archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
devel
stable-2.14
stable-2.15
stable-2.16
stable-2.17
milestone
stable-2.12
stable-2.13
stable-2.9
stable-2.11
stable-2.3
stable-2.10
stable-2.8
stable-2.4
stable-2.5
stable-2.6
stable-2.7
temp-2.10-devel
mazer_role_loader
stable-2.2
threading_plus_forking
threading_instead_of_forking
stable-2.1
stable-1.9
stable-2.0
stable-2.0.0.1
stable-2.0-network
release1.8.4
release1.8.3
release1.8.2
release1.8.1
release1.8.0
release1.7.2
release1.7.1
release1.7.0
release1.6.8
release1.6.10
release1.6.9
release1.6.7
release1.6.6
release1.6.5
release1.6.4
release1.6.3
release1.6.2
release1.6.1
release1.6.0
release1.5.5
release1.5.4
release1.5.3
release1.5.2
release1.5.1
release1.5.0
v2.14.3
v2.13.8
v2.14.3rc1
v2.13.8rc1
v2.14.2
v2.14.2rc1
v2.14.1
v2.13.7
v2.13.7rc1
v2.14.1rc1
v2.13.6
v2.14.0
v2.14.0rc2
v2.13.6rc1
v2.14.0rc1
v2.14.0b3
v2.13.5
v2.12.10
v2.14.0b2
v2.13.5rc1
v2.12.10rc1
v2.14.0b1
v2.12.9
v2.13.4
v2.13.4rc1
v2.12.9rc1
v2.13.3
v2.12.8
v2.12.8rc1
v2.13.3rc1
v2.13.2
v2.13.2rc1
v2.12.7
v2.13.1
v2.12.7rc1
v2.13.1rc1
v2.12.6
v2.11.12
v2.12.6rc1
v2.11.12rc1
v2.13.0
v2.13.0rc1
v2.13.0b1
v2.12.5
v2.11.11
v2.12.5rc1
v2.11.11rc1
v2.13.0b0
v2.12.4
v2.11.10
v2.12.4rc1
v2.11.10rc1
v2.11.9
v2.12.3
v2.12.3rc1
v2.11.9rc1
v2.12.2
v2.11.8
v2.10.17
v2.12.2rc1
v2.11.8rc1
v2.10.17rc1
v2.12.1
v2.11.7
v2.10.16
v2.10.16rc1
v2.11.7rc1
v2.12.1rc1
v2.12.0
v2.12.0rc1
v2.12.0b2
v2.11.6
v2.10.15
v2.9.27
v2.9.27rc1
v2.10.15rc1
v2.11.6rc1
v2.12.0b1
v2.11.5
v2.10.14
v2.9.26
v2.11.5rc1
v2.10.14rc1
v2.9.26rc1
v2.11.4
v2.10.13
v2.9.25
v2.9.25rc1
v2.10.13rc1
v2.11.4rc1
v2.11.3
v2.10.12
v2.9.24
v2.11.3rc1
v2.10.12rc1
v2.9.24rc1
v2.9.23
v2.10.11
v2.11.2
v2.11.2rc1
v2.10.11rc1
v2.9.23rc1
v2.11.1
v2.10.10
v2.9.22
v2.9.22rc1
v2.10.10rc1
v2.11.1rc1
v2.10.9
v2.9.21
v2.10.9rc1
v2.9.21rc1
v2.11.0
v2.8.20
v2.9.20
v2.10.8
v2.11.0rc2
v2.8.20rc1
v2.9.20rc1
v2.10.8rc1
v2.11.0rc1
stable-2.11-branchpoint
v2.11.0b4
v2.11.0b3
v2.11.0b2
v2.10.7
v2.9.19
v2.10.7rc1
v2.9.19rc1
v2.11.0b1
v2.8.19
v2.9.18
v2.10.6
v2.8.19rc1
v2.9.18rc1
v2.10.6rc1
v2.9.17
v2.10.5
v2.10.5rc1
v2.9.17rc1
v2.8.18
v2.9.16
v2.10.4
v2.8.18rc1
v2.9.16rc1
v2.10.4rc1
v2.8.17
v2.9.15
v2.10.3
v2.8.17rc1
v2.9.15rc1
v2.10.3rc1
v2.10.2
v2.9.14
v2.8.16
v2.8.16rc1
v2.9.14rc1
v2.10.2rc1
v2.10.1
v2.10.1rc3
v2.10.1rc2
v2.8.15
v2.9.13
v2.10.0
v2.9.12
v2.8.14
v2.10.0rc4
v2.10.0rc3
v2.10.0rc2
v2.10.0rc1
v2.9.11
v2.8.13
v2.9.10
v2.10.0b1
stable-2.10-branchpoint
v2.9.9
v2.7.18
v2.8.12
v2.9.8
v2.9.7
v2.8.11
v2.7.17
pre-ansible-base
v2.8.10
v2.8.9
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.8.8
v2.7.16
v2.9.2
v2.9.1
v2.8.7
v2.7.15
v2.9.0
v2.9.0rc5
v2.8.6
v2.7.14
v2.9.0rc4
v2.6.20
v2.9.0rc3
v2.9.0rc2
v2.9.0rc1
v2.8.5
v2.9.0b1
stable-2.9-branchpoint
v2.6.19
v2.7.13
v2.8.4
v2.8.3
v2.6.18
v2.7.12
v2.8.2
v2.8.1
v2.7.11
v2.6.17
v2.8.0
v2.8.0rc3
v2.8.0rc2
v2.8.0rc1
v2.8.0b1
v2.8.0a1
v2.6.16
v2.7.10
v2.6.15
v2.7.9
v2.7.8
v2.6.14
v2.5.15
v2.7.7
v2.6.13
v2.6.12
v2.7.6
v2.5.14
v2.7.5
v2.6.11
v2.6.10
v2.7.4
v2.5.13
v2.7.3
v2.6.9
v2.5.12
v2.6.8
v2.7.2
v2.6.7
v2.5.11
v2.7.1
v2.6.6
v2.7.0
v2.6.5
v2.7.0rc4
v2.5.10
v2.7.0rc3
v2.7.0rc2
v2.5.9
v2.6.4
v2.7.0rc1
v2.7.0b1
v2.7.0.a1
v2.6.3
v2.5.8
v2.6.2
v2.5.7
v2.6.1
v2.5.6
v2.4.6.0-1
v2.6.0
v2.6.0rc5
v2.6.0rc4
v2.4.5.0-1
v2.6.0rc3
v2.5.5
v2.4.5.0-0.1.rc1
v2.6.0rc2
v2.6.0rc1
v2.5.4
v2.6.0a2
v2.6.0a1
v2.5.3
v2.5.2
v2.5.1
v2.4.4.0-1
v2.4.4.0-0.3.rc2
v2.5.0
v2.5.0rc3
v2.5.0rc2
v2.4.4-0.2.rc1
v2.3.4.0-0.1.rc1
v2.5.0rc1
v2.4.4-0.1.beta1
v2.5.0b1
v2.5.0a1
v2.4.3.0-1
v2.4.3.0-0.6.rc3
v2.4.3.0-0.5.rc2
v2.4.3.0-0.4.rc1
v2.4.3-0.3.beta3
v2.4.3.0-0.2.beta2
v2.3.3.0-1
v2.4.3.0-0.1.beta1
v2.4.2.0-1
v2.4.2.0-0.5.rc1
v2.4.2.0-0.4.beta4
v2.3.3.0-0.3.rc3
v2.4.2.0-0.3.beta3
v2.4.2.0-0.2.beta2
v2.4.2.0-0.1.beta1
v2.4.1.0-1
v2.4.1.0-0.4.rc2
v2.3.3.0-0.2.rc2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.2.beta2
v2.3.3.0-0.1.rc1
v2.4.1.0-0.1.beta1
v2.4.0.0-1
v2.4.0.0-0.5.rc5
v2.4.0.0-0.4.rc4
v2.4.0.0-0.3.rc3
v2.4.0.0-0.2.rc2
v2.4.0.0-0.1.rc1
v2.3.2.0-1
v2.3.2.0-0.5.rc5
v2.3.2.0-0.4.rc4
v2.3.2.0-0.3.rc3
v2.3.2.0-0.2.rc2
v2.3.2.0-0.1.rc1
v2.1.6.0-1
v2.3.1.0-1
v2.3.1.0-0.2.rc2
v2.2.3.0-1
v2.1.6.0-0.1.rc1
v2.3.1.0-0.1.rc1
v2.3.0.0-1
v2.3.0.0-0.6.rc6
v2.3.0.0-0.5.rc5
v2.3.0.0-0.4.rc4
v2.2.3.0-0.1.rc1
v2.3.0.0-0.3.rc3
v2.3.0.0-0.2.rc2
v2.2.2.0-1
v2.1.5.0-1
v2.3.0.0-0.1.rc1
v2.1.5.0-0.2.rc2
v2.2.2.0-0.2.rc2
v2.1.5.0-0.1.rc1
v2.2.2.0-0.1.rc1
v2.1.4.0-1
v2.2.1.0-1
v2.1.4.0-0.3.rc3
v2.2.1.0-0.5.rc5
v2.1.4.0-0.2.rc2
v2.2.1.0-0.4.rc4
v2.1.4.0-0.1.rc1
v2.2.1.0-0.3.rc3
v2.2.1.0-0.2.rc2
v2.2.1.0-0.1.rc1
v2.1.3.0-1
v2.2.0.0-1
v2.2.0.0-0.4.rc4
v2.1.3.0-0.3.rc3
v2.1.3.0-0.2.rc2
v2.2.0.0-0.3.rc3
v2.1.3.0-0.1.rc1
v2.2.0.0-0.2.rc2
v2.2.0.0-0.1.rc1
v2.1.2.0-1
v2.1.2.0-0.5.rc5
v2.1.2.0-0.4.rc4
v2.1.2.0-0.3.rc3
v2.1.2.0-0.2.rc2
v2.1.2.0-0.1.rc1
v2.1.1.0-1
v2.1.1.0-0.5.rc5
v2.1.1.0-0.4.rc4
v2.1.1.0-0.3.rc3
v2.1.1.0-0.2.rc2
v2.1.1.0-0.1.rc1
v2.1.0.0-1
v2.1.0.0-0.4.rc4
v2.1.0.0-0.2.rc2
v2.1.0.0-0.3.rc3
v2.1.0.0-0.1.rc1
v2.0.2.0-1
v1.9.6-1
v2.0.2.0-0.4.rc4
v2.0.2.0-0.3.rc3
v1.9.6-0.1.rc1
v2.0.2.0-0.2.rc2
v2.0.2.0-0.1.rc1
v1.9.5-1
v1.9.5-0.1.rc1
v2.0.1.0-1
