專案

一般

配置概況

下載 (234 KB)

檔案 » HBB-JiaYi-Firewall-E2C-IT_20240112_1140.conf

E2C_IT_Firewall_BackupFile_20240112_CY - 俊霖 江, 2024-01-12 16:50

 
#config-version=FGT30E-6.2.11-FW-build1303-220621:opmode=0:vdom=0:user=B10013
#conf_file_ver=1662276897990606
#buildno=1303
#global_vdom=1
config system global
set admin-server-cert "wildcard.tahoho.com.tw"
set admin-sport 8443
set alias "FortiGate-30E"
set gui-certificates enable
set hostname "HBB-JiaYi-Firewall-E2C-IT"
set language trach
set switch-controller enable
set timezone 59
set wifi-ca-certificate "USERTrust_RSA_Certification_Authority"
set wifi-certificate "wildcard.tahoho.com.tw"
end
config system accprofile
edit "prof_admin"
set secfabgrp read-write
set ftviewgrp read-write
set authgrp read-write
set sysgrp read-write
set netgrp read-write
set loggrp read-write
set fwgrp read-write
set vpngrp read-write
set utmgrp read-write
set wifi read-write
next
end
config system interface
edit "wan"
set vdom "root"
set ip 61.216.60.230 255.255.255.0
set allowaccess ping https http
set type physical
set role wan
set snmp-index 1
next
edit "modem"
set vdom "root"
set mode pppoe
set type physical
set snmp-index 2
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 3
next
edit "lan"
set vdom "root"
set ip 192.167.3.99 255.255.255.0
set allowaccess ping https ssh http fgfm fabric
set type hard-switch
set stp enable
set device-identification enable
set role lan
set snmp-index 4
set secondary-IP enable
next
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 169.254.1.1 255.255.255.0
set allowaccess ping fabric
set type hard-switch
set lldp-reception enable
set lldp-transmission enable
set snmp-index 5
next
end
config system physical-switch
edit "sw0"
set age-val 0
next
end
config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "lan1"
set speed 1000full
next
edit "lan2"
set speed 1000full
next
edit "lan3"
set speed 1000full
next
edit "lan4"
set speed 1000full
next
end
next
edit "fortilink"
set physical-switch "sw0"
next
end
config system custom-language
edit "en"
set filename "en"
next
edit "fr"
set filename "fr"
next
edit "sp"
set filename "sp"
next
edit "pg"
set filename "pg"
next
edit "x-sjis"
set filename "x-sjis"
next
edit "big5"
set filename "big5"
next
edit "GB2312"
set filename "GB2312"
next
edit "euc-kr"
set filename "euc-kr"
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Status"
set vdom "root"
set permanent enable
config widget
edit 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 2
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 3
set width 1
set height 1
next
edit 5
set type admins
set x-pos 4
set width 1
set height 1
next
edit 6
set type cpu-usage
set x-pos 5
set width 2
set height 1
next
edit 7
set type memory-usage
set x-pos 6
set width 2
set height 1
next
edit 8
set type sessions
set x-pos 7
set width 2
set height 1
next
end
next
edit 3
set name "Security"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "compromisedHosts"
set fortiview-sort-by "verdict"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 6
set width 6
set height 3
set fortiview-type "threats"
set fortiview-sort-by "threatLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type vulnerability-summary
set y-pos 3
set width 3
set height 3
next
edit 4
set type host-scan-summary
set x-pos 3
set y-pos 3
set width 3
set height 3
next
edit 5
set type fortiview
set x-pos 6
set y-pos 3
set width 6
set height 3
set fortiview-type "endpointDevices"
set fortiview-sort-by "vulnerabilities"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 2
set name "Top Usage LAN/DMZ"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "source"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 6
set width 6
set height 3
set fortiview-type "destination"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type fortiview
set y-pos 3
set width 6
set height 3
set fortiview-type "application"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 4
set type fortiview
set x-pos 6
set y-pos 3
set width 6
set height 3
set fortiview-type "website"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 4
set name "System Events"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "count"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 6
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "eventLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
end
set gui-vdom-menu-favorites "device_definition"
set password ENC SH2X+yMzAd4Jwir1oxEYdVCx7R+NcZL23k4HAlT3pKKtuIGy8VW48QGt74aDKo=
next
edit "coleman"
set remote-auth enable
set accprofile "super_admin"
set vdom "root"
set remote-group "RemoteUserGroup"
set password ENC SH2TUlsuXAvxmUlyZzHXobkvfDl3TtLpkihApjWEHpZQiI7rHiygtw/fXfkoak=
next
edit "renhua.gu"
set remote-auth enable
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Status"
set vdom "root"
set permanent enable
config widget
edit 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 2
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 3
set width 1
set height 1
next
edit 5
set type admins
set x-pos 4
set width 1
set height 1
next
edit 6
set type cpu-usage
set x-pos 5
set width 2
set height 1
next
edit 7
set type memory-usage
set x-pos 6
set width 2
set height 1
next
edit 8
set type sessions
set x-pos 7
set width 2
set height 1
next
end
next
edit 2
set name "Top Usage LAN/DMZ"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "source"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "destination"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type fortiview
set x-pos 2
set width 6
set height 3
set fortiview-type "application"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 4
set type fortiview
set x-pos 3
set width 6
set height 3
set fortiview-type "website"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 3
set name "Security"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "compromisedHosts"
set fortiview-sort-by "verdict"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "threats"
set fortiview-sort-by "threatLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type vulnerability-summary
set x-pos 2
set width 3
set height 3
next
edit 4
set type host-scan-summary
set x-pos 3
set width 3
set height 3
next
edit 5
set type fortiview
set x-pos 4
set width 6
set height 3
set fortiview-type "endpointDevices"
set fortiview-sort-by "vulnerabilities"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 4
set name "System Events"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "count"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "eventLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
end
set remote-group "RemoteUserGroup"
set password ENC SH2eywD/vg4n4UnQAC8m1c6L7DhVDrFAU0Yg5Ioq2HLSbIHC2+VX4lUFwTHlUI=
next
edit "B10013"
set remote-auth enable
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "Status"
set vdom "root"
set permanent enable
config widget
edit 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 2
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 3
set width 1
set height 1
next
edit 5
set type admins
set x-pos 4
set width 1
set height 1
next
edit 6
set type cpu-usage
set x-pos 5
set width 2
set height 1
next
edit 7
set type memory-usage
set x-pos 6
set width 2
set height 1
next
edit 8
set type sessions
set x-pos 7
set width 2
set height 1
next
end
next
edit 2
set name "Top Usage LAN/DMZ"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "source"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "destination"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type fortiview
set x-pos 2
set width 6
set height 3
set fortiview-type "application"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 4
set type fortiview
set x-pos 3
set width 6
set height 3
set fortiview-type "website"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 3
set name "Security"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "compromisedHosts"
set fortiview-sort-by "verdict"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "threats"
set fortiview-sort-by "threatLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type vulnerability-summary
set x-pos 2
set width 3
set height 3
next
edit 4
set type host-scan-summary
set x-pos 3
set width 3
set height 3
next
edit 5
set type fortiview
set x-pos 4
set width 6
set height 3
set fortiview-type "endpointDevices"
set fortiview-sort-by "vulnerabilities"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 4
set name "System Events"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "count"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "eventLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
end
set remote-group "RemoteUserGroup"
