory"
set admintimeout 60
set alias "FGVM010000071659"
set fgd-alert-subscription advisory latest-threat
set gui-ipv6 enable
set hostname "STUDENT2"
set timezone 53
end
config system accprofile
edit "prof_admin"
set mntgrp read-write
set admingrp read-write
set updategrp read-write
set authgrp read-write
set sysgrp read-write
set netgrp read-write
set loggrp read-write
set routegrp read-write
set fwgrp read-write
set vpngrp read-write
set utmgrp read-write
set wanoptgrp read-write
set endpoint-control-grp read-write
set wifi read-write
next
end
config system interface
edit "port1"
set vdom "root"
set ip 192.168.80.201 255.255.255.0
set allowaccess ping https ssh http
set type physical
set alias "WAN1"
set role wan
set snmp-index 1
next
edit "port2"
set vdom "root"
set ip 10.0.1.254 255.255.255.0
set allowaccess ping ssh
set type physical
set alias "LAN"
set role lan
set snmp-index 2
next
edit "port3"
set vdom "root"
set type physical
set snmp-index 3
next
edit "port4"
set vdom "root"
set ip 192.168.99.1 255.255.255.0
set allowaccess ping https ssh
 set type physical
set alias "WAN2"
set role wan
set snmp-index 4
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 5
next
edit "to-Jakarta"
set vdom "root"
set type tunnel
set snmp-index 6
set interface "port4"
next
edit "to-Jakarta2"
set vdom "root"
set type tunnel
set snmp-index 7
set interface "port1"
next
end
config system custom-language
edit "en"
set filename "en"
next
edit "fr"
set filename "fr"
next
edit "sp"
set filename "sp"
next
edit "pg"
set filename "pg"
next
edit "x-sjis"
set filename "x-sjis"
next
edit "big5"
set filename "big5"
next
edit "GB2312"
set filename "GB2312"
next
edit "euc-kr"
set filename "euc-kr"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Main"
config widget
edit 1
 set x-pos 1
set y-pos 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 2
set y-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 3
set y-pos 1
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 4
set y-pos 1
set width 1
set height 1
next
edit 5
set type admins
set x-pos 5
set y-pos 1
set width 1
set height 1
next
edit 6
set type cpu-usage
set x-pos 6
set y-pos 1
set width 2
set height 1
next
edit 7
set type memory-usage
set x-pos 7
set y-pos 1
set width 2
set height 1
next
edit 8
set type sessions
set x-pos 8
set y-pos 1
set width 2
set height 1
next
edit 9
set type tr-history
set x-pos 9
set y-pos 1
set width 2
 set height 1
set interface "port2"
next
end
next
end
next
end
config system ha
set override disable
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system replacemsg-image
edit "logo_fnet"
set image-type gif
set image-base64 ''
next
edit "logo_fguard_wf"
set image-type gif
set image-base64 ''
next
edit "logo_fw_auth"
set image-type png
set image-base64 ''
next
edit "logo_v2_fnet"
set image-type png
set image-base64 ''
next
edit "logo_v2_fguard_wf"
set image-type png
set image-base64 ''
next
edit "logo_v2_fguard_app"
set image-type png
set image-base64 ''
next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-authorization-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
config system replacemsg auth "auth-disclaimer-page-2"
end
config system replacemsg auth "auth-disclaimer-page-3"
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg ec "endpt-warning-portal"
end
config system replacemsg ec "endpt-warning-portal-mac"
end
config system replacemsg ec "endpt-quarantine-portal"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system snmp sysinfo
end
config user device-category
edit "android-phone"
next
edit "android-tablet"
next
edit "blackberry-phone"
next
edit "blackberry-playbook"
next
edit "forticam"
next
edit "fortifone"
next
edit "fortinet-device"
next
edit "gaming-console"
next
edit "ip-phone"
 next
edit "ipad"
next
edit "iphone"
next
edit "linux-pc"
next
edit "mac"
next
edit "media-streaming"
next
edit "printer"
next
edit "router-nat-device"
next
edit "windows-pc"
next
edit "windows-phone"
next
edit "windows-tablet"
next
edit "other-network-device"
next
edit "collected-emails"
next
edit "all"
next
end
config system cluster-sync
end
config system fortiguard
set sdns-server-ip "208.91.112.220"
end
config ips global
set default-app-cat-mask 18446744073642442751
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
 set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
 set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
set syncinterval 60
end
config system settings
set inspection-mode flow
end
config firewall address
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid 90fc31de-2d83-51e7-b107-7041ddbf32bb
set visibility disable
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid 90fcc2ca-2d83-51e7-9dca-b03fbdde9178
set type iprange
set associated-interface "ssl.root"
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
edit "all"
set uuid 90fe4c30-2d83-51e7-ced4-7105f13f6379
next
edit "none"
set uuid 90fe5450-2d83-51e7-fbad-401f1cf7d48c
set subnet 0.0.0.0 255.255.255.255
next
edit "adobe"
set uuid 90fe5b76-2d83-51e7-a0cc-c986db4a4dd4
set type wildcard-fqdn
set wildcard-fqdn "*.adobe.com"
next
edit "Adobe Login"
set uuid 90fe6490-2d83-51e7-1614-380282ea15b4
set type wildcard-fqdn
set wildcard-fqdn "*.adobelogin.com"
next
edit "android"
set uuid 90fe6be8-2d83-51e7-ab1a-2016d96c5b30
set type wildcard-fqdn
set wildcard-fqdn "*.android.com"
next
edit "apple"
set uuid 90fe7318-2d83-51e7-ef20-aa964d63a40b
set type wildcard-fqdn
set wildcard-fqdn "*.apple.com"
