#config-version=FGVMK6-6.0.0-FW-build0076-180329:opmode=0:vdom=0:user=admin #conf_file_ver=154902290533600 #buildno=0076 #global_vdom=1 config system global set alias "FortiGate-VM64-KVM" set hostname "FortiGate-VM64-KVM" set timezone 47 end config system accprofile edit "prof_admin" set secfabgrp read-write set ftviewgrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set wanoptgrp read-write set wifi read-write next end config system interface edit "port1" set vdom "root" set ip 192.168.100.190 255.255.255.0 set allowaccess ping https http set type physical set snmp-index 1 next edit "port2" set vdom "root" set ip 192.168.10.1 255.255.255.0 set allowaccess ping set type physical set alias "WAN1" set snmp-index 2 next edit "port3" set vdom "root" set ip 192.168.20.1 255.255.255.0 set allowaccess ping set type physical set alias "WAN2" set snmp-index 3 next edit "port4" set vdom "root" set type physical set snmp-index 4 next edit "port5" set vdom "root" set type physical set snmp-index 5 next edit "port6" set vdom "root" set type physical set snmp-index 6 next edit "port7" set vdom "root" set type physical set snmp-index 7 next edit "port8" set vdom "root" set type physical set snmp-index 8 next edit "port9" set vdom "root" set type physical set snmp-index 9 next edit "port10" set vdom "root" set type physical set snmp-index 10 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 11 next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Main" config widget edit 1 set x-pos 1 set y-pos 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 2 set y-pos 1 set width 1 set height 1 next edit 3 set type vminfo set x-pos 3 set y-pos 1 set width 1 set height 1 next edit 4 set type forticloud set x-pos 4 set y-pos 1 set width 1 set height 1 next edit 5 set type security-fabric set x-pos 5 set y-pos 1 set width 1 set height 1 next edit 6 set type security-fabric-ranking set x-pos 6 set y-pos 1 set width 1 set height 1 next edit 7 set type admins set x-pos 7 set y-pos 1 set width 1 set height 1 next edit 8 set type cpu-usage set x-pos 8 set y-pos 1 set width 2 set height 1 next edit 9 set type memory-usage set x-pos 9 set y-pos 1 set width 2 set height 1 next edit 10 set type sessions set x-pos 10 set y-pos 1 set width 2 set height 1 next end next end next end config system ha set override disable end config system storage edit "Virtual-Disk" set status enable set media-status enable set order 1 set partition "MIXEDXXXB6B6B6E8" set device "/dev/vdb1" set size 8616 set usage mix set wanopt-mode mix next end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system replacemsg-image edit "logo_fnet" set image-type gif set image-base64 '' next edit "logo_fguard_wf" set image-type gif set image-base64 '' next edit "logo_fw_auth" set image-base64 '' next edit "logo_v2_fnet" set image-base64 '' next edit "logo_v2_fguard_wf" set image-base64 '' next edit "logo_v2_fguard_app" set image-base64 '' next end config system replacemsg mail "email-av-fail" end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg mail "email-decompress-limit" end config system replacemsg mail "smtp-decompress-limit" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-authorization-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-av-fail" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg nntp "nntp-av-fail" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg nntp "email-decompress-limit" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg auth "auth-quarantine-page" end config system replacemsg auth "auth-qtn-reject-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg ec "endpt-download-portal" end config system replacemsg ec "endpt-download-portal-mac" end config system replacemsg ec "endpt-download-portal-linux" end config system replacemsg ec "endpt-download-portal-ios" end config system replacemsg ec "endpt-download-portal-aos" end config system replacemsg ec "endpt-download-portal-other" end config system replacemsg ec "endpt-warning-portal" end config system replacemsg ec "endpt-warning-portal-mac" end config system replacemsg ec "endpt-warning-portal-linux" end config system replacemsg ec "endpt-remedy-inst" end config system replacemsg ec "endpt-remedy-reg" end config system replacemsg ec "endpt-remedy-ftcl-autofix" end config system replacemsg ec "endpt-remedy-av-3rdp" end config system replacemsg ec "endpt-remedy-ver" end config system replacemsg ec "endpt-remedy-os-ver" end config system replacemsg ec "endpt-remedy-vuln" end config system replacemsg ec "endpt-remedy-sig-ids" end config system replacemsg ec "endpt-ftcl-incompat" end config system replacemsg ec "endpt-download-ftcl" end config system replacemsg ec "endpt-quarantine-portal" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "ipsfail-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system replacemsg utm "outbreak-prevention-html" end config system replacemsg utm "outbreak-prevention-text" end config system replacemsg icap "icap-req-resp" end config system snmp sysinfo end config user device-category edit "android-phone" next edit "android-tablet" next edit "blackberry-phone" next edit "blackberry-playbook" next edit "forticam" next edit "fortifone" next edit "fortinet" next edit "gaming-console" next edit "ip-phone" next edit "ipad" next edit "iphone" next edit "linux-pc" next edit "mac" next edit "media-streaming" next edit "printer" next edit "router-nat-device" next edit "windows-pc" next edit "windows-phone" next edit "windows-tablet" next edit "other-network-device" next edit "collected-emails" next edit "amazon-device" next edit "android-device" next edit "blackberry-device" next edit "fortinet-device" next edit "ios-device" next edit "windows-device" next edit "all" next end config system cluster-sync end config system fortiguard set sdns-server-ip "208.91.112.220" end config ips global end config system email-server set server "notification.fortinet.net" set port 465 set security smtps end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set syncinterval 60 end config system object-tagging edit "default" set address optional set device optional set interface optional next end config system settings end config firewall address edit "none" set uuid 42cf508e-a88a-51e9-b42a-9abc5d099fdd set subnet 0.0.0.0 255.255.255.255 next edit "autoupdate.opera.com" set uuid 42cf57d2-a88a-51e9-f0e3-6ffe5946fd98 set type fqdn set fqdn "autoupdate.opera.com" next edit "google-play" set uuid 42cf690c-a88a-51e9-f1f7-1cc0c1423dee set type fqdn set fqdn "play.google.com" next edit "swscan.apple.com" set uuid 42cf6fd8-a88a-51e9-3f9e-5444fd19e0da set type fqdn set fqdn "swscan.apple.com" next edit "update.microsoft.com" set uuid 42cf7654-a88a-51e9-e877-d29794daa1fa set type fqdn set fqdn "update.microsoft.com" next edit "all" set