set password ENC SH2mNJtHFr7er0GoXG0bKqyP2VtItdZ6Nz+Z2DkH5N0gy9JVYbX6sr+rPEC8VA=
next
edit "joy.va"
set accprofile "super_admin"
set vdom "root"
set password ENC SH2Y91ScbcctsfTcM273jp8XLvp9zPkrLEqNen7Fv7f98y598vr33dZFbV+GP0=
next
edit "itservice"
set accprofile "super_admin"
set vdom "root"
config gui-dashboard
edit 1
set name "狀態"
set vdom "root"
set permanent enable
config widget
edit 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 2
set width 1
set height 1
next
edit 4
set type security-fabric
set x-pos 3
set width 1
set height 1
next
edit 5
set type admins
set x-pos 4
set width 1
set height 1
next
edit 6
set type cpu-usage
set x-pos 5
set width 2
set height 1
next
edit 7
set type memory-usage
set x-pos 6
set width 2
set height 1
next
edit 8
set type sessions
set x-pos 7
set width 2
set height 1
next
end
next
edit 2
set name "最高用量排行 LAN/DMZ"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "source"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "destination"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type fortiview
set x-pos 2
set width 6
set height 3
set fortiview-type "application"
set fortiview-sort-by "bytes"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 4
set type fortiview
set x-pos 3
set width 6
set height 3
set fortiview-type "website"
set fortiview-sort-by "sessions"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 3
set name "安全"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "compromisedHosts"
set fortiview-sort-by "verdict"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "threats"
set fortiview-sort-by "threatLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 3
set type vulnerability-summary
set x-pos 2
set width 3
set height 3
next
edit 4
set type host-scan-summary
set x-pos 3
set width 3
set height 3
next
edit 5
set type fortiview
set x-pos 4
set width 6
set height 3
set fortiview-type "endpointDevices"
set fortiview-sort-by "vulnerabilities"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
edit 4
set name "系統相關事件"
set vdom "root"
set layout-type fixed
set columns 12
config widget
edit 1
set type fortiview
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "count"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
edit 2
set type fortiview
set x-pos 1
set width 6
set height 3
set fortiview-type "systemEvents"
set fortiview-sort-by "eventLevel"
set fortiview-timeframe "hour"
set fortiview-visualization "table"
next
end
next
end
set password ENC SH2/63HQ23RJ42QiHJqIP/2jqvvtd0c9zDPZ5Tw/3Qji54X8jeNEOIVDmZ1c9k=
next
end
config system sso-admin
end
config system ha
set override disable
end
config system dns
set primary 168.95.1.1
set secondary 8.8.8.8
end
config system replacemsg-image
edit "logo_fnet"
set image-type gif
next
edit "logo_fguard_wf"
set image-type gif
next
edit "logo_fw_auth"
next
edit "logo_v2_fnet"
next
edit "logo_v2_fguard_wf"
next
edit "logo_v2_fguard_app"
next
end
config system replacemsg mail "email-av-fail"
end
config system replacemsg mail "email-block"
end
config system replacemsg mail "email-dlp-subject"
end
config system replacemsg mail "email-dlp-ban"
end
config system replacemsg mail "email-filesize"
end
config system replacemsg mail "email-file-filter"
end
config system replacemsg mail "partial"
end
config system replacemsg mail "smtp-block"
end
config system replacemsg mail "smtp-filesize"
end
config system replacemsg mail "email-decompress-limit"
end
config system replacemsg mail "smtp-decompress-limit"
end
config system replacemsg http "bannedword"
end
config system replacemsg http "url-block"
end
config system replacemsg http "urlfilter-err"
end
config system replacemsg http "infcache-block"
end
config system replacemsg http "http-block"
end
config system replacemsg http "http-filesize"
end
config system replacemsg http "http-dlp-ban"
end
config system replacemsg http "http-archive-block"
end
config system replacemsg http "http-contenttypeblock"
end
config system replacemsg http "https-invalid-cert-block"
end
config system replacemsg http "https-untrusted-cert-block"
end
config system replacemsg http "https-blacklisted-cert-block"
end
config system replacemsg http "http-client-block"
end
config system replacemsg http "http-client-filesize"
end
config system replacemsg http "http-client-bannedword"
end
config system replacemsg http "http-post-block"
end
config system replacemsg http "http-client-archive-block"
end
config system replacemsg http "switching-protocols-block"
end
config system replacemsg webproxy "deny"
end
config system replacemsg webproxy "user-limit"
end
config system replacemsg webproxy "auth-challenge"
end
config system replacemsg webproxy "auth-login-fail"
end
config system replacemsg webproxy "auth-group-info-fail"
end
config system replacemsg webproxy "http-err"
end
config system replacemsg webproxy "auth-ip-blackout"
end
config system replacemsg ftp "ftp-av-fail"
end
config system replacemsg ftp "ftp-dl-blocked"
end
config system replacemsg ftp "ftp-dl-filesize"
end
config system replacemsg ftp "ftp-dl-dlp-ban"
end
config system replacemsg ftp "ftp-explicit-banner"
end
config system replacemsg ftp "ftp-dl-archive-block"
end
config system replacemsg ftp "ftp-file-filter-block"
end
config system replacemsg nntp "nntp-av-fail"
end
config system replacemsg nntp "nntp-dl-blocked"
end
config system replacemsg nntp "nntp-dl-filesize"
end
config system replacemsg nntp "nntp-dlp-subject"
end
config system replacemsg nntp "nntp-dlp-ban"
end
config system replacemsg nntp "email-decompress-limit"
end
config system replacemsg fortiguard-wf "ftgd-block"
end
config system replacemsg fortiguard-wf "http-err"
end
config system replacemsg fortiguard-wf "ftgd-ovrd"
end
config system replacemsg fortiguard-wf "ftgd-quota"
end
config system replacemsg fortiguard-wf "ftgd-warning"
end
config system replacemsg spam "ipblocklist"
end
config system replacemsg spam "smtp-spam-dnsbl"
end
config system replacemsg spam "smtp-spam-feip"
end
config system replacemsg spam "smtp-spam-helo"
end
config system replacemsg spam "smtp-spam-emailblack"
end
config system replacemsg spam "smtp-spam-mimeheader"
end
config system replacemsg spam "reversedns"
end
config system replacemsg spam "smtp-spam-bannedword"
end
config system replacemsg spam "smtp-spam-ase"
end
config system replacemsg spam "submit"
end
config system replacemsg alertmail "alertmail-virus"
end
config system replacemsg alertmail "alertmail-block"
end
config system replacemsg alertmail "alertmail-nids-event"
end
config system replacemsg alertmail "alertmail-crit-event"
end
config system replacemsg alertmail "alertmail-disk-full"
end
config system replacemsg admin "pre_admin-disclaimer-text"
end
config system replacemsg admin "post_admin-disclaimer-text"
end
config system replacemsg auth "auth-disclaimer-page-1"
end
config system replacemsg auth "auth-disclaimer-page-2"
end
config system replacemsg auth "auth-disclaimer-page-3"
end
config system replacemsg auth "auth-reject-page"
end
config system replacemsg auth "auth-login-page"
end
config system replacemsg auth "auth-login-failed-page"
end
config system replacemsg auth "auth-token-login-page"
end
config system replacemsg auth "auth-token-login-failed-page"
end
config system replacemsg auth "auth-success-msg"
end
config system replacemsg auth "auth-challenge-page"
end
config system replacemsg auth "auth-keepalive-page"
end
config system replacemsg auth "auth-portal-page"
end
config system replacemsg auth "auth-password-page"
end
config system replacemsg auth "auth-fortitoken-page"
end
config system replacemsg auth "auth-next-fortitoken-page"
end
config system replacemsg auth "auth-email-token-page"
end
config system replacemsg auth "auth-sms-token-page"
end
config system replacemsg auth "auth-email-harvesting-page"
end
config system replacemsg auth "auth-email-failed-page"
end
config system replacemsg auth "auth-cert-passwd-page"
end
config system replacemsg auth "auth-guest-print-page"
end
config system replacemsg auth "auth-guest-email-page"
end
config system replacemsg auth "auth-success-page"
end
config system replacemsg auth "auth-block-notification-page"
end
config system replacemsg auth "auth-quarantine-page"
end
config system replacemsg auth "auth-qtn-reject-page"
end
config system replacemsg auth "auth-saml-page"
end
config system replacemsg sslvpn "sslvpn-login"
end
config system replacemsg sslvpn "sslvpn-header"
end
config system replacemsg sslvpn "sslvpn-limit"
end
config system replacemsg sslvpn "hostcheck-error"
end
config system replacemsg device-detection-portal "device-detection-failure"
end
config system replacemsg nac-quar "nac-quar-virus"