v2.0.1.0-0.2.rc2
v2.0.1.0-0.1.rc1
v2.0.0.2-1
v2.0.0.1-1
v2.0.0.0-1
v2.0.0-0.9.rc4
v2.0.0-0.8.rc3
v2.0.0-0.7.rc2
v2.0.0-0.6.rc1
v2.0.0-0.5.beta3
v2.0.0-0.4.beta2
v1.9.4-1
v2.0.0-0.3.beta1
v1.9.4-0.3.rc3
v1.9.4-0.2.rc2
v1.9.4-0.1.rc1
v2.0.0-0.2.alpha2
v1.9.3-1
v2.0.0-0.1.alpha1
v1.9.3-0.3.rc3
v1.9.3-0.2.rc2
v1.9.3-0.1.rc1
v1.9.2-1
v1.9.2-0.2.rc2
v1_last
v1.9.2-0.1.rc1
v1.9.1-1
v1.9.1-0.4.rc4
v1.9.1-0.3.rc3
v1.9.1-0.2.rc2
v1.9.1-0.1.rc1
v1.9.0.1-1
v1.9.0-2
v1.9.0-1
v1.9.0-0.2.rc2
v1.9.0-0.1.rc1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.2
v1.7.1
v1.7.0
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
0.8
0.7.2
0.7
0.6
0.5
0.4.1
0.4
0.3.1
0.3
0.01
0.0.1
0.0.2
0.7.1
v0.9
v2.13.10
v2.13.10rc1
v2.13.11
v2.13.11rc1
v2.13.12
v2.13.12rc1
v2.13.13
v2.13.13rc1
v2.13.9
v2.13.9rc1
v2.14.10
v2.14.10rc1
v2.14.11
v2.14.11rc1
v2.14.12
v2.14.12rc1
v2.14.13
v2.14.14
v2.14.14rc1
v2.14.15
v2.14.15rc1
v2.14.16
v2.14.16rc1
v2.14.17
v2.14.17rc1
v2.14.4
v2.14.4rc1
v2.14.5
v2.14.5rc1
v2.14.6
v2.14.6rc1
v2.14.7
v2.14.7rc1
v2.14.8
v2.14.8rc1
v2.14.9
v2.14.9rc1
v2.15.0
v2.15.0b1
v2.15.0b2
v2.15.0b3
v2.15.0rc1
v2.15.0rc2
v2.15.1
v2.15.10
v2.15.10rc1
v2.15.11
v2.15.11rc1
v2.15.12
v2.15.12rc1
v2.15.1rc1
v2.15.2
v2.15.2rc1
v2.15.3
v2.15.3rc1
v2.15.4
v2.15.4rc1
v2.15.5
v2.15.5rc1
v2.15.6
v2.15.6rc1
v2.15.7
v2.15.7rc1
v2.15.8
v2.15.9
v2.15.9rc1
v2.16.0
v2.16.0b1
v2.16.0b2
v2.16.0rc1
v2.16.1
v2.16.1rc1
v2.16.2
v2.16.3
v2.16.3rc1
v2.16.4
v2.16.4rc1
v2.16.5
v2.16.5rc1
v2.16.6
v2.16.7
v2.16.7rc1
v2.16.8
v2.16.8rc1
v2.16.9
v2.16.9rc1
v2.17.0
v2.17.0b1
v2.17.0rc1
v2.17.0rc2
v2.17.1
v2.17.1rc1
v2.17.2
v2.17.2rc1
v2.17.2rc2
v2.5.0b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd2a9b16f7e'
${ noResults }
ansible/test/integration/targets/fortios_ipv4_policy/files/default_config.conf

3135 lines
86 KiB
Plaintext
Raw Blame History

config system global
set timezone 04
set admintimeout 480
set admin-server-cert "Fortinet_Firmware"
set fgd-alert-subscription advisory latest-threat
set hostname "FortiGate-VM64-HV"
end
config system accprofile
edit prof_admin
set vpngrp read-write
set updategrp read-write
set utmgrp read-write
set routegrp read-write
set wifi read-write
set sysgrp read-write
set loggrp read-write
set mntgrp read-write
set netgrp read-write
set admingrp read-write
set wanoptgrp read-write
set fwgrp read-write
set authgrp read-write
set endpoint-control-grp read-write
next
end
config system interface
edit port1
set ip 192.168.137.154 255.255.255.0
set type physical
set allowaccess ping https ssh http fgfm
set vdom "root"
next
edit port2
set type physical
set vdom "root"
next
edit port3
set type physical
set vdom "root"
next
edit port4
set type physical
set vdom "root"
next
edit port5
set type physical
set vdom "root"
next
edit port6
set type physical
set vdom "root"
next
edit port7
set type physical
set vdom "root"
next
edit port8
set type physical
set vdom "root"
next
edit ssl.root
set alias "SSL VPN interface"
set type tunnel
set vdom "root"
next
end
config system custom-language
edit en
set filename "en"
next
edit fr
set filename "fr"
next
edit sp
set filename "sp"
next
edit pg
set filename "pg"
next
edit x-sjis
set filename "x-sjis"
next
edit big5
set filename "big5"
next
edit GB2312
set filename "GB2312"
next
edit euc-kr
set filename "euc-kr"
next
end
config system admin
edit admin
set accprofile "super_admin"
set vdom "root"
config dashboard-tabs
edit 1
set name "Status"
next
end
config dashboard
edit 1
set column 1
set tab-id 1
next
edit 2
set column 1
set widget-type licinfo
set tab-id 1
next
edit 3
set column 1
set widget-type jsconsole
set tab-id 1
next
edit 4
set column 2
set widget-type sysres
set tab-id 1
next
edit 5
set column 2
set widget-type gui-features
set tab-id 1
next
edit 6
set column 2
set top-n 10
set widget-type alert
set tab-id 1
next
end
next
end
config system ha
set override disable
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system replacemsg-image
edit logo_fnet
set image-base64 ''
set image-type gif
next
edit logo_fguard_wf
set image-base64 ''
set image-type gif
next
edit logo_fw_auth
set image-base64 ''
set image-type png
next
edit logo_v2_fnet
set image-base64 ''
set image-type png
next
edit logo_v2_fguard_wf
set image-base64 ''
set image-type png
next
edit logo_v2_fguard_app
set image-base64 ''
set image-type png
next
end
config system replacemsg mail email-block
end
config system replacemsg mail email-dlp-subject
end
config system replacemsg mail email-dlp-ban
end
config system replacemsg mail email-filesize
end
config system replacemsg mail partial
end
config system replacemsg mail smtp-block
end
config system replacemsg mail smtp-filesize
end
config system replacemsg http bannedword
end
config system replacemsg http url-block
end
config system replacemsg http urlfilter-err
end
config system replacemsg http infcache-block
end
config system replacemsg http http-block
end
config system replacemsg http http-filesize
end
config system replacemsg http http-dlp-ban
end
config system replacemsg http http-archive-block
end
config system replacemsg http http-contenttypeblock
end