uuid 431f62c2-a88a-51e9-2462-6f8036fd1550 next edit "FIREWALL_AUTH_PORTAL_ADDRESS" set uuid 431f6510-a88a-51e9-9872-42627c7a5f6c set visibility disable next edit "SSLVPN_TUNNEL_ADDR1" set uuid 43205f6a-a88a-51e9-170a-040ebb29142c set type iprange set associated-interface "ssl.root" set start-ip 10.212.134.200 set end-ip 10.212.134.210 next end config firewall multicast-address edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next end config firewall address6 edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid 432062bc-a88a-51e9-98d1-c92908c6cd57 set ip6 fdff:ffff::/120 next edit "all" set uuid 4495c6f0-a88a-51e9-34d2-4409fc0584fc next edit "none" set uuid 4495d41a-a88a-51e9-955e-22b8024c013d set ip6 ::/128 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall wildcard-fqdn custom edit "adobe" set uuid 4321f65e-a88a-51e9-bfde-b45c1dfe3bf9 set wildcard-fqdn "*.adobe.com" next edit "Adobe Login" set uuid 4321f852-a88a-51e9-d336-a681b8048aef set wildcard-fqdn "*.adobelogin.com" next edit "android" set uuid 4321f9ec-a88a-51e9-45e5-30316b80366c set wildcard-fqdn "*.android.com" next edit "apple" set uuid 4321fb86-a88a-51e9-6725-030da45b715b set wildcard-fqdn "*.apple.com" next edit "appstore" set uuid 4321fd20-a88a-51e9-45c5-8c06f1203c4d set wildcard-fqdn "*.appstore.com" next edit "auth.gfx.ms" set uuid 4321feb0-a88a-51e9-7b98-0b866a635431 set wildcard-fqdn "*.auth.gfx.ms" next edit "citrix" set uuid 4322004a-a88a-51e9-c64f-580a39c4fd21 set wildcard-fqdn "*.citrixonline.com" next edit "dropbox.com" set uuid 432201e4-a88a-51e9-5901-2858421c6f4f set wildcard-fqdn "*.dropbox.com" next edit "eease" set uuid 43220518-a88a-51e9-8fb1-369acc79449f set wildcard-fqdn "*.eease.com" next edit "firefox update server" set uuid 432206c6-a88a-51e9-a158-10558be10e69 set wildcard-fqdn "aus*.mozilla.org" next edit "fortinet" set uuid 43220860-a88a-51e9-1133-e35c720b1c69 set wildcard-fqdn "*.fortinet.com" next edit "googleapis.com" set uuid 432209fa-a88a-51e9-7226-66e1fd83fcd7 set wildcard-fqdn "*.googleapis.com" next edit "google-drive" set uuid 43220b94-a88a-51e9-b16d-31e80a90a031 set wildcard-fqdn "*drive.google.com" next edit "google-play2" set uuid 43220d38-a88a-51e9-ccd9-6ca14708ade0 set wildcard-fqdn "*.ggpht.com" next edit "google-play3" set uuid 43220ed2-a88a-51e9-cb3c-87400299cfe0 set wildcard-fqdn "*.books.google.com" next edit "Gotomeeting" set uuid 43221094-a88a-51e9-45d9-6b52e2a60fad set wildcard-fqdn "*.gotomeeting.com" next edit "icloud" set uuid 4322136e-a88a-51e9-d939-865aff01e1b2 set wildcard-fqdn "*.icloud.com" next edit "itunes" set uuid 4322153a-a88a-51e9-19e9-40c4deee5e18 set wildcard-fqdn "*itunes.apple.com" next edit "microsoft" set uuid 43221756-a88a-51e9-7896-20f965e6eb20 set wildcard-fqdn "*.microsoft.com" next edit "skype" set uuid 4322190e-a88a-51e9-38f1-61b90695b48c set wildcard-fqdn "*.messenger.live.com" next edit "softwareupdate.vmware.com" set uuid 43221aa8-a88a-51e9-c572-5b6353f1432c set wildcard-fqdn "*.softwareupdate.vmware.com" next edit "verisign" set uuid 43221c42-a88a-51e9-9882-0328be363013 set wildcard-fqdn "*.verisign.com" next edit "Windows update 2" set uuid 43221ddc-a88a-51e9-bac4-5323e32aa19b set wildcard-fqdn "*.windowsupdate.com" next edit "live.com" set uuid 43221f76-a88a-51e9-7d9a-566d9a5635f6 set wildcard-fqdn "*.live.com" next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity medium high critical next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" set block-malicious-url enable config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set deep-app-inspection disable config entries edit 1 set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 30 31 set action pass set log disable next end next edit "block-high-risk" config entries edit 1 set category 2 6 next edit 2 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp fp-sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "default" set comment "Default sensor." next edit "sniffer-profile" set comment "Log a summary of email and web traffic." set flow-based enable set summary-proto smtp pop3 imap http-get http-post next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next end end config icap profile edit "default" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set password ENC 8qh6KUBoyifVZ44f7BP1CNkdbjt1fcVRXxTDCX6bZG6wWrBk+yLnvTgt4imM/dI2bGX5GUk9N08XBgJMPju3BirJYQ+vcvufhDxUWwMliPpc+SXc5LDpi3KcHdzpYZruDGJd/dztkLOIrPq7oWt8pEor4LTVw4veReLOp6CZCZkNp4Pw6ZO3nRg0v+VgbwLl2ukb0w== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6e0h0P8WF/kCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFrHBcep5fxdBIIBYFZ4N8ZQu3ao nn5lpjPiHhx8DeSjuCaiLjlBCDnulyF8XzXOjBlT0aarP2Z9qoGP0doLQkEksfg3 u5DDrpv8icfeYmiKZ/pka/z4jOD7Bg/3eLgpIaAaVHWV+P9V/kosuxJkAz50atA0 LOqrpI35z+PjVccbkBfLMwa1ET97jaHs+GChb4NfBrkVSQ+XykO4tALm/0XdR5+x 61lTc0EuzybEW1YEjdf7xFxJdxgBOyTXMZPgYwhUtPTbQgT9+F6zArCfnGGeuQTZ bUVMFt1BwD2WbacRKt29X/gKSX0atxNldJHceMfxTxNphylZBpOETUAUJcVo2grz boFCWD3loI+c46hZkZnaV+241g+DVZOHqtu/gS0egwrpeYzX1M/NPkTCTVdpeNju bs7zB/JfROvy2u7mdbgT/SquXcoOpPyIEtjvaxqN+2TdjcPrsUIbGx/Ghrca4yCQ F0wCrAG7CNc= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICXDCCAgagAwIBAgIIXLtDZ5PnCsUwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkxGTAXBgNVBAMMEEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1 cHBvcnRAZm9ydGluZXQuY29tMB4XDTE5MDcxNzExNTg1N1oXDTI5MDcxNzExNTg1 N1owgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH DAlTdW5ueXZhbGUxETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkxGTAXBgNVBAMMEEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkq hkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMFwwDQYJKoZIhvcNAQEBBQAD SwAwSAJBAMvnxgmcY0xmSjeWm2o/kQY/8uK3Rj6dEvy067822u6kTGLKLXYYuWPj jhKYRw67x9hr14C46FPmQtz+Nwqi9WUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN BgkqhkiG9w0BAQsFAANBAF2mXkKd/XezYF+3yFF5c0vx1AqEpfRdatEMd0CAX+M2 bFLzQRDzndepozzAvjUc3W9/SJx4AsPB80lbsqYlhMY= -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_CA_Untrusted" set password ENC ekGVDBfp2+PEWP7dg5q/NV330mKPzscGKUdXl5RCgYK96tabLqv9xZyA3bXXEIO6gq+hZ9LzvUjunA/2X5VoWUKKaXXAW19sp03RB/R7+Op1cBuMH4Dfdd1PaOTnDur4SuOubQb+LA6drO6LEC7CtVFj4nV4gbH3rrJlQdSqLzMoOPErn6vpcN2Z3dhFMFlb616EdQ== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI14RSjVYoIHACAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFoyFht7vWMKBIIBYC292ZU942KJ M5m4J6JCejqFZj27iZBIKYe33El5k3cQ000hWlZMgYsTqDKAO0XpEKr2hityMUf6 2GSKIDyz89gGPgv6UCfYQkIhoY6gpaHsS5Wy6zFJaMGHHGudKX87iYudO/+KcOzG vAaKyirbjwfM/qIGLBXOi3X0AWoraJzkAOP1pE+JiSups995vwYuhEz/LqPC8Pvo pSR3zhA1fh3p86M6QWlW+R+Z2C6ypun9DPc6fXHm3J0WrMeap2QbjH2UQJm+MIDq TuenWWL/dyTnlgKL1FkCX6/ZVqYBv06H3c0HXfpTtM1/4HHe6ahRJtitzez9AnDG iInc27LvrlZcYsBImgauYPBEIP47W1tsw1I6SkMSVeSlR7qLOXHLB5r9Xip3d9EQ hfrBgxhoe4rxrEsE+j6R50VLVO8/H9+fPC0XCq+WcJmQ/jyTLGZsvpoCi3OKSyQn