end
config system replacemsg nac-quar "nac-quar-dos"
end
config system replacemsg nac-quar "nac-quar-ips"
end
config system replacemsg nac-quar "nac-quar-dlp"
end
config system replacemsg nac-quar "nac-quar-admin"
end
config system replacemsg nac-quar "nac-quar-app"
end
config system replacemsg traffic-quota "per-ip-shaper-block"
end
config system replacemsg utm "virus-html"
end
config system replacemsg utm "client-virus-html"
end
config system replacemsg utm "virus-text"
end
config system replacemsg utm "dlp-html"
end
config system replacemsg utm "dlp-text"
end
config system replacemsg utm "appblk-html"
end
config system replacemsg utm "ipsblk-html"
end
config system replacemsg utm "ipsfail-html"
end
config system replacemsg utm "exe-text"
end
config system replacemsg utm "waf-html"
end
config system replacemsg utm "outbreak-prevention-html"
end
config system replacemsg utm "outbreak-prevention-text"
end
config system replacemsg utm "file-filter-text"
end
config system replacemsg utm "file-size-text"
end
config system replacemsg utm "internal-error-text"
end
config system replacemsg icap "icap-req-resp"
end
config system snmp sysinfo
end
config system central-management
set type fortiguard
end
config firewall internet-service-definition
end
config system cluster-sync
end
config system fortiguard
set service-account-id "godelchen@tahoho.com.tw"
set sdns-server-ip "208.91.112.220"
end
config ips global
end
config log syslogd setting
set status enable
set server "hb.tahoho.com.tw"
end
config log fortiguard setting
set status enable
set upload-option 1-minute
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
config system auto-install
set auto-install-config enable
set auto-install-image enable
end
config system ntp
set ntpsync enable
set server-mode enable
set interface "fortilink"
end
config system object-tagging
edit "default"
next
end
config switch-controller traffic-policy
edit "quarantine"
set description "Rate control for quarantined traffic"
set guaranteed-bandwidth 163840
set guaranteed-burst 8192
set maximum-burst 163840
set cos-queue 0
set id 1
next
edit "sniffer"
set description "Rate control for sniffer mirrored traffic"
set guaranteed-bandwidth 50000
set guaranteed-burst 8192
set maximum-burst 163840
set cos-queue 0
set id 2
next
end
config system settings
end
config system dhcp server
edit 2
set ntp-service local
set default-gateway 169.254.1.1
set netmask 255.255.255.0
set interface "fortilink"
config ip-range
edit 1
set start-ip 169.254.1.2
set end-ip 169.254.1.254
next
end
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
edit 3
set lease-time 300
set dns-service default
set default-gateway 192.167.3.99
set netmask 255.255.255.0
set interface "lan"
config ip-range
edit 1
set start-ip 192.167.3.109
set end-ip 192.167.3.149
next
end
next
end
config firewall address
edit "none"
set uuid 9d07a54a-abf9-51ec-caad-f75e7de4b639
set subnet 0.0.0.0 255.255.255.255
next
edit "login.microsoftonline.com"
set uuid 9d07c50c-abf9-51ec-8dd8-df792cd4cfe9
set type fqdn
set fqdn "login.microsoftonline.com"
next
edit "login.microsoft.com"
set uuid 9d07e3f2-abf9-51ec-a291-fd7f28ec5c36
set type fqdn
set fqdn "login.microsoft.com"
next
edit "login.windows.net"
set uuid 9d07fdc4-abf9-51ec-9153-4663f5a6de18
set type fqdn
set fqdn "login.windows.net"
next
edit "gmail smtp"
set uuid 9d0816d8-abf9-51ec-0694-7380a35b0a1b
set type fqdn
set fqdn "smtp.gmail.com"
next
edit "wildcard.google.com"
set uuid 9d082f88-abf9-51ec-bd5c-ca362b006acc
set type fqdn
set fqdn "*.google.com"
next
edit "wildcard.dropbox.com"
set uuid 9d08623c-abf9-51ec-d940-6ac3ce6eb434
set type fqdn
set fqdn "*.dropbox.com"
next
edit "all"
set uuid 9d48383a-abf9-51ec-f02e-eadb8b852ac0
next
edit "FIREWALL_AUTH_PORTAL_ADDRESS"
set uuid 9d484366-abf9-51ec-1031-8de750ffbade
set visibility disable
next
edit "FABRIC_DEVICE"
set uuid 9d484d52-abf9-51ec-b974-8800bf577db6
set comment "IPv4 addresses of Fabric Devices."
next
edit "SSLVPN_TUNNEL_ADDR1"
set uuid 9d4a7d5c-abf9-51ec-ad03-977671f54698
set type iprange
set associated-interface "ssl.root"
set start-ip 192.167.3.200
set end-ip 192.167.3.250
next
edit "lan"
set uuid a57f0470-abf9-51ec-8a90-d85223852221
set type interface-subnet
set subnet 192.167.3.99 255.255.255.0
set interface "lan"
next
edit "AzureS2SVPN_local_subnet"
set uuid ee291f2a-b0aa-51ec-a30d-2b8339849a8b
set subnet 192.168.1.0 255.255.255.0
next
edit "AzureS2SVPN_remote_subnet"
set uuid 0514790a-b0ab-51ec-ad39-24094eb53d85
set subnet 10.100.0.0 255.255.0.0
next
edit "LocalNetwork_192.168.1.0"
set uuid 373e3036-b11b-51ec-1ec9-cd1b8be323c7
set associated-interface "lan"
set subnet 192.168.1.0 255.255.255.0
next
edit "advantech-machine"
set uuid e5f3803c-b15b-51ec-d55d-b2eae187f4ee
set type mac
set start-mac c4:00:ad:8b:60:3a
set end-mac c4:00:ad:8b:60:3a
set comment "Created for DHCP Reservation"
set associated-interface "lan"
next
edit "Anydesk"
set uuid 67eb1f40-1d2d-51ed-adb6-296da629d022
set type fqdn
set fqdn "*.net.anydesk.com"
next
edit "GCP"
set uuid 7f8e2dcc-1d2d-51ed-8e31-56c320c6f3ee
set type fqdn
set fqdn "*.googleapis.com"
next
edit "AWS"
set uuid 8a743b96-1d2d-51ed-91a5-f7862fa13ae1
set type fqdn
set fqdn "aws.amazon.com"
next
edit "IT component"
set uuid ccfdf286-1d2d-51ed-9657-a8d63ee8c4bf
set subnet 192.167.3.110 255.255.255.255
next
edit "Git"
set uuid 821e6ed4-245e-51ed-36cf-7b025f1ba89d
set type fqdn
set fqdn "raw.githubusercontent.com"
next
edit "AWS1"
set uuid ca73b252-245e-51ed-4ab9-0786e46af67f
set type fqdn
set fqdn "amazon.com"
next
edit "AWS2"
set uuid 81ce14fc-2869-51ed-2aa1-8e4befe91aff
set type fqdn
set fqdn "*.amazonaws.com"
next
edit "GLPI-Server"
set uuid cce3026e-6c60-51ed-681a-97eb11321407
set type fqdn
set associated-interface "wan"
set fqdn "glpi.tahoho.com.tw"
next
edit "Advantech-MQTT-Broker"
set uuid d4b73d0e-8b12-51ed-24c2-6e8c30515320
set subnet 20.187.120.82 255.255.255.255
next
edit "Advantech_MQTT Broker_DCCS Server"
set uuid e7f905fa-8b12-51ed-fd6a-d7eacc9bc20b
set subnet 20.205.0.212 255.255.255.255
next
edit "time.google.com"
set uuid e9a21dac-3b10-51ee-1395-981db1177a2d
set type fqdn
set fqdn "time.google.com"
next
edit "time.windows.com"
set uuid f64b817e-3b10-51ee-0bd2-5ad16352ba54
set type fqdn
set fqdn "time.windows.com"
next
edit "tw.ntp.org.cn"
set uuid 013dd942-3b11-51ee-cb57-e3a24af234b5
set type fqdn
set fqdn "tw.ntp.org.cn"
next
edit "Cloud Scada"
set uuid c13f83c0-b0fb-51ee-f216-2e3323a1b254
set type fqdn
set fqdn "scadabroker.myvecid.net"
next
edit "Cloud Scada2"
set uuid d306de6e-b0fb-51ee-b3ee-5405d656abde
set type fqdn
set fqdn "cloudscada.myvecid.net"
next
end
config firewall multicast-address
edit "all"
set start-ip 224.0.0.0
set end-ip 239.255.255.255
next
edit "all_hosts"
set start-ip 224.0.0.1
set end-ip 224.0.0.1
next
edit "all_routers"
set start-ip 224.0.0.2
set end-ip 224.0.0.2
next
edit "Bonjour"
set start-ip 224.0.0.251
set end-ip 224.0.0.251
next
edit "EIGRP"
set start-ip 224.0.0.10
set end-ip 224.0.0.10
next
edit "OSPF"
set start-ip 224.0.0.5
set end-ip 224.0.0.6
next
end
config firewall address6
edit "SSLVPN_TUNNEL_IPv6_ADDR1"
set uuid 9d4a8ffe-abf9-51ec-5bfb-9c6fb1cb2dca
set ip6 fdff:ffff::/120
next
edit "all"
set uuid 9d08da6e-abf9-51ec-6f76-196ec7635adf
next
edit "none"
set uuid 9d08f1ca-abf9-51ec-e0ea-b27bb0863c37
set ip6 ::/128
next
end
config firewall multicast-address6
edit "all"
set ip6 ff00::/8
next
end
config firewall addrgrp
edit "G Suite"
set uuid 9d088780-abf9-51ec-34a0-df6362185fae
set member "gmail smtp" "wildcard.google.com"
next
edit "Microsoft Office 365"
set uuid 9d08abde-abf9-51ec-f0a2-bb74e5f7edfc
set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net"
next
end
config firewall wildcard-fqdn custom
edit "adobe"
set uuid 9e4ff470-abf9-51ec-ea83-bda0c8f44e57
set wildcard-fqdn "*.adobe.com"
next
edit "Adobe Login"
set uuid 9e4ffc36-abf9-51ec-154a-115667d74de0
set wildcard-fqdn "*.adobelogin.com"
next
edit "android"
set uuid 9e500348-abf9-51ec-25c3-651446a4e92e
set wildcard-fqdn "*.android.com"
next
edit "apple"
set uuid 9e500a50-abf9-51ec-ba40-79995f217bef
set wildcard-fqdn "*.apple.com"
next
edit "appstore"
set uuid 9e501144-abf9-51ec-c872-d48566f2ad9b
set wildcard-fqdn "*.appstore.com"
next
edit "auth.gfx.ms"
set uuid 9e501856-abf9-51ec-4fe8-a1cb67a10ecb
set wildcard-fqdn "*.auth.gfx.ms"
next
edit "citrix"
set uuid 9e501f5e-abf9-51ec-7737-9dd8334679e6
set wildcard-fqdn "*.citrixonline.com"
next
edit "dropbox.com"
set uuid 9e502666-abf9-51ec-0f50-3c197d0d40b3
set wildcard-fqdn "*.dropbox.com"
next
edit "eease"
set uuid 9e502d6e-abf9-51ec-959d-4b4ef9ddc1a1