config system replacemsg http https-invalid-cert-block
end
config system replacemsg http http-client-block
end
config system replacemsg http http-client-filesize
end
config system replacemsg http http-client-bannedword
end
config system replacemsg http http-post-block
end
config system replacemsg http http-client-archive-block
end
config system replacemsg http switching-protocols-block
end
config system replacemsg webproxy deny
end
config system replacemsg webproxy user-limit
end
config system replacemsg webproxy auth-challenge
end
config system replacemsg webproxy auth-login-fail
end
config system replacemsg webproxy auth-authorization-fail
end
config system replacemsg webproxy http-err
end
config system replacemsg webproxy auth-ip-blackout
end
config system replacemsg ftp ftp-dl-blocked
end
config system replacemsg ftp ftp-dl-filesize
end
config system replacemsg ftp ftp-dl-dlp-ban
end
config system replacemsg ftp ftp-explicit-banner
end
config system replacemsg ftp ftp-dl-archive-block
end
config system replacemsg nntp nntp-dl-blocked
end
config system replacemsg nntp nntp-dl-filesize
end
config system replacemsg nntp nntp-dlp-subject
end
config system replacemsg nntp nntp-dlp-ban
end
config system replacemsg fortiguard-wf ftgd-block
end
config system replacemsg fortiguard-wf http-err
end
config system replacemsg fortiguard-wf ftgd-ovrd
end
config system replacemsg fortiguard-wf ftgd-quota
end
config system replacemsg fortiguard-wf ftgd-warning
end
config system replacemsg spam ipblocklist
end
config system replacemsg spam smtp-spam-dnsbl
end
config system replacemsg spam smtp-spam-feip
end
config system replacemsg spam smtp-spam-helo
end
config system replacemsg spam smtp-spam-emailblack
end
config system replacemsg spam smtp-spam-mimeheader
end
config system replacemsg spam reversedns
end
config system replacemsg spam smtp-spam-bannedword
end
config system replacemsg spam smtp-spam-ase
end
config system replacemsg spam submit
end
config system replacemsg im im-file-xfer-block
end
config system replacemsg im im-file-xfer-name
end
config system replacemsg im im-file-xfer-infected
end
config system replacemsg im im-file-xfer-size
end
config system replacemsg im im-dlp
end
config system replacemsg im im-dlp-ban
end
config system replacemsg im im-voice-chat-block
end
config system replacemsg im im-video-chat-block
end
config system replacemsg im im-photo-share-block
end
config system replacemsg im im-long-chat-block
end
config system replacemsg alertmail alertmail-virus
end
config system replacemsg alertmail alertmail-block
end
config system replacemsg alertmail alertmail-nids-event
end
config system replacemsg alertmail alertmail-crit-event
end
config system replacemsg alertmail alertmail-disk-full
end
config system replacemsg admin pre_admin-disclaimer-text
end
config system replacemsg admin post_admin-disclaimer-text
end
config system replacemsg auth auth-disclaimer-page-1
end
config system replacemsg auth auth-disclaimer-page-2
end
config system replacemsg auth auth-disclaimer-page-3
end
config system replacemsg auth auth-reject-page
end
config system replacemsg auth auth-login-page
end
config system replacemsg auth auth-login-failed-page
end
config system replacemsg auth auth-token-login-page
end
config system replacemsg auth auth-token-login-failed-page
end
config system replacemsg auth auth-success-msg
end
config system replacemsg auth auth-challenge-page
end
config system replacemsg auth auth-keepalive-page
end
config system replacemsg auth auth-portal-page
end
config system replacemsg auth auth-password-page
end
config system replacemsg auth auth-fortitoken-page
end
config system replacemsg auth auth-next-fortitoken-page
end
config system replacemsg auth auth-email-token-page
end
config system replacemsg auth auth-sms-token-page
end
config system replacemsg auth auth-email-harvesting-page
end
config system replacemsg auth auth-email-failed-page
end
config system replacemsg auth auth-cert-passwd-page
end
config system replacemsg auth auth-guest-print-page
end
config system replacemsg auth auth-guest-email-page
end
config system replacemsg auth auth-success-page
end
config system replacemsg auth auth-block-notification-page
end
config system replacemsg sslvpn sslvpn-login
end
config system replacemsg sslvpn sslvpn-limit
end
config system replacemsg sslvpn hostcheck-error
end
config system replacemsg ec endpt-download-portal
end
config system replacemsg ec endpt-download-portal-mac
end
config system replacemsg ec endpt-download-portal-ios
end
config system replacemsg ec endpt-download-portal-aos
end
config system replacemsg ec endpt-download-portal-other
end
config system replacemsg device-detection-portal device-detection-failure
end
config system replacemsg nac-quar nac-quar-virus
end
config system replacemsg nac-quar nac-quar-dos
end
config system replacemsg nac-quar nac-quar-ips
end
config system replacemsg nac-quar nac-quar-dlp
end
config system replacemsg nac-quar nac-quar-admin
end
config system replacemsg traffic-quota per-ip-shaper-block
end
config system replacemsg utm virus-html
end