next
edit "appstore"
set uuid 90fe7a34-2d83-51e7-4780-7746f4accfd2
set type wildcard-fqdn
set wildcard-fqdn "*.appstore.com"
next
edit "auth.gfx.ms"
set uuid 90fe815a-2d83-51e7-3f8a-1e4b13da0c80
set type fqdn
set fqdn "auth.gfx.ms"
next
edit "autoupdate.opera.com"
set uuid 90fe88bc-2d83-51e7-f1d7-b1f5991d740f
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit "citrix"
set uuid 90fe900a-2d83-51e7-8917-8f355a0976c7
set type wildcard-fqdn
set wildcard-fqdn "*.citrixonline.com"
next
edit "dropbox.com"
set uuid 90fe9712-2d83-51e7-d516-7f6a3d1b4847
set type wildcard-fqdn
set wildcard-fqdn "*.dropbox.com"
next
edit "eease"
set uuid 90fe9e10-2d83-51e7-73e8-13298a12d664
set type wildcard-fqdn
set wildcard-fqdn "*.eease.com"
next
edit "firefox update server"
set uuid 90fea50e-2d83-51e7-0a73-24c8dfc786b4
set type wildcard-fqdn
set wildcard-fqdn "aus*.mozilla.org"
next
edit "fortinet"
set uuid 90feafae-2d83-51e7-bce4-22030f6266c7
set type wildcard-fqdn
set wildcard-fqdn "*.fortinet.com"
next
edit "googleapis.com"
set uuid 90feb6f2-2d83-51e7-87c0-b0c1fa16c9ab
set type wildcard-fqdn
 set wildcard-fqdn "*.googleapis.com"
next
edit "google-drive"
set uuid 90febdf0-2d83-51e7-030d-48a4b5f84140
set type wildcard-fqdn
set wildcard-fqdn "*drive.google.com"
next
edit "google-play"
set uuid 90fec50c-2d83-51e7-96c0-4a15ec797457
set type fqdn
set fqdn "play.google.com"
next
edit "google-play2"
set uuid 90fecc32-2d83-51e7-0872-0163a18b567c
set type wildcard-fqdn
set wildcard-fqdn "*.ggpht.com"
next
edit "google-play3"
set uuid 90fed31c-2d83-51e7-8d3e-c7c96cf7debc
set type wildcard-fqdn
set wildcard-fqdn "*.books.google.com"
next
edit "Gotomeeting"
set uuid 90feda6a-2d83-51e7-bf49-624368ecccd9
set type wildcard-fqdn
set wildcard-fqdn "*.gotomeeting.com"
next
edit "icloud"
set uuid 90fee15e-2d83-51e7-2496-1fd138647525
set type wildcard-fqdn
set wildcard-fqdn "*.icloud.com"
next
edit "itunes"
set uuid 90fee848-2d83-51e7-07ab-9046be794703
set type wildcard-fqdn
set wildcard-fqdn "*itunes.apple.com"
next
edit "microsoft"
set uuid 90feef32-2d83-51e7-e185-96d6be45492c
set type wildcard-fqdn
set wildcard-fqdn "*.microsoft.com"
next
edit "skype"
set uuid 90fef61c-2d83-51e7-c47c-82f007756c32
set type wildcard-fqdn
set wildcard-fqdn "*.messenger.live.com"
next
edit "softwareupdate.vmware.com"
set uuid 90fefe5a-2d83-51e7-8565-236f41a45585
set type fqdn
set fqdn "softwareupdate.vmware.com"
next
edit "swscan.apple.com"
set uuid 90ff05bc-2d83-51e7-6ef4-11f8965fe371
set type fqdn
set fqdn "swscan.apple.com"
next
edit "update.microsoft.com"
set uuid 90ff0d0a-2d83-51e7-e655-d3bae69f1511
 set type fqdn
set fqdn "update.microsoft.com"
next
edit "verisign"
set uuid 90ff143a-2d83-51e7-bdc5-321ba6a6712e
set type wildcard-fqdn
set wildcard-fqdn "*.verisign.com"
next
edit "Windows update 2"
set uuid 90ff1b42-2d83-51e7-b42d-b1edc0fd5cf4
set type wildcard-fqdn
set wildcard-fqdn "*.windowsupdate.com"
next
edit "live.com"
set uuid 90ff2308-2d83-51e7-de59-26153c722999
set type wildcard-fqdn
set wildcard-fqdn "*.live.com"
next
edit "to-Jakarta_local_subnet_1"
set uuid a32cec02-2d85-51e7-0a38-1001f3a32e9e
set allow-routing enable
set subnet 10.0.1.0 255.255.255.0
next
edit "to-Jakarta_remote_subnet_1"
set uuid a33db884-2d85-51e7-f6a3-92c8f5c7478b
set allow-routing enable
set subnet 10.0.2.0 255.255.255.0
next
edit "to-Jakarta2_local_subnet_1"
set uuid f4268b72-2d85-51e7-b236-2eb1b8b6ed86
set allow-routing enable
set subnet 10.0.1.0 255.255.255.0
next
edit "to-Jakarta2_remote_subnet_1"
set uuid f42e1cac-2d85-51e7-b382-74e154fce98f
set allow-routing enable
set subnet 10.0.2.0 255.255.255.0
next
end
config firewall multicast-address
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
 next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
end
config firewall address6
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid 90fcc572-2d83-51e7-5b91-44bc7f82f85b
set ip6 fdff:ffff::/120
next
edit "all"
set uuid 90ff2b00-2d83-51e7-bae4-0e451cccc1eb
next
edit "none"
set uuid 90ff3172-2d83-51e7-2fc3-f592d9bd421a
set ip6 ::/128
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall addrgrp
edit "to-Jakarta_local"
set uuid a339802a-2d85-51e7-a8dd-5cf002118519
set member "to-Jakarta_local_subnet_1"
set comment "VPN: to-Jakarta (Created by VPN wizard)"
set allow-routing enable
next
edit "to-Jakarta_remote"
set uuid a3417fa0-2d85-51e7-95bd-db1e6727beaf
set member "to-Jakarta_remote_subnet_1"
set comment "VPN: to-Jakarta (Created by VPN wizard)"
set allow-routing enable
next
edit "to-Jakarta2_local"
set uuid f42a2642-2d85-51e7-57d1-1d38f7797c86
set member "to-Jakarta2_local_subnet_1"
set comment "VPN: to-Jakarta2 (Created by VPN wizard)"
set allow-routing enable
next
edit "to-Jakarta2_remote"
set uuid f43190d0-2d85-51e7-129e-f5aefdc52d98
set member "to-Jakarta2_remote_subnet_1"
set comment "VPN: to-Jakarta2 (Created by VPN wizard)"
set allow-routing enable
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
 next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
 set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
 set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
 set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
 set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set explicit-proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
 set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config ips sensor
edit "sniffer-profile"
set comment "Monitor IPS attacks."