OAPxnpzmquc= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICZjCCAhCgAwIBAgIIISrYnhk1BIcwDQYJKoZIhvcNAQELBQAwga4xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkxHjAcBgNVBAMMFUZvcnRpbmV0IFVudHJ1c3RlZCBDQTEjMCEGCSqGSIb3DQEJ ARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTkwNzE3MTE1ODU3WhcNMjkwNzE3 MTE1ODU3WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQ BgNVBAcMCVN1bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNl cnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVk IENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTBcMA0GCSqG SIb3DQEBAQUAA0sAMEgCQQDeIF8QcQjS5UBxp5JWKPr+sxsBadzDlnoBT7qgbr60 XzHHvk6cj4mszMUt2UGDfZT38IBizHWA2Zj++y7sy+/tAgMBAAGjEDAOMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCuzJgVGlPonaifmRQvXrfJrGa70baW 1sO0hIhAPoMk/YY+y2tnpDP1kM0XiySHBUSYYg7DejckApJaqcrs2+i8 -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL" set password ENC ioMwxg+5Y2rLgGp4sbvsZ9oM1UkJ//yn8azAHzftO5n3rn5ez6+LxDbuJGoI3SX3Ih0BafVt13JbmbI64t6ib4mzAUP+x35dvjMTBVz5jw5DopuLgnERCnFeFztgcXwR/lvi1Ur9Tsl2/XOjOsEaL8m6qfjL4zdrbUtudJDI2++2ErEda/ThazC/UjKQZlKd9aTCQA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIM1vC/JZFTHgCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFnlf8qeocB1BIIBYPeHUCtWcdLl RJgKwRHVTZ8IpGFNfRlmniFJHfooUQf14Ar/XUjG0oESU0Qo3WRboeC4eWb5fLsc nicWKLbfqSSBpvcTRuF/brV7N73J7LCjJ4zgEL3YkZ3Y6R2mdIxqL7HTIXl5tHNB TzOFRn4ptz1c9twy9dSYoLXQWTC2XfnAWy1wbcQ47D9eLXqeMCZrgFcoF/bKTYKV FWJMQ9F3rBrfakEcxWbkdh9BZ8eeO5nyDCnSyk7RcoHpB5IerL/PeoM3VFH2Jbap 2UyRmbc7DMYghHAuWGUKmj4wJRd3l/HCNig8AowylOfoUXsUK9vpQA39KOHg+A34 SN/xt9yOUJa2mAP4TwU4IedBEF8xXovjjJ/3aB+Mu51F7PzxWsxuBOiV0tQTgEaI Dhve3oLoAe20tQwTkCqdU301FqkdDT2PFo3rSPOEiELnLLbSkqAlUTZ3xfXYHMgO cdgLUzkJID0= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICQTCCAeugAwIBAgIIDy6gBvUx0IQwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMB4XDTE5MDcxNzExNTg1N1oXDTI5MDcxNzExNTg1N1owgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALXEzq7TJxjrKBsh+42TpgI/ u0dFdK2gkcGgZzNt+tHndXsmfGdfv0A1lB9Ye93XOe8rr796MUNmbX9yeLuTyqMC AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAC2UIFQUfDyz0HYd gknqp8i5e/j4tLirWO5qHANIAMyt3dhLlPAt3HcASD2yCIi3Lo2FHETAaPO4OHJc uDEt6jM= -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL_RSA1024" set password ENC sEqCwdXq/KJAVRt6J/6JFe+tt8xlFSjgwNKhXADc6nA4mv//6sgyJ7ee9NAwYUXk9tC7Y9poSQLGHqRE7OoH/QSMfxgyfiuB+qKhfHFI2k5396jBRmuC+5Y8YQEAZqtOZhzpR3XDeSOLfLp19tDyqzOb/br3Ib7WuHjPn+QAy4DR0AhXAn/Dj1TS4mY626S57nE9XQ== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIAn/nnNjguJECAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPzecD7Afzo4BIIBYDnI4Pj0uPSA 9ap93o4dH5+FphERJ/WP1+Mc+1aJrkJXt63JDn3eRnmEhbRcOKJYnMQPmaxxQ1B9 OGkmv6EdNcqPYOnvP6BWlSdGsXGdqNa2ii72Pq58nhMxl39sMCOMyKDw2BmJb4ob 1nVet2KZzYw0q5N80kh6hC5dp1RxDsLJY533YpWkSL8o46mqhqlK/1FdcN4PF3Ec XAt8Q4P/9zS/tmYHfRYwc8egflN1gZoI0TrNRuEZyVlx76PB+IQ1n2t8cItc6cAn +Qr/b6iDBs46iTrRTJyO4TSMH6g1vx3iMo/AQbZ/aucUW6YXfFUPWe0KQfnnW8RL Sei1yAXEjbtGI3pbKEvwQpQH86gS63HA6ZkOsijJAU4wHu/mXaAjGUocvsmVc8KT kHJD80KcwvfVVmlaMoJ/LdsoWZDRCjn+zvonnoIpx+Jgws1lKFnVyfe6jQMVGi6C ys2ljmnL3KU= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICQTCCAeugAwIBAgIIMjd4U4wZaX8wDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMB4XDTE5MDcxNzExNTg1N1oXDTI5MDcxNzExNTg1N1owgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANR0yz2/+uUwJdVmsVDNCl00 B8RxnPbe2yyVmNVN/jlGlFbv5qr9ikAejDzr3QlRZu6xdRC7DeALG7T7v3YB2MUC AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBAHSa2avvUwPugipe t9zYW8d2w2AT+9/r92zEmB9QpAA4jkkGNcePUVYub4KLnbdn2su+VhdfmzEv9gzm uLeggzQ= -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL_RSA2048" set password ENC NktvImkrfRM0g1lyIgWVt3jsTn20elUxrIZ4jKEl84L3ZLJXGPqtljK4zqOKpqLyFKkDG7c1r3PUPLb0XZsJrK1MM/yINwODbFKH84bGWhM4jMJhuluEw/i7rZVApr2VDykJiC6rR3s8kMEzoEKYXXaPYuPwTLZQltKK7EjurWcrPHAdWDFah3CmRk+QmyTZ1/sPmQ== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRS3NcjitdIMCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOo/sda+pY6GBIIBYG6aUMcBKLWT k2s8t2lLZhYKGzN5jOStHJnTjvwjR9OrshTCF70vNESWo6MZzkQN7m8nghhFCmpT xLPN8I4JJMtzUAuYoyWC+6xHfkudyJXzO28llHeyazkZd9lYpKSpGYvUyy8WxBQW dIbKKT1smR1ZacIonG2Rk8g1u91C/4q9TN4Xk/aX2Vf1DX6FRvd5ENLSP4/TyPWu AtZZDilLHf4APncAzGfn/uki30MNzPuirKwaQRqZj2sTHHLw3Ius7zrh742X7cju YLeirk7hyc3ko8bQ2GjwOigyoF6bVbEgO1ySCquZdw5NG0lzbQJENMWxRKCkw6Tw v9FdmCEsXVrNHGUkq2zeUpRTYBWSDLRQOT2wnXsBFLGVdkRLY0J0aV4qaD73poMm AfNEGrYwh4BG3kx7ZyShf0tIuk+ZqoCgsLl6vt3iflTCYTuIMbHhxteTZqpgNg40 Nq4B6tgIBdM= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICQTCCAeugAwIBAgIIAvYzi/xoHzIwDQYJKoZIhvcNAQELBQAwgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMB4XDTE5MDcxNzExNTg1N1oXDTI5MDcxNzExNTg1N1owgZ0xCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUx ETAPBgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMM EEZHVk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGlu ZXQuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKCX4sNSSpNQ4c+FVTdf+fZq s2IOTBUN3501uWds0oNFcoiClBAO3t4ivF7sMlGCRHq6/Ze3lV+7CczAVciZIX8C AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAANBABNlAZiX/bloqasy QCOQsHgHaqo1kUFR3NbyQZU1Q4VXjYBGHZcKams9Z315dUvbvIErhx1YwKMOLKA9 BUUUWG4= -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL_DSA1024" set password ENC vm9T9EB5w6iUS95b2g4E1y/IVeBisiJCMKNhfrGZn5ZTpNJrxl55aQxdJGxZdtQe/YlM3TdLqBuq0/V108zOxLO9lxtKgzQT+NJGfAg78jE9nGzL+b6lMuAM9+BNv+LN3YjjyeQD7feVxzbEfg8TGuAlXY3UnZikuqxqL9+p+5zhGunxUqPJeWmHeAIVKrK/FEU0sA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIMSOI754tvDsCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFEVoWAPazjcBIHQlTjXEN7tWGEE lTPjefeQynjn3cpcMu/rTA3/hOHexP0hAYHVK84lnyCiyCPAMBH+BYEtaq7+l3xO Hv62Ifh6pcOQ7RtlUo8QHHtA1Oee8tx2uWIb9LSX9ls1JNhJkb+G6Jnu7BU3WD5U iffK24qcjEGjsirCACQJCdryY1XeookaXhYbUCJyI27Poi+6MpRlUCwJ/MeyEJow MTCf5QCxI7g+dd3DguvR3LObrZlsKv+C/vic7qwUnQk74WpUJ2DqZmpi1xRu+R23 RtMtLnWn5g== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICwTCCAn+gAwIBAgIIUUMR5oPkBJYwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG R1ZNRVZGR1lTR1FHQzEyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTAeFw0xOTA3MTcxMTU4NTdaFw0yOTA3MTcxMTU4NTdaMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG R1ZNRVZGR1lTR1FHQzEyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTCB8TCBqQYHKoZIzjgEATCBnQJBAJ5w/0VRbDL1aXpa6VvVPmkSPw4zz2eZ +BTEG3YE9CcTDEh4Wpi+vbDMlNya7AcqaIZoPnfqhUGzFPWz6qE34XkCFQCBp4OK aZg5y/fltG/70vFsF0834QJBAJmkYIYkEOEQDrjOM0VVB9zdoYaBSMmwOZrtgqlE +m+3bzWliDj3Xt0jU8yzVB4ntuevy+jt/Dt364aiCAw359sDQwACQDjGgjnRLQRn hEHEXYVxoN7wATqz84ps3Mlm1wLwLPN+katuuQvaOfnWxkuY2xFuFHk+JUf+koMc /AlC0VGoTZSjDTALMAkGA1UdEwQCMAAwCwYJYIZIAWUDBAMCAy8AMCwCFBm9WEjL NkaTUgYy83kTwwX8csZvAhQbccru0JpnoWrnOmaWfBJwDIi4Lw== -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL_DSA2048" set password ENC 