set wildcard-fqdn "*.eease.com"
next
edit "firefox update server"
set uuid 9e503476-abf9-51ec-430b-e773c93ad13b
set wildcard-fqdn "aus*.mozilla.org"
next
edit "fortinet"
set uuid 9e503b7e-abf9-51ec-92aa-a27340cfd046
set wildcard-fqdn "*.fortinet.com"
next
edit "googleapis.com"
set uuid 9e504290-abf9-51ec-4a61-55953f92b251
set wildcard-fqdn "*.googleapis.com"
next
edit "google-drive"
set uuid 9e504998-abf9-51ec-519f-2cb48caed35f
set wildcard-fqdn "*drive.google.com"
next
edit "google-play2"
set uuid 9e5050b4-abf9-51ec-c0c8-c28fba433b09
set wildcard-fqdn "*.ggpht.com"
next
edit "google-play3"
set uuid 9e5057d0-abf9-51ec-6b83-423ab85f08ba
set wildcard-fqdn "*.books.google.com"
next
edit "Gotomeeting"
set uuid 9e505ef6-abf9-51ec-7862-75778c818507
set wildcard-fqdn "*.gotomeeting.com"
next
edit "icloud"
set uuid 9e506b3a-abf9-51ec-d88f-74ab5e4c8a71
set wildcard-fqdn "*.icloud.com"
next
edit "itunes"
set uuid 9e5073dc-abf9-51ec-72a8-dbac61b7c2b0
set wildcard-fqdn "*itunes.apple.com"
next
edit "microsoft"
set uuid 9e507b2a-abf9-51ec-999b-42fa39e5e3bc
set wildcard-fqdn "*.microsoft.com"
next
edit "skype"
set uuid 9e50825a-abf9-51ec-0d6f-f25ecfc95d12
set wildcard-fqdn "*.messenger.live.com"
next
edit "softwareupdate.vmware.com"
set uuid 9e508980-abf9-51ec-a0b3-01ce49a1f30f
set wildcard-fqdn "*.softwareupdate.vmware.com"
next
edit "verisign"
set uuid 9e5090b0-abf9-51ec-065b-ba2a07341365
set wildcard-fqdn "*.verisign.com"
next
edit "Windows update 2"
set uuid 9e5097cc-abf9-51ec-036c-bafa6e6ffade
set wildcard-fqdn "*.windowsupdate.com"
next
edit "live.com"
set uuid 9e509efc-abf9-51ec-7d0b-c03c1915faa8
set wildcard-fqdn "*.live.com"
next
edit "google-play"
set uuid 9e50a780-abf9-51ec-f527-29b2a676e712
set wildcard-fqdn "*play.google.com"
next
edit "update.microsoft.com"
set uuid 9e50aee2-abf9-51ec-f336-c71675a5db25
set wildcard-fqdn "*update.microsoft.com"
next
edit "swscan.apple.com"
set uuid 9e50b626-abf9-51ec-d0e5-29ba1f82198f
set wildcard-fqdn "*swscan.apple.com"
next
edit "autoupdate.opera.com"
set uuid 9e50bd60-abf9-51ec-a821-45ed06030221
set wildcard-fqdn "*autoupdate.opera.com"
next
end
config firewall service category
edit "General"
set comment "General services."
next
edit "Web Access"
set comment "Web access."
next
edit "File Access"
set comment "File access."
next
edit "Email"
set comment "Email services."
next
edit "Network Services"
set comment "Network services."
next
edit "Authentication"
set comment "Authentication service."
next
edit "Remote Access"
set comment "Remote access."
next
edit "Tunneling"
set comment "Tunneling service."
next
edit "VoIP, Messaging & Other Applications"
set comment "VoIP, messaging, and other applications."
next
edit "Web Proxy"
set comment "Explicit web proxy."
next
end
config firewall service custom
edit "DNS"
set category "Network Services"
set tcp-portrange 53
set udp-portrange 53
next
edit "HTTP"
set category "Web Access"
set tcp-portrange 80
next
edit "HTTPS"
set category "Web Access"
set tcp-portrange 443
next
edit "IMAP"
set category "Email"
set tcp-portrange 143
next
edit "IMAPS"
set category "Email"
set tcp-portrange 993
next
edit "LDAP"
set category "Authentication"
set tcp-portrange 389
next
edit "DCE-RPC"
set category "Remote Access"
set tcp-portrange 135
set udp-portrange 135
next
edit "POP3"
set category "Email"
set tcp-portrange 110
next
edit "POP3S"
set category "Email"
set tcp-portrange 995
next
edit "SAMBA"
set category "File Access"
set tcp-portrange 139
next
edit "SMTP"
set category "Email"
set tcp-portrange 25
next
edit "SMTPS"
set category "Email"
set tcp-portrange 465
next
edit "KERBEROS"
set category "Authentication"
set tcp-portrange 88 464
set udp-portrange 88 464
next
edit "LDAP_UDP"
set category "Authentication"
set udp-portrange 389
next
edit "SMB"
set category "File Access"
set tcp-portrange 445
next
edit "ALL"
set category "General"
set protocol IP
next
edit "ALL_TCP"
set category "General"
set tcp-portrange 1-65535
next
edit "ALL_UDP"
set category "General"
set udp-portrange 1-65535
next
edit "ALL_ICMP"
set category "General"
set protocol ICMP
unset icmptype
next
edit "ALL_ICMP6"
set category "General"
set protocol ICMP6
unset icmptype
next
edit "GRE"
set category "Tunneling"
set protocol IP
set protocol-number 47
next
edit "AH"
set category "Tunneling"
set protocol IP
set protocol-number 51
next
edit "ESP"
set category "Tunneling"
set protocol IP
set protocol-number 50
next
edit "AOL"
set visibility disable
set tcp-portrange 5190-5194
next
edit "BGP"
set category "Network Services"
set tcp-portrange 179
next
edit "DHCP"
set category "Network Services"
set udp-portrange 67-68
next
edit "FINGER"
set visibility disable
set tcp-portrange 79
next
edit "FTP"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_GET"
set category "File Access"
set tcp-portrange 21
next
edit "FTP_PUT"
set category "File Access"
set tcp-portrange 21
next
edit "GOPHER"
set visibility disable
set tcp-portrange 70
next
edit "H323"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1720 1503
set udp-portrange 1719
next
edit "IKE"
set category "Tunneling"
set udp-portrange 500 4500
next
edit "Internet-Locator-Service"
set visibility disable
set tcp-portrange 389
next
edit "IRC"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 6660-6669
next
edit "L2TP"
set category "Tunneling"
set tcp-portrange 1701
set udp-portrange 1701
next
edit "NetMeeting"
set visibility disable
set tcp-portrange 1720
next
edit "NFS"
set category "File Access"
set tcp-portrange 111 2049
set udp-portrange 111 2049
next
edit "NNTP"
set visibility disable
set tcp-portrange 119
next
edit "NTP"
set category "Network Services"
set tcp-portrange 123
set udp-portrange 123
next
edit "OSPF"
set category "Network Services"
set protocol IP
set protocol-number 89
next
edit "PC-Anywhere"
set category "Remote Access"
set tcp-portrange 5631
set udp-portrange 5632
next
edit "PING"
set category "Network Services"
set protocol ICMP
set icmptype 8
unset icmpcode
next
edit "TIMESTAMP"
set protocol ICMP
set visibility disable
set icmptype 13
unset icmpcode
next
edit "INFO_REQUEST"
set protocol ICMP
set visibility disable
set icmptype 15
unset icmpcode
next
edit "INFO_ADDRESS"
set protocol ICMP
set visibility disable
set icmptype 17
unset icmpcode
next
edit "ONC-RPC"
set category "Remote Access"
set tcp-portrange 111
set udp-portrange 111
next
edit "PPTP"
set category "Tunneling"
set tcp-portrange 1723
next
edit "QUAKE"
set visibility disable
set udp-portrange 26000 27000 27910 27960
next
edit "RAUDIO"
set visibility disable
set udp-portrange 7070
next
edit "REXEC"
set visibility disable
set tcp-portrange 512
next
edit "RIP"
set category "Network Services"
set udp-portrange 520
next
edit "RLOGIN"
set visibility disable
set tcp-portrange 513:512-1023
next
edit "RSH"
set visibility disable
set tcp-portrange 514:512-1023
next
edit "SCCP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 2000
next
edit "SIP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 5060
set udp-portrange 5060
next
edit "SIP-MSNmessenger"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1863
next
edit "SNMP"
set category "Network Services"
set tcp-portrange 161-162
set udp-portrange 161-162
next
edit "SSH"
set category "Remote Access"
set tcp-portrange 22
next
edit "SYSLOG"
set category "Network Services"
set udp-portrange 514
next
edit "TALK"
set visibility disable
set udp-portrange 517-518
next
edit "TELNET"
set category "Remote Access"
set tcp-portrange 23
next
edit "TFTP"
set category "File Access"
set udp-portrange 69
next
edit "MGCP"
set visibility disable
set udp-portrange 2427 2727
next
edit "UUCP"
set visibility disable
set tcp-portrange 540
next
edit "VDOLIVE"
set visibility disable
set tcp-portrange 7000-7010
next
edit "WAIS"
set visibility disable
set tcp-portrange 210
next
edit "WINFRAME"
set visibility disable
set tcp-portrange 1494 2598
next
edit "X-WINDOWS"
set category "Remote Access"
set tcp-portrange 6000-6063
next
edit "PING6"
set protocol ICMP6
set visibility disable
set icmptype 128
unset icmpcode
next
edit "MS-SQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 1433 1434
next
edit "MYSQL"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 3306
next
edit "RDP"
set category "Remote Access"
set tcp-portrange 3389
next
edit "VNC"
set category "Remote Access"
set tcp-portrange 5900
next
edit "DHCP6"
set category "Network Services"
set udp-portrange 546 547
next
edit "SQUID"
set category "Tunneling"
set tcp-portrange 3128
next
edit "SOCKS"
set category "Tunneling"
set tcp-portrange 1080
set udp-portrange 1080
next
edit "WINS"
set category "Remote Access"