config entries
edit 1
set severity high critical
next
end
next
edit "default"
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "all_default"
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
 set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity
vulnerabilities"
set block-malicious-url enable
config entries
edit 1
set severity medium high critical
set status enable
set action block
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit "sniffer-profile"
set comment "Monitor all applications."
unset options
config entries
edit 1
set action pass
next
end
next
edit "default"
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
 edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp fp-sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "sniffer-profile"
set comment "Log a summary of email and web traffic."
set flow-based enable
set summary-proto smtp pop3 imap http-get http-post
next
edit "default"
set comment "Default sensor."
next
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
 set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set password ENC
8CGS7OjvRO8fw+L8PULx+wrP1lksc1HfVvWqOEqNVewVQQXXD8PVH5+wWWZRKBw455YnpZBO6Quod2CroVi
H3lwnqv161I+bggsKCI/
e1npan9k0PIcTae3NXmo5V75mUZDbl+73+loFFelT7BZBWMnOpp+CbGWjFWfbecyTbQOUuoSBUiWlDsaTsD
v1MkZQ4904xA==
set comments "This is the default CA certificate the SSL Inspection will
use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0W5bsuMZr8kCAggA
MBQGCCqGSIb3DQMHBAgM86Ye5JEBQASCAVhHixihG/oomYonF6X/vz684dqxzNys
iDrQ15bYo93FwQhUAQkj/i/Qz4lySfxN2Wo0AhCXfZuuAt2LDacUkyO4t87jDby9
QCIrrAiKjGTVncJH75pC84D4b346vNLY9xn8GmVrqFhyszwZdwPR9IdyUHj9ZLu8
hQclXtLtAwmnFp6ODsCKGbsUaV6/L7xHxDwJpOHdQhp8O0Ga9nWcOQcyY3vvLiHB
CGGaqldICB4oYPtYSRnhITkmtGXha80tjD32kQMHqGpMd09ZD/X/Kl4wk8dA7hQu
cpz59msSHI2Ui6CbBnLf+Le9dltNTMEPHOh5cbdcwwkythV6bcKdjyc8EewLrIjg
1g3Z59395MJ4z+RbUTtjYNR864mUHRbJoUcXKXTrokksveezlS6lEmvziBFZK8gw
DaiGxgJ0WiHfEZtwlcMBZBB05sH8JIGU3nmo3B8RIR5S8g==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICXDCCAgagAwIBAgIIDttVL3l6O20wDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxGTAXBgNVBAMMEEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1
cHBvcnRAZm9ydGluZXQuY29tMB4XDTE3MDQzMDA5MDExNFoXDTI3MDUwMTA5MDEx
NFowgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkq
hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMFwwDQYJKoZIhvcNAQEBBQAD
SwAwSAJBAL0e1G71erd4HJf5sba+Pf6KmP8am7j+45cMgbIrvy8KwV4ExsI/Dp4n
0HBYcnsKuQqAjU0J3RiDNKVPR7c3eVkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQsFAANBAF64j0/paZwuz+9o3xzAJ5eTHNLoBV+dOYk5menyXV/b
DhoQLLHEmXEOMjvrprVieK161eX/2X8IGeGckRAznHo=
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_CA_Untrusted"
set password ENC
i4qLJxUVuBGlsHGIr9C1SV1klcj4ytsrpKR9VjoRqg21gwn0Wa3G2nnApn6J8+URz2LL8yNnZQTsvoyr7Vs
v1ccuqXYUyy0vZu/
n5yy0YGXSqkAcEcoLSTYww58ATenM84c69B7/+K5X+9rzCJA2R2gLzrjqG0zQWqfBePnaPV8m19yVRELPnl
6+5zupbOIxmwCpuA==
set comments "This is the default CA certificate the SSL Inspection will
use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIOt4ngOhIfAwCAggA
MBQGCCqGSIb3DQMHBAjDuuWpw6siWASCAWBuIDB3DCB9+4dbvwvRYEdQwWrNuVTD
aMxb61ac53URduRavvuHXvdlASNgfdBbxqGAlmDHm+rSJZnRT6y3F8Glj3Uap9FS
4iMD5bph5e/7QDVYzxfzLl8xrCt7Fqo7ZjBBFKBhpaQWxLHg2M2iuTkX1eGen2VD
zYGEHYJ8/P/rVMwbkw8csdJgVSeFRFKsc+1tFIoTwRzTBqWPGrG91Qo2MYgC8GpE
6fINb9VUsfM6LMawp9cNQuSyZ0FVGT5iDf4wxo9GKg0ByBNw4kohxtji3ceICwop
rre4002+0gl4XAdCxwcatQAFOlxdg3w60eoNfCz2XCxOT3XWeXpIlLtf+vTAFIUM
/b0ih7pejn5uPRwH9dk7Rocx6GUJ+F5Ke/vXkGl/OtpnCvgOv8Q3EmN1erCOgvKE
c7KhwDa3K/s2c07wuUPmmlxRP+ECvgABltCDnJDD7URk9ARp2DhYnr7A
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICZjCCAhCgAwIBAgIIAI8C3ddFdUMwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ
ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTcwNDMwMDkwMTE0WhcNMjcwNTAx
MDkwMTE0WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ
BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl
cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk
IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG
SIb3DQEBAQUAA0sAMEgCQQC8Czqv2tsxL9KGx1JIj+smIoIr09nNeohwrkiU6oOb
R9ItVLydc2b/AzcuV7AzbPwel82sn0M5IGcbtciKBLHvAgMBAAGjEDAOMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCGGaasgftkmoCAf2qKJC2L3QeEYzRi
hZ5AeztWqaIXEKzXdg0AGrZhvbPuaXOLdoleyz2YUmPTJLs6yDtri9rl
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_SSL"
set password ENC
IUTVHXqTvDdCnFFek33G+hJir96T32WBSIiu3RxNOdFroHlvgTlgFeMVebwf0TVFNCTuHpnd6xB7qtAe0IZ
9TM5yl1CBpy+0jGmFw24lHI1g8eY5gvpI3TjBf0w+7IUQuorkOhST4gL38Kk+i7dG1r5VHKlsDBUFZY0pid
1TfyzWFpcsY4Vrk9/a+PFIBNbSRYCkhA==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI8D3fMtkEP4UCAggA
MBQGCCqGSIb3DQMHBAhkeCzhpqtiOASCAWCR/hdjj4Ja2vo5IfSrtXhGeFRkxU3g
BnNMTvs9Z7byY9gbdNS/GvGINWiDptvxmbBHwEpymjM8qBTATb3RcIXbIcS0Pqql
xthCF1gfv84ugxwkRg9jfJ6P+Zu2/K9fH1A9Ra0QIYswyqXCJOF9+KrCWBzAlSKm
FAlssYIMmjmKoYNs5TdcWeu64tnwooYwf0sZ1Qk0/m8EPNJ+GJjLoCe5nMZIX2IO
GQfwG82B4vxS2dDli86VizMeB0pUcdi7sOZBJgiYffGLoCR1VaPF08aO/ZbU1FEJ
Km9q1mlzos4QxlNJM6A0E7+UStnbbtpiHpA0HJQjrmHGCB8shf4cbsFVe42WHcyk
FXP9UJX4E3e9NBvLlFV0iwYU8o4zuFQZSOjpzI1a5XrrpvYsQIInoxNRXuSbtxao
ZLXei/DBY6YhaqgTOtuHEOBf1EmVNDBe23NoHQJQYS157aXauXTutN6R
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICQTCCAeugAwIBAgIITvwkZJ0FdrYwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMB4XDTE3MDQzMDA5MDExNFoXDTI3MDUwMTA5MDExNFowgZ0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMvCAyPrY3NyX8WGC8TsXgc+
IBVGy8Qi9+8qIkQX8Bfmpf4eYa2tFW/RiEQmFcsMOzdiTsvZJ+x4RDJX3olFIF0C
AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAGBFO/sq+9RVIw2Z
ETBuL5+pWBos/FZhGwIFanTK0cV3sZWa1mf4yxrFrJbIvKc+qGaS3IL/WyBZw41l
OIhXdrc=
-----END CERTIFICATE-----"
set range global
set source factory
next
 edit "Fortinet_SSL_RSA1024"
set password ENC
vhxzfMMaiGUD8ZqA8lZgC0H4XmVUDL6EyCT15Ll+Q3gFGvq4+Y63F+GRka5MzW+7F7Qtm8maBZdSZALc2pt
MyZCtTq4BlEoP+
+3iqZXJ87wbqxQCAKKhxjztbqLZB62330McNXI6zws7ulRI9myZlo8HnvzI+SkbCMpkQLh/
sObGuCm83NoPtbc6D0kc4BpgVJE7Mw==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIcoJSjDFTpksCAggA
MBQGCCqGSIb3DQMHBAiUWop4hatVNQSCAWDA54WGfarrR6ZyE2hdqZoVxqC5c8xl
Uydr6bArqfZP/Eep4dy6Wn1We5KL5dmUs7duS58Jk6/ERqkBOncv45uNVu+yAETr
4XSpDWRV10z18J8V1U8T8LAI8YiRx31lFExJoL0jPZqXCvuSMuLqyIwYdxVOFe6z
AmN/pvk96WXngy0Cx4O9TTt2V5jWw7+4RvkMwFrg0lqTUt8O7oyDCh+gSGWWfRA5
j/CYg17Y3GoSkO7UzMrzlxhanLMDD2srsIWrBosBPQhiEoYQIzcNYmiIzdwRHQWL
MeMV1xO+h9PxPSyDM2zpu52AXd4m0flcvyClvJAgSjsuPz7/v8+7eWfl2uD/f64j
qMZS1hJ9mMg3VUQ1t48/cvi9kISMUEtsxRWlKVZCwy3U2HW+xspfU0ROjn1MT2Hu
l0KEynfTo3pGhJbDout3P3Dg7dkteMx6UFL6CwmptsWfTyaSnmMk2M9T
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICQTCCAeugAwIBAgIIPR3ka4CYh30wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMB4XDTE3MDQzMDA5MDExNFoXDTI3MDUwMTA5MDExNFowgZ0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK41A9DYu1ySl0b3WJfDKd7U
JZROPrE/5M9Yx+hmgJLFT64arWGzXZv/bMGVUavhoNwfkTgCS+kewriFwV0+NlUC
AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAJPiGFcOYHa4Axd7
39EXbsl4YB+h4QKYIWqGy/1gWP9kP8atOOn0iGom27lSNwN0r4Z5kY04Od5gnPHk
8xNLHiI=
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_SSL_RSA2048"
set password ENC
K3u4tbeaal8HUDIGg0bFuB3oy3eukFMYQ8cPuiheq88o0nybd8uHE3w4bGjzEPdjCcS470JyKRrJ3EY/g/
7gavQOuyhOgJSotPhN5t06tRbJ74Q0tP95ZL556QFYNiz1wrQC3MKuc4/
NBFvUXTWuZgJQBllQAkvxn4i5roL5gq1Ao89yRLsl2X1CczJgRqt5cg68mA==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIv9HbrEgozBcCAggA
MBQGCCqGSIb3DQMHBAgaeL9EnicOfQSCAWDqcEZfAVTXFIiSng5Tc9Tb4/x9nbQn
6n3iRnfpfQ/zYmds7lzN+t12BPFpfso550ZD59XP8IoBrq4fHGdYmrrNqwKXFv3J
zsrRWKC9X46KN9/lzvqu6AGQTtpeiLqpFuqu1jpze/iy+K4tIUSMHyVYdLuvpiKJ
2YmpXyxMogehRd54KhuzIUoSAs2zcYFp2bdfRAhbdmlinx8wPsyPFY2yz8qyMkbN
SDcex49ZkZI+5iJvWZiisVja9aRbMc3G3COXzk3nSLVHiQ2X8TiCcmxurAVroPOS
i9+DKGPvRpnKQPCSnTdriafZ9GsmHbtGsmo6PRA57J0WDwAi2ERWR7Fz/cR9oEoF
mlvpMo8nzp0Vi2kTQXnUy6I0HzOHr2t1cACQ+aoZk9CSTH4Q8i8CieaOVKtydfac
g7YhWZbXunzVmNFZ+YlYuSc98uCkfJ4bmFlGkkMpObnyaEXNIZRocpfJ