config system replacemsg utm virus-text
end
config system replacemsg utm dlp-html
end
config system replacemsg utm dlp-text
end
config system replacemsg utm appblk-html
end
config vpn certificate ca
end
config vpn certificate local
edit Fortinet_CA_SSLProxy
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g==
set certificate "-----BEGIN CERTIFICATE-----
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
next
edit Fortinet_SSLProxy
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA==
set certificate "-----BEGIN CERTIFICATE-----
next
end
config user device-category
edit ipad
next
edit iphone
next
edit gaming-console
next
edit blackberry-phone
next
edit blackberry-playbook
next
edit linux-pc
next
edit mac
next
edit windows-pc
next
edit android-phone
next
edit android-tablet
next
edit media-streaming
next
edit windows-phone
next
edit windows-tablet
next
edit fortinet-device
next
edit ip-phone
next
edit router-nat-device
next
edit printer
next
edit other-network-device
next
edit collected-emails
next
edit all
next
end
config system session-sync
end
config system fortiguard
set webfilter-sdns-server-ip "208.91.112.220"
end
config ips global
set default-app-cat-mask 18446744073474670591
end
config ips dbinfo
set version 1
end
config gui console
end
config system session-helper
edit 1
set protocol 6
set name pptp
set port 1723
next
edit 2
set protocol 6
set name h323
set port 1720
next
edit 3
set protocol 17
set name ras
set port 1719
next
edit 4
set protocol 6
set name tns
set port 1521
next
edit 5
set protocol 17
set name tftp
set port 69
next
edit 6
set protocol 6
set name rtsp
set port 554
next
edit 7
set protocol 6
set name rtsp
set port 7070
next
edit 8
set protocol 6
set name rtsp
set port 8554
next
edit 9
set protocol 6
set name ftp
set port 21
next
edit 10
set protocol 6
set name mms
set port 1863
next
edit 11
set protocol 6
set name pmap
set port 111
next
edit 12
set protocol 17
set name pmap
set port 111
next
edit 13
set protocol 17
set name sip
set port 5060
next
edit 14
set protocol 17
set name dns-udp
set port 53
next
edit 15
set protocol 6
set name rsh
set port 514
next
edit 16
set protocol 6
set name rsh
set port 512
next
edit 17
set protocol 6
set name dcerpc
set port 135
next
edit 18
set protocol 17
set name dcerpc
set port 135
next
edit 19
set protocol 17
set name mgcp
set port 2427
next
edit 20
set protocol 17
set name mgcp
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
set syncinterval 60
end
config system settings
end
config firewall address
edit SSLVPN_TUNNEL_ADDR1
set type iprange
set end-ip 10.212.134.210
set start-ip 10.212.134.200
next
edit all
next
edit none
set subnet 0.0.0.0 255.255.255.255
next
edit apple
set type fqdn
set fqdn "*.apple.com"
next
edit dropbox.com
set type fqdn
set fqdn "*.dropbox.com"
next
edit Gotomeeting
set type fqdn
set fqdn "*.gotomeeting.com"
next
edit icloud
set type fqdn
set fqdn "*.icloud.com"
next
edit itunes
set type fqdn
set fqdn "*itunes.apple.com"
next
edit android
set type fqdn
set fqdn "*.android.com"
next
edit skype
set type fqdn
set fqdn "*.messenger.live.com"
next
edit swscan.apple.com
set type fqdn
set fqdn "swscan.apple.com"
next
edit update.microsoft.com
set type fqdn
set fqdn "update.microsoft.com"
next
edit appstore
set type fqdn
set fqdn "*.appstore.com"
next
edit eease
set type fqdn
set fqdn "*.eease.com"
next
edit google-drive
set type fqdn
set fqdn "*drive.google.com"
next
edit google-play
set type fqdn
set fqdn "play.google.com"
next
edit google-play2
set type fqdn
set fqdn "*.ggpht.com"
next
edit google-play3
set type fqdn
set fqdn "*.books.google.com"
next
edit microsoft
set type fqdn
set fqdn "*.microsoft.com"
next
edit adobe
set type fqdn
set fqdn "*.adobe.com"
next
edit Adobe Login
set type fqdn
set fqdn "*.adobelogin.com"
next
edit fortinet
set type fqdn
set fqdn "*.fortinet.com"
next
edit googleapis.com
set type fqdn
set fqdn "*.googleapis.com"
next
edit citrix
set type fqdn
set fqdn "*.citrixonline.com"
next
edit verisign
set type fqdn
set fqdn "*.verisign.com"
next
edit Windows update 2
set type fqdn
set fqdn "*.windowsupdate.com"
next
edit *.live.com
set type fqdn
set fqdn "*.live.com"
next
edit auth.gfx.ms
set type fqdn
set fqdn "auth.gfx.ms"
next
edit autoupdate.opera.com
set type fqdn
set fqdn "autoupdate.opera.com"
next
edit softwareupdate.vmware.com
set type fqdn
set fqdn "softwareupdate.vmware.com"
next
edit firefox update server
set type fqdn
set fqdn "aus*.mozilla.org"
next
end
config firewall multicast-address
edit all
set end-ip 239.255.255.255
set start-ip 224.0.0.0
next
edit all_hosts
set end-ip 224.0.0.1
set start-ip 224.0.0.1
next
edit all_routers
set end-ip 224.0.0.2
set start-ip 224.0.0.2
next
edit Bonjour
set end-ip 224.0.0.251
set start-ip 224.0.0.251
next
edit EIGRP
set end-ip 224.0.0.10
set start-ip 224.0.0.10
next
edit OSPF
set end-ip 224.0.0.6
set start-ip 224.0.0.5
next
end
config firewall address6
edit SSLVPN_TUNNEL_IPv6_ADDR1
set ip6 fdff:ffff::/120
next
edit all
next
edit none
set ip6 ::/128
next
end
config firewall service category
edit General
set comment "General services."