set tcp-portrange 1512
set udp-portrange 1512
next
edit "RADIUS"
set category "Authentication"
set udp-portrange 1812 1813
next
edit "RADIUS-OLD"
set visibility disable
set udp-portrange 1645 1646
next
edit "CVSPSERVER"
set visibility disable
set tcp-portrange 2401
set udp-portrange 2401
next
edit "AFS3"
set category "File Access"
set tcp-portrange 7000-7009
set udp-portrange 7000-7009
next
edit "TRACEROUTE"
set category "Network Services"
set udp-portrange 33434-33535
next
edit "RTSP"
set category "VoIP, Messaging & Other Applications"
set tcp-portrange 554 7070 8554
set udp-portrange 554
next
edit "MMS"
set visibility disable
set tcp-portrange 1755
set udp-portrange 1024-5000
next
edit "NONE"
set visibility disable
set tcp-portrange 0
next
edit "webproxy"
set proxy enable
set category "Web Proxy"
set protocol ALL
set tcp-portrange 0-65535:0-65535
next
edit "OPC UA"
set comment "for opc ua access"
set tcp-portrange 49320
next
edit "UDP53"
set category "Web Access"
set udp-portrange 53
next
edit "MQTT"
set tcp-portrange 1883 8883 443
next
edit "Advantech-Testing-MQTT-8883"
set tcp-portrange 8883
next
edit "gmail"
set tcp-portrange 465
next
end
config firewall service group
edit "Email Access"
set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS"
next
edit "Web Access"
set member "DNS" "HTTP" "HTTPS"
next
edit "Windows AD"
set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB"
next
edit "Exchange Server"
set member "DCE-RPC" "DNS" "HTTPS"
next
end
config vpn certificate ca
end
config vpn certificate local
edit "Fortinet_CA_SSL"
set password ENC sVuxydH4EXq4h+Dr3MKZYU+r8k4KxxvxlDAeujeg35eLddIzANulEwGFeJevvE8sRwnjsgRmo0P781LUcWsF2ZnDN211hBUt6VbpGwDgwDNzuFFB9eAh/vXxQMDocI8ZraB7SGONlEFtO3jN9SiynWhLE2Mxe93Ki3kuczMM62bOi92MdFAtkmDJXxgdLVqEqFyVKw==
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIVHGVTevfHuoCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAsuftPSaeyoBIIEyLwdrP3UTvDy
ISQ6xfm1Dd4kBd886en83dMXCpSQN1rmsNHmCbjXMw80S6YBsHb1+lG1Ol4okwFO
H5g6aeKnlqelQHSH2dpScf6LrTXeA1vi7/Ae/dKekMGEA/3lMt/gqMWRpQR2KJFm
AgQJ65nDrc5lanpsx4SAXmHwwPntYwU/OwZA2u7iNE4XTZqPpW3BXWvtXQhRlQuZ
oRB0++67PU06rcP6C/1ZZfIDzHaaWVJwg2OMgNBdrduwwWo9r9zfNwJ+PAKJkCpQ
tgHcG8UPeBqQWrZuxe8YSnbsrgDiikwxZoY0ptjPF1VkQetPd1UVCyyznjDDuek1
QVI+46p/DDduPl4BFfV6JTOr50HR3R0OZsTcYw9LIew11K3eSbkG3Y8JVswgye7D
M5ZRLeam99GhGHWZzXMf12mQrQz5yzrrP5OMXqACXsEIf7aDbA1qGzXYK//BfpuS
mEK+YM8tLH5l/DIqtHo97mi/vpa031InoYVUpIi9JHCWEXv8orTePKYQbmbGayL2
TGbZgHd3U6erfl2K0YtlyjMdT1SDHfWQ1vQtunuVeKh8wfiBpwvxPxH/4DwGnmfp
XsdeCuI8Y8IoWdZu/QhPMRnjMN6yLkjUYMTDTzENA5kDcA8/lI95VNvXiVwCB8iv
y4ftIemXgzJUts5Z6BuyNDsoJUN42rnyawdMEJTrJDQokN2OxYz5BVkHMLTeFNtZ
5KyKN6JCJ+OPyAtWgH6U/MtUjiukbkeUV8p8AiMFZBvmuIKTGjh0p0uJyftQS3aI
vQREBgpFq6Jye9wtsTq8ZbAay4U+MyhT5VY+6VbCwcd7ia70qLcc+W9s0nxZ6vrk
G8vQVi2/ZGoe1H2n2GlL96cSWISlswXulqFIfVvxcZQ2+6RVQIHEU6T0jybtNhEo
U03PqiH6UvFmo4/fYyDAzsMT4+jtrDELpP6SXOgWtHBP7wktiBw1nzEfkCttPNk9
Uk36pXmMvY6j6N8zXuqIflWEWFEb6trxTz842mcfZJ83mixoVJI8CBt6ZYXPwz2Y
LwH1zaiyM4ri17Qs09WyOm0rponrZShCXWmzSu6aJtAQujAtn5i6YC3lepxL4d/A
XHmIUj5iOJ6d3nOiZTvxHIiWO2KaAs+KbEBKzcHtTjr6kK31p2dmAu8txv4PoAYW
+1adJetw4Lw3+T1AIzkenkHxs7hkkOR2OVu8p4icYXYe0xlcBYgZqGaxsIw/dWiT
cjmvSgwN6SADwlfBL+VjYjQ1smTDSuxVeF4j5iBuo1ZW23lnIryk9bx/b+jfhfKN
KI9NLPvPUHaiY/WAAtZZc/l7JnBU4F2M2nrUxOlwR4Zc+J05RxlCLn5K8qaPTzmt
a7d8nIYY/A8zo1jumVfdv7+G6lDSnOSohfW7BQvD7eSxKzXMvdAWekskdZ1J3klP
YLuZJY6a8RgwALO8JO2wVoDEFsX5PHPBWdnwLmaEnCFiK1POBXbdQT0Ga3Y1g170
TliMkf7dj3aUkHpqZn7RjuQocI+UlEcTGk9XxwIJxfBQBkZbsG1A4iehOsdjjFeS
9ZkT9S264mb8fz00DxZ40IyuDlVuTwdBEbS4odnXEuGISG6VAiQIy/Ur3joVOOCL
SGoVaRcS+QBAsyy5XoT6Ow==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID4jCCAsqgAwIBAgIEGe3NtjANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ
MBcGA1UEAwwQRkdUMzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9y
dEBmb3J0aW5ldC5jb20wHhcNMjIwMzI1MDUwNzUwWhcNMzIwMzI1MDUwNzUwWjCB
qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1
bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl
IEF1dGhvcml0eTEZMBcGA1UEAwwQRkdUMzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3
DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDl4RyNkBuLnDu9zEh5CFJKz9c9ykuqmjQ8+knHetWg7t3gnPrG
3PG5eReqpXCul4FzCLpFFl/IXPqqxp0OPHw1JchSZUjiAeceEPJawvfPUUCj6xr5
2xAMrOezywjn5OqpUEDiFJPoVwwkirL3ER42cZe3nhDtWC2KRZ16s3HZuKRJ/HUn
hZwzDXhDpSEfk04WYjc+/OFiQ1D1rslhinCHNcpVtcXQIRpMO3Z52GP+m6X8SQNb
YRnDI/c1tm7eoGN7AyQwIXWxDaTpyjwhLx52cB1lg5t+uTaXgVfZvvvLvRA3tNYm
2ZRdfDlL0kY0oDPYK9vWJsspmK0OL/oRI+SrAgMBAAGjEDAOMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBANrUs/Cd1lH8Zdz1Rd42rYfpE3DLEVo/qGoN
hm6yiqxea5yyTRZkTjuSljPQ9Y+krXecMC7JX7CiIdOgMVq/SfYddsHMDzjnWKSe
imBDQARYwiMFQwogPfcdpIXQg1F+wzeu5da4Q3mai3PuhmKSPxZ+BNO+u2c9Tb7G
xMRwtnBqOYSbJCcAjaUkOUSAWs5wuFWCLH8nV0aSlc/9gZqhJ3u9GU19iuHDKh6v
3KPsfl4vsG5PbgZznCD4EYLi3/H1vDo/H/3o0l3Juc9UoC6UmvjgPAg4o3ck/J22
t4bF+9aA47Cq/LFW8vgPHzfpTBpqKONsuKxnkFBeZlK2KkghUjg=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_CA_Untrusted"
set password ENC WFC6K6kkRAxP9LmPEq5i/Lnrfivo0xvx0PILoCGpDAQ2zff3sJopq6wtMdwJ/IUO7L65HXN29U8jH11ElNeW4cijlOI+GBdrCKukpld2ZE/tSDECYcK2dmdRs7NAaKRub8WR07r0JB5hyQ6pHN78rHjA1LeV3r1+G/M8HLosdHZd50mHxgFWzVB5KdV4FkRVRDZvRg==
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQISs221avPrrACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGBJkvyj/e4wBIIEyNhJc/buDOGN
0EhVsvUh687nKk6B9wPMUaXM/dC002mBL0Ck32OBgqba6TiAE0YgoJtR2p8RCST/
JMYDOZJquUK0Uts6orHS6MP9XOeYDNgASmlafToxlcEUHmtFCL0x2ljmlFZldeoO
e8vrHCE+xLax/cUE0RhFy+BsT5ZN+o6/K0LwPLGgEk+ykIMKAOrViOrXY0kyBiZW
ECQDual24BOz4+Bnix7Ps5lsjtHCIIGy8cDYUs24q7f3F/MVgBekF120ix18HAcx
YqPzCykIj4GsazVly1Y3VKhhQ7ugTYJUW0b/cut0wQNyH/pqnJKipELuVr5lOP8t
XdIivnVP3YWRFGhYb/Sl9CeuHAZjRRFqXbBF897U4jD2y+Fyzl/gL5iRanzq34rM
6wtNwDdV8TByaWKbq6mNd7vlg6bslCTz9rk1FXpYQpf61oJlE+LDp1aryBp+Sym/
Wanfo+efWjAajy7prqXqDPjNq5pPv4oKJN+o9BI0+6KDyhNCKB47BR2A63fX9Fah
U2ld5tuDWyei7ppUue31Dh541H5OPhv6nn5tNHQiMvlX7f/og4Zfgwq0pM4qVNGM
i3uQPAEHbRe/EcOwoWcAd0Kpt+iRF25NV6U6/E8VXbEgZZsgSWAq/+2AlSNdGPfI
Ir5/wJVLUY3W7fIb54dxSrd1fVe9zLwJOWZaoG2MdHZp9h7AhEmFHEVngeWma2Zj
1Zh7vI9v5wthBA+rb07lgnxWeEF/SqRgZMlrUwGW9Qi6jF48p864UM0nyMk2ToKu
T4TV6IwKJO828YtkomUsMoas8WYLgFrAGt9uWHvylJZ4Fn26mictfXKnwsavaQ54
B5NeExDkZnFfX8sh+kEkBHS/DamQyk0zi2wkeIuMC/lj8W69Agl3cjSooDcBiJKs
R2fGWMbmV8VTR++1NsPASp99M7X82S3erT3eSpd4RdGEGWuDFyQVM7BIHlt//864
9TVhWcklEB3aluH8zH/3EGk9ABlJp4lo1HvuQQMy0h/YnP9zHapbr4YrwI6X5S7E
EZ6F7kM5D2+EtFH8/YAXMc/jwqbQ8smKxcvXM3Ng+HIz1yGpCuqNRszxeOfwPzbG
DIeLcyEoPBxt7Ad5e6CG4ToE7LH6vtuabqhOoEtdfMmsoTSxkDnfhllENettJTpN
ihK8fuXjpKS4aHdSZ71oLFijjzgjHwsCcN+ymxCS9q7NdPyk5JUYY+b5jN0MycP3
PzuFpZZPg1S2e/p8hIeeFTr5u9/wjT34rbQLGBVDZAZSUV83g+kz6M0k/cu2+ZaM
GTqr/NHlTac4tUIbyecb8c8tniEn3ZQx1sJ6uIRupeiVuc3FA0gL+nNL1Dgnfk7r
b/wLsmOyTXN+I3HitDR+ywPGLN+TnIhiKZyVPypjYzQnKm9jss2XB0sg8wPyMVQx
tD5CyQ5R40u0c3r8jqDIoLm8gcXsx2/JkOP0ZzZu1FvzWGAuodvn351YMqe4AwQS
4HYGJVpAClsTHtqwlUFbaBBpxA/8C4aPHfAzRe/Vu2kLbjuVoj7piRYMkq2LTjxR
HTd9djCqVmxpmZ7KUhpEtKWrDrnMPjoaOw2MGavI0bHZ4Abjb9IPEK4T8tTXTC9O
ranKVlyzvTqdKvmZ5OnKNA==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIID7DCCAtSgAwIBAgIEJIONLjANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe
MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz
dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0yMjAzMjUwNTA3NTJaFw0zMjAzMjUwNTA3
NTJaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE
BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex
IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1UknozG8ksmSrhY696brkKk9vY7sYRFz83/
Nx5wytCDmtFNvr2LgHy69XNsu1cvzi/owR4UKzC+KoUup/OdVsjUsmW/XdxrjIm7
7StO+MXTMfmU2N8+dZFcjBW5WMpjBODkCJA/PuiNjdQtI71/gZ562ynoIytiDS4s
s7CdE/8weBmC8/IV8dRWg46CcsuoWqWfFuTDTuiw2xvm3t7AnJOqQuaAubvh8UpS
SP4MIwhjICsJGg24GEkG3VzcAjP9Iu0LzD2OBrSo7KopM6OK0cLm9PzjAUmF2dwK
HMHa5I0ZMnzAJNoZwj+cMk4e2zm8+Sj7ozFQWIlb7F4s7dYPCQIDAQABoxAwDjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB41lQ+1DTun4sqBcXHDpEW
K2760naNMONIp+oD13XPWTly8/e+hNJNM0Ir7Mek/lLwEkOSa0cE6Z6sHsSo/eQM
ISQO0wkzi/DkVGkNf9p9V6X7dy62sCvacsOLImo0fT/ZTnpfNjimFGChEA035cjY
7uCxgoIfvaee4NlEJk/q5sGchcekJPlg/PaQCmB7PMDwhOFIZHvdzrJ3W1NM7zhe
a0hf1iIvf8cuTdwnKAz0v17ntADlweq2mwdfLANgpt8J6H4auSbIz+vUP5fgRrVf
4BIJakx9TTBo0UoOCtOnek4sZfi+LAPIa8uLUnna/kNji5UEJ0wZs3XJBPsl6/2E
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL"
set password ENC F0uN2+WLi4lSTqqTOJUXAuXvQGUn19iE7Yl2HkQR9gqPfJtWUhF5qYZAnBGhbnOHtbr5GsE7xWRmJB8C1yD5Z1CiJOVo2P8np23Osm9vGUjYfNraLFp3N9KKE5D/KFuu5wGbtbvQxROwpFUce8hgWL4n8AHqcsH+BzbAHGSx2jWQrT2VC6jMt/fH5uBfFHOm1ZGx+w==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFsHKHUSYEzwCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCFup7bM0yfFBIIEyOe9+FYDwRzS