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICQTCCAeugAwIBAgIIWdQDOjjoxV4wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMB4XDTE3MDQzMDA5MDExNFoXDTI3MDUwMTA5MDExNFowgZ0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx
ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM
EEZHVk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu
ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOTGBuBVUzrx6vTlaQiDRKDN
lHbVAk59SVX6jcvUoUq1jeNJe6wP3Z9wKillWgm5VilUqnPupewKyuTkeHO/IX8C
AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAMspiiSTlbIAgkIe
P9Mvuretpb+fDQOo2f60sYlDfYs8IbqjAXvXHN/omerjU4FT2YansCGYjalBsAX5
tviGh3s=
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_SSL_DSA1024"
set password ENC
Wb9ODQaUJeWEXSzhDwk9KOgSoOaQtsg0fQBdTc+UBrIdqVwU28Vfa6k7X1sUsyoWPov51dAaCqTjbDydfSf
Cka0U9hX8QJgGF+ucVpiMbZDR1A2aWHM+9l6YzFzvxrw8TM2gtRlU9PQtfk8xNZDtjfrX2GGL1n5m4XUKlv
HFZDIoC1kgC2+PA8i3pCATcGYrmeus+g==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBFTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIb4OG1/stVUACAggA
MBQGCCqGSIb3DQMHBAisJj5sxfShbwSB0O96lxz8n80Ge5M9g8HsqwTt41FtMmjK
WTxsrsfFBLuP14x5c1OjEQ5EkA+j5ilPo8HJFbVYwjx7St19pWEzD8alCY12W3s1
G4ll0t9dNImcjd0HSd6/7ts0L8wfOtEO/U6fXZMJnMPU4+hUMwwxKc1xQRNdPAve
TRggYYuu4xFdT6vpMaltqG5M96YK8vHo/y/kfxRyIZfiJzlvxVzq4QOWxW110VAV
jodkZ7ntlFzHN+Rajzyr/YN9+odctGdtAouK+u8iukOgWf6o1Xcdjvw=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICwjCCAoCgAwIBAgIIfi3brQc3GPAwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
R1ZNRVYwMDAwMDAwMDAwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
LmNvbTAeFw0xNzA0MzAwOTAxMTRaFw0yNzA1MDEwOTAxMTRaMIGdMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
R1ZNRVYwMDAwMDAwMDAwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
LmNvbTCB8jCBqQYHKoZIzjgEATCBnQJBALOuE8yvEm65tpvN4533qGX1DI5V4Kc8
JVX/L6hRVkWjtsCLEUc0u/whmoRvPvV45oIMMpeVmUvRohievwygZyECFQC/2MuP
S81JafuiZyP5n5Dqv2Aa4QJBAKvGj0KzQmAqwvNDX/WfwzfV3QQ9zR4U+bhkfknQ
V/6O3nb0TdG5sDdFvN5UpbRu2Hsykdg76hgOEcQeWGlSiYwDRAACQQCwCI9/l8mX
PSFngWX2yl4lRkQZY74twYjH2ytoQsjeHgeR6ftNlKRN79/5PgyC0PsN8jFfSsi7
De2ckOCpaWwhow0wCzAJBgNVHRMEAjAAMAsGCWCGSAFlAwQDAgMvADAsAhRV9+IE
iJYI8JjNWHqqw6T+SuyxggIUBGDg7cxGmRF1fiFFLhR20gdfQ+c=
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_SSL_DSA2048"
set password ENC
Ujk058muk/6uqdLdkmgEaZ5sMcyXuxAFdkd9n1eo05Qt2M06COeYZFWUPg6GCQog1WM5L3rMJKj9DNiPApy
Kp/
vBBAA27vwsDy5XeiZuQRNlH1mQOAcRqlMm45RXr74JMQbiQNzmPP8fW+2MX4oCzxCm32aaQpeu+C881aE2W
r7tD2HkbXlZR6dxn7bsMX4wpBoj7w==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBFTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEE0Xx7loElwCAggA
MBQGCCqGSIb3DQMHBAg+yZGnuegWFQSB0E2hwCgH7q1iqh68kNiPNRHY9m2aHkYa
lG7X54xCnxHDOWSHCAdKPLxMGlokOK90mdk/cIaemXhhxFRct34IGwTBmxJ+LyUj
6PeJpwEc9iX94TC1iHYT3Ehbw7VRgBj1ibK7o7W1CSKXkGvYDkrqrrQibsuU7sr6
3AepTZSgm0WGjBNI8Myn/RCZWnoF8nj4awdG2yhCBbBAxG3GecTsWaUm2UbW4lHP
OQXQGHWYD1+Te1l6i5MASU3QnGjfTfH5bovcnl4pyZJsjk05LUU1m9M=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICwDCCAn6gAwIBAgIIEE2kzZQ3CZIwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
R1ZNRVYwMDAwMDAwMDAwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
LmNvbTAeFw0xNzA0MzAwOTAxMTRaFw0yNzA1MDEwOTAxMTRaMIGdMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw
DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG
R1ZNRVYwMDAwMDAwMDAwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
LmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAIc+xoYeSsIq9U3rfKlQJCz+hbCAOnvt
z1JpdH2yTK+DK63n/4ba8jQp6FSbpyOt3mp2MPj1MrB/VxMEsdwCvYkCFQCcRpwa
D9Bacy/rzzXzOnJxJdA0WwJAPfCfdMtzI4iUFjyHvF1//wqFRjP5eJyYp2H0OJGz
U33HCj3c6wQYxhW5+OWsSou4LW2S69YOliArZ/n8yI8AMgNDAAJAWKTh3BXpUTAs
xpQxnBS7K+PGFfvD8XHLQwhOxDsbyRctHsq/cHda0vpyCWn4GGgEH5o8OEu6kq9t
kWlvgAE6c6MNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDLwAwLAIUK6gjJ1Bv
lrpBpVt2rVkvMQhAQ0wCFEARhV3Qld9MRDesg48KnXrSZGat
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA256"
set password ENC
gqq6g6Q3qs4g4BsntdpBaQU9aNzU7BXoxDpaHPT6dojS4G6gzOm1b+xJRtMTzbQSllDAOHd5EDqpaOOiZQT
