FortiGate 60Eの初期コンフィグ(v6.0.6)

ファイアウォール(UTM)

FortiGate 60Eの初期コンフィグを掲載します。
CLIでの設定などの際に参考にされることを想定しています。

前提

  • 対象機器
    • 型番:FortiGate 60E
    • ファームウェアバージョン: v6.0.6 build0272 (GA)
  • 設定は基本的に工場出荷時の状態
    • 言語設定は日本語にした状態です(デフォルトは英語)
    • ホスト名は「FGT」にした状態です(デフォルトは機器のシリアル番号)
    • 「set output standard」は設定した状態です
  • 掲載しているのは[show]コマンドの結果です。
    full-configではないですがそれでもかなり長いため、必要な部分を検索して探すなどの利用方法を想定しています。

初期コンフィグ

FGT # show
#config-version=FGT60E-6.0.6-FW-build0272-190716:opmode=1:vdom=0:user=admin
#conf_file_ver=183579787175666
#buildno=0272
#global_vdom=1
config system global
    set alias "[シリアル番号]"
    set hostname "FGT"
    set language japanese
    set switch-controller enable
    set timezone 04
end
config system accprofile
    edit "prof_admin"
        set secfabgrp read-write
        set ftviewgrp read-write
        set authgrp read-write
        set sysgrp read-write
        set netgrp read-write
        set loggrp read-write
        set fwgrp read-write
        set vpngrp read-write
        set utmgrp read-write
        set wifi read-write
    next
end
config system interface
    edit "wan1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 1
    next
    edit "wan2"
        set vdom "root"
        set mode dhcp
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 2
    next
    edit "dmz"
        set vdom "root"
        set ip 10.10.10.1 255.255.255.0
        set allowaccess ping https http fgfm capwap
        set type physical
        set role dmz
        set snmp-index 3
    next
    edit "modem"
        set vdom "root"
        set mode pppoe
        set type physical
        set snmp-index 4
    next
    edit "ssl.root"
        set vdom "root"
        set type tunnel
        set alias "SSL VPN interface"
        set snmp-index 5
    next
    edit "internal"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0
        set allowaccess ping https ssh http fgfm capwap
        set type hard-switch
        set stp enable
        set role lan
        set snmp-index 6
    next
end
config system physical-switch
    edit "sw0"
        set age-val 0
    next
end
config system virtual-switch
    edit "internal"
        set physical-switch "sw0"
        config port
            edit "internal1"
            next
            edit "internal2"
            next
            edit "internal3"
            next
            edit "internal4"
            next
            edit "internal5"
            next
            edit "internal6"
            next
            edit "internal7"
            next
        end
    next
end
config system custom-language
    edit "en"
        set filename "en"
    next
    edit "fr"
        set filename "fr"
    next
    edit "sp"
        set filename "sp"
    next
    edit "pg"
        set filename "pg"
    next
    edit "x-sjis"
        set filename "x-sjis"
    next
    edit "big5"
        set filename "big5"
    next
    edit "GB2312"
        set filename "GB2312"
    next
    edit "euc-kr"
        set filename "euc-kr"
    next
end
config system admin
    edit "admin"
        set accprofile "super_admin"
        set vdom "root"
    next
end
config system ha
    set override disable
end
config system dns
    set primary 208.91.112.53
    set secondary 208.91.112.52
end
config system replacemsg-image
    edit "logo_fnet"
        set image-type gif
        set image-base64 ''
    next
    edit "logo_fguard_wf"
        set image-type gif
        set image-base64 ''
    next
    edit "logo_fw_auth"
        set image-base64 ''
    next
    edit "logo_v2_fnet"
        set image-base64 ''
    next
    edit "logo_v2_fguard_wf"
        set image-base64 ''
    next
    edit "logo_v2_fguard_app"
        set image-base64 ''
    next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg mail "email-decompress-limit"
end
config system replacemsg mail "smtp-decompress-limit"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-group-info-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg nntp "email-decompress-limit"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
config system replacemsg auth "auth-disclaimer-page-2"
end
config system replacemsg auth "auth-disclaimer-page-3"
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg auth "auth-quarantine-page"
end
config system replacemsg auth "auth-qtn-reject-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg ec "endpt-download-portal"
end
config system replacemsg ec "endpt-download-portal-mac"
end
config system replacemsg ec "endpt-download-portal-linux"
end
config system replacemsg ec "endpt-download-portal-ios"
end
config system replacemsg ec "endpt-download-portal-aos"
end
config system replacemsg ec "endpt-download-portal-other"
end
config system replacemsg ec "endpt-warning-portal"
end
config system replacemsg ec "endpt-warning-portal-mac"
end
config system replacemsg ec "endpt-warning-portal-linux"
end
config system replacemsg ec "endpt-remedy-inst"
end
config system replacemsg ec "endpt-remedy-reg"
end
config system replacemsg ec "endpt-remedy-ftcl-autofix"
end
config system replacemsg ec "endpt-remedy-av-3rdp"
end
config system replacemsg ec "endpt-remedy-ver"
end
config system replacemsg ec "endpt-remedy-os-ver"
end
config system replacemsg ec "endpt-remedy-vuln"
end
config system replacemsg ec "endpt-remedy-sig-ids"
end
config system replacemsg ec "endpt-remedy-ems-online"
end
config system replacemsg ec "endpt-ftcl-incompat"
end
config system replacemsg ec "endpt-download-ftcl"
end
config system replacemsg ec "endpt-quarantine-portal"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "ipsfail-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system replacemsg utm "outbreak-prevention-html"
end
config system replacemsg utm "outbreak-prevention-text"
end
config system replacemsg icap "icap-req-resp"
end
config system snmp sysinfo
end
config system central-management
    set type fortiguard
end
config user device-category
    edit "android-phone"
    next
    edit "android-tablet"
    next
    edit "blackberry-phone"
    next
    edit "blackberry-playbook"
    next
    edit "forticam"
    next
    edit "fortifone"
    next
    edit "fortinet"
    next
    edit "gaming-console"
    next
    edit "ip-phone"
    next
    edit "ipad"
    next
    edit "iphone"
    next
    edit "linux-pc"
    next
    edit "mac"
    next
    edit "media-streaming"
    next
    edit "printer"
    next
    edit "router-nat-device"
    next
    edit "windows-pc"
    next
    edit "windows-phone"
    next
    edit "windows-tablet"
    next
    edit "other-network-device"
    next
    edit "collected-emails"
    next
    edit "amazon-device"
    next
    edit "android-device"
    next
    edit "blackberry-device"
    next
    edit "fortinet-device"
    next
    edit "ios-device"
    next
    edit "windows-device"
    next
    edit "all"
    next
end
config system cluster-sync
end
config system fortiguard
    set sdns-server-ip "208.91.112.220" 
end
config ips global
end
config system email-server
    set server "notification.fortinet.net"
    set port 465
    set security smtps
end
config system session-helper
    edit 1
        set name pptp
        set protocol 6
        set port 1723
    next
    edit 2
        set name h323
        set protocol 6
        set port 1720
    next
    edit 3
        set name ras
        set protocol 17
        set port 1719
    next
    edit 4
        set name tns
        set protocol 6
        set port 1521
    next
    edit 5
        set name tftp
        set protocol 17
        set port 69
    next
    edit 6
        set name rtsp
        set protocol 6
        set port 554
    next
    edit 7
        set name rtsp
        set protocol 6
        set port 7070
    next
    edit 8
        set name rtsp
        set protocol 6
        set port 8554
    next