next
edit Web Access
set comment "Web access."
next
edit File Access
set comment "File access."
next
edit Email
set comment "Email services."
next
edit Network Services
set comment "Network services."
next
edit Authentication
set comment "Authentication service."
next
edit Remote Access
set comment "Remote access."
next
edit Tunneling
set comment "Tunneling service."
next
edit VoIP, Messaging & Other Applications
set comment "VoIP, messaging, and other applications."
next
edit Web Proxy
set comment "Explicit web proxy."
next
end
config firewall service custom
edit ALL
set category "General"
set protocol IP
next
edit ALL_TCP
set category "General"
set tcp-portrange 1-65535
next
edit ALL_UDP
set category "General"
set udp-portrange 1-65535
next
edit ALL_ICMP
set category "General"
set protocol ICMP
next
edit ALL_ICMP6
set category "General"
set protocol ICMP6
next
edit GRE
set category "Tunneling"
set protocol-number 47
set protocol IP
next
edit AH
set category "Tunneling"
set protocol-number 51
set protocol IP
next
edit ESP
set category "Tunneling"
set protocol-number 50
set protocol IP
next
edit AOL
set visibility disable
set tcp-portrange 5190-5194
next
edit BGP
set category "Network Services"
set tcp-portrange 179
next
edit DHCP
set category "Network Services"
set udp-portrange 67-68
next
edit DNS
set category "Network Services"
set udp-portrange 53
set tcp-portrange 53
next
edit FINGER
set visibility disable
set tcp-portrange 79
next
edit FTP
set category "File Access"
set tcp-portrange 21
next
edit FTP_GET
set category "File Access"
set tcp-portrange 21
next
edit FTP_PUT
set category "File Access"
set tcp-portrange 21
next
edit GOPHER
set visibility disable
set tcp-portrange 70
next
edit H323
set category "VoIP, Messaging & Other Applications"
set udp-portrange 1719
set tcp-portrange 1720 1503
next
edit HTTP
set category "Web Access"
set tcp-portrange 80
next
edit HTTPS
set category "Web Access"
set tcp-portrange 443
next
edit IKE
set category "Tunneling"
set udp-portrange 500 4500
next
edit IMAP
set category "Email"
set tcp-portrange 143
next
edit IMAPS
set category "Email"
set tcp-portrange 993
next
edit Internet-Locator-Service
set visibility disable
set tcp-portrange 389
next
edit IRC
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit L2TP
set category "Tunneling"
set udp-portrange 1701
set tcp-portrange 1701
next
edit LDAP
set category "Authentication"
set tcp-portrange 389
next
edit NetMeeting
set visibility disable
set tcp-portrange 1720
next
edit NFS
set category "File Access"
set udp-portrange 111 2049
set tcp-portrange 111 2049
next
edit NNTP
set visibility disable
set tcp-portrange 119
next
edit NTP
set category "Network Services"
set udp-portrange 123
set tcp-portrange 123
next
edit OSPF
set category "Network Services"
set protocol-number 89
set protocol IP
next
edit PC-Anywhere
set category "Remote Access"
set udp-portrange 5632
set tcp-portrange 5631
next
edit PING
set category "Network Services"
set protocol ICMP
set icmptype 8
next
edit TIMESTAMP
set protocol ICMP
set visibility disable
set icmptype 13
next
edit INFO_REQUEST
set protocol ICMP
set visibility disable
set icmptype 15
next
edit INFO_ADDRESS
set protocol ICMP
set visibility disable
set icmptype 17
next
edit ONC-RPC
set category "Remote Access"
set udp-portrange 111
set tcp-portrange 111
next
edit DCE-RPC
set category "Remote Access"
set udp-portrange 135
set tcp-portrange 135
next
edit POP3
set category "Email"
set tcp-portrange 110
next
edit POP3S
set category "Email"
set tcp-portrange 995
next
edit PPTP
set category "Tunneling"
set tcp-portrange 1723
next
edit QUAKE
set udp-portrange 26000 27000 27910 27960
set visibility disable
next
edit RAUDIO
set udp-portrange 7070
set visibility disable
next
edit REXEC
set visibility disable
set tcp-portrange 512
next
edit RIP
set category "Network Services"
set udp-portrange 520
next
edit RLOGIN
set visibility disable
set tcp-portrange 513:512-1023
next
edit RSH
set visibility disable
set tcp-portrange 514:512-1023
next
edit SCCP
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit SIP
set category "VoIP, Messaging & Other Applications"
set udp-portrange 5060
set tcp-portrange 5060
next
edit SIP-MSNmessenger
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit SAMBA
set category "File Access"
set tcp-portrange 139
next
edit SMTP
set category "Email"
set tcp-portrange 25
next
edit SMTPS
set category "Email"
set tcp-portrange 465
next
edit SNMP
set category "Network Services"
set udp-portrange 161-162
set tcp-portrange 161-162
next
edit SSH
set category "Remote Access"
set tcp-portrange 22
next
edit SYSLOG
set category "Network Services"
set udp-portrange 514
next
edit TALK
set udp-portrange 517-518
set visibility disable
next
edit TELNET
set category "Remote Access"
set tcp-portrange 23
next
edit TFTP
set category "File Access"
set udp-portrange 69
next
edit MGCP
set udp-portrange 2427 2727
set visibility disable
next
edit UUCP
set visibility disable
set tcp-portrange 540
next
edit VDOLIVE
set visibility disable
set tcp-portrange 7000-7010
next
edit WAIS
set visibility disable
set tcp-portrange 210
next
edit WINFRAME
set visibility disable
set tcp-portrange 1494 2598
next
edit X-WINDOWS
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit PING6