2i9mFnS+QCcy72ENr2oT3No4hUs+Odqfgcp0C1YllXtEVKsvopkPJYZBmqT5LYDHgzHSYh0c6pFMYDgfBqLneCAgeP7dLv/9KaohVAAHl9BdQ3gJI+6MkS6D7o5pH3XidHPDbDO62x6TOr+i4if4Z0DigyQcAmSWhMkeWcO0VfBGWRchWsJ1K5UMuj8y2rLoA9btnA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIreOPsIP62c8CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFqlP7LGNRDsBIHQ4JaNpVhk8D2P eY2mTPVaFGlCcAEjBgr/5fjXEJ+ftIfwsrvSkv1erjUMtkZ8ruWvAsCEgkWFrhCc PZdfe9E7XYMIp+PEVmx35T0sg0Vw1ppjHWnsudBUSYkwhXFnQjVeFB9bffj5YUK3 p2OFlIVbnDuZSbnIUWGAI0mXd+9m1FkLWx0DOEpox/FMVS3Rr6JRPP46dvb15YfR Gd1nwTQgiPmJep5/juuXAqeShBUxL+AxKeUbJhjn/Txz3BrKZX2YDZrEZ1vEVliA XvuJU9Xdmg== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICwTCCAn+gAwIBAgIIfYEro7HGI3QwCwYJYIZIAWUDBAMCMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG R1ZNRVZGR1lTR1FHQzEyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTAeFw0xOTA3MTcxMTU4NTdaFw0yOTA3MTcxMTU4NTdaMIGdMQswCQYDVQQG EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU3Vubnl2YWxlMREw DwYDVQQKDAhGb3J0aW5ldDESMBAGA1UECwwJRm9ydGlHYXRlMRkwFwYDVQQDDBBG R1ZNRVZGR1lTR1FHQzEyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0 LmNvbTCB8TCBqQYHKoZIzjgEATCBnQJBALO3KzBUe1ck0Gypfb8swu2LGF9qLBKh YGtwomZ6/0JCZJbNadaaSmmfOoj9hCuCO/AJqj/m1UAPUZ77HbgHrgcCFQCOY7F2 AOhjuVJCzlLvQckYQVrhrwJBAKBDJJq8Py8OLQgbWvyIB9m4ptc4/aPPmuZsONBw DopU7MQ4BfKoDa6xugBlw7C+HfyJLKqEbzucCmt9Pj8WAHMDQwACQH/T6rCEyJhA qVtKXDxRt8GzpgZ+meV09/Nge88IJLqgYvYl2YLQ0lA/qSNWDDk6ynk13iY3ymBM zv6Yt1aI/dujDTALMAkGA1UdEwQCMAAwCwYJYIZIAWUDBAMCAy8AMCwCFCJBaWdn vDDKUZTfIHN/nWpjW9vRAhQcl1s/qkSJ6sWxHBjixr4HHSGkdQ== -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL_ECDSA256" set password ENC xI4z+j5e7Hr6nwXAdbonU/lsIs+siykOdzooUVDdm9hg9p21a+7i/AWEEY2QSF8ZnEKXf2iKAEBqC1kTmQnzNOclc08fFG2AFuKXKQkjsXekoM/mS6Kvr2vCkhxGcvU6bIqY+OsFj8VGfdubBWQzEJ7xVNbcX6Unn9soS7QIBbmOfOVBMkiUT2m0kwfRWCKcsjF22g== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAiZ+q2uiyB+lwICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIqOwGPcCvq/kEgZBNK+gyHIym0x2w w9b+K8jivp4EpLtvwFhPxe0FlWEmP1kPQnXyVj55+LUID/y9lLE4NfJuWtmPDvHc NycxjubZL+oRKNeA4P96nxqHOukQp4ZIYmcLLM+1RIMI+RrirTMdvZkr7rHEEQQ8 CtmF4PEKL+ippr3gzS4d4rsoKof0Kp+MO0monBkWDlcdCL10JS4= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICPzCCAeWgAwIBAgIIXZA28CsFlH0wCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH Vk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMB4XDTE5MDcxNzExNTg1N1oXDTI5MDcxNzExNTg1N1owgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH Vk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKSi3Ho6iWK2E+mXwaZ55dM/1 8dPq59AJwn0Be5z6sYDS1+N1ZNsZgOx02SUmgArum4CWmd6mIBQXiErDsA6XBaMN MAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgNIADBFAiARv3DaL4fLN1RBpYiagU4z 9Kuru6EIAdlbITW4HEq4EgIhAPrvtyx/gLd3GLdW1seFoScmEHZqpYKTzuMJB6gq 0rml -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next edit "Fortinet_SSL_ECDSA384" set password ENC DqEEWdqjyrsLhRvDIeXW0rBaX8zIEqQcs2yTxEzp8Of+NACkYSW8JyDxky38APkEC73SLZbaFw2hoDV7smSxCq43WUR4c6fDliI+V5fPR04y8zYeUS8zSQ4YKB1cnzlBzMFHes1p5FiqllVgv2vZX6DHy1DLqIr5+UyhiTDxvf4DBFU/6s4HYdDXK6tOVvET2s6NdA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI+bvpVZRCpAkCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD9QJUV2F9awBIHA99HKZcBIUXbN kYMZ8riWkL8qwW7UHOCtKxH3PWqR5i9TBXYUHjJnMMnfZ4DUeldrzjiMmRxXxu6M dfqu8pPB7X2tgdcPUPYYsWpMz2D1SveWvzbZt5VpG3cv7odb8qGXY1E0g5L35S7p W6YH3ElIjfCEy1Ijsc9KOYZJud0kDlg3d/l114xpVhZvJqFH+vY6OftNOyIu3PvH Xz8JAIPGYx02rAWVoCe/pKbihG+xwhp3ToRReAGHauyTCNnQjXDw -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICfDCCAgKgAwIBAgIINmXPPnM6RNwwCgYIKoZIzj0EAwIwgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH Vk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMB4XDTE5MDcxNzExNTg1N1oXDTI5MDcxNzExNTg1N1owgZ0xCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAP BgNVBAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZH Vk1FVkZHWVNHUUdDMTIxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQu Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOCQ4KN55ov52K6J19sArXYLepZbh Iikyd0se/9IOaJjoSxLxLujFD0tKQfUwAznRhtnGPlnza6hEeRHTn/FAWyHRzr9F UksbI78mVPwP81T4EOE6fFQfbJ0j19ifVJWDow0wCzAJBgNVHRMEAjAAMAoGCCqG SM49BAMCA2gAMGUCMCRPQvotfYdpiWH0ANW1r/S7uddSd/HAGA2s0vbfFmN3JMw4 l/TwtVZjRk4SkzY8/wIxAPYkO952iv8Wzl8IOE/VaN1/0l9bIUW5sGWaFiJ3gGOu Smhd5vQpRHFgTy5Yg6WG5A== -----END CERTIFICATE-----" set range global set source factory set last-updated 1563364739 next end config user local edit "guest" set type password set passwd ENC t4d/YEJczJzrwQZ5QBInNEiP7w12ydbWmgsOkORgmzQNqw4nsdzVVgdy0MFPYS6jGd1gfP4oYnBHkvruBMhmZfxpO45LS4cHTRmMd7uQUTk3pxsyqp1ZnfN17RdY+akMMCmQMhPZtaFp5qUL89zA8MYGpSaeOrDzsckP7XoDYt5GCDoZ38PMneyei7vtJNGv9ZlBWw== next end config user setting set auth-cert "Fortinet_Factory" end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next end config user device-group edit "Mobile Devices" set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit "Network Devices" set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit "Others" set member "gaming-console" "media-streaming" set comment "Other devices." next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista-Win7" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista-Win7" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "FortiClient-AV-Win7" set guid "71629DC5-BE6F-CCD3-C5A5-014980643264" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end config vpn ssl settings set servercert "self-sign" set port 443 end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config webfilter profile edit "default" set comment "Default web filtering." config ftgd-wf unset options config filters edit 1 set category 2 set action block next edit 2 set category 7 set action block next edit 3 set category 8 set action block next edit 4 set category 9 set action block next edit 5 set category 11 set action block next edit 6 set category 12 set action block next edit 7 set category 13 set action block next edit 8 set category 14 set action block next edit 9 set category 15 set action block next edit 10 set category 16 set action block next edit 11 set action block next edit 12 set category 57 set action block next edit 13 set category 63 set action block next edit 14 set category 64 set action block next edit 15 set category 65 set action block next edit 16 set category 66 set action block next edit 17 set category 67 set action block next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "sniffer-profile" set comment "Monitor web traffic." set inspection-mode flow-based config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set options block-invalid-url set post-action block config ftgd-wf unset options config filters edit 1 next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 13 set action block next edit 8 set category 14 set action block next edit 9 set category 15 set action block next edit 10 set category 16 set action block next edit 11 set category 26 set action block next edit 12 set category 57 set action block next edit 13 set category 61 set action block next edit 14 set category 63 set action block next edit 15 set category 64 set action block next edit 16 set category 65 set action block next edit 17 set category 66 set action block next edit 18 set category 67 set action block next edit 19 set category 86 set action block next edit 20 set category 88 set action block next edit 21 set category 90 set action block next edit 22 set category 91 set action block next end end next edit "monitor-all" set comment "Monitor and log all visited URLs, flow-based." config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*\\.youtube\\..