    edit 9
        set name ftp
        set protocol 6
        set port 21
    next
    edit 10
        set name mms
        set protocol 6
        set port 1863
    next
    edit 11
        set name pmap
        set protocol 6
        set port 111
    next
    edit 12
        set name pmap
        set protocol 17
        set port 111
    next
    edit 13
        set name sip
        set protocol 17
        set port 5060
    next
    edit 14
        set name dns-udp
        set protocol 17
        set port 53
    next
    edit 15
        set name rsh
        set protocol 6
        set port 514
    next
    edit 16
        set name rsh
        set protocol 6
        set port 512
    next
    edit 17
        set name dcerpc
        set protocol 6
        set port 135
    next
    edit 18
        set name dcerpc
        set protocol 17
        set port 135
    next
    edit 19
        set name mgcp
        set protocol 17
        set port 2427
    next
    edit 20
        set name mgcp
        set protocol 17
        set port 2727
    next
end
config system auto-install
    set auto-install-config enable
    set auto-install-image enable
end
config system console
    set output standard
end
config system ntp
    set ntpsync enable
end
config system object-tagging
    edit "default"
    next
end
config system settings
    set inspection-mode flow
end
config system dhcp server
    edit 1
        set dns-service default
        set default-gateway 192.168.1.99
        set netmask 255.255.255.0
        set interface "internal"
        config ip-range
            edit 1
                set start-ip 192.168.1.110
                set end-ip 192.168.1.210
            next
        end
    next
end
config firewall address
    edit "none"
        set uuid 43aecd66-56c4-51ea-c0c0-f7f68bbafe1b
        set subnet 0.0.0.0 255.255.255.255
    next
    edit "all"
        set uuid 44fc126e-56c4-51ea-4760-37ef4f4f80b0
    next
    edit "FIREWALL_AUTH_PORTAL_ADDRESS"
        set uuid 44fc1da4-56c4-51ea-9fde-9f51f47cb9e5
        set visibility disable
    next
    edit "SSLVPN_TUNNEL_ADDR1"
        set uuid 44ff0442-56c4-51ea-9f73-5f987dbb0158
        set type iprange
        set associated-interface "ssl.root"
        set start-ip 10.212.134.200
        set end-ip 10.212.134.210
    next
end
config firewall multicast-address
    edit "all"
        set start-ip 224.0.0.0
        set end-ip 239.255.255.255
    next
    edit "all_hosts"
        set start-ip 224.0.0.1
        set end-ip 224.0.0.1
    next
    edit "all_routers"
        set start-ip 224.0.0.2
        set end-ip 224.0.0.2
    next
    edit "Bonjour"
        set start-ip 224.0.0.251
        set end-ip 224.0.0.251
    next
    edit "EIGRP"
        set start-ip 224.0.0.10
        set end-ip 224.0.0.10
    next
    edit "OSPF"
        set start-ip 224.0.0.5
        set end-ip 224.0.0.6
    next
end
config firewall address6
    edit "SSLVPN_TUNNEL_IPv6_ADDR1"
        set uuid 44ff17ac-56c4-51ea-755d-d70129f7bca2
        set ip6 fdff:ffff::/120
    next
    edit "all"
        set uuid 4fb78954-56c4-51ea-6899-ebff2df0e73a
    next
    edit "none"
        set uuid 4fb7ca90-56c4-51ea-d290-f77fe8a5f267
        set ip6 ::/128
    next
end
config firewall multicast-address6
    edit "all"
        set ip6 ff00::/8
    next
end
config firewall wildcard-fqdn custom
    edit "adobe"
        set uuid 45063ab4-56c4-51ea-6b62-1b93940045e2
        set wildcard-fqdn "*.adobe.com"
    next
    edit "Adobe Login"
        set uuid 450642ca-56c4-51ea-2888-a5ec5ecff609
        set wildcard-fqdn "*.adobelogin.com"
    next
    edit "android"
        set uuid 450649f0-56c4-51ea-b958-46cdd245a230
        set wildcard-fqdn "*.android.com"
    next
    edit "apple"
        set uuid 450650f8-56c4-51ea-f55b-71f538d6b5a0
        set wildcard-fqdn "*.apple.com"
    next
    edit "appstore"
        set uuid 45065814-56c4-51ea-f168-0a3d04e872fd
        set wildcard-fqdn "*.appstore.com"
    next
    edit "auth.gfx.ms"
        set uuid 45065f1c-56c4-51ea-0ba2-a6957c25146e
        set wildcard-fqdn "*.auth.gfx.ms"
    next
    edit "citrix"
        set uuid 45066750-56c4-51ea-f559-3ddeea3a712a
        set wildcard-fqdn "*.citrixonline.com"
    next
    edit "dropbox.com"
        set uuid 45066e80-56c4-51ea-d6cf-d2c66de1cbc4
        set wildcard-fqdn "*.dropbox.com"
    next
    edit "eease"
        set uuid 4506759c-56c4-51ea-9fbb-e56a1958f815
        set wildcard-fqdn "*.eease.com"
    next
    edit "firefox update server"
        set uuid 45067cc2-56c4-51ea-64d1-3caa48bc88cf
        set wildcard-fqdn "aus*.mozilla.org"
    next
    edit "fortinet"
        set uuid 450683f2-56c4-51ea-a9df-3ad6c1910327
        set wildcard-fqdn "*.fortinet.com"
    next
    edit "googleapis.com"
        set uuid 45068bd6-56c4-51ea-2b15-aa0cb60f8d2f
        set wildcard-fqdn "*.googleapis.com"
    next
    edit "google-drive"
        set uuid 45069306-56c4-51ea-684d-0fb3b9ae14d0
        set wildcard-fqdn "*drive.google.com"
    next
    edit "google-play2"
        set uuid 45069a4a-56c4-51ea-bdf1-634fa48af80a
        set wildcard-fqdn "*.ggpht.com"
    next
    edit "google-play3"
        set uuid 4506a1a2-56c4-51ea-6267-57151c4b551b
        set wildcard-fqdn "*.books.google.com"
    next
    edit "Gotomeeting"
        set uuid 4506a8dc-56c4-51ea-c2bd-91151dfa2dd1
        set wildcard-fqdn "*.gotomeeting.com"
    next
    edit "icloud"
        set uuid 4506b728-56c4-51ea-892c-26187b312373
        set wildcard-fqdn "*.icloud.com"
    next
    edit "itunes"
        set uuid 4506bf48-56c4-51ea-e6dd-13749a5057eb
        set wildcard-fqdn "*itunes.apple.com"
    next
    edit "microsoft"
        set uuid 4506c6a0-56c4-51ea-392b-2951b92b01ee
        set wildcard-fqdn "*.microsoft.com"
    next
    edit "skype"
        set uuid 4506cdee-56c4-51ea-3d15-f1959ced8233
        set wildcard-fqdn "*.messenger.live.com"
    next
    edit "softwareupdate.vmware.com"
        set uuid 4506d528-56c4-51ea-fc30-bf69015023e1
        set wildcard-fqdn "*.softwareupdate.vmware.com"
    next
    edit "verisign"
        set uuid 4506dc76-56c4-51ea-dbe4-3994cebe0213
        set wildcard-fqdn "*.verisign.com"
    next
    edit "Windows update 2"
        set uuid 4506e3c4-56c4-51ea-397b-45cea2d94a36
        set wildcard-fqdn "*.windowsupdate.com"
    next
    edit "live.com"
        set uuid 4506eb1c-56c4-51ea-9b9c-577e04b2f998
        set wildcard-fqdn "*.live.com"
    next
    edit "google-play"
        set uuid 4506f26a-56c4-51ea-29a3-1c9a27da2ce0
        set wildcard-fqdn "*play.google.com"
    next
    edit "update.microsoft.com"
        set uuid 4506f9cc-56c4-51ea-9ee1-49b01d33a18b
        set wildcard-fqdn "*update.microsoft.com"
    next
    edit "swscan.apple.com"
        set uuid 4507011a-56c4-51ea-dab2-ff998f55764e
        set wildcard-fqdn "*swscan.apple.com"
    next
    edit "autoupdate.opera.com"
        set uuid 45070cdc-56c4-51ea-0043-a05c79b9cba5
        set wildcard-fqdn "*autoupdate.opera.com"
    next
end
config firewall service category
    edit "General"
        set comment "General services."
    next
    edit "Web Access"
        set comment "Web access."
    next
    edit "File Access"
        set comment "File access."
    next
    edit "Email"
        set comment "Email services."
    next
    edit "Network Services"
        set comment "Network services."
    next
    edit "Authentication"
        set comment "Authentication service."
    next
    edit "Remote Access"
        set comment "Remote access."
    next
    edit "Tunneling"
        set comment "Tunneling service."
    next
    edit "VoIP, Messaging & Other Applications"
        set comment "VoIP, messaging, and other applications."
    next
    edit "Web Proxy"
        set comment "Explicit web proxy."