set protocol ICMP6
set visibility disable
set icmptype 128
next
edit MS-SQL
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit MYSQL
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit RDP
set category "Remote Access"
set tcp-portrange 3389
next
edit VNC
set category "Remote Access"
set tcp-portrange 5900
next
edit DHCP6
set category "Network Services"
set udp-portrange 546 547
next
edit SQUID
set category "Tunneling"
set tcp-portrange 3128
next
edit SOCKS
set category "Tunneling"
set udp-portrange 1080
set tcp-portrange 1080
next
edit WINS
set category "Remote Access"
set udp-portrange 1512
set tcp-portrange 1512
next
edit RADIUS
set category "Authentication"
set udp-portrange 1812 1813
next
edit RADIUS-OLD
set udp-portrange 1645 1646
set visibility disable
next
edit CVSPSERVER
set udp-portrange 2401
set visibility disable
set tcp-portrange 2401
next
edit AFS3
set category "File Access"
set udp-portrange 7000-7009
set tcp-portrange 7000-7009
next
edit TRACEROUTE
set category "Network Services"
set udp-portrange 33434-33535
next
edit RTSP
set category "VoIP, Messaging & Other Applications"
set udp-portrange 554
set tcp-portrange 554 7070 8554
next
edit MMS
set udp-portrange 1024-5000
set visibility disable
set tcp-portrange 1755
next
edit KERBEROS
set category "Authentication"
set udp-portrange 88
set tcp-portrange 88
next
edit LDAP_UDP
set category "Authentication"
set udp-portrange 389
next
edit SMB
set category "File Access"
set tcp-portrange 445
next
edit NONE
set visibility disable
set tcp-portrange 0
next
edit webproxy
set category "Web Proxy"
set explicit-proxy enable
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
end
config firewall service group
edit Email Access
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit Web Access
set member "DNS" "HTTP" "HTTPS"
next
edit Windows AD
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit Exchange Server
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config webfilter ftgd-local-cat
edit custom1
set id 140
next
edit custom2
set id 141
next
end
config ips sensor
edit default
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit all_default
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit all_default_pass
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit protect_http_server
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set protocol HTTP
set location server
next
end
next
edit protect_email_server
set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set protocol SMTP POP3 IMAP
set location server
next
end
next
edit protect_client
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit high_security
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
config entries
edit 1
set status enable
set action block
set severity medium high critical
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit high-priority
set per-policy enable
set maximum-bandwidth 1048576
next
edit medium-priority
set priority medium
set per-policy enable
set maximum-bandwidth 1048576
next
edit low-priority
set priority low
set per-policy enable
set maximum-bandwidth 1048576
next
edit guarantee-100kbps
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit shared-1M-pipe
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit default
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
edit block-p2p
config entries
edit 1
set category 2
next
end
next
edit monitor-p2p-and-media
config entries
edit 1
set category 2
set action pass
next
edit 2
set category 5
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit *.bat
next
edit *.com
next
edit *.dll
next
edit *.doc
next
edit *.exe
next
edit *.gz
next
edit *.hta
next
edit *.ppt
next
edit *.rar
next
edit *.scr
next
edit *.tar
next
edit *.tgz
next
edit *.vb?
next
edit *.wps
next
edit *.xl?
next
edit *.zip
next
edit *.pif
next
edit *.cpl
next
end
next
edit 2
set name "all_executables"
config entries
edit bat
set file-type bat
set filter-type type
next
edit exe
set file-type exe
set filter-type type
next
edit elf
set file-type elf
set filter-type type
next
edit hta
set file-type hta
set filter-type type
next
end
next
end
config dlp fp-sensitivity
edit Private
next
edit Critical
next
edit Warning
next
end
config dlp sensor
edit default
set comment "Log a summary of email and web traffic."
set summary-proto smtp pop3 imap http-get http-post
next
end
config webfilter content
end
config webfilter urlfilter
end
config spamfilter bword
end
config spamfilter bwl
end
config spamfilter mheader
end
config spamfilter dnsbl
end
config spamfilter iptrust
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
edit 3
set category 19
set level critical
next
end
end
config icap profile
edit default
next
end
config user local
edit guest
set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g==
set type password
next
end
config user group
edit SSO_Guest_Users
next
edit Guest-group
set member "guest"
next
end
config user device-group
edit Mobile Devices
set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
set comment "Phones, tablets, etc."
next
edit Network Devices
set member "fortinet-device" "other-network-device" "router-nat-device"
set comment "Routers, firewalls, gateways, etc."
next
edit Others
set member "gaming-console" "media-streaming"
set comment "Other devices."