*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end set block-botnet enable next end config antivirus settings set grayware enable end config antivirus profile edit "default" set comment "Scan files and block viruses." set inspection-mode proxy config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set inspection-mode proxy config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next end config spamfilter profile edit "sniffer-profile" set comment "Malware and phishing URL monitoring." set flow-based enable next edit "default" set comment "Malware and phishing URL filtering." next end config report layout edit "default" set title "FortiGate System Analysis Report" set style-theme "default-report" set options include-table-of-content view-chart-as-heading config page set paper letter set page-break-before heading1 config header config header-item edit 1 set type image set style "header-image" set img-src "fortinet_logo_small.png" next end end config footer config footer-item edit 1 set style "footer-text" set content "FortiGate ${schedule_type} Security Report - Host Name: ${hostname}" next edit 2 set style "footer-pageno" next end end end config body-item edit 101 set type image set style "report-cover1" set img-src "fortigate_log.png" next edit 103 set style "report-cover2" set content "FortiGate ${schedule_type} Security Report" next edit 105 set style "report-cover3" set content "Report Date: ${started_time}" next edit 107 set style "report-cover3" set content "Data Range: ${report_data_range} (${hostname})" next edit 109 set style "report-cover3" set content "${vdom}" next edit 111 set type image set style "report-cover4" set img-src "fortinet_logo_small.png" next edit 121 set type misc set misc-component page-break next edit 301 set text-component heading1 set content "Bandwidth and Applications" next edit 311 set type chart set chart "traffic.bandwidth.history_c" next edit 321 set type chart set chart "traffic.sessions.history_c" next edit 331 set type chart set chart "traffic.statistics" next edit 411 set type chart set chart "traffic.bandwidth.apps_c" next edit 421 set type chart set chart "traffic.bandwidth.cats_c" next edit 511 set type chart set chart "traffic.bandwidth.users_c" next edit 521 set type chart set chart "traffic.users.history.hour_c" next edit 611 set type chart set chart "traffic.bandwidth.destinations_tab" next edit 1001 set text-component heading1 set content "Web Usage" next edit 1011 set type chart set chart "web.allowed-request.sites_c" next edit 1021 set type chart set chart "web.bandwidth.sites_c" next edit 1031 set type chart set chart "web.blocked-request.sites_c" next edit 1041 set type chart set chart "web.blocked-request.users_c" next edit 1051 set type chart set chart "web.requests.users_c" next edit 1061 set type chart set chart "web.bandwidth.users_c" next edit 1071 set type chart set chart "web.bandwidth.stream-sites_c" next edit 1301 set text-component heading1 set content "Emails" next edit 1311 set type chart set chart "email.request.senders_c" next edit 1321 set type chart set chart "email.bandwidth.senders_c" next edit 1331 set type chart set chart "email.request.recipients_c" next edit 1341 set type chart set chart "email.bandwidth.recipients_c" next edit 1501 set text-component heading1 set content "Threats" next edit 1511 set type chart set top-n 80 set chart "virus.count.viruses_c" next edit 1531 set type chart set top-n 80 set chart "virus.count.users_c" next edit 1541 set type chart set top-n 80 set chart "virus.count.sources_c" next edit 1551 set type chart set chart "virus.count.history_c" next edit 1561 set type chart set top-n 80 set chart "botnet.count_c" next edit 1571 set type chart set top-n 80 set chart "botnet.count.users_c" next edit 1581 set type chart set top-n 80 set chart "botnet.count.sources_c" next edit 1591 set type chart set chart "botnet.count.history_c" next edit 1601 set type chart set top-n 80 set chart "attack.count.attacks_c" next edit 1611 set type chart set top-n 80 set chart "attack.count.victims_c" next edit 1621 set type chart set top-n 80 set chart "attack.count.source_bar_c" next edit 1631 set type chart set chart "attack.count.blocked_attacks_c" next edit 1641 set type chart set chart "attack.count.severity_c" next edit 1651 set type chart set chart "attack.count.history_c" next edit 1701 set text-component heading1 set content "VPN Usage" next edit 1711 set type chart set top-n 80 set chart "vpn.bandwidth.static-tunnels_c" next edit 1721 set type chart set top-n 80 set chart "vpn.bandwidth.dynamic-tunnels_c" next edit 1731 set type chart set top-n 80 set chart "vpn.bandwidth.ssl-tunnel.users_c" next edit 1741 set type chart set top-n 80 set chart "vpn.bandwidth.ssl-web.users_c" next edit 1901 set text-component heading1 set content "Admin Login and System Events" next edit 1911 set type chart set top-n 80 set chart "event.login.summary_c" next edit 1931 set type chart set top-n 80 set chart "event.failed.login_c" next edit 1961 set type chart set top-n 80 set chart "event.system.group_events_c" next end next end config wanopt settings set host-id "default-id" end config wanopt profile edit "default" set comments "Default WANopt profile." next end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "google-play" next edit 4 set type address set address "update.microsoft.com" next edit 5 set type address set address "swscan.apple.com" next edit 6 set type address set address "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "live.com" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type address set address "google-play" next edit 4 set type address set address "update.microsoft.com" next edit 5 set type address set address "swscan.apple.com" next edit 6 set type address set address "autoupdate.opera.com" next edit 7 set type wildcard-fqdn set wildcard-fqdn "android" next edit 8 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 9 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 10 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 13 