8fViFSAi4NnXf2XV5Mdnv9BQK+taRtSPvMG0TCFU07GeZ59jMNpFK0SUiq6d3kzp
QGQTt+8J7nDqvvYpQd8bwHT/ZmhqEmrPox9CUYvzi6/qJaNAkAZ/tZ7eI4uLmNNm
I1DXC0dXnu7zO3UqSQ1p+84vaL77azbzrHXi4LW78rlrxhM4DY6Yo3N5Ud+YyfST
CWLrPJhutnc+R+XTgc9+lKNdBgTckcF4GMPru2/+3Ly3e1hxbbLWUwKrV+P5ycPf
Xtbz/RpMVXFygjKI0paNFuLrwwG7qHYkKu0EHQX5d8xQIX93Il5gtjPrjPCQWIXB
2FRgZBU0vLccLw2aIaUOd6DiEjM7m7LiS85EnuQFF9uFpmhA38WAxvKd/2SUP8JT
JIMHuMmUKoiLe6HuSSkfz9CU4RauDtE/v+P9JlTzxBZEv27h0WHZYbDXZZfjzcrc
vZc6b+keKm3oCtdiWJvGWi1EKnsPGEn1glZ7hIn7bRiBe47X2YDDMMSjQioyKj05
wwPcdPGT0+Mu7vbiBJBqYoFRC+p8owjRigSyXqYF/q+TbdiQICYp6DnBTdY3oTxE
Zra3Cq9SgWvvfQYpOlkrY5TazIMDwhENdllLaGKelCDI9BNsFL42O9hvXmtPhvsj
bOKVnqHvxnAB92SZuXM7Y77aFx3VYGV3ZuYCMQksoOEtqeEFDt7aCIaa7whIxxVp
/2O3U60HuozLquwfzwBANUdbbNhw/ZKSJ8OIESpDw2trVbb7+ejXsiQBxfzs8Ry8
15eFiEH6RMHdmJQtMWEBdvsNx/sSpo8tbTv9bJP0UdUuSp2FQ+HBlVZpIt3PtRzF
MbBua2FF9959FOWh7qi5lkG9kOzB2ngR9Aoc9/P7G8s/kbQmOIPusu2G6if5GVh9
34vfD043jcrkbBqnE2iJxzt0S5W/rQJlLmyR0LEijBsHXYIFXVmiQy+Eq+IYDsvg
LnIbY94UEjC65/5WcdHMrC3v7dfTvJvQ297pZ8dGRybpxDxnTOEx8YdMOdCUT7Up
j2wpg2rXi9SaJ8E6+yLdIg6pasM73PVkt2g0QarfL6h4+ZW5ag37x/X6w3fNPFbF
4BiAYaRUVxXWLpJgB8KJNlmvegUbaGZk/sb6aWd51KTxnZyi1iEtU/89wJDpJap1
SVHa84YwRyGblwGJa3keaAPUMOiMH6NJo55wRxMf211hzkPiL7eDrHHnc/Jty+0t
1JlvvbuMAKHgqR1Hy27nXirTw4ZkNZ6skFAIypwhgrygNWr3IE3j5dT0zqIQBDZj
pA+vCHd2107v+No1UoAFZsipJ4qdlLGygwXk3sC1t0Cztq5kBEZ/9WSZG4xBXfj2
oU8yXJUlLwoU+Wimf9sNsLjIEFQgUoPw5Orc6tVVhQuqbaRFjCb4q1oJdNr30Je8
eSD0XkPDQOqBXxjieH973I0zRC++Rs5zeI+ddw9IFDVJ+h+2xutpTpDXsHOlhxTO
lv5QHERLRcPkzmbMUoHykRm9rdxW7kNbFNG7rlAKhi+Y6AsBy5EIfnJZ4aZOFhof
ZfdnWk8km1DK0nhcswtD2jF9EbsCdDneI3HW78WJUZzk3X5LoCHe8H3jijkrTOab
m+X/JXd5WWDy5lv/HZ0J1A==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEKZvPbzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMjIwMzI1MDUwNzU0WhcNMzIwMzI1MDUwNzU0WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs5wbjR2ELYAX+6zyt
eddUxDSIQ+3brW3l3I9rQRJJdt693IpQ7moxJ0DDEGtfdzMt6hFkyZgR5FrcL3Qp
xKFF7CDckQYWpHX4IXAaFBwAA5ymMCb5ARSPocmttBZCWvYE1/n+phqRLJ51KcvU
MBSRsD/0OgVta1VLSi90W4Cro2VqCqOGpvpdC0cLnbZ+zFgkcjqWrvCN3IW0i8Au
qHEd7++Oyp8ZRpahmNk0vhAPI2A/6ns5/stj8yNDLt3Odmm0Ll5aH4rGtp09OPun
aKDpXw/2t9TJ6lesyURnxNFDj4vtOpB2xh4mfUZzJckj+zLgubZ9GYNTOY0FeQZy
QQaJAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAItCNy7E
S2syfaTaCNJyTzUJPo1VOl2xm/CO50DJmw0LOCRFBczZnh2xsT76iTQv9aja6VA+
+YOVyz15WTNF5BN4Rbv8bL8AdXy22VC981+nP9Kqo3MRVG0MKULVmUHevL5+wvZW
YHPvAT//pebibhp4qqwINbzqkxM9vR26d71cK4GoDVJc46dxYoxOOPDZG0VQGJcF
9ANAPygJGIYR/sRhm0CSF6hm2ZZFP4Lfvp2/X4sXFh2LV2Xw3w97K7Ht8H3Xic7F
dkTvTHhY1WBmf+gdfvSECBTFT3igdKpKwO6KIWXCYMkRx0SijnYv5uSz29VpYeed
nAX6sZkjQObaVRI=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_RSA1024"
set password ENC YpbiotPNemlqjNSpCMRRN09Nyk4lMndEICTp+RLpqOTfTsX2sA1Szp1ikfC4FTKiTC85VNO8gI14lquJuTBpPXn/T0mD21A5HyqNOD6GFv5ou0kibXfyIk1OvA0rroghLD1YPqA1HLicOZeABtLYz1q1XrrJtb32vdhJcj+mROgMO/SLaW76C3eyisJrbUNkNMhYGA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIauckp8wDGlcCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKU/QKpl2GjrBIICgOrRGjstRQli
3StB5P1bnsoWOfGXaETGAM3gKGNhKGYm+gW8caCeCD/G5v+n49zszPBUdD/pe5Hs
g4Vy8tLNGvWRpyDMR3nirGRs8Xi8wgshb3aZ3a5MwODSJQyp0mASsR4QYeMfu/Pn
EuXrWP7PgUoWU4Ng8lxLDFMP88jzEGgknvitH+6+elW034QEhEMdWLyCvg0UOccW
fXtdAlKM4Ar4uTUlqjQUq3XdXX3n2OxfLCfRkdpp8xMTIooLOvSqYAm6GEaT0x16
+ixw64Q44ht2otKIJHtcKN0mWYazEERR6YlhIb94XFaTu5x0H+CU44itkUFEm6Cc
eeanjPjsfGHyPtcG63/LNp2XjwQGP1LtCh6dEkzoqOpgVIdXlFRTlT2q5DZJYMe+
wPc/e6HIBDqfzztUS1/YEQE7s1G4Z/CGxRuFkt155n8DzQ6QY4a/AIE/ld840yo6
9jBAuutciNcKu5vq+7wmpP4lSfZaJ7h9e++JQsBXgl7Z5O6UbZhVzcwl8BDmA2jn
tLbNL+jHkkkL2mlxdm3Sq1kMUuQSMjHZyVV60FyGV6X0QATnIZ1LTjL94NEM23JF
8NVCoObbzc/qObyDAB9YdiIInFDhRwblbJawETdHujh7dQrhQSohr+yAyaQhZdcr
f5+8GQxrlhlxLYm5ww/u8XPnbBCWbrQXYav/+G9RO2FRHtoxLR5PNIurh4MnQ98/
yA47VpPbwhtr5aFgdPu+kPao15slGzqdvzVdOFLYQ0GKuhwn7addawGnuK3iWqnK
pzm/thlD2vtL4SUnQ66xBfPq3LDrGfKRuQhLfFaLY0+jOMnuV9eSqk4dyvKwHe5v
7/GIWTCeb8k=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICwjCCAiugAwIBAgIEaXQPYzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMjIwMzI1MDUwNzU1WhcNMzIwMzI1MDUwNzU1WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANTDpn2vd0SsFKMom3KsdVXo
jVlTL7qLBUP0h1dkG7w2TtBR2dHrSZVn+eUz1PjnWOVNOj5is65Qm7mU7R1QtVFj
LIDD6i+3demycWlSV0k/ISz/QWE5uJMZmcsmDwmuJp68+v4IiZ/DzbE6iwgKsyFR
EGwsoCeXMRBbju+orskPAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADgYEATHySVHPT0hmrR4p4JXHqcu7iKZ1ZEDRsVOW7IHkUfMXEJmxUuaulqW2J
qqqNb0GisL1z5FqJV78Pkukuu9VdWVwQK4B7okgYIiR94TAvOVwldiZqctEZtW7y
Ov8n+NHQYNHr2GazhufjZa/cpxe34jNRBgLsV5yTzXe6PviFXCs=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_RSA2048"
set password ENC uzNbh2HOC8dxsgaQ2RPqkY5TDUH9h/mRbbcBxK4WD+zRzeEzrUaqT5s3kl8zfATM4+XHshKbRmhMfEF67QHLd6WOSfnQV3PeED6ejiZ4XWp+3qwKvvb5PCDhtu7pcwHuJKPff2peeuGlkqgRrg45XkVToPEc5heFtrW5l42wzfhRXPxyf1ZHiwY+v6w9CG7tfeZYtA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJIhCUdR+JAECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECF+2IdJvker6BIIEyIaJfwvNqoZv
P13i30FWAwzEE8cMe+jVOAjSL1usNzRMHkK+snLdQW/kphDyvPbzKSN9Rq1SjHx7
JfNJlb+HDKbw9PIzwM88z4Q17q6yq8zFYQQD8BZkyeqvKdy/VR6aFgrZebGWBuMl
tyO80/yhhqwx7XXKCecjxWGXSnjOrsHfxB18epei+JCwJFINNIQ4VVxd8+uxKgby
S6lE/lJCQc+tNj2shdeJkmn5m23tGz4AI+6G7uTJAPwTUuuXRi3nhbbch1g5zHG4
CTZxMzVFBxvHr/8XzBbPhIbo9ATsDOrpgvNjhbj57kX6B2Uc2e2yugttNV2vlq6f
lO568zgq1n7etLaXGz6HExA8l1kmA5v3QHKubtJFHn1tRYJY4VnPuWcpHGrDNXOg
KMhCoGgsubnJ0HxbjO1E1huTitciN/i+MyedlkTJYVZEOhNBwHDq1qmRypLtWXP+
jtjHS5Hb42Y72+BoZAl19V9zS+xqmhop8eYH4Ea+9kGIlmUuLJuPyekBKaUm05fy
ElqMh9+ojTB0uRivqvsKu+AX6xtYTB7/Rnnz0bLxzgTD/JRW2nZjiEeaawFf9jJv
ZN8hSQ8qMmRFiNqhvFPYgNHHOsrhbKfrliyIgYMsfrxnEpe/T/s/cjPQYcExJgm2
MK1GDHn3iYgrGAtuDXz38lt48LVwP8yuVD2W1pTUvEEgfYidw5DKMGGcCXX4sEYv
iwyEDAx3S2LydoyB4Qa161sUABLh24lcGNtS6k71p+VDtzh+lK1Biw8rLG5wAexR
Nz9i7IQQr8hR1PjGO6hhS8PtFOfJuvzH2AJaYKzaCMPn+mC8U/5ix59Nfd5fHKLV
aVPIa+GgkHc/RUbWU1uUopr+2Q0jQbmckIOHqIgo1COVWkfqCLUQnXqjADY+2u8B
SrwvBorrIRpv7jPE11cU3cdnefsFvz2D0LZx6pYqlUsabJYRcd+4h7iYK0m/st++
jlMWlMkDu9upGl+zOH68fY3qK9UR/EtjojrKEL8iL33wnYQPUAVbf/DENkajW35r
7h5SYBRLHuTTzdtx3/1yKu//GxfyRukOFD2CBrSufxeBIsdRAC6ppCaUft1UqWaa
YkQ8JVfaD2c4ikH8yU8GVK5AsoE/QRr/ByiUEKzv6mxg9pWBYLUyTkL1qJNYNSDI
rCNSt13c5ljPfyd9caJBkblp2hBpUfL7B7TJVM9ntLqkAbBaBR7vVeFRfXf+KlSw
r303Mki/j1pJ7fCeDEfjt9To626NDKO8fZglKnrc0gg2LFpgjOOLeBbxaS71JVip
EJ2wQfQksNDn9WFIJFxsGTDGjDm+bd9aDtZzhRTcg0xTV24S17MLMxq/ruFCmFHp
jQWVHj+Z2rK7+RABUAGikoO8tr1P5I1A3+UgnAeqQXAFmnCiOaUECxXH6AD5IbTZ
cBvJYZkjnfiCqhYeVH3XNaiqNbVtudmj/olPA/HY9yxDkc5V77uaMe/LPVf9J7bz
vAhYBRt7/KMT/s0EIAhDBHKhWkhD2l3B3gAiD79YPyuOzxjYiSAYnjh+mw4vzMV+
8WoxwshpNAosOSVoe5svDITwHWkdV4BE9tAokAfXMtd8R+clVQ9jAVJICD44zWLO
p3Rr8P8EfFS56UL1yaOIlA==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEUlYm4DANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMjIwMzI1MDUwNzU3WhcNMzIwMzI1MDUwNzU3WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv28KT45WXJdBj3Nfa
L17+YxY2QiTG3oVktT1tPszBiNBWVh79ohOGC4T0sYTtN7DYG2FZV3/XZ1gmJ6lx
PT8qOhV4M3dyCIf+qqFa1/Pq5aB8APB5MBt9ceXzyA5tFaglCLY9Fpj9/QUxt+Yw
Wkbr+uIPmhP7KOW2+F+UWFIe0tLiEkd5wAvp9/gAMw+/BVVpH/kPFgDwmij4nB/a
DWSPibZ/VkHi9dhNe24ZMRuW7Sjq9IXLYcmCiLC24Fki3RfaUUKkm6KEAiOhw0lc
yMfBHFruaYVHOI5aHdyx3s/KW+f3Ortl7PknYYaxoivu6NvRWH9nYeaaoJSow1ct
VdG5AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADk6/0Qw
QJd+gdWWxVHYTdyf1lqRfPH1g5WegiBdfrentMkD4NizD0c/JnpMDF0Ob1mglKDd
alIDbLEOD9x+QSDIxkHDtQCVop/yQY9U2OdEvJ+07cCKXbVF2kD+EzjhU8UDWEAO
4EoErPhAZZwDKvqEsQE8cU+Hz55e4VrZ9jCjKAR4EAivHCyTuAI5eX9cqSF+EBgp
xyqi8S082n2JlTwDHftHEExrCvzsD2L0w4hBbAWgh3NsNPsatOwUNVBynI7/LMkP
nSTCA36xteGTbvGO7cpq8QR9P0CosLf06ljOKOaUFYz/UUrMSn6qBMUsUZJc346+
sm2AeP7qODW1kFs=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_RSA4096"
set password ENC QJbYOpHZR3sC7V6Qr1grxpnqwu0VKhl6QLiI5m3oxbr4uJsq0Ffm9Hy+QJgMRzmEm2A3QJb4uf5SXw+sCu1BSOtY/5oMX45t2tWep+iz1N1BvygrNpQojctZmgDz8/aU0f/bP5nt4UgKKsMY23mm9i0ApU44LGmcVU/Slj3jqlqeF1BPTfv1kEn25LwqxZ8mAn2rNw==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIvpwhmGAi7uUCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJ+ZnkqcLOGYBIIJSFe+G5yxbJHj
7uAUF3NbGMG/Iv+XJ8orY/f8ZfIyX1W5o5dgpcl9qCkCJn9j7bLE913sahL6PtZy
SHm829NpPonInFcIGeUIqmA5qsE2b7BbcR1RTd0BmrIqgOFlZJ+qTRvWrvcEZZwU
eGCslKb6pYcfDHFIlyM07jsXG1W3LBBiBtwAy+u39IaQif3q69XPxEwHzD51F+Q8
/Vc6XYeytuA84e5wg9YscDFVjry2+cRpk6EIY1yLIbWzcOc98BHgJuy6fFnTOJr7
E+uD83AKPii8nWEKYULc4wVL36SfmJlenJLp0LdeAvM5DhXFmbn6ltgMvVYUPDoC
62atgCIOF+ro9Hfu1DD5tUOdRfdFVmFy2QVRtgf358uwPL42GJS/XYFhdgoc4bk5
aN0GUWa8a055bJbwL5mfAIrDj9vruCWJ0b7rRR25RwGlynLwzfvRgjmR/GM6uHX6
/1udchPtfqwS8V45yVElGGOQEFAbdjfMaNpH/YGuaG5JjXs0l5aav8jd1C6aEzjz
rL7swxKmMUZEc333DbYCP+nmxI3Q363ynEtkM8zMXxBwl1cY1MKF1XaU5bO2L+0C
y1LUOL8YlenVxctirnRtA8D8RKsiPg/oUPFr+jEoSKXfaR/W7GSViXVV8R8prszV