    next
end
config firewall service custom
    edit "ALL"
        set category "General"
        set protocol IP
    next
    edit "ALL_TCP"
        set category "General"
        set tcp-portrange 1-65535
    next
    edit "ALL_UDP"
        set category "General"
        set udp-portrange 1-65535
    next
    edit "ALL_ICMP"
        set category "General"
        set protocol ICMP
        unset icmptype
    next
    edit "ALL_ICMP6"
        set category "General"
        set protocol ICMP6
        unset icmptype
    next
    edit "GRE"
        set category "Tunneling"
        set protocol IP
        set protocol-number 47
    next
    edit "AH"
        set category "Tunneling"
        set protocol IP
        set protocol-number 51
    next
    edit "ESP"
        set category "Tunneling"
        set protocol IP
        set protocol-number 50
    next
    edit "AOL"
        set visibility disable
        set tcp-portrange 5190-5194
    next
    edit "BGP"
        set category "Network Services"
        set tcp-portrange 179
    next
    edit "DHCP"
        set category "Network Services"
        set udp-portrange 67-68
    next
    edit "DNS"
        set category "Network Services"
        set tcp-portrange 53
        set udp-portrange 53
    next
    edit "FINGER"
        set visibility disable
        set tcp-portrange 79
    next
    edit "FTP"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "FTP_GET"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "FTP_PUT"
        set category "File Access"
        set tcp-portrange 21
    next
    edit "GOPHER"
        set visibility disable
        set tcp-portrange 70
    next
    edit "H323"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1720 1503
        set udp-portrange 1719
    next
    edit "HTTP"
        set category "Web Access"
        set tcp-portrange 80
    next
    edit "HTTPS"
        set category "Web Access"
        set tcp-portrange 443
    next
    edit "IKE"
        set category "Tunneling"
        set udp-portrange 500 4500
    next
    edit "IMAP"
        set category "Email"
        set tcp-portrange 143
    next
    edit "IMAPS"
        set category "Email"
        set tcp-portrange 993
    next
    edit "Internet-Locator-Service"
        set visibility disable
        set tcp-portrange 389
    next
    edit "IRC"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 6660-6669
    next
    edit "L2TP"
        set category "Tunneling"
        set tcp-portrange 1701
        set udp-portrange 1701
    next
    edit "LDAP"
        set category "Authentication"
        set tcp-portrange 389
    next
    edit "NetMeeting"
        set visibility disable
        set tcp-portrange 1720
    next
    edit "NFS"
        set category "File Access"
        set tcp-portrange 111 2049
        set udp-portrange 111 2049
    next
    edit "NNTP"
        set visibility disable
        set tcp-portrange 119
    next
    edit "NTP"
        set category "Network Services"
        set tcp-portrange 123
        set udp-portrange 123
    next
    edit "OSPF"
        set category "Network Services"
        set protocol IP
        set protocol-number 89
    next
    edit "PC-Anywhere"
        set category "Remote Access"
        set tcp-portrange 5631
        set udp-portrange 5632
    next
    edit "PING"
        set category "Network Services"
        set protocol ICMP
        set icmptype 8
        unset icmpcode
    next
    edit "TIMESTAMP"
        set protocol ICMP
        set visibility disable
        set icmptype 13
        unset icmpcode
    next
    edit "INFO_REQUEST"
        set protocol ICMP
        set visibility disable
        set icmptype 15
        unset icmpcode
    next
    edit "INFO_ADDRESS"
        set protocol ICMP
        set visibility disable
        set icmptype 17
        unset icmpcode
    next
    edit "ONC-RPC"
        set category "Remote Access"
        set tcp-portrange 111
        set udp-portrange 111
    next
    edit "DCE-RPC"
        set category "Remote Access"
        set tcp-portrange 135
        set udp-portrange 135
    next
    edit "POP3"
        set category "Email"
        set tcp-portrange 110
    next
    edit "POP3S"
        set category "Email"
        set tcp-portrange 995
    next
    edit "PPTP"
        set category "Tunneling"
        set tcp-portrange 1723
    next
    edit "QUAKE"
        set visibility disable
        set udp-portrange 26000 27000 27910 27960
    next
    edit "RAUDIO"
        set visibility disable
        set udp-portrange 7070
    next
    edit "REXEC"
        set visibility disable
        set tcp-portrange 512
    next
    edit "RIP"
        set category "Network Services"
        set udp-portrange 520
    next
    edit "RLOGIN"
        set visibility disable
        set tcp-portrange 513:512-1023
    next
    edit "RSH"
        set visibility disable
        set tcp-portrange 514:512-1023
    next
    edit "SCCP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 2000
    next
    edit "SIP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 5060
        set udp-portrange 5060
    next
    edit "SIP-MSNmessenger"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1863
    next
    edit "SAMBA"
        set category "File Access"
        set tcp-portrange 139
    next
    edit "SMTP"
        set category "Email"
        set tcp-portrange 25
    next
    edit "SMTPS"
        set category "Email"
        set tcp-portrange 465
    next
    edit "SNMP"
        set category "Network Services"
        set tcp-portrange 161-162
        set udp-portrange 161-162
    next
    edit "SSH"
        set category "Remote Access"
        set tcp-portrange 22
    next
    edit "SYSLOG"
        set category "Network Services"
        set udp-portrange 514
    next
    edit "TALK"
        set visibility disable
        set udp-portrange 517-518
    next
    edit "TELNET"
        set category "Remote Access"
        set tcp-portrange 23
    next
    edit "TFTP"
        set category "File Access"
        set udp-portrange 69
    next
    edit "MGCP"
        set visibility disable
        set udp-portrange 2427 2727
    next
    edit "UUCP"
        set visibility disable
        set tcp-portrange 540
    next
    edit "VDOLIVE"
        set visibility disable
        set tcp-portrange 7000-7010
    next
    edit "WAIS"
        set visibility disable
        set tcp-portrange 210
    next
    edit "WINFRAME"
        set visibility disable
        set tcp-portrange 1494 2598
    next
    edit "X-WINDOWS"
        set category "Remote Access"
        set tcp-portrange 6000-6063
    next
    edit "PING6"
        set protocol ICMP6
        set visibility disable
        set icmptype 128
        unset icmpcode
    next
    edit "MS-SQL"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 1433 1434
    next
    edit "MYSQL"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 3306
    next
    edit "RDP"
        set category "Remote Access"
        set tcp-portrange 3389
    next
    edit "VNC"
        set category "Remote Access"
        set tcp-portrange 5900
    next
    edit "DHCP6"
        set category "Network Services"
        set udp-portrange 546 547
    next
    edit "SQUID"
        set category "Tunneling"
        set tcp-portrange 3128
    next
    edit "SOCKS"
        set category "Tunneling"
        set tcp-portrange 1080
        set udp-portrange 1080
    next
    edit "WINS"
        set category "Remote Access"
        set tcp-portrange 1512
        set udp-portrange 1512
    next
    edit "RADIUS"
        set category "Authentication"
        set udp-portrange 1812 1813
    next
    edit "RADIUS-OLD"
        set visibility disable
        set udp-portrange 1645 1646
    next
    edit "CVSPSERVER"
        set visibility disable
        set tcp-portrange 2401
        set udp-portrange 2401
    next
    edit "AFS3"
        set category "File Access"
        set tcp-portrange 7000-7009
        set udp-portrange 7000-7009
    next
    edit "TRACEROUTE"
        set category "Network Services"
        set udp-portrange 33434-33535
    next
    edit "RTSP"
        set category "VoIP, Messaging & Other Applications"
        set tcp-portrange 554 7070 8554
        set udp-portrange 554
    next
    edit "MMS"
        set visibility disable
        set tcp-portrange 1755
        set udp-portrange 1024-5000
    next
    edit "KERBEROS"
        set category "Authentication"
        set tcp-portrange 88 464
        set udp-portrange 88 464
    next
    edit "LDAP_UDP"
        set category "Authentication"
        set udp-portrange 389
    next
    edit "SMB"
        set category "File Access"
        set tcp-portrange 445
    next
    edit "NONE"
        set visibility disable
        set tcp-portrange 0
    next
    edit "webproxy"
        set proxy enable
        set category "Web Proxy"
        set protocol ALL
        set tcp-portrange 0-65535:0-65535
    next
end
config firewall service group
    edit "Email Access"
        set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
    next
    edit "Web Access"
        set member "DNS" "HTTP" "HTTPS"
    next
    edit "Windows AD"
        set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
    next
    edit "Exchange Server"
        set member "DCE-RPC" "DNS" "HTTPS"
    next
end
config webfilter ftgd-local-cat
    edit "custom1"
        set id 140
    next
    edit "custom2"
        set id 141
    next
end
config ips sensor
    edit "default"
        set comment "Prevent critical attacks."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "sniffer-profile"
        set comment "Monitor IPS attacks."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        config entries
            edit 1
                set severity medium high critical 
            next
        end
    next
    edit "all_default"
        set comment "All predefined signatures with default setting."
        config entries
            edit 1
            next
        end
    next
    edit "all_default_pass"
        set comment "All predefined signatures with PASS action."
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "protect_http_server"
        set comment "Protect against HTTP server-side vulnerabilities."
        config entries
            edit 1
                set location server 
                set protocol HTTP 
            next
        end
    next
    edit "protect_email_server"
        set comment "Protect against email server-side vulnerabilities."
        config entries
            edit 1
                set location server 
                set protocol SMTP POP3 IMAP 
            next
        end
    next
    edit "protect_client"
        set comment "Protect against client-side vulnerabilities."
        config entries
            edit 1
                set location client 
            next
        end
    next
    edit "high_security"
        set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
        set block-malicious-url enable
        config entries
            edit 1
                set severity medium high critical 
                set status enable
                set action block
            next
            edit 2
                set severity low 
            next
        end
    next
end
config firewall shaper traffic-shaper
    edit "high-priority"
        set maximum-bandwidth 1048576
        set per-policy enable
    next
    edit "medium-priority"
        set maximum-bandwidth 1048576
        set priority medium
        set per-policy enable
    next
    edit "low-priority"
        set maximum-bandwidth 1048576
        set priority low
        set per-policy enable
    next
    edit "guarantee-100kbps"
        set guaranteed-bandwidth 100
        set maximum-bandwidth 1048576
        set per-policy enable
    next
    edit "shared-1M-pipe"
        set maximum-bandwidth 1024
    next
end
config web-proxy global
    set proxy-fqdn "default.fqdn"
end
config application list
    edit "default"
        set comment "Monitor all applications."
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "sniffer-profile"
        set comment "Monitor all applications."
        unset options
        config entries
            edit 1
                set action pass
            next
        end
    next
    edit "wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set deep-app-inspection disable
        config entries
            edit 1
                set action pass
                set log disable
            next
        end
    next
    edit "block-high-risk"
        config entries
            edit 1
                set category 2 6
            next
            edit 2
                set action pass
            next
        end
    next
end
config dlp filepattern
    edit 1
        set name "builtin-patterns"
        config entries
            edit "*.bat"
            next
            edit "*.com"
            next
            edit "*.dll"
            next
            edit "*.doc"
            next
            edit "*.exe"
            next
            edit "*.gz"
            next
            edit "*.hta"
            next
            edit "*.ppt"
            next
            edit "*.rar"
            next
            edit "*.scr"
            next
            edit "*.tar"
            next
            edit "*.tgz"
            next
            edit "*.vb?"
            next
            edit "*.wps"
            next
            edit "*.xl?"
            next
            edit "*.zip"
            next
            edit "*.pif"
            next
            edit "*.cpl"
            next
        end
    next
    edit 2
        set name "all_executables"
        config entries
            edit "bat"
                set filter-type type
                set file-type bat
            next
            edit "exe"
                set filter-type type
                set file-type exe
            next
            edit "elf"
                set filter-type type
                set file-type elf
            next
            edit "hta"
                set filter-type type
                set file-type hta
            next
        end
    next
end
config dlp fp-sensitivity
    edit "Private"
    next
    edit "Critical"
    next
    edit "Warning"
    next
end
config dlp sensor
    edit "default"
        set comment "Default sensor."
    next
    edit "sniffer-profile"
        set comment "Log a summary of email and web traffic."