H09FkIlm9eYwL9wFDZvXzSXY5rBCX4d83iOcva03ZXO4vzOWx565G7U+9atIjcMURqCLUDTymYCi9BX/
n1JINItk3XvrcE/HiO9VZEZ+MzL2UOuGB1w==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHVMEAGCSqGSIb3DQEFDTAzMBsGCSqGSIb3DQEFDDAOBAh+f3l5Wtw5VwICCAAw
FAYIKoZIhvcNAwcECPwiuAS7dWikBIGQh/VOetEF9Q63zGlvt/2wfiTtSnJlUWc7
lgPxHCuu29Pd1e1kSG9L1ctoMQLiWowvNzbIvLZPLJAcd8ZxEkrdcA6tGTZjXhoj
FFv6WkRRZBK/YJ7H7Lainlqeok+l55+olyKOES3oIIbOyxxOmC34Sjvp5+Fill2c
ZwT/nL8Xwbut7ZDhfT0ZZbn1/GEo/ZIU
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICPzCCAeWgAwIBAgIILgRsoHfttTQwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
Vk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
Y29tMB4XDTE3MDQzMDA5MDExNFoXDTI3MDUwMTA5MDExNFowgZ0xCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
Vk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAb4DcGcR6NAHN66+FnqwxtZv
I7yj0ExDlUVP/OvNoxyWndII8hjLFsYASQCo2IAsICWujJQOpuWJA6mPqZHkRKMN
MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNIADBFAiBnW9O1LZqQJVOsU7fFhePh
CKqQCqAKKnHjL+1aeGSZVQIhAPP4UJ8zN4IPFWEad0SR7lwbuh6RX+vjbXKDOwrn
lmh+
-----END CERTIFICATE-----"
set range global
set source factory
next
edit "Fortinet_SSL_ECDSA384"
 set password ENC
v0Sl1BrlQ6aCBzasD4oml463G5hhD+0G8g255S55T9eMorqy7eIpkDJGhe0Io+vrXnAs7yHjWU4/
eBbliGWyYLEEC8XM3gkWooQw9ZqPr01CReHyz48X3ru2DqLAa581LuFlgH4x9NQedhFLZnlDiw+66B4BKVp
DKefaO9fLJlDg8b9I7G9xkcvrGCIlRBqMk4qMdA==
set comments "This certificate is embedded in the hardware at the factory
and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUd7XRgBYmboCAggA
MBQGCCqGSIb3DQMHBAhUSVSYLST4eQSBwBHE6t4kictONCa8qdzNL5tsZL1oE+9O
+Z6NAlg3C+3V8mkeFI3iSiCrOjCza8GU6ZJM2y1w19YZFdx4JPWWuUcoJGQAzOn8
PTWw7r9AFBNCQXE52ORiu5dw3x3n1zyryFDpU1zCAArufGvl93tvGNdEqTthIXk7
A2WEwApeGPFTfEHNEAvilCnGX6zclHHMLi+mgjYNXxhJrREhwdvxm9KReWNEBaKR
F5mZ2tKIZyP8qM+hi/5m7VY94GmFfOD4KA==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICfTCCAgKgAwIBAgIIddkt1gf+OncwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
Vk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
Y29tMB4XDTE3MDQzMDA5MDExNFoXDTI3MDUwMTA5MDExNFowgZ0xCzAJBgNVBAYT
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP
BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH
Vk1FVjAwMDAwMDAwMDAxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu
Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEnQxbAfc3wXAioBjn4thqRK63Awc6
sk2277pE5D0BbpUutEWA2KpPreN/9lj3JIg6iDanaCQAJS0p7M0r3gk00awkalRs
fmo501XTsHeJuNxEqb3PfBQF7hQpaDJOj2/6ow0wCzAJBgNVHRMEAjAAMAoGCCqG
SM49BAMCA2kAMGYCMQDLYntjIubmfrRsPXKd/9mN0UHWEEs46vSMynV7fcUyAbxc
trTzwbXzGm45iWdBmX4CMQCK75P74wxMV5VXqjfco+zjBljBn8BFayAR6Ii7XUc0
ZlMI0J0xbKjpDVo3LBr/+MY=
-----END CERTIFICATE-----"
set range global
set source factory
next
end
config user local
edit "guest"
set type password
set passwd ENC
7pW6SPNRcMQB4+DEXSCdWfYv6H0gbUwNcBgcTmxYCf9r7gjikCwudd3OStQRdBQEhn7EvU2nhbOto4Tv9Ud
7OY7520sf4POeSKTiiTZkuRxgt4StKLx/
VZ8imvnq1cPWiBPFFLty2M3mzYvVoS2ppvOJw3m9e7uvUQXB4XxgzM1zjK8es3/hpaJ8Y12kG6gDQ4/
d+A==
next
end
config user setting
set auth-cert "Fortinet_Factory"
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
end
config user device-group
edit "Mobile Devices"
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-
playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
 next
edit "Network Devices"
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit "Others"
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista-Win7"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista-Win7"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient-AV-Win7"
set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
 next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
next
end
config vpn ssl settings
set servercert "self-sign"
set port 443
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
 config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config webfilter profile
edit "sniffer-profile"
set comment "Monitor web traffic."