X5WCXuwJnQE9hUNVplE3MlPQxpc0bgwY/7UbPEg0PD0TrDC/V/ZFly/hMcWk0wVh
WlzRJYBjXA8ZhO9kGSQGEGnG7owI6q3L304ePYXgPff7hN9CpMVgefjw+bMahFrl
8bUNJmPf4G5K8/GyNPovkjcfyyWOtR9xA6GdE3kYA2CWFpcqmeXimzFr15Wc10mp
y5+98Za9rxL6uRPMcifcdTv/1YQgrH0d0Q7IBd5PzzyBYofa15IpbLcb4np7VcAR
iChB6tJHZeCjZOnojcSDp1x6newf2By/Wc5EiqaWbhNnPJND+8TIyv3TsG9cRJK3
BtnRQWcpbt+gAdzp12Yl/24WLzSCYzjA2uXzTRQjKADu5cMtF1F0doM/MKGQ5Ucx
ZaFCIUAsmUG4RF0fKACGSTIQgOy8TQX7yx1GxbxeNIl7n8qMUTo272RW8QBWMNYL
8eo1GXic8FdIdcscixCuFPqNwFkmvrjyCR4VR2SeEuDohxGLW3tHWh/oik2dOkwh
BxPhtAEb57DIAVW0Z9Na/piTmKMc1DKKvOgb0/ENYTF/vDA71le+tXPetpf38R7c
RXdSMe+XddrYuxZVBaW0ouiNkSYivzPUGA+iaQvCU5J+E+K3U4r7i0LRBU7u0XMc
xrdzbGyH8S3MwCOBEPMK6JqsuhWGDK+kUDpkK9wMInQzKfPPIK5qL7NcwggctnGF
WLhQd2hNuNj9DKK12pEdqHW3uE9ELLTf+cFxNnxd8A6oh2VXJQKRMA3avQIJuATn
A594PC+KAl6NMNJo2NfXJeVT0w3ueMjYc6nVUScsiBBhrxfHXmURxH9u3SImS6Md
KYgHhuT3ZBCjzHr8noR/ZCowx3z9LHkdzc6VFkSFwZ+U1ST0xHSFCURu1g8nt7ER
jR3tS41Os0xGilLdKhB0mNv5qFC3e/Y9d9OFSjDsMWfk8t3QO7n/1vPlarrWOdpU
hQpVeGkpm4rC8RLaIDCBURI9rTHkr6YyuVie90aKu0kXcHMHZbLc398GFo4uToKW
OCSPDAO8U5dzXtoqodTDRVYM+/9MR45DB0awGLpSuX4W5C48TfswnGJkcMgW/Wmr
sjs7SVHnncQH1Zp+b2ELUv/XXBFp9PPYX3AYxuUWNg2qxhJWfifMOScK0U277MeQ
w0BHDsgU8ahMlBBkk4EI33wGZPvIHy4nhPY2bgm/hZEFvcT7ZUEjrvSD1prYH24Z
DYOElF9U3+TWdrcLGRqs9ZqeZir4NxmONozUW4hIF3HWAkh4NigEq3NC8vLWHFdb
/F6aqOdHvBDFGfK5U8OprozUGV5RVjOMqXRX2Y0/BEx77Kwh4VyyY/byjQCnyKxf
dagGRZV771Vzx1sBGvfWsQr/zYHgKnRX/M5lIWFm/cuYgSJCBMofEREx6oYHrlAA
Y8Um5AM71DDqNqTzMpCkscvtTurobnj3DjzRgv4fxgmnqhz9/NsnwsMvV8iZPucl
qw3m9AMbacNcWSiK/fnSPWRbp6/Xs0c4zfFYWiRwBRRP2TLXfOuXRpoHvp1LEneJ
UhpnEaAW5xpOxQao0a+lOptYV6Dzf6KrWr8TDwohPUi1a8QNJwyHoOWFWABz3qSC
sxtsgM65V7Rp4XQEZOmHk+Osn+Wu3JfnTk5ZvkJ9byZyLxvWlFVIzjkaXVJwMEea
P3nsevJ6BDCLR+qms2NkDBqLDGYLUSB18W2grNQWmrpACiXTGnHwXbqfg2jq4S3F
N2CFQxCmlObN3vzwPTaTMPCu3//7j8AltZyw9pB1K2Lir0c85XIVfYMvi2gotac/
/QFSFWELR/LhGvHhNWGGRpkhndyUofPZy6n2a90YLTgkPea6CirhtTxIMyGgtSoV
RYKmQWLda8Fex/mFQQpFkm0ZUottAANAtAsI7ilU12EOnwNLd/x3kYwg3frivISQ
tNRhY0sgbN05aH0khvQGaoPEmFSZRahMsAWzpWiGRQGihPATJ151USqwwoAOasHd
ZLI7U8ly5DsNROS9axum50rp6vgcVUxWHHOfW/ln2WL0PPxl9CsWVCkhGt4IK2/b
7s8s2GdphFABGjCylMfRfW3bVcWV7jPQadLdCMkD4XV1S/b5YlGd66A69GaMPuZ2
/a7NpdyT32O5vpYIQphLT/Js/W3znpfMltr5VKzKSYf70e5O+2q6jrUQ1Gp1DBDV
9WO14hlGBPRlXAVJtyruQWAiGq3JUsoEUAkvStVrdg3mHudq5IGb0B+RdXs4iKzG
3S0V8Klr2Y0SMR3w60ci79jUo3y1lGbnQz0NHT7HWds0LesRguIHjnm/dcgkO6Je
Bk/boR70x+P/E90GiV8nSO0QYMdU1y2LFDVeuvMlwsPVTKdqIvQ0roqdn+vW8MPW
bHxqEHTkqaRwx+ezdfoaOusOImxsvwQLkmsyegXQLvglHPHy74gvw4bTNJpBZd0I
mH2u5RHEna8txfmPKhcoPZXdz0X9OsKeL7X7j6IGyp56Ae2tpCWeQSnXI5ATUCXK
4SlMXK5SK32lNowg6YTkVQ==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIFxzCCA6+gAwIBAgIEMXkbGzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wHhcNMjIwMzI1MDUwODE1WhcNMzIwMzI1MDUwODE1WjCBnTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G
A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU
MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j
b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDjjen6sYFmeXlAhj1h
8rLRRh2lLo2dKEO/b86ZSJtivn7tuAgG0DayJA64BFr9+/BJa2GbwlUkvMBgXgjt
BljxHz3xdDsOu6Gt2ifAZ9u1ik7h6wvJ73752o6y3/9GQA90DclIVkGhQugSSdru
rCRkeSQbCByAftCSOtNmSlFpkiCewEz1SfG4EbUhDWf3QQxef1HMzKGH6TWFD+wI
u6yq8vuNuA2Zs62C7OE/O1AMX5KBQzXVh4FX920YHU951apDOskwaiRG2gaQad1F
ueWpOvhfyEDPfUX436cibm5iwKT9HKQXFX1xs0C9wKkn4pQX8E7rWaxtV/cAQbeY
uw+VzXKcTI62N6GlCHujptnXA3a9t04gJBp2iIFFv2elZMyIkY1E0P1sQ7cUEB9G
Uq3iUbAMXaVjYfY/QVfsMn0Yh3Eh+9eOl9dFM7XfRsrJT3a8yosSpEmYSH1f8q06
2eajbswAyDsaE9msmDGCwMycwgcdWF8vZVsjayB+MSdqyAsWPNBYpzYV1UCKvXzm
H3at6Zt6jbtdrNf5eyhAxPcnC9OalYW6Y0l7y1ZF2mKKaWvT/QgVTd3t0IQ+CEx5
gDfZXwvZtNA7gwj5qc7n/UOZ8ldtnRXrq/FnvAlVEqJT7/lmY6Do3AvAZ7rVHyEF
TnHxsTw9ABjYS2ssfHZQT/72xQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3
DQEBCwUAA4ICAQC66a4HPDO6NDZu9kpXV3ys8Zq5yXDwWegqQxBGeTosv4Z02C3B
SX34O2Z4MFZjDbTf+uBE+H3Z9FoRgGeDN0qT+2lHjyLhyx/v615zw2GbxC0D6rz5
D7H13SJf+4UabMJ0+uhbtj5nW5dzi5xb0Isoch6eg4q82HPLk/gG6bhoYvXTQI6o
4zsbifsRQINp9aO6uP+6JtWQN0+0xNlzA18cehWLFKOYa6DIDbjC5L44GcdewDDA
rZCMiKvufSqiEQGVEL1LNd06I2eEdYkJv8N0dekOT6vZZH8hT2lcNErxUOsodXHx
amZuv4RMRHqqcKV3XvjGcIohptdGC7Wu3RuHcb0nCS/1Kg4wLT58NDV+ZZGRbEMm
gH5Fc9eEo3Y4BVoWTmNyMJjRh9OyXmty7VTxDtM6e3vl197VkkqPwbm57YMVGhPr
eGY1fjyeth/eJmqXFGIWF8TgGVkxx+VeQ7Xq/OjC/VAfB7z/PtNSQOfMLPTGE6xl
W36TWjrqoHCOZ7/kasKl+JMG3o0bfOi/RXwo5stkBiHvzmLd2DRbRidGj9F3GK1+
UByUx74EjI1Hy3OFZ3Y26afbQXCKr60RtiL6dVvWluUqDtdpNk1PpiLhdNih7liR
0em0DXdpEcCs4zZwJN6Z4nR7RPXSasOrNF42MMhfltRuBPan70NwFO22cw==
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_DSA1024"
set password ENC SfEI14XVlV9Bl1oddtRcGfOJX0klARC8NTjHgONR3OCEQv5eyRxkMfymzL2PzmokZGwI6o6IUh0Dl028WFQeT/vVCSZ0PdquGhIhakC95EgNiIbo+xhc16uw4v19ziGteheTX1tUU6bHTytKzKeqorkfplyBPjtuAu19boFhhGS9xgIbZLSdoWJnz614ljPJsib8Qw==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI4GPMoANobBcCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYmmMG6QYyLBIIBUFTVWVc/Kjyc
/GL+qMfLEn+QnD+lDv+0k0uoyg0jMVUSVvmKx3S4ngHAb+a1tn+wYb1tR58VSubz
3jfw6kei+iEBGS5zlhtHrZR8rArssMPguZ1LC5Ez/T833/TiNzNTXkz/rZAP8TZY
OtMsZoBQJiCTWl+5ThPvA6bZ/8cmcULKKQeN4Se5OL3iqcYxluJLodzGkoZFSUe/
p3aUGtuWm9s8uF3bWYkMnmTsAWRAf6Ptk9x3x7IgB3RmlCsANEEC8cdb2plLA0K2
odHiiCkm62kKKE4WQNQXerfplKNaJinxt3EfVD+jzSBYKy+fHrDzcDZRoSSDleXc
zfTbqILvPZMesJTOCiOdA+Ht7QPVVywXkLPOudFsjadNMyMyx+vE15ituQtaZYXr
U/0XdlJQiloqNottrzwEzRy5+FKKKBmimmAaTdhmpPMys5cx6r6Z8w==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIDgzCCA0GgAwIBAgIEZJIRaTALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw
RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MB4XDTIyMDMyNTA1MDgxN1oXDTMyMDMyNTA1MDgxN1owgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw
RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAOSUQtOiA2bOvVf0Ckns3zyywEaSNrcZ
ttJd+Vx//9RHEPrqRv8+OF58iIG9ZnIw+8qz/cxaV7mxIZuNTE8xMK3ocbFzd59f
epE7yaPzqABcuoyx2kj970w06S7sd/9MHdH+bD5MJBQFjJOtfD9HyPxqyDbHDLE/
N07gSOyu1O65AhUAgCuvSLD89PrnNAnnyLiUqPsL6ykCgYB3ChbZ3HXm3i9hM8GN
XZDUPyxCIbLdfsrnip3MO+5RQ9XbFVC13SDlThPRJPVtcahFr1s+d7a+nad5Wexv
Yxp15apkUsvYHJ2CDPE4vRcGkjpCluTkVcyd6778VUyjwFxUw0rDQ8OQvsaE/IMQ
ikz1ainzNQXEwL/cGwH5KuloTAOBhAACgYBEOQ2ZStm0hferJ+YjUij8X1sm78yg
7E5fHckTrjZJMovbK1crsW5ozDO/a55gC1Vy8oLhqZBO+2qlzo5C0fhCb4F5z183
mnjpMKIb0mddwlLDDFzghSY2L4J2H4MheLc03gmk9CE+kDRUJ0YlVJO7j3QjHkoq
TspzJCbVYTV2TaMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDLwAwLAIUGVxu
JQAg9Q392sZtJ94qDHraIwICFB0cwmK4nIKay0jEKMXIsdwvLFcH
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_DSA2048"
set password ENC w+BMfVv3vTRVPovpckBq+v0fFrP6rWsolhUaHaEb91r/zRUGlS5e4ol8FQaFZAy8BL1DwmcXh/51wSCsN/B2Z6jPHv7hoKn25LdpsupvHrm4q8l5INVI815fWBArYkYe0g60SI1L2GR0KQEZImmfQUNDlOisBXYK2qHjc/3VPOAaO0ZYgX0CBmxVTSxb5fib7Kv3yA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIPqi511qCwPECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECK01l8qlC+pVBIICcLX8YpPohzQI
OEUO/z9Fgr02utQ1Zru9VZhglhl499FWr+OxWbkuZhWhBoBB2gT3tn26OpUq9G56
iCmLFtYbVUh1DN5bLPTzdPu0EeV3I4fHa6BngS689c+wBG1Y6hw4+FWKYoWE5FhE
zSzpch4qxSkfJUiPk5HHwgwNpIEBJT7W9XSbO2pjO1v+0Sfxksb132zL7NlEiJZ+
/LRevBNSpCq0uMFhrQlVRvbQYBU1a71+mFkuhtDoADHwCrVkwIJ0XlmVWRQpXZdb
uz6Uszen7QmXynPWlqsUzlIAINzU4MbuSDvto51WI105sJhGlT3Bq0UCaxuxaW4f
oJOBLlNYWllDDTTZi+HTbfVdRk9Ie1bJy/qFd0vduESXmJBIirPhemD1UT/12cZ8
swCjTeBqROCAZJqsdXavM9Bd/nXb6xgS5hkxR+LoHeJzn/JnIa/3x0xTgCy7F9C7
aiTqFJPf+f563IVRGEqwqeqauGjRIEcHE2JsT0pLuO0X+N7wK8gFUykyZr1asOQQ
QI1Ylroq8I5Ob0VqX0uH9lmISIwErrbwUdWVxBJzU5USsBsIqaS0DAmUYRNY0DUH
ncrZijsMurLyFzpx9b82lpSwS2zvK6D3jslh7usgap33jTwbH0q8BMjklTv92yEf
75amgqd99T2ruLsHGMgmLnH8PSVPqafYqqB4fgs5PwstqvGGfShjeCbFKnGXBjP7
Ja40ZpR52IgjHUGbQlDBAwDaxlJxoceqvRjRw0utAeAwvvASGz8+3aU5BD7dZsUE
XeAX8aF3F5kb7P8DxhrH5izbxGmyRuGs9aubtavPIGH+p0lQaWI23Q==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIFLDCCBNKgAwIBAgIEeOzvoTALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw
RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MB4XDTIyMDMyNTA1MDgyN1oXDTMyMDMyNTA1MDgyN1owgZ0xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV
BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw
RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t
MIIDRzCCAjoGByqGSM44BAEwggItAoIBAQC3+hT7dEHGXrQMhG9ZM6lqjQVA8gfE
IT+VlCIYlHmZbgLS+YQbGDfe0i3rZLxe5eq48ozTSbXY3cEyNC+LyFAh3VPuzwHV
IdMQ09y0k+N7qrap/upFjxcUbl+HYL9CLdErpVBfEtM5RoiIM9RkZj2cl0YK5t9k
qJ98NREig68zODKaHAuWoBk1nt5Aow0CRkS+EkVp3wJ/jvuMXE+WzQyqx5Dg1Vqx
ANEBMIcQcuGwpDgcqqfMeORacyuOS4P0M1RTyRtgjszItrp3BMDY6iSYOu3WDwR7
LCN9RFyvhYdchW6JZBqLBNn7KLqGgk3yfRMfGIAwQpc4QXcdXFNNa+UFAiEA1F8w
Te0+Q+YKjFWD20dJs/6OOsij964QuIOxcjUhPfECggEBAJRgkibqGht3vCIAlPcN
49j+CT2p/tBlPFQbqOBqzbx4UIuJM7h/QWSYJkyceiVEYQaG33E9Ca06/kmOx5gs
kajk+BBFIh+NNyTzmPR0hz2Dq9zKA3sWwhSyEEMZZ44ZfHfambhYwB0nbDJQCN5n