        set flow-based enable
        set summary-proto smtp pop3 imap http-get http-post
    next
    edit "Content_Summary"
        set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
    next
    edit "Content_Archive"
        set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
    next
    edit "Large-File"
        config filter
            edit 1
                set name "Large-File-Filter"
                set proto smtp pop3 imap http-get http-post mapi
                set filter-by file-size
                set file-size 5120
                set action log-only
            next
        end
    next
    edit "Credit-Card"
        config filter
            edit 1
                set name "Credit-Card-Filter"
                set severity high
                set proto smtp pop3 imap http-get http-post mapi
                set action log-only
            next
            edit 2
                set name "Credit-Card-Filter"
                set severity high
                set type message
                set proto smtp pop3 imap http-post mapi
                set action log-only
            next
        end
    next
    edit "SSN-Sensor"
        set comment "Match SSN numbers but NOT WebEx invite emails."
        config filter
            edit 1
                set name "SSN-Sensor-Filter"
                set severity high
                set type message
                set proto smtp pop3 imap mapi
                set filter-by regexp
                set regexp "WebEx"
            next
            edit 2
                set name "SSN-Sensor-Filter"
                set severity high
                set type message
                set proto smtp pop3 imap mapi
                set filter-by ssn
                set action log-only
            next
            edit 3
                set name "SSN-Sensor-Filter"
                set severity high
                set proto smtp pop3 imap http-get http-post ftp mapi
                set filter-by ssn
                set action log-only
            next
        end
    next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
    config web
        edit 1
            set category 26
            set level high
        next
        edit 2
            set category 61
            set level high
        next
        edit 3
            set category 86
            set level high
        next
        edit 4
            set category 1
            set level medium
        next
        edit 5
            set category 3
            set level medium
        next
        edit 6
            set category 4
            set level medium
        next
        edit 7
            set category 5
            set level medium
        next
        edit 8
            set category 6
            set level medium
        next
        edit 9
            set category 12
            set level medium
        next
        edit 10
            set category 59
            set level medium
        next
        edit 11
            set category 62
            set level medium
        next
        edit 12
            set category 83
            set level medium
        next
        edit 13
            set category 72
        next
        edit 14
            set category 14
        next
    end
    config application
        edit 1
            set category 2
        next
        edit 2
            set category 6
            set level medium
        next
    end
end
config icap profile
    edit "default"
    next
end
config vpn certificate ca
end
config vpn certificate local
    edit "Fortinet_CA_SSL"
        set password ENC WR0rmRYaBxVnp8Lq9yipvgvi0qQmO1AlwBXDMypQD5uoaCe44IZREqcZy+cr9a0WJFpDlDgjgCjcgLV2jmAF7ZaSPL51pYGpX6Gs1LfPwMV/EFb1pkOwgqvMW1igxD+iY2Q7VOlU2/5M48OOQypGsLdOCK781L6NPPNSyMyvx7jk+gJE6fKmUVFd5VSmCX8ps0HHtA==
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
        set source factory
    next
    edit "Fortinet_CA_Untrusted"
        set password ENC 6Z6ZjzSPance5CSt5EG5jfDYw+0N49QBhjfeEXrIb6gK3LVyBkqgCXCJMAPE1NCvOh0O5H9wBFWseJUbwnQNV+NDeixo4YTmrGQN1PejaoOIqrdZCuFMnIU5e8EoHM8k7h4K0eb9M8lP0nl8BlLHUrSv0pn/2bIts2ZhvR+5Umjen5h4ASCePzgYb1+BpY7GwBZMfA==
        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set range global
        set source factory
    next
    edit "Fortinet_SSL"
        set password ENC WcmrIcRxgnoBoGvCE8YcziVlfAW5tXVHRTe3Bd6eqnsAnToHLLYTYDpJIj/oeszvBU4JyZPQeCVWohgcOT2mLBHOP57l6nJ6GXFdCl3z3FlMFwLCtK5dPqtrU4PgWVs9dFr4WPyEha0g4izyxk9z1nqI3krMPRH5VcJKQls07WU/v1RyKQPrq0TfmnYNjfK/q0S5DQ==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA1024"
        set password ENC 2G7fAWQWqQflmXTYlxmo8cFkfQNF/WrX6CFC48LiWrsITA05Jd/74eVK9Ec75vmtIXiaEg3EnboNFOe7IbssAgVIT+qdOkf+WjUuFSuvfOVvJEl7xt8Gv1lM7c0vk9WnXVjOjtj7GG70lUuamFm9SP3fAbKPy14FlHcVQRp6ZWfnCuRSusu65H6VDs0GFFB6zaRn8w==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_RSA2048"
        set password ENC ALGzeHqy1bRi1/v6TA/BShvm2WvtGKmaMAMfxYy/8lkFi1X9aPPYh0XUn0HJAWJqKzszP7GrgOmChFdMVeRB202fPYMe8ZT4zUk967Y8QKKbDw76x2WmzgQnXQQRf2gh5jYwoLcybO6I7hTtGMfU7Tw4PSQuwT1wh8bkGwfGkMtqJGda+LwL9B9H8E8ctAnhkStehg==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_DSA1024"
        set password ENC a5uR1pCYbeZerw8NxRwlByWpbHYgWcU7bizWCn1RhBcfuNpFYD26ur472SJ6e7fM88mJCSHtdbIA4bQ5/vBmqoU+N75mJSn8r6SfWNN3hErpKixRSutiEtGkhI+n3RBcLfaCxub/oe6vr6oTqofSOtMfXzCuzyR9LYT83nrWDPRj4xAwOciKSd2JEBGF7KhCHX2LJg==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_DSA2048"
        set password ENC Nsi8/7vYYOQ0bpDIdJx30lQN/yf9ohXSVAHzn8f7mCIzhlfv7ye/36ji08fbPiWDN5FtiTqzn2tAEKNeWmsK9H33D8107FBtGx/9jdjm2EeAooZbcBEE58UsLyVDlBiH4V+2XWExMfoek7SQgYOmBcVujAMqJBOiV2x/J6Dpvj27ltEp5bJ5CnaNNKtysT084OceDw==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA256"
        set password ENC qkZ1cFWXHv/mXce1l7U2BNLMM4vU/i0vbJZEqRHGssPYN1eoKxYu2DSO5MfWnbQThwlIVDbVkx3vXJgYRJrMiaiakq1nCK++bH4Agjd50mW9Gnb39uwfkZLdba9iynR9sSCIeMc1rSw19JmA/VUogsSDTvTcLJKkvyKcnBVzrx+CJ98LROnRd/nh4USgRUDSb7WUGw==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
    edit "Fortinet_SSL_ECDSA384"
        set password ENC C1Yh2RZ8N00L0CrMI8Oqi/J2jZNtCR8FtY7Hl/U1y0yHltXdXEXwGuUtH7VUB+A7eMOatAYYK/Cb4QvvG6lViEq7On7q4kQ0Nnzg3hRbbVOlcaM0aNUKV3G+shIwxZVEdDWsj0Vb3KpjJigJGuie/QLsxsmeDeghIs9Ogi7E0CfYEll3ghjpWOWHPjzXRWdw85+fzQ==
        set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
        set range global
        set source factory
    next
end
config user local
    edit "guest"
        set type password
        set passwd ENC ZqFOCVASZVQbwqtHoNUb7oqCMopcxPTCLFePNSAI3xgn6I+TMKzdK7YNQDsLdeJSLPZP8QUehPat2u4esZEFYhoMu6U6qRhZ+hhhBtpSqKodYejbhtUzIRD50HcoLoOvf7cBXmxcnZfiQGZlPq6DPjuxh0+bwBIclMyWQknANktp8GpVUAbELbRIhCMHvOZs9ed/eg==
    next
end
config user setting
    set auth-cert "Fortinet_Factory"
end
config user group
    edit "SSO_Guest_Users"
    next
    edit "Guest-group"
        set member "guest"
    next
end
config user device-group
    edit "Mobile Devices"
        set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet"
        set comment "Phones, tablets, etc."
    next
    edit "Network Devices"
        set member "fortinet-device" "other-network-device" "router-nat-device"
        set comment "Routers, firewalls, gateways, etc."
    next
    edit "Others"
        set member "gaming-console" "media-streaming"
        set comment "Other devices."