set inspection-mode flow-based
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
 set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
 next
edit 87
set category 95
next
edit 88
set category 140
next
edit 89
set category 141
next
end
end
next
edit "default"
set comment "Default web filtering."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 2
set action block
next
edit 2
set category 7
set action block
next
edit 3
set category 8
set action block
next
edit 4
set category 9
set action block
next
edit 5
set category 11
set action block
next
edit 6
set category 12
set action block
next
edit 7
set category 13
set action block
next
edit 8
set category 14
set action block
next
edit 9
set category 15
set action block
next
edit 10
set category 16
set action block
next
 edit 11
set action block
next
edit 12
set category 57
set action block
next
edit 13
set category 63
set action block
next
edit 14
set category 64
set action block
next
edit 15
set category 65
set action block
next
edit 16
set category 66
set action block
next
edit 17
set category 67
set action block
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
edit "monitor-all"
set comment "Monitor and log all visited URLs, flow-based."
set inspection-mode flow-based
config ftgd-wf
unset options
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
 set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
 next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
set log-all-url enable
set web-content-log disable
set web-filter-activex-log disable
set web-filter-command-block-log disable
set web-filter-cookie-log disable
set web-filter-applet-log disable
set web-filter-jscript-log disable
set web-filter-js-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-referer-log disable
set web-filter-cookie-removal-log disable
set web-url-log disable
set web-invalid-domain-log disable
set web-ftgd-err-log disable
set web-ftgd-quota-usage disable
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
 next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*\\.youtube\\..*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config vpn ipsec phase1-interface
edit "to-Jakarta"
set interface "port4"
set peertype any
set comments "VPN: to-Jakarta (Created by VPN wizard)"
set wizard-type static-fortigate
set remote-gw 192.168.99.2
set psksecret ENC
zyGGr302159/e18Cv1voz7WywafrWXNe9ddk/QydPbUGjs1hig46UNHmvHOD4W/Rx3uF9etiDXRJAYYpxQN
oS5B1B8LiUr9O8+pVebXmHwRO5V+6oxS/XVbWnToxkAiu/xd13oWs1AndLxs2/
pwT8SoMMBjUtqYmaykJLaT7re1m3rMZRcjh6pFFi7Nza5ZPDRaakw==
next
edit "to-Jakarta2"
set interface "port1"
set peertype any
set comments "VPN: to-Jakarta2 (Created by VPN wizard)"
set wizard-type static-fortigate
set remote-gw 192.168.80.202
set psksecret ENC
daUBPhMQv4+kQ1NxZYVxuZAXOYDlffM1OSAh4EIlmdanM6k2iprSCd3osEo2DhHoMmH5rPT/
ZADyjZGNRowNQvU1zWj7v0EaWzIlk2xUN7ZWpN7+TppFScqASNXiWoarEyI1Zk9MgHwHljKrAnZS5C9J3Oh
CvI8k/gGHh+26jLH/LpRaPlIEEkSSlQyH5GOJEMflwg==
next
end
config vpn ipsec phase2-interface
 edit "to-Jakarta"
set phase1name "to-Jakarta"
set comments "VPN: to-Jakarta (Created by VPN wizard)"
set src-addr-type name
set dst-addr-type name
set src-name "to-Jakarta_local"
set dst-name "to-Jakarta_remote"
next
edit "to-Jakarta2"
set phase1name "to-Jakarta2"
set comments "VPN: to-Jakarta2 (Created by VPN wizard)"
set src-addr-type name
set dst-addr-type name
set src-name "to-Jakarta2_local"
set dst-name "to-Jakarta2_remote"
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
 next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config antivirus settings
set grayware enable
end
config antivirus profile
edit "sniffer-profile"
set comment "Scan files and monitor viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
 set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "default"
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
end
config spamfilter profile
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
set flow-based enable
next
edit "default"
set comment "Malware and phishing URL filtering."
next
end
config wanopt settings
set host-id "default-id"
end
config wanopt profile
edit "default"
set comments "Default WANopt profile."