next
end
config vpn ssl web host-check-software
edit FortiClient-AV
set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
next
edit FortiClient-FW
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
set type fw
next
edit FortiClient-AV-Vista-Win7
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit FortiClient-FW-Vista-Win7
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
set type fw
next
edit AVG-Internet-Security-AV
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit AVG-Internet-Security-FW
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
set type fw
next
edit AVG-Internet-Security-AV-Vista-Win7
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit AVG-Internet-Security-FW-Vista-Win7
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
set type fw
next
edit CA-Anti-Virus
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit CA-Internet-Security-AV
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit CA-Internet-Security-FW
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
set type fw
next
edit CA-Internet-Security-AV-Vista-Win7
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit CA-Internet-Security-FW-Vista-Win7
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
set type fw
next
edit CA-Personal-Firewall
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
set type fw
next
edit F-Secure-Internet-Security-AV
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit F-Secure-Internet-Security-FW
set guid "D4747503-0346-49EB-9262-997542F79BF4"
set type fw
next
edit F-Secure-Internet-Security-AV-Vista-Win7
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit F-Secure-Internet-Security-FW-Vista-Win7
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
set type fw
next
edit Kaspersky-AV
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit Kaspersky-FW
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
set type fw
next
edit Kaspersky-AV-Vista-Win7
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit Kaspersky-FW-Vista-Win7
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
set type fw
next
edit McAfee-Internet-Security-Suite-AV
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit McAfee-Internet-Security-Suite-FW
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
set type fw
next
edit McAfee-Internet-Security-Suite-AV-Vista-Win7
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit McAfee-Internet-Security-Suite-FW-Vista-Win7
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
set type fw
next
edit McAfee-Virus-Scan-Enterprise
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit Norton-360-2.0-AV
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit Norton-360-2.0-FW
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
set type fw
next
edit Norton-360-3.0-AV
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit Norton-360-3.0-FW
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit Norton-Internet-Security-AV
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit Norton-Internet-Security-FW
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
set type fw
next
edit Norton-Internet-Security-AV-Vista-Win7
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit Norton-Internet-Security-FW-Vista-Win7
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit Symantec-Endpoint-Protection-AV
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit Symantec-Endpoint-Protection-FW
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
set type fw
next
edit Symantec-Endpoint-Protection-AV-Vista-Win7
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit Symantec-Endpoint-Protection-FW-Vista-Win7
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
set type fw
next
edit Panda-Antivirus+Firewall-2008-AV
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit Panda-Antivirus+Firewall-2008-FW
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit Panda-Internet-Security-AV
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit Panda-Internet-Security-2006~2007-FW
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
set type fw
next
edit Panda-Internet-Security-2008~2009-FW
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
set type fw
next
edit Sophos-Anti-Virus
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit Sophos-Enpoint-Secuirty-and-Control-FW
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
set type fw
next
edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
set type fw
next
edit Trend-Micro-AV
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit Trend-Micro-FW
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
set type fw
next
edit Trend-Micro-AV-Vista-Win7
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit Trend-Micro-FW-Vista-Win7
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
set type fw
next
edit ZoneAlarm-AV
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit ZoneAlarm-FW
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
set type fw
next
edit ZoneAlarm-AV-Vista-Win7
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit ZoneAlarm-FW-Vista-Win7
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
set type fw
next
edit ESET-Smart-Security-AV
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit ESET-Smart-Security-FW
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
set type fw
next
end
config vpn ssl web portal
edit full-access
set web-mode enable
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set page-layout double-column
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-tunnel-mode enable
set tunnel-mode enable
next
edit web-access
set web-mode enable
next
edit tunnel-access
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-tunnel-mode enable
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set tunnel-mode enable
next
end
config vpn ssl settings
set servercert "self-sign"
set port 443
end
config voip profile
edit default
set comment "Default VoIP profile."
next
edit strict
config sip
set malformed-header-max-forwards discard
set malformed-header-rack discard
set malformed-header-allow discard
set malformed-header-call-id discard
set malformed-header-sdp-v discard
set malformed-header-record-route discard
set malformed-header-contact discard
set malformed-header-sdp-s discard
set malformed-header-content-length discard
set malformed-header-sdp-z discard
set malformed-header-from discard
set malformed-header-route discard
set malformed-header-sdp-b discard
set malformed-header-sdp-c discard
set malformed-header-sdp-a discard
set malformed-header-sdp-o discard
set malformed-header-sdp-m discard
set malformed-header-sdp-k discard
set malformed-header-sdp-i discard
set malformed-header-to discard
set malformed-header-via discard
set malformed-header-sdp-t discard
set malformed-request-line discard
set malformed-header-sdp-r discard
set malformed-header-content-type discard
set malformed-header-expires discard
set malformed-header-rseq discard
set malformed-header-p-asserted-identity discard
set malformed-header-cseq discard
end
next
end
config webfilter profile
edit default
set comment "Default web filtering."
set post-action comfort
config ftgd-wf
config filters
edit 1
set category 2
set action warning
next
edit 2
set category 7
set action warning
next
edit 3
set category 8
set action warning
next
edit 4
set category 9
set action warning
next
edit 5
set category 11
set action warning
next
edit 6
set category 12
set action warning
next
edit 7
set category 13
set action warning
next
edit 8
set category 14
set action warning
next
edit 9
set category 15
set action warning
next
edit 10
set category 16
set action warning
next
edit 11
set action warning
next
edit 12
set category 57
set action warning
next
edit 13
set category 63
set action warning
next
edit 14
set category 64
set action warning
next
edit 15
set category 65
set action warning
next
edit 16
set category 66
set action warning
next
edit 17
set category 67
set action warning
next
edit 18
set category 26
set action block
next
end
end
next
edit web-filter-flow
set comment "Flow-based web filter profile."
set inspection-mode flow-based
set post-action comfort
config ftgd-wf
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
end
end
next
edit monitor-all
set comment "Monitor and log all visited URLs, proxy-based."
set web-content-log disable
set web-filter-applet-log disable
set web-ftgd-err-log disable
set web-filter-jscript-log disable
set web-filter-activex-log disable
set web-filter-referer-log disable
set web-filter-js-log disable
set web-invalid-domain-log disable
set web-ftgd-quota-usage disable
set web-filter-command-block-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-cookie-log disable
set log-all-url enable
set web-filter-cookie-removal-log disable
set web-url-log disable
config ftgd-wf
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
end
end
next
edit flow-monitor-all
set comment "Monitor and log all visited URLs, flow-based."
set web-content-log disable
set web-filter-applet-log disable
set web-ftgd-err-log disable
set web-filter-command-block-log disable
set web-filter-jscript-log disable
set web-filter-activex-log disable
set web-filter-referer-log disable
set web-filter-js-log disable
set web-invalid-domain-log disable
set web-ftgd-quota-usage disable
set inspection-mode flow-based
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-cookie-log disable
set log-all-url enable
set web-filter-cookie-removal-log disable
set web-url-log disable
config ftgd-wf
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
end
end
next
edit block-security-risks
set comment "Block security risks."
config ftgd-wf
set options rate-server-ip
config filters
edit 1
set category 26
set action block
next
edit 2
set category 61
set action block
next
edit 3
set category 86
set action block
next
edit 4
set action warning
next
end
end
next
end
config webfilter override
end
config webfilter override-user
end
config webfilter ftgd-warning
end
config webfilter ftgd-local-rating
end
config webfilter search-engine
edit google
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch-str "&safe=active"
set hostname ".*\\.google\\..*"
set safesearch url
next
edit yahoo
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch-str "&vm=r"
set hostname ".*\\.yahoo\\..*"
set safesearch url
next
edit bing
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch-str "&adlt=strict"
set hostname "www\\.bing\\.com"
set safesearch url
next
edit yandex
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch-str "&family=yes"
set hostname "yandex\\..*"
set safesearch url
next
edit youtube
set safesearch header
set hostname ".*\\.youtube\\..*"
next
edit baidu
set url "^\\/s?\\?"