    next
end
config vpn ssl web host-check-software
    edit "FortiClient-AV"
        set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81"
    next
    edit "FortiClient-FW"
        set type fw
        set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
    next
    edit "FortiClient-AV-Vista"
        set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
    next
    edit "FortiClient-FW-Vista"
        set type fw
        set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
    next
    edit "FortiClient-AV-Win7"
        set guid "71629DC5-BE6F-CCD3-C5A5-014980643264"
    next
    edit "AVG-Internet-Security-AV"
        set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
    next
    edit "AVG-Internet-Security-FW"
        set type fw
        set guid "8DECF618-9569-4340-B34A-D78D28969B66"
    next
    edit "AVG-Internet-Security-AV-Vista-Win7"
        set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
    next
    edit "AVG-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
    next
    edit "CA-Anti-Virus"
        set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
    next
    edit "CA-Internet-Security-AV"
        set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
    next
    edit "CA-Internet-Security-FW"
        set type fw
        set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
    next
    edit "CA-Internet-Security-AV-Vista-Win7"
        set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
    next
    edit "CA-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
    next
    edit "CA-Personal-Firewall"
        set type fw
        set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
    next
    edit "F-Secure-Internet-Security-AV"
        set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
    next
    edit "F-Secure-Internet-Security-FW"
        set type fw
        set guid "D4747503-0346-49EB-9262-997542F79BF4"
    next
    edit "F-Secure-Internet-Security-AV-Vista-Win7"
        set guid "15414183-282E-D62C-CA37-EF24860A2F17"
    next
    edit "F-Secure-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
    next
    edit "Kaspersky-AV"
        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
    next
    edit "Kaspersky-FW"
        set type fw
        set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
    next
    edit "Kaspersky-AV-Vista-Win7"
        set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
    next
    edit "Kaspersky-FW-Vista-Win7"
        set type fw
        set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
    next
    edit "McAfee-Internet-Security-Suite-AV"
        set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
    next
    edit "McAfee-Internet-Security-Suite-FW"
        set type fw
        set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
    next
    edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
        set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
    next
    edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
        set type fw
        set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
    next
    edit "McAfee-Virus-Scan-Enterprise"
        set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
    next
    edit "Norton-360-2.0-AV"
        set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
    next
    edit "Norton-360-2.0-FW"
        set type fw
        set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
    next
    edit "Norton-360-3.0-AV"
        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
    next
    edit "Norton-360-3.0-FW"
        set type fw
        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
    next
    edit "Norton-Internet-Security-AV"
        set guid "E10A9785-9598-4754-B552-92431C1C35F8"
    next
    edit "Norton-Internet-Security-FW"
        set type fw
        set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
    next
    edit "Norton-Internet-Security-AV-Vista-Win7"
        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
    next
    edit "Norton-Internet-Security-FW-Vista-Win7"
        set type fw
        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
    next
    edit "Symantec-Endpoint-Protection-AV"
        set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
    next
    edit "Symantec-Endpoint-Protection-FW"
        set type fw
        set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
    next
    edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
        set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
    next
    edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
        set type fw
        set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
    next
    edit "Panda-Antivirus+Firewall-2008-AV"
        set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
    next
    edit "Panda-Antivirus+Firewall-2008-FW"
        set type fw
        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
    next
    edit "Panda-Internet-Security-AV"
        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
    next
    edit "Panda-Internet-Security-2006~2007-FW"
        set type fw
        set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
    next
    edit "Panda-Internet-Security-2008~2009-FW"
        set type fw
        set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
    next
    edit "Sophos-Anti-Virus"
        set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-FW"
        set type fw
        set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
        set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
    next
    edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
        set type fw
        set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
    next
    edit "Trend-Micro-AV"
        set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
    next
    edit "Trend-Micro-FW"
        set type fw
        set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
    next
    edit "Trend-Micro-AV-Vista-Win7"
        set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
    next
    edit "Trend-Micro-FW-Vista-Win7"
        set type fw
        set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
    next
    edit "ZoneAlarm-AV"
        set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
    next
    edit "ZoneAlarm-FW"
        set type fw
        set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
    next
    edit "ZoneAlarm-AV-Vista-Win7"
        set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
    next
    edit "ZoneAlarm-FW-Vista-Win7"
        set type fw
        set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
    next
    edit "ESET-Smart-Security-AV"
        set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
    next
    edit "ESET-Smart-Security-FW"
        set type fw
        set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
    next
end
config vpn ssl web portal
    edit "full-access"
        set tunnel-mode enable
        set ipv6-tunnel-mode enable
        set web-mode enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    next
    edit "web-access"
        set web-mode enable
    next
    edit "tunnel-access"
        set tunnel-mode enable
        set ipv6-tunnel-mode enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    next
end
config vpn ssl settings
    set servercert "Fortinet_Factory"
    set port 443
end
config voip profile
    edit "default"
        set comment "Default VoIP profile."
    next
    edit "strict"
        config sip
            set malformed-request-line discard
            set malformed-header-via discard
            set malformed-header-from discard
            set malformed-header-to discard
            set malformed-header-call-id discard
            set malformed-header-cseq discard
            set malformed-header-rack discard
            set malformed-header-rseq discard
            set malformed-header-contact discard
            set malformed-header-record-route discard
            set malformed-header-route discard
            set malformed-header-expires discard
            set malformed-header-content-type discard
            set malformed-header-content-length discard
            set malformed-header-max-forwards discard
            set malformed-header-allow discard
            set malformed-header-p-asserted-identity discard
            set malformed-header-sdp-v discard
            set malformed-header-sdp-o discard
            set malformed-header-sdp-s discard
            set malformed-header-sdp-i discard
            set malformed-header-sdp-c discard
            set malformed-header-sdp-b discard
            set malformed-header-sdp-z discard
            set malformed-header-sdp-k discard
            set malformed-header-sdp-a discard
            set malformed-header-sdp-t discard
            set malformed-header-sdp-r discard
            set malformed-header-sdp-m discard
        end
    next
end
config webfilter profile
    edit "default"
        set comment "Default web filtering."
        set inspection-mode flow-based
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 2
                    set action block
                next
                edit 2
                    set category 7
                    set action block
                next
                edit 3
                    set category 8
                    set action block
                next
                edit 4
                    set category 9
                    set action block
                next
                edit 5
                    set category 11
                    set action block
                next
                edit 6
                    set category 12
                    set action block
                next
                edit 7
                    set category 13
                    set action block
                next
                edit 8
                    set category 14
                    set action block
                next
                edit 9
                    set category 15
                    set action block
                next
                edit 10
                    set category 16
                    set action block
                next
                edit 11
                    set action block
                next
                edit 12
                    set category 57
                    set action block
                next
                edit 13
                    set category 63
                    set action block
                next
                edit 14
                    set category 64
                    set action block
                next
                edit 15
                    set category 65
                    set action block
                next
                edit 16
                    set category 66
                    set action block
                next
                edit 17
                    set category 67
                    set action block
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "sniffer-profile"
        set comment "Monitor web traffic."
        set inspection-mode flow-based
        config ftgd-wf
            config filters
                edit 1
                next
                edit 2
                    set category 1
                next
                edit 3
                    set category 2
                next
                edit 4
                    set category 3
                next
                edit 5
                    set category 4
                next
                edit 6
                    set category 5
                next
                edit 7
                    set category 6
                next
                edit 8
                    set category 7
                next
                edit 9
                    set category 8
                next
                edit 10
                    set category 9
                next
                edit 11
                    set category 11
                next
                edit 12
                    set category 12
                next
                edit 13
                    set category 13
                next
                edit 14
                    set category 14
                next
                edit 15
                    set category 15
                next
                edit 16
                    set category 16
                next
                edit 17
                    set category 17
                next
                edit 18
                    set category 18
                next
                edit 19
                    set category 19
                next
                edit 20
                    set category 20
                next
                edit 21
                    set category 23
                next
                edit 22
                    set category 24
                next
                edit 23
                    set category 25
                next
                edit 24
                    set category 26
                next
                edit 25
                    set category 28
                next
                edit 26
                    set category 29
                next
                edit 27
                    set category 30
                next
                edit 28
                    set category 31
                next
                edit 29
                    set category 33
                next
                edit 30
                    set category 34
                next
                edit 31
                    set category 35
                next
                edit 32
                    set category 36
                next
                edit 33
                    set category 37
                next
                edit 34
                    set category 38
                next
                edit 35
                    set category 39
                next
                edit 36
                    set category 40
                next
                edit 37
                    set category 41
                next
                edit 38
                    set category 42
                next
                edit 39
                    set category 43
                next
                edit 40
                    set category 44
                next
                edit 41
                    set category 46
                next
                edit 42
                    set category 47
                next
                edit 43
                    set category 48
                next
                edit 44
                    set category 49
                next
                edit 45
                    set category 50
                next
                edit 46
                    set category 51
                next
                edit 47
                    set category 52
                next
                edit 48
                    set category 53
                next
                edit 49
                    set category 54
                next
                edit 50
                    set category 55
                next
                edit 51
                    set category 56
                next
                edit 52
                    set category 57
                next
                edit 53
                    set category 58
                next
                edit 54
                    set category 59
                next
                edit 55
                    set category 61
                next
                edit 56
                    set category 62
                next
                edit 57
                    set category 63
                next
                edit 58
                    set category 64
                next
                edit 59
                    set category 65
                next
                edit 60
                    set category 66
                next
                edit 61
                    set category 67
                next
                edit 62
                    set category 68
                next
                edit 63
                    set category 69
                next
                edit 64
                    set category 70
                next
                edit 65
                    set category 71
                next
                edit 66
                    set category 72
                next
                edit 67
                    set category 75
                next
                edit 68
                    set category 76
                next
                edit 69
                    set category 77
                next
                edit 70
                    set category 78
                next
                edit 71
                    set category 79
                next
                edit 72
                    set category 80
                next
                edit 73
                    set category 81
                next
                edit 74
                    set category 82
                next
                edit 75
                    set category 83
                next
                edit 76
                    set category 84
                next
                edit 77
                    set category 85
                next
                edit 78
                    set category 86
                next
                edit 79
                    set category 87
                next
                edit 80
                    set category 88
                next
                edit 81
                    set category 89
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
    next
    edit "wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set inspection-mode flow-based
        set options block-invalid-url
        config ftgd-wf
            unset options
            config filters
                edit 1
                next
                edit 2
                    set category 2
                    set action block
                next
                edit 3
                    set category 7
                    set action block
                next
                edit 4
                    set category 8
                    set action block
                next
                edit 5
                    set category 9
                    set action block
                next
                edit 6
                    set category 11
                    set action block
                next
                edit 7
                    set category 12
                    set action block
                next
                edit 8
                    set category 13
                    set action block
                next
                edit 9
                    set category 14
                    set action block
                next
                edit 10
                    set category 15
                    set action block
                next
                edit 11
                    set category 16
                    set action block
                next
                edit 12
                    set category 26
                    set action block
                next
                edit 13
                    set category 57
                    set action block
                next
                edit 14
                    set category 61
                    set action block
                next
                edit 15
                    set category 63
                    set action block
                next
                edit 16
                    set category 64
                    set action block
                next
                edit 17
                    set category 65
                    set action block
                next
                edit 18
                    set category 66
                    set action block
                next
                edit 19
                    set category 67
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
    next
    edit "monitor-all"
        set comment "Monitor and log all visited URLs, flow-based."