next
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
 unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit "deep-inspection"
set comment "Deep inspection."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type address
set address "android"
next
edit 4
set type address
set address "apple"
next
edit 5
set type address
set address "appstore"
next
edit 6
set type address
set address "citrix"
next
edit 7
set type address
set address "eease"
next
edit 8
set type address
set address "google-drive"
next
edit 9
set type address
set address "google-play"
next
edit 10
set type address
set address "google-play2"
next
edit 11
set type address
set address "google-play3"
next
edit 12
set type address
set address "Gotomeeting"
next
edit 13
set type address
set address "microsoft"
next
edit 14
set type address
set address "update.microsoft.com"
next
edit 15
set type address
set address "adobe"
next
edit 16
set type address
set address "Adobe Login"
next
edit 17
set type address
 set address "dropbox.com"
next
edit 18
set type address
set address "fortinet"
next
edit 19
set type address
set address "googleapis.com"
next
edit 20
set type address
set address "icloud"
next
edit 21
set type address
set address "itunes"
next
edit 22
set type address
set address "skype"
next
edit 23
set type address
set address "swscan.apple.com"
next
edit 24
set type address
set address "verisign"
next
edit 25
set type address
set address "Windows update 2"
next
edit 26
set type address
set address "auth.gfx.ms"
next
edit 27
set type address
set address "autoupdate.opera.com"
next
edit 28
set type address
set address "softwareupdate.vmware.com"
next
edit 29
set type address
set address "firefox update server"
next
end
next
edit "certificate-inspection"
set comment "SSL handshake inspection."
config https
set ports 443
set status certificate-inspection
end
config ftps
 set ports 990
set status disable
end
config imaps
set ports 993
set status disable
end
config pop3s
set ports 995
set status disable
end
config smtps
set ports 465
set status disable
end
config ssh
set ports 22
set status disable
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set severity high
end
config main-class 20000000
end
config main-class 30000000
set status enable
set action block
set severity high
end
config main-class 40000000
end
config main-class 50000000
set status enable
set action block
set severity high
end
config main-class 60000000
end
config main-class 70000000
set status enable
set action block
set severity high
end
config main-class 80000000
set status enable
set severity low
end
config main-class 110000000
set status enable
set severity high
end
config main-class 90000000
set status enable
 set action block
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003
90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
 set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 1
set name "vpn_to-Jakarta_local"
set uuid a352e34e-2d85-51e7-f3cd-0ee5516c8022
set srcintf "port2"
set dstintf "to-Jakarta"
set srcaddr "to-Jakarta_local"
set dstaddr "to-Jakarta_remote"
set action accept
set schedule "always"
set service "ALL"
set comments "VPN: to-Jakarta (Created by VPN wizard)"
next
edit 2
set name "vpn_to-Jakarta_remote"
set uuid a35895a0-2d85-51e7-a38a-3367922b07a4
set srcintf "to-Jakarta"
set dstintf "port2"
set srcaddr "to-Jakarta_remote"
set dstaddr "to-Jakarta_local"
set action accept
set schedule "always"
set service "ALL"
set comments "VPN: to-Jakarta (Created by VPN wizard)"
next
edit 3
set name "vpn_to-Jakarta2_local"
set uuid f4482412-2d85-51e7-27ac-2230e2f7afcf
set srcintf "port2"
set dstintf "to-Jakarta2"
set srcaddr "to-Jakarta2_local"
set dstaddr "to-Jakarta2_remote"
set action accept
set schedule "always"
set service "ALL"
set comments "VPN: to-Jakarta2 (Created by VPN wizard)"
next
edit 4
set name "vpn_to-Jakarta2_remote"
set uuid f44e5b84-2d85-51e7-e03d-f11a31bccbc3
set srcintf "to-Jakarta2"
set dstintf "port2"
set srcaddr "to-Jakarta2_remote"
set dstaddr "to-Jakarta2_local"
set action accept
set schedule "always"
set service "ALL"
set comments "VPN: to-Jakarta2 (Created by VPN wizard)"
next
end
config endpoint-control profile
edit "default"
config forticlient-winmac-settings
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set mac-auth-bypass disable
set eap-passthru enable
set guest-vlan disable
set guest-vlanid 100
set auth-fail-vlan disable
set radius-timeout-overwrite disable
next
end
config switch-controller security-policy captive-portal
edit "captive-portal-default"
next
end
config switch-controller switch-profile
edit "default"
next
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAPU423E-default"
config platform
set type U423E
end
 set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
 end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
 set type S313C
end
set ap-country US
config radio-1
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set ap-country US
config radio-1
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set ap-country US
config radio-1
set band 802.11n
 end
config radio-2
set band 802.11ac
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FK214B-default"
config platform
set type 214B
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set ap-country US
config radio-1
 set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set ap-country US
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set ap-country US
config radio-1
set band 802.11n
 end
config radio-2
set band 802.11n-5G
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set ap-country US
config radio-1
set band 802.11n
end
next
edit "FAP220B-default"
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set ap-country US
config radio-1
set band 802.11n
end
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
 end
config redistribute "isis"
end
end
config router static
edit 1
set gateway 192.168.80.1
set device "port1"
next
edit 2
set gateway 192.168.99.2
set distance 5
set device "port4"
next
edit 3
set device "to-Jakarta"
set comment "VPN: to-Jakarta (Created by VPN wizard)"
set dstaddr "to-Jakarta_remote"
next
edit 4
set distance 254
set comment "VPN: to-Jakarta (Created by VPN wizard)"
set blackhole enable
set dstaddr "to-Jakarta_remote"
next
edit 5
set device "to-Jakarta2"
set comment "VPN: to-Jakarta2 (Created by VPN wizard)"
set dstaddr "to-Jakarta2_remote"
next
edit 6
set distance 254
set comment "VPN: to-Jakarta2 (Created by VPN wizard)"
set blackhole enable
set dstaddr "to-Jakarta2_remote"
next
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
 end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
end
config router multicast
end