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 14 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 15 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 16 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 17 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 19 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 20 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 21 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 22 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 23 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 24 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 25 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 26 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 27 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 28 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 30 set type wildcard-fqdn set wildcard-fqdn "live.com" next end next edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection end config ftps set ports 990 set status disable end config imaps set ports 993 set status disable end config pop3s set ports 995 set status disable end config smtps set ports 465 set status disable end config ssh set ports 22 set status disable end next end config waf profile edit "default" config signature config main-class 100000000 set action block set severity high end config main-class 20000000 end config main-class 30000000 set status enable set action block set severity high end config main-class 40000000 end config main-class 50000000 set status enable set action block set severity high end config main-class 60000000 end config main-class 70000000 set status enable set action block set severity high end config main-class 80000000 set status enable set severity low end config main-class 110000000 set status enable set severity high end config main-class 90000000 set status enable set action block set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall ssh local-key edit "Fortinet_SSH_RSA2048" set password ENC xBhwWijmrcKOa+Sq9MpcCWUCRoTkrFKuXeDzeVkHmwC/fndZrKebQ7dSqSZAEU2I2XJLP2WoJEDKy4Dg8qbTA9drhrhjh9nq+a6iOBfhE9ZmwsB/TBLYe9xxXGuJtHV4s56e8iqKjXG9Pe8+Tz8iXCXxI0ABiQ/dy6Qq+F1M52qsOKEHWMrQkxbEBzQL5/K9CMkavw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBctLhoRR ClQEQQ/5VnQEG3AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDDC3xp5cJ6 K0Cfn48RKdH8foZ7vllHKhRHz5WCykqWpS21clHbvlYxrEvtwbLBki9JKM6+qhVm+RZ5ZG X5b/EClvCnEaRYG9fjmbrLTydU4oEUKnT8Nj3mzOoOPAkIO48KY19Tn7lrKP3EZU/zRHg8 6YF55McyI50MAFv8gy5buBy0BiuoBJi8y6Zs93y0whSAxXgdV4WMPXjteeqm/QthrjMU1p CANTP86Q0aWL8NkgpiyUIOZTLD1Fe+8krL1rfclt0ceb21KaY2mLn7mK1wpnPytp6zJcTS U9OBEk8KG3NE1ewJPYB95Z5tGaSVL6VVzrKJ2zgbXTahYq8N/q2RAAADwBlyhgPnDtkyKn 4naCX9es/X4YBRrGIUfMrzeYvE9hXAfFv0PEanQuLUd0pXuq6qI6NFj0YlZ0BMlvPqWKcy 41GKXsy2I1iXTqueET3vUL/YfT3U2hBowPGodnordoOomFlMG1BMyUhcTx0VZ3iLYTBz4j kJ/CU9apMwy1Wlrz25JXpH8v5GoE2fv9fSZtVXnw3GBIIEtLUbMBJt1h9Ma28r5D+DlaIT T39hWqUJnwJLUZSeSzkq/WZGLV3YWW/NF0S/OdUHc0t+FB813Bl+MVUM2MXPPJha/jZAXv /AfKjVELWV5KyqZsjUEQRihuDEehpoAby1Q6jOLAN/SsstJCjGfvIF5Ao0+j1GeyFY6U3/ nVgYMKWzfhbgWFH8x4VqhtmdNi8PUflH8dd8Cn4uGx2e0946DyT3pI3L0g9XroNnhWlekQ Nnpnp/hg48PEoXSmM+SDNiDfEyTkZOey4UJFq5aUBfOyi6mBOzqWHuHGqnw3IJp5lxifLp ESNxbYmaR1eTZ8xA8EHp0SC1y5Q+5Sya7mS/N3lC5zmHlcvt/xoP2mQSspK76xdzc1HS4s vAzhhLnTnbwPfAKRiMVATwHO/Bcqh7VRvaLsNxYodWN7vqQjEXY/Wag2+v4ITDIq9tMbeL 2/wXcyeirtLt62E816IB9Eqfg0TvRNEkbfV36hHOqC2LH4P1NWj7TsmvvPBLK9yhcmrzM+ uSFgOiU9oBO6pbRAwM7Jzbqte81sXJII+hLE31hPEFjULFDeh4te2xKbvTSfX5/F86/Dk2 jN1sOOeEnCGpWY7/vRA/c5pXn0/roUWlx1EfFsLyCmS0BahDC90XNlnkHUghQKxoKVfBcm sr9quiJuhRqZ+W+mkooFEQlX/TGQ/c1z3hvDrZ6LQ+6E9043D4jSYVYZKPHZ1BRwP3+mob kIWzUR8yTyqL6ZZMudgbvVw5taVobNB96JZMaPsN7xG+wrsy+FcZqwtvdIoalErP8wI/1Y WFub/wR+51Vq59zGkRhlrBQp8c9SiAG3N/6B9H0Han4RMJQDvJqkLIz4g2mRRACo3yb/Fc Fxvmd3jAP3Ui3hhz6dEpP7SU/qvi4pnc/oW1issTKrmgauLy0nkschacYRd1UE+uw3Wp0h FD1OHP/5jsRKH1w06TBvO/ZMIzUHhAohKcjTjCbqbztAv7FKGiNOD5ljTfCq/uqjlxzWtm rNj7a394qz48nppcZpiq65/TBuVSohZukLxiiyLX19eaZszLG/3vFAn+P2VEG+r6H+fa34 mTZw/Knw== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDC3xp5cJ6K0Cfn48RKdH8foZ7vllHKhRHz5WCykqWpS21clHbvlYxrEvtwbLBki9JKM6+qhVm+RZ5ZGX5b/EClvCnEaRYG9fjmbrLTydU4oEUKnT8Nj3mzOoOPAkIO48KY19Tn7lrKP3EZU/zRHg86YF55McyI50MAFv8gy5buBy0BiuoBJi8y6Zs93y0whSAxXgdV4WMPXjteeqm/QthrjMU1pCANTP86Q0aWL8NkgpiyUIOZTLD1Fe+8krL1rfclt0ceb21KaY2mLn7mK1wpnPytp6zJcTSU9OBEk8KG3NE1ewJPYB95Z5tGaSVL6VVzrKJ2zgbXTahYq8N/q2R" set source built-in next edit "Fortinet_SSH_DSA1024" set password ENC KtZ2Ohllw+aHSLb0TeNhxfjgtFwhC057Mn3mHaU2MgT0fL3hJlGi/YA4oMJuf4zkAlEggDM/XQtV0/GY5mFNPDZpK7bFFlxKUbB+QnNOZ9cXp2gcZlLa05a4yKIO3Aaekxri8OdyhK17jp4ynwa7xs6thGSrFe0gFNlEqzZltIVGOB8837vlA/GXY1jklYinEw9Dmg== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAYbiEXTj +lnBLxN6Nld1UGAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBALOX/MbeB6oY8/kvGXEK VFIxt2DIUK30YrRHC7kW2AOEuKye4CtXF5f2zP3R3zvIGEolIAL+OIyJUmaaKtAtZ3Y83K KzlKgntwBuTiMSLuBe2JuISA+HTxv22sE/nHLy24kGpoLdAdaM0d/n/A/ownOarfYbx+Zj ukALPreiWy9lAAAAFQCB9oIXXqsOMyhafuMbJYKRFMK+NQAAAIBxAYWqU54luOGluJNpvE Kxw+WTYejyz/UqZ8FFE2tPgMCUnXjyCps46bn4CIqTifQwy1rFXbpmXbi+epaTnoCs43IE gMLQ20Czjt/O+tfjszla+vBffKLtj8kS5sv7rVqQ88HTp0VGjflG1eIaVU3iD1WI1Q0oOp xKx7iesFc7vAAAAIEAjmtA9gNqOSiJ8oKXcD1+T8unDNWEY9ygyCRsP9P5Li2pruxSuN9F ytjMWljxw+FDZutFquMGLmOv5Nt61o/5lIRs7q9YwZzgt1MyYl0xvHvUpeFwi14mL4LqUS xAoXvVYIwvFNhqiXsJ6dwbNHdaILlR5RHC2uf0Md0McsOp+wcAAAHgX13c/wvWh2510VfA insHQHoGpmXBMJvb+EFqqFKP0lNpBRuPrB9ypvKmp7UuzSx8c44cISJU89qaBdV97lTW5n WiYCRf8qDD+GJ44SwmSbEmKC1WYvmjSmvd5qbkgLl6/GAKA08fR5dtT3xKKQD7LF8qbPbk XX0TK+cAUq08wX2dNWmggE6D+1KvmGdLmAt2TrmG2LzpB6VVJ4ro86li9BMN9a9giLZPGH LLi9YoL7/urnvL92KHnvWhQNdDjRNXr3o96DkX41fdd9U58I/5npAM14ri/XhX/RLGY2aC HovOvGP2evnlxGi6SJblN8auGQBYhK73XZrhRIrQA6UwM0qIB5daFONSj26ESr03DNdkkH 5Uitu3v5eIB/uZURylzjcXqLOEg1S4ueGbVEqAUMPAso5JoGuNE6B6SHtN5WfNvqT2/Xqf IvHMQfvfIPLkAkjvoO3RgRWqCmgvmQ4qmHkbLY3dgun7Yiyzr8BO7vBkkujeF8/JT2h/3i 1E/3BsLeEVSlz68EUbvA+DqWd/N7B4j4mKWUIk4tV9yI7o1+Ddf6WaEbuCeaB2OkuXZZX+ fhRmk2ySpjl43ulXnQQGhjwvZxBDjkXUXIQ7VeBBCgO9695ezR0pfLPhKH/cOgcs -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBALOX/MbeB6oY8/kvGXEKVFIxt2DIUK30YrRHC7kW2AOEuKye4CtXF5f2zP3R3zvIGEolIAL+OIyJUmaaKtAtZ3Y83KKzlKgntwBuTiMSLuBe2JuISA+HTxv22sE/nHLy24kGpoLdAdaM0d/n/A/ownOarfYbx+ZjukALPreiWy9lAAAAFQCB9oIXXqsOMyhafuMbJYKRFMK+NQAAAIBxAYWqU54luOGluJNpvEKxw+WTYejyz/UqZ8FFE2tPgMCUnXjyCps46bn4CIqTifQwy1rFXbpmXbi+epaTnoCs43IEgMLQ20Czjt/O+tfjszla+vBffKLtj8kS5sv7rVqQ88HTp0VGjflG1eIaVU3iD1WI1Q0oOpxKx7iesFc7vAAAAIEAjmtA9gNqOSiJ8oKXcD1+T8unDNWEY9ygyCRsP9P5Li2pruxSuN9FytjMWljxw+FDZutFquMGLmOv5Nt61o/5lIRs7q9YwZzgt1MyYl0xvHvUpeFwi14mL4LqUSxAoXvVYIwvFNhqiXsJ6dwbNHdaILlR5RHC2uf0Md0McsOp+wc=" set source built-in next edit "Fortinet_SSH_ECDSA256" set password ENC