        set inspection-mode flow-based
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 1
                next
                edit 2
                    set category 3
                next
                edit 3
                    set category 4
                next
                edit 4
                    set category 5
                next
                edit 5
                    set category 6
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 59
                next
                edit 8
                    set category 62
                next
                edit 9
                    set category 83
                next
                edit 10
                    set category 2
                next
                edit 11
                    set category 7
                next
                edit 12
                    set category 8
                next
                edit 13
                    set category 9
                next
                edit 14
                    set category 11
                next
                edit 15
                    set category 13
                next
                edit 16
                    set category 14
                next
                edit 17
                    set category 15
                next
                edit 18
                    set category 16
                next
                edit 19
                    set category 57
                next
                edit 20
                    set category 63
                next
                edit 21
                    set category 64
                next
                edit 22
                    set category 65
                next
                edit 23
                    set category 66
                next
                edit 24
                    set category 67
                next
                edit 25
                    set category 19
                next
                edit 26
                    set category 24
                next
                edit 27
                    set category 25
                next
                edit 28
                    set category 72
                next
                edit 29
                    set category 75
                next
                edit 30
                    set category 76
                next
                edit 31
                    set category 26
                next
                edit 32
                    set category 61
                next
                edit 33
                    set category 86
                next
                edit 34
                    set category 17
                next
                edit 35
                    set category 18
                next
                edit 36
                    set category 20
                next
                edit 37
                    set category 23
                next
                edit 38
                    set category 28
                next
                edit 39
                    set category 29
                next
                edit 40
                    set category 30
                next
                edit 41
                    set category 33
                next
                edit 42
                    set category 34
                next
                edit 43
                    set category 35
                next
                edit 44
                    set category 36
                next
                edit 45
                    set category 37
                next
                edit 46
                    set category 38
                next
                edit 47
                    set category 39
                next
                edit 48
                    set category 40
                next
                edit 49
                    set category 42
                next
                edit 50
                    set category 44
                next
                edit 51
                    set category 46
                next
                edit 52
                    set category 47
                next
                edit 53
                    set category 48
                next
                edit 54
                    set category 54
                next
                edit 55
                    set category 55
                next
                edit 56
                    set category 58
                next
                edit 57
                    set category 68
                next
                edit 58
                    set category 69
                next
                edit 59
                    set category 70
                next
                edit 60
                    set category 71
                next
                edit 61
                    set category 77
                next
                edit 62
                    set category 78
                next
                edit 63
                    set category 79
                next
                edit 64
                    set category 80
                next
                edit 65
                    set category 82
                next
                edit 66
                    set category 85
                next
                edit 67
                    set category 87
                next
                edit 68
                    set category 31
                next
                edit 69
                    set category 41
                next
                edit 70
                    set category 43
                next
                edit 71
                    set category 49
                next
                edit 72
                    set category 50
                next
                edit 73
                    set category 51
                next
                edit 74
                    set category 52
                next
                edit 75
                    set category 53
                next
                edit 76
                    set category 56
                next
                edit 77
                    set category 81
                next
                edit 78
                    set category 84
                next
                edit 79
                next
                edit 80
                    set category 88
                next
                edit 81
                    set category 89
                next
                edit 82
                    set category 90
                next
                edit 83
                    set category 91
                next
                edit 84
                    set category 92
                next
                edit 85
                    set category 93
                next
                edit 86
                    set category 94
                next
                edit 87
                    set category 95
                next
            end
        end
        set log-all-url enable
        set web-content-log disable
        set web-filter-activex-log disable
        set web-filter-command-block-log disable
        set web-filter-cookie-log disable
        set web-filter-applet-log disable
        set web-filter-jscript-log disable
        set web-filter-js-log disable
        set web-filter-vbs-log disable
        set web-filter-unknown-log disable
        set web-filter-referer-log disable
        set web-filter-cookie-removal-log disable
        set web-url-log disable
        set web-invalid-domain-log disable
        set web-ftgd-err-log disable
        set web-ftgd-quota-usage disable
    next
end
config webfilter search-engine
    edit "google"
        set hostname ".*\\.google\\..*"
        set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
        set query "q="
        set safesearch url
        set safesearch-str "&safe=active"
    next
    edit "yahoo"
        set hostname ".*\\.yahoo\\..*"
        set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
        set query "p="
        set safesearch url
        set safesearch-str "&vm=r"
    next
    edit "bing"
        set hostname ".*\\.bing\\..*"
        set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
        set query "q="
        set safesearch header
    next
    edit "yandex"
        set hostname "yandex\\..*"
        set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
        set query "text="
        set safesearch url
        set safesearch-str "&family=yes"
    next
    edit "youtube"
        set hostname ".*youtube.*"
        set safesearch header
    next
    edit "baidu"
        set hostname ".*\\.baidu\\.com"
        set url "^\\/s?\\?"
        set query "wd="
    next
    edit "baidu2"
        set hostname ".*\\.baidu\\.com"
        set url "^\\/(ns|q|m|i|v)\\?"
        set query "word="
    next
    edit "baidu3"
        set hostname "tieba\\.baidu\\.com"
        set url "^\\/f\\?"
        set query "kw="
    next
end
config dnsfilter profile
    edit "default"
        set comment "Default dns filtering."
        config ftgd-dns
            config filters
                edit 1
                    set category 2
                next
                edit 2
                    set category 7
                next
                edit 3
                    set category 8
                next
                edit 4
                    set category 9
                next
                edit 5
                    set category 11
                next
                edit 6
                    set category 12
                next
                edit 7
                    set category 13
                next
                edit 8
                    set category 14
                next
                edit 9
                    set category 15
                next
                edit 10
                    set category 16
                next
                edit 11
                next
                edit 12
                    set category 57
                next
                edit 13
                    set category 63
                next
                edit 14
                    set category 64
                next
                edit 15
                    set category 65
                next
                edit 16
                    set category 66
                next
                edit 17
                    set category 67
                next
                edit 18
                    set category 26
                    set action block
                next
                edit 19
                    set category 61
                    set action block
                next
                edit 20
                    set category 86
                    set action block
                next
                edit 21
                    set category 88
                    set action block
                next
                edit 22
                    set category 90
                    set action block
                next
                edit 23
                    set category 91
                    set action block
                next
            end
        end
        set block-botnet enable
    next
end
config antivirus settings
    set grayware enable
end
config antivirus profile
    edit "default"
        set comment "Scan files and block viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "sniffer-profile"
        set comment "Scan files and monitor viruses."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
    edit "wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        config http
            set options scan
        end
        config ftp
            set options scan
        end
        config imap
            set options scan
            set executables virus
        end
        config pop3
            set options scan
            set executables virus
        end
        config smtp
            set options scan
            set executables virus
        end
    next
end
config spamfilter profile
    edit "sniffer-profile"
        set comment "Malware and phishing URL monitoring."
        set flow-based enable
    next
    edit "default"
        set comment "Malware and phishing URL filtering."
    next
end
config firewall schedule recurring
    edit "always"
        set day sunday monday tuesday wednesday thursday friday saturday
    next
    edit "none"
    next
end
config firewall profile-protocol-options
    edit "default"
        set comment "All default services."
        config http
            set ports 80
            unset options
            unset post-lang
        end
        config ftp
            set ports 21
            set options splice
        end
        config imap
            set ports 143
            set options fragmail
        end
        config mapi
            set ports 135
            set options fragmail
        end
        config pop3
            set ports 110
            set options fragmail
        end
        config smtp
            set ports 25
            set options fragmail splice
        end
        config nntp
            set ports 119
            set options splice
        end
        config dns
            set ports 53
        end
    next
end
config firewall ssl-ssh-profile
    edit "deep-inspection"
        set comment "Read-only deep inspection profile."
        config https
            set ports 443
        end
        config ftps
            set ports 990
        end
        config imaps
            set ports 993
        end
        config pop3s
            set ports 995
        end
        config smtps
            set ports 465
        end
        config ssh
            set ports 22
        end
        config ssl-exempt
            edit 1
                set fortiguard-category 31
            next
            edit 2
                set fortiguard-category 33
            next
            edit 3
                set type wildcard-fqdn
                set wildcard-fqdn "adobe"
            next
            edit 4
                set type wildcard-fqdn
                set wildcard-fqdn "Adobe Login"
            next
            edit 5
                set type wildcard-fqdn
                set wildcard-fqdn "android"
            next
            edit 6
                set type wildcard-fqdn
                set wildcard-fqdn "apple"
            next
            edit 7
                set type wildcard-fqdn
                set wildcard-fqdn "appstore"
            next
            edit 8
                set type wildcard-fqdn
                set wildcard-fqdn "auth.gfx.ms"
            next
            edit 9
                set type wildcard-fqdn
                set wildcard-fqdn "citrix"
            next
            edit 10
                set type wildcard-fqdn
                set wildcard-fqdn "dropbox.com"
            next
            edit 11
                set type wildcard-fqdn
                set wildcard-fqdn "eease"
            next
            edit 12
                set type wildcard-fqdn
                set wildcard-fqdn "firefox update server"
            next
            edit 13
                set type wildcard-fqdn
                set wildcard-fqdn "fortinet"
            next
            edit 14
                set type wildcard-fqdn
                set wildcard-fqdn "googleapis.com"
            next
            edit 15
                set type wildcard-fqdn
                set wildcard-fqdn "google-drive"
            next
            edit 16
                set type wildcard-fqdn
                set wildcard-fqdn "google-play2"
            next
            edit 17
                set type wildcard-fqdn
                set wildcard-fqdn "google-play3"
            next
            edit 18
                set type wildcard-fqdn
                set wildcard-fqdn "Gotomeeting"
            next
            edit 19
                set type wildcard-fqdn
                set wildcard-fqdn "icloud"
            next
            edit 20
                set type wildcard-fqdn
                set wildcard-fqdn "itunes"
            next
            edit 21
                set type wildcard-fqdn
                set wildcard-fqdn "microsoft"
            next
            edit 22
                set type wildcard-fqdn
                set wildcard-fqdn "skype"
            next
            edit 23
                set type wildcard-fqdn
                set wildcard-fqdn "softwareupdate.vmware.com"
            next
            edit 24
                set type wildcard-fqdn
                set wildcard-fqdn "verisign"
            next
            edit 25
                set type wildcard-fqdn
                set wildcard-fqdn "Windows update 2"
            next
            edit 26
                set type wildcard-fqdn
                set wildcard-fqdn "live.com"
            next
            edit 27
                set type wildcard-fqdn
                set wildcard-fqdn "google-play"
            next
            edit 28
                set type wildcard-fqdn
                set wildcard-fqdn "update.microsoft.com"
            next
            edit 29
                set type wildcard-fqdn
                set wildcard-fqdn "swscan.apple.com"
            next
            edit 30
                set type wildcard-fqdn
                set wildcard-fqdn "autoupdate.opera.com"
            next
        end
    next
    edit "custom-deep-inspection"
        set comment "Customizable deep inspection profile."