set query "wd="
set hostname ".*\\.baidu\\.com"
next
edit baidu2
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
set hostname ".*\\.baidu\\.com"
next
edit baidu3
set url "^\\/f\\?"
set query "kw="
set hostname "tieba\\.baidu\\.com"
next
end
config antivirus profile
edit default
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
next
end
config spamfilter profile
edit default
set comment "Malware and phishing URL filtering."
next
end
config wanopt settings
set host-id "default-id"
end
config wanopt profile
edit default
set comments "Default WANopt profile."
next
end
config firewall schedule recurring
edit always
set day sunday monday tuesday wednesday thursday friday saturday
next
edit none
set day none
next
end
config firewall profile-protocol-options
edit default
set comment "All default services."
config http
set ports 80
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config dns
set ports 53
end
next
end
config firewall ssl-ssh-profile
edit deep-inspection
set comment "Deep inspection."
config https
set ports 443
end
config ftps
set ports 990
end
config imaps
set ports 993
end
config pop3s
set ports 995
end
config smtps
set ports 465
end
config ssh
set ports 22
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set fortiguard-category 87
next
edit 4
set type address
set address "apple"
next
edit 5
set type address
set address "appstore"
next
edit 6
set type address
set address "dropbox.com"
next
edit 7
set type address
set address "Gotomeeting"
next
edit 8
set type address
set address "icloud"
next
edit 9
set type address
set address "itunes"
next
edit 10
set type address
set address "android"
next
edit 11
set type address
set address "skype"
next
edit 12
set type address
set address "swscan.apple.com"
next
edit 13
set type address
set address "update.microsoft.com"
next
edit 14
set type address
set address "eease"
next
edit 15
set type address
set address "google-drive"
next
edit 16
set type address
set address "google-play"
next
edit 17
set type address
set address "google-play2"
next
edit 18
set type address
set address "google-play3"
next
edit 19
set type address
set address "microsoft"
next
edit 20
set type address
set address "adobe"
next
edit 21
set type address
set address "Adobe Login"
next
edit 22
set type address
set address "fortinet"
next
edit 23
set type address
set address "googleapis.com"
next
edit 24
set type address
set address "citrix"
next
edit 25
set type address
set address "verisign"
next
edit 26
set type address
set address "Windows update 2"
next
edit 27
set type address
set address "*.live.com"
next
edit 28
set type address
set address "auth.gfx.ms"
next
edit 29
set type address
set address "autoupdate.opera.com"
next
edit 30
set type address
set address "softwareupdate.vmware.com"
next
edit 31
set type address
set address "firefox update server"
next
end
next
edit certificate-inspection
set comment "SSL handshake inspection."
config https
set status certificate-inspection
set ports 443
end
config ftps
set status disable
set ports 990
end
config imaps
set status disable
set ports 993
end
config pop3s
set status disable
set ports 995
end
config smtps
set status disable
set ports 465
end
config ssh
set status disable
set ports 22
end
next
end
config firewall identity-based-route
end
config firewall policy
end
config firewall local-in-policy
end
config firewall policy6
end
config firewall local-in-policy6
end
config firewall ttl-policy
end
config firewall policy64
end
config firewall policy46
end
config firewall explicit-proxy-policy
end
config firewall interface-policy
end
config firewall interface-policy6
end
config firewall DoS-policy
end
config firewall DoS-policy6
end
config firewall sniffer
end
config endpoint-control profile
edit default
config forticlient-winmac-settings
set forticlient-wf-profile "default"
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
next
end
config wireless-controller wids-profile
edit default
set comment "Default WIDS profile."
set deauth-broadcast enable
set assoc-frame-flood enable
set invalid-mac-oui enable
set ap-scan enable
set eapol-logoff-flood enable
set long-duration-attack enable
set eapol-pre-fail-flood enable
set eapol-succ-flood enable
set eapol-start-flood enable
set wireless-bridge enable
set eapol-pre-succ-flood enable
set auth-frame-flood enable
set asleap-attack enable
set eapol-fail-flood enable
set spoofed-deauth enable
set weak-wep-iv enable
set null-ssid-probe-resp enable
next
edit default-wids-apscan-enabled
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit FAP112B-default
set ap-country US
config platform
set type 112B
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP220B-default
set ap-country US
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit FAP223B-default
set ap-country US
config platform
set type 223B
end
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit FAP210B-default
set ap-country US
config platform
set type 210B
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP222B-default
set ap-country US
config platform
set type 222B
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11n-5G
end
next
edit FAP320B-default
set ap-country US
config platform
set type 320B
end
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit FAP11C-default
set ap-country US
config platform
set type 11C
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP14C-default
set ap-country US
config platform
set type 14C
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP28C-default
set ap-country US
config platform
set type 28C
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP320C-default
set ap-country US
config platform
set type 320C
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit FAP221C-default
set ap-country US
config platform
set type 221C
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit FAP25D-default
set ap-country US
config platform
set type 25D
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP222C-default
set ap-country US
config platform
set type 222C
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit FAP224D-default
set ap-country US
config platform
set type 224D
end
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n
end
next
edit FK214B-default
set ap-country US
config platform
set type 214B
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP21D-default
set ap-country US
config platform
set type 21D
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP24D-default
set ap-country US
config platform
set type 24D
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP112D-default
set ap-country US
config platform
set type 112D
end
config radio-1
set band 802.11n
end
config radio-2
set mode disabled
end
next
edit FAP223C-default
set ap-country US
config platform
set type 223C
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
edit FAP321C-default
set ap-country US
config platform
set type 321C
end
config radio-1
set band 802.11n
end
config radio-2
set band 802.11ac
end
next
end
config log memory setting
set status enable
end
config router rip
config redistribute connected
end
config redistribute static
end
config redistribute ospf
end
config redistribute bgp
end
config redistribute isis
end
end
config router ripng
config redistribute connected
end
config redistribute static
end
config redistribute ospf
end
config redistribute bgp
end
config redistribute isis
end
end
config router ospf
config redistribute connected
end
config redistribute static
end
config redistribute rip
end
config redistribute bgp
end
config redistribute isis
end
end
config router ospf6
config redistribute connected
end
config redistribute static
end
config redistribute rip
end
config redistribute bgp
end
config redistribute isis
end
end
config router bgp
config redistribute connected
end
config redistribute rip
end
config redistribute ospf
end
config redistribute static
end
config redistribute isis
end
config redistribute6 connected
end
config redistribute6 rip
end
config redistribute6 ospf
end
config redistribute6 static
end
config redistribute6 isis
end
end
config router isis
config redistribute connected
end
config redistribute rip
end
config redistribute ospf
end
config redistribute bgp
end
config redistribute static
end
end
config router multicast
end
Reference in New Issue View Git Blame Copy Permalink