AMoXkyboe0XoQjGuVG04nEK9lsc0bRN5AUkaw0zBNjWpLipwIcnhJMKrwGNN4XOydcHS1y0YOC8B/Cy27MKEPjc44h+6WuxM3mTxORVMNuxrLmbMs+XRJgMIC4ew5x0LUq2UOh/HI8RQzli4PjKjjjHtwvmb3mmX2Zh00VTp6R6e1IvTdRFJX8eOdXhSFgOWhr29yA== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCqMbWkqI Rd9i5LoU80mHe3AAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz dHAyNTYAAABBBOzxCLRQsj1MHbMTW8Yk6TJV+5HDSZHLE3oqTIFruNP1MACtP7vcJnJ/Bi 4KH6NO9CUAXItKDuN+kv5DS1PdsqUAAACg4IteoxG4Ri13bNBjcoG0jeBd/OB59qzBljiR PLG/7MuU0lc1oOutIeIrimKa2YdSPcA/XFisg+n/4SpNdp+5MAHGixBvene1lRmlGz5qsM zq23qr+uKnZcsnLjIyLjgmx5H83BCdKMoUTyWGkypMiGnximSZ4X6yAknjvqDX6bF05gc5 xMzcOUMV6H+I+QZeElra910u3yWtv/tAW0KszA== -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOzxCLRQsj1MHbMTW8Yk6TJV+5HDSZHLE3oqTIFruNP1MACtP7vcJnJ/Bi4KH6NO9CUAXItKDuN+kv5DS1PdsqU=" set source built-in next edit "Fortinet_SSH_ECDSA384" set password ENC ShJTaYQBAMFSPgq301kB0sj+6TIvqhu/ds2h9JPP6lrKc8RZ2ajisQz18IKQKPziO5lU2XauKCXLuA9gwnyWyQsrZ2wCxA/aCblfcmmd1r9jy5WCX9hCg3CMdoDW8uTIkvq3KDBc6IZh2WudMsW/Msxy3v3t/3WUoTCpyaQ7XPljtYiRsWlNC1kUbfryB9XRBlInEQ== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA63hxED8 683kjpZjui0VcBAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz dHAzODQAAABhBD5MlT2T9bSlZsP2/kcNSW5ui7S2S9LL1A5YkcEAA5CO3PZJ61t7RiL+oH CFh86d9Y011vG8YIKlw4+b9ipX9EoWdDmXIwBoy+Lb6LK0EixcGH2jq9NLsbRZNpLcuAU3 kgAAANAQTvj7vAKIGBhJXS/bpHCY12G5jLx47eXdPfOcxOKs5GbP0pL8Dlu5OdMtHFNpzE q5jEOWdt2HBLPqF8XjmaI+OCgJAj11hWL6oatBh1A5eApBSNquTG8yakwN9DcW0kr8Y+XP dGl/TR/AOEoR1qAIlhGcyu9/hPZb4qFsr2Z/O7nfjBhdwc9e0VTBF9cdLEAptoFsnpr4gT xE0EBV/+ZHciB1cmKKQfAL7NuNLqI6duPt+0ht5jhhsbm1MBWyDFyW4wOdfP4q5AX5xLLq X2MP -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD5MlT2T9bSlZsP2/kcNSW5ui7S2S9LL1A5YkcEAA5CO3PZJ61t7RiL+oHCFh86d9Y011vG8YIKlw4+b9ipX9EoWdDmXIwBoy+Lb6LK0EixcGH2jq9NLsbRZNpLcuAU3kg==" set source built-in next edit "Fortinet_SSH_ECDSA521" set password ENC rMG4ROmZt6gIIQo+3ipxgfV0/bzxoT/hNzWLSUS3DpUYRzgbhQ0r4oOcNmzUWPVBusCT7eMA5in7BgLm8vdlMi9Yx0KYnlKpvUTEwi0F0kIK4APVA53Ctfaqb6cG4uyDRmufHR0avzVU5V0k6v6SguKr/B9ssXvu5gsRbKtBX3ApB3UBQJ47oR2iWF28EyuXWejRWw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAegDGIRG XJvQ4d6YFI3BnNAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz dHA1MjEAAACFBACNBsHshSzryRdlNWIcZFty7FEiAv073Kygf7mG17a8f/oOOHR1qUf+a4 xIZdVXo9h+Vb7aDIyvtyzcSranfdIN+wGaX9cEDh+jyPBglIJkVIye98GjPa4aZ/IYxxQD nSxqyrwvu2frPy5/9OH60YUG6NoSdJVS+O60agUEoy5oHaTkpwAAAQDYBKv+nMBeyua6/G Wo6S0KlM7d+pYx8ulcp3gcflnKYKgAUtiez9tcga6L5bQUEqctOfur9rGqhlNPU7Hp0N0B uSwnzWS30GzG9yomNi5+tZHCmqLPvo03p6/zdU1KlKA3+UPw11CiYOMIVeO3cHTv6jm9Wp pLpj71zQPRXOn0013EdmavqWKiBo6il7xKLDCR4c0gHBE10rh1ASrbnWZaUOWOhEteNEut ZkHpN7bl9tY2eztDxKXK7UuRk0nBOuSJ7Jwo16mHbD8m/mJEBbvnwNoZKhxd/j34RpAIcS +QEtDENHAMnS/nQ6n+wKmvMjISXm3vEir2qMezEN0w3+2e -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACNBsHshSzryRdlNWIcZFty7FEiAv073Kygf7mG17a8f/oOOHR1qUf+a4xIZdVXo9h+Vb7aDIyvtyzcSranfdIN+wGaX9cEDh+jyPBglIJkVIye98GjPa4aZ/IYxxQDnSxqyrwvu2frPy5/9OH60YUG6NoSdJVS+O60agUEoy5oHaTkpw==" set source built-in next edit "Fortinet_SSH_ED25519" set password ENC awwnxOuDtjJiKq6ssXUT8bS0l6D3izksu+VZY5WzKBE8FAr4usCXKmllHZEROFrcgwTP0sdXVLWCmsytKaxj5G71dVXjpW+NF15c3Vymsf6JvItz0dckeYUjHzPmSibLihZd4O7J5gLyqzfd0Yg+qD1HDUEWHWxW9OW4ts3bZcCfteRCD4LgQo21CC2G1KsoN+Zs2A== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAiehKNAu ZnaaNR88FCm/rtAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIElODBFjSTYACmvQ rp+qqSabQvC+bMR5pdtk6cQUPSbSAAAAkJqbs4ocxXqmbFkOpKtii+9iH1PKQskUkEzPzI a3nGL7C1WG8Wy0UeZ3GYfn9fPuLBOuo8LTyXvHsNxZjWRZHknuEM4IbC7c5IcDl1YURauQ lu7XhJBSLJ75xVNqwV9DIRw40wrJXuuDxZIb9dp4ovUXln69C/iJ2HsPhIQHaICBxz99o2 1DaFGtl0a66R8Yjg== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElODBFjSTYACmvQrp+qqSabQvC+bMR5pdtk6cQUPSbS" set source built-in next end config firewall ssh local-ca edit "Fortinet_SSH_CA" set password ENC gu+lOPD1avHhMnVp50Fo4rV8aFCfyEBp+4nlzkLrxf/sfnwG+aTBK4DaQN4rWXXef5LLl9K1LlHpvzUJ3Hv0XJw3en+EOk+p10xCWFQDcDccaidqLYeZRAqsG9p00Y2+3bpOSZpzTo/CIWCXn+zjOEw3gDDWBCXkAmzIaZsAOQKYeM9n8Fa4wBq5oNt2U7TRogg8lg== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAcsZMNsL C7w9hrOaRvxMgYAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDSBvCCXYfX +A0fs+xyyJuAXom2QKbQAqCMzHktqEsv6l7J+Ju22YHy4WB5yK7cCBjEx6/lvxMJhD98FP /Wmdb+aFN5kEbne6XENcH75hoSUWXg7mQJYMYsmMdW0twpMW1TMx4FlXi71TJ4YzjSVFFA YJPQFEudeYHZM5q0pdZLCkh88Aji49IcDElPhsVtvboBnMUdCBnWiBqeC0rmmkMJ4Mi7Cg qB8xScEphJAYV6UEqUgSXv7J3Xb9qFqsbR1++HrzHdUCgO3ZGSW/3LcifrpugKWhCvdjoI hElP2fFZUSB1eAUcKCRxvIKZM9llvNSD9U9TNkNixWC+eSLDELbHAAADwKP6l63tUvNXGm PgeSzKUClP7YVIpnbspuM7dVLKndD7eFEuvx3QX7gsDjPKQRK3j0sZgVy+wT80AS33l0Do J5v2aAebARoQ10mTo4zxf2xOhRqTwC7yPQEA221X5rnuUQ0oxSS5mhxW2ymtHQF2wmm8UU eYgcMsWDIGqZQQgM9y/F0AxjDUea63YCAotII+3HwgM4LrxWh3iep8iJOEcS7wNdsN0zTW THO9M2LgvfYRJs3VHyF99ywwEN9Of9VIQqXLVnNbtx1r36inVY9zQuyOP/Twbrh4lXDChK 5msk/bH73aHgyieW0F62+h57fJO1VfcEiZbWK236c2lwBJWikrjkKkhxrV0vgGsKXCbwjl 8hTfAAIPHsOvG+2OnMjCs/Tm4tIdWYHmtp//EoXElYtl1/3YpRh343B4NiWHeGTx772aub 896+IHwGK9yQYznfSlN/UwhYWHZcMdTtcB8Ks9P65U8rfGtcGOXos4tvKlAYgdKmbHYTAm h6OsNGwqnWCUQRILpJjWDW9Trqx6/MGBu1wdo8ReswmIb9U4Qr5Obo8S97aPXosJ5EYMeq bmPpdoigBC5M2JMonJ4XLXuZTgt31BKcSUYYMIvx+BEJaMzW4E8CpOBd8G1VuIWUkRalza xfpRHioxHhtvbHFN8/4+FDNDLXWeKUqSP5QKedzo38A30NKHJhDaacUbd9M0x7vgRzkP4W LdKJV8NOAPKiT16XbGDIkKP0C/nMu1rAdWRk4QXBn1a7q2Yh6SliM7H79Jqb7jifaazcFc U+lk1CXDJpR/FtehxJSdaJ14vZRgMsJvYzc0dLIGLH093H3K0tO+3a7lANmSj/qrnW+Hah PFBcPX0koMVdgP+KsqXBKg7azaPYw4SDYnrqvs/k+SOWOn0h9VgfMJHYRNF8+8sNw0HmTR pOKmhANg6KtU6m0vY5l1KhzHpoNQ0L1FW3G2UYz6PEROOkVd04Dg9q2AjCgxrkRrnYd9tb 8tZcBIAioTtdds0FKn4gkn/c93G+bpMKm9bluVtbExwspNaD59tOGMXxDAboXOII16NPkA W+EIwMHaxUWm9N+UK/rmarTpNzr4UR/kgDAEijXz+Yoq/EQ6x9C0GPlVQT0lLGRVVm5X6J AGFebT7bX6N6zLEjSzMpWYY6R2VyF9Ed7/S3JZzwE2aNEC+OGlBnqLZxv/CRwgmBr0HUHy 9sP1Io46InH0d6W5VvhRtyYFbD8j2/81OI49ZrjHa1RU+ebFNW5r5VWgHSj7CblE9g30A1 ZDQ2ANHQ== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSBvCCXYfX+A0fs+xyyJuAXom2QKbQAqCMzHktqEsv6l7J+Ju22YHy4WB5yK7cCBjEx6/lvxMJhD98FP/Wmdb+aFN5kEbne6XENcH75hoSUWXg7mQJYMYsmMdW0twpMW1TMx4FlXi71TJ4YzjSVFFAYJPQFEudeYHZM5q0pdZLCkh88Aji49IcDElPhsVtvboBnMUdCBnWiBqeC0rmmkMJ4Mi7CgqB8xScEphJAYV6UEqUgSXv7J3Xb9qFqsbR1++HrzHdUCgO3ZGSW/3LcifrpugKWhCvdjoIhElP2fFZUSB1eAUcKCRxvIKZM9llvNSD9U9TNkNixWC+eSLDELbH" set source built-in next edit "Fortinet_SSH_CA_Untrusted" set password ENC nEt+Yd/GnBYT0SNaD/x3SiG3suGj6NCBWZDc0YWSBZ1ghd8XFpUrrNKUz1dtcyNR5osv0MB/jOsGpCV+0GVhFwGpfSKwKF/qywEXieplGG9S8j2rdy+nebx5ml4SlPxzrnS84YJJE1Mt41dD1DopPH2LUzhtOZNFBybxM8+KlG5VJxe9L/xx/FHKQsEbR95nIzIm5g== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCho8YchJ mZiQ8qXEJV4kGNAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDLiCCiWctx 4K4YH9K5gujSnZAykuJGDJthTpGXxSW/GdeZZVDMDwar63Pcw2mlssG9853/3sRvO0k0gb q8KLdfVjIOGI8uGpq1zRAcwyw7f4+8xQZ36bVLRTjKQYSNNsFiVRFF9DjFnuik6JmzU140 WnU32BrCa+Anr+qIPBXSfvee+YTGqLUzNL9ft12vNKLF1BvzJN6vTbS3jJeWCMCLsk/NKz VtEklIg0fD+f120k8GpDda6sIqtS5taZSEcOTD1Py0qyS+LG5nelpJMblcEf9Ad6vdexUL