        config https
            set ports 443
        end
        config ftps
            set ports 990
        end
        config imaps
            set ports 993
        end
        config pop3s
            set ports 995
        end
        config smtps
            set ports 465
        end
        config ssh
            set ports 22
        end
        config ssl-exempt
            edit 1
                set fortiguard-category 31
            next
            edit 2
                set fortiguard-category 33
            next
            edit 3
                set type wildcard-fqdn
                set wildcard-fqdn "adobe"
            next
            edit 4
                set type wildcard-fqdn
                set wildcard-fqdn "Adobe Login"
            next
            edit 5
                set type wildcard-fqdn
                set wildcard-fqdn "android"
            next
            edit 6
                set type wildcard-fqdn
                set wildcard-fqdn "apple"
            next
            edit 7
                set type wildcard-fqdn
                set wildcard-fqdn "appstore"
            next
            edit 8
                set type wildcard-fqdn
                set wildcard-fqdn "auth.gfx.ms"
            next
            edit 9
                set type wildcard-fqdn
                set wildcard-fqdn "citrix"
            next
            edit 10
                set type wildcard-fqdn
                set wildcard-fqdn "dropbox.com"
            next
            edit 11
                set type wildcard-fqdn
                set wildcard-fqdn "eease"
            next
            edit 12
                set type wildcard-fqdn
                set wildcard-fqdn "firefox update server"
            next
            edit 13
                set type wildcard-fqdn
                set wildcard-fqdn "fortinet"
            next
            edit 14
                set type wildcard-fqdn
                set wildcard-fqdn "googleapis.com"
            next
            edit 15
                set type wildcard-fqdn
                set wildcard-fqdn "google-drive"
            next
            edit 16
                set type wildcard-fqdn
                set wildcard-fqdn "google-play2"
            next
            edit 17
                set type wildcard-fqdn
                set wildcard-fqdn "google-play3"
            next
            edit 18
                set type wildcard-fqdn
                set wildcard-fqdn "Gotomeeting"
            next
            edit 19
                set type wildcard-fqdn
                set wildcard-fqdn "icloud"
            next
            edit 20
                set type wildcard-fqdn
                set wildcard-fqdn "itunes"
            next
            edit 21
                set type wildcard-fqdn
                set wildcard-fqdn "microsoft"
            next
            edit 22
                set type wildcard-fqdn
                set wildcard-fqdn "skype"
            next
            edit 23
                set type wildcard-fqdn
                set wildcard-fqdn "softwareupdate.vmware.com"
            next
            edit 24
                set type wildcard-fqdn
                set wildcard-fqdn "verisign"
            next
            edit 25
                set type wildcard-fqdn
                set wildcard-fqdn "Windows update 2"
            next
            edit 26
                set type wildcard-fqdn
                set wildcard-fqdn "live.com"
            next
            edit 27
                set type wildcard-fqdn
                set wildcard-fqdn "google-play"
            next
            edit 28
                set type wildcard-fqdn
                set wildcard-fqdn "update.microsoft.com"
            next
            edit 29
                set type wildcard-fqdn
                set wildcard-fqdn "swscan.apple.com"
            next
            edit 30
                set type wildcard-fqdn
                set wildcard-fqdn "autoupdate.opera.com"
            next
        end
    next
    edit "certificate-inspection"
        set comment "Read-only SSL handshake inspection profile."
        config https
            set ports 443
            set status certificate-inspection
        end
        config ftps
            set status disable
        end
        config imaps
            set status disable
        end
        config pop3s
            set status disable
        end
        config smtps
            set status disable
        end
        config ssh
            set ports 22
            set status disable
        end
    next
end
config waf profile
    edit "default"
        config signature
            config main-class 100000000
                set action block
                set severity high
            end
            config main-class 20000000
            end
            config main-class 30000000
                set status enable
                set action block
                set severity high
            end
            config main-class 40000000
            end
            config main-class 50000000
                set status enable
                set action block
                set severity high
            end
            config main-class 60000000
            end
            config main-class 70000000
                set status enable
                set action block
                set severity high
            end
            config main-class 80000000
                set status enable
                set severity low
            end
            config main-class 110000000
                set status enable
                set severity high
            end
            config main-class 90000000
                set status enable
                set action block
                set severity high
            end
            set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
        end
        config constraint
            config header-length
                set status enable
                set log enable
                set severity low
            end
            config content-length
                set status enable
                set log enable
                set severity low
            end
            config param-length
                set status enable
                set log enable
                set severity low
            end
            config line-length
                set status enable
                set log enable
                set severity low
            end
            config url-param-length
                set status enable
                set log enable
                set severity low
            end
            config version
                set log enable
            end
            config method
                set action block
                set log enable
            end
            config hostname
                set action block
                set log enable
            end
            config malformed
                set log enable
            end
            config max-cookie
                set status enable
                set log enable
                set severity low
            end
            config max-header-line
                set status enable
                set log enable
                set severity low
            end
            config max-url-param
                set status enable
                set log enable
                set severity low
            end
            config max-range-segment
                set status enable
                set log enable
                set severity high
            end
        end
    next
end
config firewall policy
    edit 1
        set uuid 512941c4-56c4-51ea-a7c7-fbbbb7ae4884
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
config firewall ssh local-key
    edit "Fortinet_SSH_RSA2048"
        set password ENC T93uP+ZVcGj5KjeSUOkNC2B8n8//dOHqd5SniiIYrKPbp3eRTPkqz2rFnHwRKrEU/b9j4sRr/4eN03Zfuznuk8LGXDTDC/9CW5c+pYQSBttziBoakDAsN51hpPe328W3fW0+IpK4j//JKfFjmvMfiyoKrqsNTnSkEbLhEFa1M32aPc97ZZVQIEASn8LD0YTRw7dNXQ==
        set source built-in
    next
    edit "Fortinet_SSH_DSA1024"
        set password ENC 8BpKur/0FGb6xqEdPyoc/h+C7UUKAkmK8Yhbzv1CkoWQ3ktdXpsMhqEWLU9tZu9l+gLRMecbnr9fi6j6dJMO75QQg7jRILPefNmWQXCC17+JRcF3IxAiFQ0ygtXr6aNRK9oVT8+xQl3DCH8Hjeu1H8aXVB82q2h9+pfDHHgsMeZTfPtZGaWe3smlXBqUdu7Q8/ov0g==
        set source built-in
    next
    edit "Fortinet_SSH_ECDSA256"
        set password ENC o7xvwVm4XCT33Ym/z2BqmghacBBi2l6vvo7qnKy3rkSsBI2nZ8L+xTCicIZA3XQGgq/0pUMayjCSjfOv8mQKGkEYBXoPXc5i7PGkAMOvuXeIhkU/1TusQtBur/2qZ3dqDCVo+PU0Zf2n8tdkEkKkPVJiaXa7mGWiNoUysly9kzhSg6tvUh0Ho/UNtv2anipin63K4w==
        set source built-in
    next
    edit "Fortinet_SSH_ECDSA384"
        set password ENC knRlJU+uPnpInn6g7EyqbFhwkazgOUK0SmegkXh99KJ7Gz+7WD1gyQ0aALLUZO+G+xqob2TE1vuv3WfvVl9YS4Nf8BtkV01Dj/z2G9vh/TcDuRchaNwgJLuIMNwjRKBwwyWtbzkLx6MGMV6hxM8e9gbArXc824Rk10ZIs7YOoQ27pVPRFUkUMYK9sgOQLKeC9s6OKA==
        set source built-in
    next
    edit "Fortinet_SSH_ECDSA521"
        set password ENC CjHxr0czEIUU7kdM4hH2jzOIwKLuHPhs1ozofzuiTnIuygxt1KbHCoQJAhnBlx069DX8jMFB1eaBHiTKGtEUXBKe7d4HGDeXx7pD0E0eN8jsgj79z/PTnPypkgoKlns8fmGD3P6BmLk7HyObNfRYJsTJN1h23TRUx3efs3+++FPw0TCoBhqA7HmtEAjwwYinmzzr0Q==
        set source built-in
    next
    edit "Fortinet_SSH_ED25519"
        set password ENC vDtZPnX779QNKJrqIHO12ZyKR+fNeX4z+XltV1lkidxHCZbvcFa0aDASOuSLxi8LgQVPV9+KrsfqKpTX39lN10yfPul1Pvsh/wvnsGUXR7w7yPVZg+HWd0M2Hx5Mr/5iI2O3yWdBAiD7H6iyqyvQU4TGgw3obQG4qi/G1+FllTtPGIRl5ccFYBgf2G3lcnhwOlK9sw==
        set source built-in
    next
end
config firewall ssh local-ca
    edit "Fortinet_SSH_CA"
        set password ENC 4Hh70yfz9Y9HEwWvcKF2GJPHShEOuKhKpvOVX9Y3hepPtKOLHkBeU7UIR21IaZPAHLxlpbt2EaO4dZQKVc54w9/xpNLpOv+pcXxdoiE0vT/K98CRDE2ADoYVVEMTH0TTBU9CZOzHk2Hmeomm9MG8eWmXkZaTk92Zx9ygwUJCM7YKr5DaFKs4NRx8/IDnciAJ6icqXg==
        set source built-in
    next
    edit "Fortinet_SSH_CA_Untrusted"
        set password ENC PGT/Qfw9tfB0F7ktB+Lask2dXOKT+dQUvv0nW+VgznThwYGDOIbvamvr6pp2KpGJytXzoZ0lti7rbdFlFg3LDJcqIYx2I5rWqzifqkOu6SQMAgciVIYKQuV8KkiislvOAJkpO1joC0oxe4cNHvAJ8iyS3lxlGbvPQcouv5loH2LovB1pFRRbRhjQRz/2xpPaVGPbyQ==
        set source built-in
    next
end
config firewall ssh setting
    set caname "Fortinet_SSH_CA"
    set untrusted-caname "Fortinet_SSH_CA_Untrusted"
    set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
    set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
    set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
    set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384"
    set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521"
    set hostkey-ed25519 "Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
    edit "802-1X-policy-default"
        set user-group "SSO_Guest_Users"
        set mac-auth-bypass disable
        set open-auth disable
        set eap-passthru enable
        set guest-vlan disable
        set auth-fail-vlan disable
        set radius-timeout-overwrite disable
    next
end
config switch-controller lldp-profile
    edit "default"
        set med-tlvs inventory-management network-policy
        set auto-isl disable
        config med-network-policy
            edit "voice"
            next
            edit "voice-signaling"
            next
            edit "guest-voice"
            next
            edit "guest-voice-signaling"