N1GCtWFEug24WK6+m7kWSwUdeQM4d1qtTGIGKe7VaYHeB/hX1DJNAAADwCSOT9JKMN5Ng5 mqpxx8rfQbLIHvL+jKH2ymyXeuGPYqACnnXvx/pPuMP+h60sgFiqL9RI+oMWSMdLeKNw/T XZXuTC0fRzM7sAXSaHXxwzm4lGK+FpN6ef6NoU03ugEK7dZKk2Xz1BY1dyuiA0B5DRLqR6 MX+0NY7g/pBjE0OT9TzB+eyCaVTjQsRluF8Rgc/ZH36x/Fv1cdx65LGdw/d0iyuwg+jRYu bwjSjUkyiTKRND8YM+268c+ep9NzHiqoRrH/1vUoU+e7idPT1uhwBo9B+UmO9t76ZoanqN YHV62yvb7lbxm8ikepG1TwWF1mIIU7ZSnR60CyCZPN49DPvXSO/b3ZPRHo6g/9DaaI0o4n /HxMcM4HCr4EBvYzYAm/BvEZmZdd7YY0HPo1g9HWcPmGrv5g1jMv7AeUsuxc01N3t41Q/P 3RrJXsuJHEdjVR2ZhFoCU29Ow2dxbfEo0VBKouOKF4IAJru7d/kyXVoBkI5bn19uyZhrQ1 ThYvVTC/wTAxEZbBOMaGVmgb3JzgEeEYIYXF3XXyxcMWJG2mnXTW/QYTarAJDhqHAEQ3uy VWaW9+rqmVmWsSl+EsMpUo5Q5lhq4lGlELqEZU01325Dqugd5dJjbsASUsSCwaKTBIK+0t DAQmQRcXGXcOUR66u24YICNQtAjGFh13Pf+yy6r8cXIpbcGun8KxeYr8dmXEOU6yZV3ev7 n2FMSlG1HeYnC1DibmDSPUgGw7o8wGaPnpz+5IU0Gfhv17L2WtdfqsFgfOcXM9t2lFIeiu 5prQUMU8c4XRHTxb7mxOue0uAQFonf08IIei/edlLA9GrvIbL+tppfNbDGkowF5z0avYNv rPNio30boqp21CQULEHhFa/LSAPK+BsIS5vEAcXt3qPdVqw5jwZIYAS3ezjZterN56XamD jwj65prJOpv+zKO2e56RzVGT47lzblDdVY5yfDaaIExvh4RqITgV3cmNpNyjF/IFW2y8eC wZufa6inEuII3Id48ear4sz1UB/03omwmCMtO6g1SzMSOlPXGeG20W8JEjjYcxzx+RDeiT 7XHDsh7aRB3ZH3S/n1UGO00ibXZjC5reLd7OcXv2C+M88SwNeJ6QukWiSeLs+x7DF0B3f7 puSeYLiJDs53HWyYr7ixjqsoDvSwZArVmkJAxVQAUaiifBgWVq1vsvLe4unvyh01TpiC3J V5VUVFcwq/dX6i/bmbE5YWSmSwAx0lt6tfYrGqWKEvKyjV4hxHfujQokqbulIDNeHty2mH replXdQw== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLiCCiWctx4K4YH9K5gujSnZAykuJGDJthTpGXxSW/GdeZZVDMDwar63Pcw2mlssG9853/3sRvO0k0gbq8KLdfVjIOGI8uGpq1zRAcwyw7f4+8xQZ36bVLRTjKQYSNNsFiVRFF9DjFnuik6JmzU140WnU32BrCa+Anr+qIPBXSfvee+YTGqLUzNL9ft12vNKLF1BvzJN6vTbS3jJeWCMCLsk/NKzVtEklIg0fD+f120k8GpDda6sIqtS5taZSEcOTD1Py0qyS+LG5nelpJMblcEf9Ad6vdexULN1GCtWFEug24WK6+m7kWSwUdeQM4d1qtTGIGKe7VaYHeB/hX1DJN" set source built-in next end config firewall ssh setting set caname "Fortinet_SSH_CA" set untrusted-caname "Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "Fortinet_SSH_RSA2048" set hostkey-dsa1024 "Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521" set hostkey-ed25519 "Fortinet_SSH_ED25519" end config switch-controller switch-profile edit "default" next end config endpoint-control profile edit "default" config forticlient-winmac-settings end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "FAPU323EV-default" config platform set type U323EV end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU321EV-default" config platform set type U321EV end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU24JEV-default" config platform set type U24JEV end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU223EV-default" config platform set type U223EV end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU221EV-default" config platform set type U221EV end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU423E-default" config platform set type U423E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU422EV-default" config platform set type U422EV end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPU421E-default" config platform set type U421E end set ap-country US config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit "FAPS223E-default" config platform set type S223E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS221E-default" config platform set type S221E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP224E-default" config platform set type 224E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223E-default" config platform set type 223E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP222E-default" config platform set type 222E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP221E-default" config platform set type 221E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP423E-default" config platform set type 423E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP421E-default" config platform set type 421E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS423E-default" config platform set type S423E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set ap-country US config radio-1 set band 802.11ac end next edit "FAPS311C-default" config platform set type S311C end set ap-country US config radio-1 set band 802.11ac end next edit "FAPS323C-default" config platform set type S323C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223C-default" config platform set type 223C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP112D-default" config platform set type 112D end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP24D-default" config platform set type 24D end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP21D-default" config platform set type 21D end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FK214B-default" config platform set type 214B end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP224D-default" config platform set type 224D end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP222C-default" config platform set type 222C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP221C-default" config platform set type 221C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP320C-default" config platform set type 320C end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP28C-default" config platform set type 28C end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP223B-default" config platform set type 223B end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP14C-default" config platform set type 14C end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP11C-default" config platform set type 11C end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP320B-default" config platform set type 320B end set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP112B-default" config platform set type 112B end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP222B-default" config platform set type 222B end set ap-country US config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11n-5G end next edit "FAP210B-default" config platform set type 210B end set ap-country US config radio-1 set band 802.11n,g-only end next edit "FAP220B-default" set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "AP-11N-default" config platform set type AP-11N end set ap-country US config radio-1 set band 802.11n,g-only end next end config wireless-controller utm-profile edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set ips-sensor "wifi-default" set application-list "wifi-default" set antivirus-profile "wifi-default" set webfilter-profile "wifi-default" next end config log memory setting set status enable end config log disk setting set status enable end config log null-device setting set status disable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "bgp" end config redistribute6 "static" end end config router multicast end