            next
            edit "softphone-voice"
            next
            edit "video-conferencing"
            next
            edit "streaming-video"
            next
            edit "video-signaling"
            next
        end
    next
    edit "default-auto-isl"
    next
end
config switch-controller qos dot1p-map
    edit "voice-dot1p"
        set priority-0 queue-4
        set priority-1 queue-4
        set priority-2 queue-3
        set priority-3 queue-2
        set priority-4 queue-3
        set priority-5 queue-1
        set priority-6 queue-2
        set priority-7 queue-2
    next
end
config switch-controller qos ip-dscp-map
    edit "voice-dscp"
        config map
            edit "1"
                set cos-queue 1
                set value 46
            next
            edit "2"
                set cos-queue 2
                set value 24,26,48,56
            next
            edit "5"
                set cos-queue 3
                set value 34
            next
        end
    next
end
config switch-controller qos queue-policy
    edit "default"
        set schedule round-robin
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
            next
            edit "queue-2"
            next
            edit "queue-3"
            next
            edit "queue-4"
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
    edit "voice-egress"
        set schedule weighted
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
                set weight 0
            next
            edit "queue-2"
                set weight 6
            next
            edit "queue-3"
                set weight 37
            next
            edit "queue-4"
                set weight 12
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
end
config switch-controller qos qos-policy
    edit "default"
    next
    edit "voice-qos"
        set trust-dot1p-map "voice-dot1p"
        set trust-ip-dscp-map "voice-dscp"
        set queue-policy "voice-egress"
    next
end
config switch-controller switch-profile
    edit "default"
    next
end
config endpoint-control profile
    edit "default"
        config forticlient-winmac-settings
        end
        config forticlient-android-settings
        end
        config forticlient-ios-settings
        end
    next
end
config wireless-controller wids-profile
    edit "default"
        set comment "Default WIDS profile."
        set ap-scan enable
        set wireless-bridge enable
        set deauth-broadcast enable
        set null-ssid-probe-resp enable
        set long-duration-attack enable
        set invalid-mac-oui enable
        set weak-wep-iv enable
        set auth-frame-flood enable
        set assoc-frame-flood enable
        set spoofed-deauth enable
        set asleap-attack enable
        set eapol-start-flood enable
        set eapol-logoff-flood enable
        set eapol-succ-flood enable
        set eapol-fail-flood enable
        set eapol-pre-succ-flood enable
        set eapol-pre-fail-flood enable
    next
    edit "default-wids-apscan-enabled"
        set ap-scan enable
    next
end
config wireless-controller wtp-profile
    edit "AP-11N-default"
        config platform
            set type AP-11N
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP112B-default"
        config platform
            set type 112B
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP220B-default"
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n-5G
        end
        config radio-2
            set band 802.11n,g-only
        end
    next
    edit "FAP223B-default"
        config platform
            set type 223B
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n-5G
        end
        config radio-2
            set band 802.11n,g-only
        end
    next
    edit "FAP210B-default"
        config platform
            set type 210B
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP222B-default"
        config platform
            set type 222B
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11n-5G
        end
    next
    edit "FAP320B-default"
        config platform
            set type 320B
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n-5G
        end
        config radio-2
            set band 802.11n,g-only
        end
    next
    edit "FAP11C-default"
        config platform
            set type 11C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP14C-default"
        config platform
            set type 14C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP28C-default"
        config platform
            set type 28C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP320C-default"
        config platform
            set type 320C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP221C-default"
        config platform
            set type 221C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP25D-default"
        config platform
            set type 25D
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP222C-default"
        config platform
            set type 222C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP224D-default"
        config platform
            set type 224D
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n-5G
        end
        config radio-2
            set band 802.11n,g-only
        end
    next
    edit "FK214B-default"
        config platform
            set type 214B
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP21D-default"
        config platform
            set type 21D
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP24D-default"
        config platform
            set type 24D
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP112D-default"
        config platform
            set type 112D
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
    next
    edit "FAP223C-default"
        config platform
            set type 223C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP321C-default"
        config platform
            set type 321C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS321C-default"
        config platform
            set type S321C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS322C-default"
        config platform
            set type S322C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS323C-default"
        config platform
            set type S323C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS311C-default"
        config platform
            set type S311C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11ac
        end
    next
    edit "FAPS313C-default"
        config platform
            set type S313C
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11ac
        end
    next
    edit "FAPS321CR-default"
        config platform
            set type S321CR
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS322CR-default"
        config platform
            set type S322CR
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS323CR-default"
        config platform
            set type S323CR
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS421E-default"
        config platform
            set type S421E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS422E-default"
        config platform
            set type S422E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS423E-default"
        config platform
            set type S423E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP421E-default"
        config platform
            set type 421E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP423E-default"
        config platform
            set type 423E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU421E-default"
        config platform
            set type U421E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU422EV-default"
        config platform
            set type U422EV
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU423E-default"
        config platform
            set type U423E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP221E-default"
        config platform
            set type 221E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP222E-default"
        config platform
            set type 222E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP223E-default"
        config platform
            set type 223E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAP224E-default"
        config platform
            set type 224E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS221E-default"
        config platform
            set type S221E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPS223E-default"
        config platform
            set type S223E
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n,g-only
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU221EV-default"
        config platform
            set type U221EV
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU223EV-default"
        config platform
            set type U223EV
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU24JEV-default"
        config platform
            set type U24JEV
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU321EV-default"
        config platform
            set type U321EV
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
    edit "FAPU323EV-default"
        config platform
            set type U323EV
        end
        set handoff-sta-thresh 30
        config radio-1
            set band 802.11n
        end
        config radio-2
            set band 802.11ac
        end
    next
end
config wireless-controller utm-profile
    edit "wifi-default"
        set comment "Default configuration for offloading WiFi traffic."
        set ips-sensor "wifi-default"
        set application-list "wifi-default"
        set antivirus-profile "wifi-default"
        set webfilter-profile "wifi-default"
    next
end
config log memory setting
    set status enable
end
config log null-device setting
    set status disable
end
config router rip
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ripng
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ospf
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "rip"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router ospf6
    config redistribute "connected"
    end
    config redistribute "static"
    end
    config redistribute "rip"
    end
    config redistribute "bgp"
    end
    config redistribute "isis"
    end
end
config router bgp
    config redistribute "connected"
    end
    config redistribute "rip"
    end
    config redistribute "ospf"
    end
    config redistribute "static"
    end
    config redistribute "isis"
    end
    config redistribute6 "connected"
    end
    config redistribute6 "rip"
    end
    config redistribute6 "ospf"
    end
    config redistribute6 "static"
    end
    config redistribute6 "isis"
    end
end
config router isis
    config redistribute "connected"
    end
    config redistribute "rip"
    end
    config redistribute "ospf"
    end
    config redistribute "bgp"
    end
    config redistribute "static"
    end
    config redistribute6 "connected"
    end
    config redistribute6 "rip"
    end
    config redistribute6 "ospf"
    end
    config redistribute6 "bgp"
    end
    config redistribute6 "static"
    end
end
config router multicast
end

―――――――――――――

タイトルとURLをコピーしました