2AhCU06fZsZQj6hQTt/CcFv9bdptPRNh6ALRmQOa+4D9Di7wWQDK8gD9j4jagZQY
viwRiEGJzhquQMFbc2cyuLwlP2SStVt5WGOkkdr1r2E84f194/HcFxF+2Jjr9aHr
616hg93Ib0dzHtgXzGMMnK4NnjDRlG4ZTMdLM9yC6UQDfxdiyiOkeicOx4dWaGhG
u2ADggEFAAKCAQAEr8il4CWW5OwRtRUiuBhu/U/2Yctcq0jwHklmRtuBzCV+xOP6
cBP9hU59zzjPL142zlYJhFx7TaJwSWCbB7Gr0qu9zn51FPjLYzOtt6D9PhT61UPC
JMsa0rgnUyCfoGfos47YsRCephhJZ3/fGi+LEd1fCLMSTADYTH9rypR0raEEvkrw
Sh8PmPhlsEYtxPNSNxJV6cNcnxY92iJ61+xxaxjAI7R+zBnTwZc1ispKP5htixKu
hBbkCY+6h5fBddK8hBGaTcU88ahlpxKSvdLil5oSTFj+QDuFhAax2H1cPyWtQ4YE
Du5nWBOdmgmvYBS8eBQUoii51ZL45Sb4IY39ow0wCzAJBgNVHRMEAjAAMAsGCWCG
SAFlAwQDAgNHADBEAiAk7PnrX8TqJpsfNl/cIGmvvIJIigtbVwNXmRCCl8oORwIg
MfRAzXfV6nARbWE+5PzV7XR32lL0PUM1WTMItEboahA=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_ECDSA256"
set password ENC W2nRz2UPXZgZdMfO0gGwhiTEWjN42KpF689ldeAyYBj6ZBxaRNFqljD/tHzlv/0xE+SlaXBCqtyjLtZvxYptEmrTuUO0hD099//z52lynYkQrKHjmW/mD04jff3VUD91Tz3ckxcZbMYjdvaSnVg/OkNi5o1unCiVXVII7V4VQib3qpBNml6TcrNvJpQECDIegsBoCA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAisnsuvGfQs0AICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQILzBDJuHuAE0EgZCh4QpBYNGgrl6Y
N8gbjP343mnf7hRrFIuvKwFLU/nrHwxxHNSosLvjxoMyEuNgH9gbFB4HKjJ8fx/2
YLywoI412ylA/jQ0A/8J7XUtlA2axYazoz8bKmnaim6RoN5WpmRitRrpkMMAGvtv
1a+TZO2REXj8vdO9AVQc/kGuPJ10ixwROTkWP06Tb10D2JRJUCo=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICOzCCAeGgAwIBAgIEOR8JIDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF
NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMjIwMzI1MDUwODI3WhcNMzIwMzI1MDUwODI3WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF
NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdW9WGk7Ji515DgG1A+cdHcvM9htpC
5/4CpbhqC/wh4OGjceG8D+L9RiN4VkUjSwRWzqaADe7g/Alv2dENFLz0ow0wCzAJ
BgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDdIS/0WpOoatXJ0113B5hUwTf4
Z+o2VnOuAOZm2yPUogIgREDoJ76zCmhEXS82CdtcVFhWQEEMLEmG9I+NOuu0O9s=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_ECDSA384"
set password ENC DtRVeNOHOJDVG/Bazm/2jxcuZzw1CFflaJq95GmhsoWGYnG3HUpCHjZ2LoWre386DoNVebwkrAOsDRtiJwxDZ3qejfIwJ0lOkN9v4WgC49jtjb2wf3l6ohoO8XeZnPHMDa+QG+FmWaN4AgYDRL5c4CwSMndagDy6BdXA/J+00xu+shrEmB18+RFB3HT/UGPeEOc4Ug==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIQ7A8MeE8LTgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECP8QWBJ9Nj/zBIHABlOnrWpUhfP5
saVRSqx9PjiRbd6makJL3SJpSfHVQktFba7w+cZjH+KiKjmcK23BMBVZKkhb0jRw
FkQgPopBajG2nAwF9XIl/ocflfjj+YniC+ZQ8D0fD8opSnT2TsPcBFKQkn69q9ym
CquitBrrWoFSOmK+/4hk97GQQdEbu+rc3PFC1zqXyEt5oK6SW5Sd0FDvTtnfBVcP
BKiag/67A6nDORNouCujlFdrPAHHKO4k4cLt9XglAuMhbGFntHmG
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICdzCCAf6gAwIBAgIEbYz5pDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF
NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMjIwMzI1MDUwODI3WhcNMzIwMzI1MDUwODI3WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF
NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
djAQBgcqhkjOPQIBBgUrgQQAIgNiAARNrFN9XzDundodrdrx/2nlEmwD5KtohZAK
MWV0reiGKCsSrQTJd7vikDAa+PsRJ5390GATL5UA8xIvGMIGAavfQBYHi4d+CQDw
WlAxdHhbZItAuXxJTiPQB5Ey+JG/CtqjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0E
AwIDZwAwZAIwT2lFs2+ZYR7hWwXhvRaIyGgu4AxeSYNmtC/y8J7SgPUSFOwn5K9y
xZyzYMsvE9AWAjBoFcLdeFuioF4X2heju+SUAHbpZ8UowCjVALbwBd9RB2jn3YyZ
NwLewrqmdVft2cM=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_ECDSA521"
set password ENC yimxP1elDTy9Xq63AWJFs12NQUEjnrQYYKQeXGdcK0pdvaFawQ56qFCT276EHZ22M5J8cq6R3JUh9RTTnKZ2V+arMS0qUkUjVQWzcI97JAT2ZbYt6TOc7B0J5fnHaBWiXhQRCUntJgjpzPUOvxhl6peM6SfjHgVJQaw565ZwkPgC/8g1f+A/egMp7BvxyEzaowOlMw==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBSzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIaipQn9U38n8CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE1/5eoa+KOeBIH4e9d12GZWpeZv
KWDn5zLYXhkX124sm0/2YdR5v7IHT+Ou+Ecbk45TSm7qfZiMnWr3E8tHaOO0xlWv
UvOxd8mIAxCsTKbvW4VARco9V38uvG2C3dvY7ZjGWg/3PFZz2ErdZnbshh/4heui
+xw+NvDTb/ZfcvFNWFlAYgbtliam7nygpY+L7govEbc8IIgVvQ6PdPgTT8bYuF5R
yW/Q8Qnz+XLHWuzgPGYExACME3toLBqQvn51qpeRIZvFBiQt/KEe9vjkzVkj7kFx
G0gZ5Iir66T3wkcRq4IYK7RgSdL1Qm0y+rnk/phJRumzcjoeY4IWoyZzYRC8hjQ=
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICwjCCAiSgAwIBAgIEd/NYyDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF
NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
HhcNMjIwMzI1MDUwODI3WhcNMzIwMzI1MDUwODI3WjCBnTELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE
CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF
NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w
gZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACTvpjfSegFdtcqIL1LIXkA/tlyPUoF
TwJnXiMGWORXdq59OtyZ4vTBJVChFOU9xvg1hh1CKFnLGdadcknlAxXKywCF8xnf
Ikv7MDEv5bhyRDpLuhz/L6Jmp4qYPCJSHrL9DxOJXhqLpb7u8JQc6iBUnvwZogaE
U7Z94X7QN0zq2JaSEqMNMAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgOBiwAwgYcC
QWKepPQtpd1Gq67b3k/NsWAlCY/xKMw099O1aPRVffAwl/vITcD08YgeFby96c9W
SyypjrqfmMfgKSJ/swbGo5TVAkIBB6PDhO68ClX9FxN10hFCuaBi/C/c1hS5ft6l
DAr+OjvDm30wlduyYBmHFTQprqa8zEs1CsPgZZ7IZUSO40CSh7k=
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_ED25519"
set password ENC l4LsbBw5c+mse67PzqcXBfc2Y+hp+L8NPPm8xIV9pWX8IFgCYMi24V470g40JuMK9YPIiO7ZNknUw6IWiO1QSdnect9jWBOTxG91UUFpMUdNtuBZi2KuyO6wKLP8B2l9hI5Zvt66hWmdhJEK+Jp6ANf0HAUHzgipYj0yKpAUQv2kdrBIa7Nss2a1zq8wNM6mFCny8Q==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGKME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhJoKrOuT/vowICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIrlzv2JJPPtwEOEtMd4Wo7yqzcCIx
cGQnfbZ0cm5UTvy1qhfthZ8NO9uwb7v6Onas0+AR6cd04oAfHI51P04LW6S9
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIB+zCCAa2gAwIBAgIETYE4iDAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv
cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw
MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTIy
MDMyNTA1MDgyN1oXDTMyMDMyNTA1MDgyN1owgZ0xCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv
cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw
MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMCowBQYD
K2VwAyEAeu2JaQVT1J+UNHptHFFK3Ehz4iQSrrMr+VEN+iKsQQ6jDTALMAkGA1Ud
EwQCMAAwBQYDK2VwA0EAgsDtWm6E7eNbgenrcc/yCTPAbc4SJoxXZQlDctf5waCn
bqSyc42lrKVB3xx5GH36OdaAGA+EYLVlrBlimgwfDA==
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "Fortinet_SSL_ED448"
set password ENC m5fyujRf341X8XLM/0xClU8W2MLmLgnc+oYVi+EfWXlxOmHQbci8+BM1RKMa+lzbqj3S2+RnY0uoXAbtDriZkZZVgKpeWv3T8BgIjhXXLvR3W6Fghdnm8l6AZ033UiF6z9pvyfgMfqEa09Cftu43rOP+U6yPEK2gjLuFVFrp0E+BgBnPBNh2rv/sqzcaaeT2M4SKYA==
set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. "
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGiME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjaNI7hJp5AcgICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIIMlQ6VUV3gMEUH6z0w6j3AszClQ/
nkg02r5R1wvwXT7wURTjRMcrpZXg3VpFW1A53GHV5l4+QOXztj/muU1w6Xh5Ws/M
S+smaZy16qsXkdWzClIoibLnC/TC
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIICRjCCAcagAwIBAgIEM6RTFDAFBgMrZXEwgZ0xCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv
cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw
MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTIy
MDMyNTA1MDgyN1oXDTMyMDMyNTA1MDgyN1owgZ0xCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv
cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw
MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMEMwBQYD
K2VxAzoA5Yt3DOoOM3lM8Hd9HS1mTVY4cz+rCTUs7M99ZdSazU/3xYic1LUpvOzh
S6PBZjdo4b8yIPniE+UAow0wCzAJBgNVHRMEAjAAMAUGAytlcQNzAChQTZOZ+YkO
kkbMzdsczGHL95O/p/AAUW3dnk9Ard1+ro6qgbYbTrRC+achgFiZBMr12DS+N46a
gHW/8ILEn6F+MBQdP+6C/qHxEaJqNhbgvUuXLbjRW3VoNSC5k3C0wPdPh+pn57xH
CD3iCsRFBZAPAA==
-----END CERTIFICATE-----"
set range global
set source factory
set last-updated 1648184911
next
edit "wildcard.tahoho.com.tw"
set password ENC 8k752DlL8j9uSYrVvHY2Wn1P215O0HMoZDfPPFg/v7OK5fohn75T7u52VuzI3G9p9MK6/1uX0K8blVJX+p3h7AJGZM9UXluzACuoBz8Sf2j2oKImfpkcYg8eQY6OmHFrb9NLkMExUxLxzVgmdYFBot4Q8L5WKkJJ6zn47GC3aAB0Zv8Zbj8IdqxwtvdZDfdCGM4Oaw==
set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxvt/J5TkHDECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJ04n6/7fCIcBIIEyL04UdpwjYVf
Kxu4mYIJQbWdP9HeJiYlPkiPGspARfd1G7ucYnXujvWFjy/nWPAWf1Hht4J+LsG6
GKKgpIvh4fL1fa1GsuaQ1zqTWn6Bx4GLHSO0AiVF0ccU+ARvUm/tTnn52Jykd13T
zJVDSmba7bL73jRZa2Zpl6irSpTswCewtNbqKV8I3glWBeibjLiz6AA6xDeW3M64
brt79WMQ/Z/sRz2heSiuoNsD+T4ymSiYSZjP+xp6PUF7mincrW1jf3w5FuVi9DTQ
7jGLUl1CI2MXKf0xrNOPMx6NwX8eShkHlmjc/yxzGT1OFygEwWzD8pcs2EnMLo9G
ueZUAtMvW5jIJmPt2/Sn1+t0Y6ZxiTFc2BbCzBDr+KOMcFUKGAAktyRRaUXXJsoK
v28zJh/s9dNXa16VZoaG9Nmep2TPHtFZ/kuH58wB2wFEz1849v4nD/hAgp6ahuWu
a+HM4iGQGA3s4Rxd/exoU1rdEVyZz3LXx7nyb0igiPrtNmToeF/KBos4fwTASk0l
VxUqm/NWAywXDRmD3YdYfFHgKEx8cVau7UxpGJPtZXacJp1BcCgi/IaPbHt1uZTK
4vlHqJ4yYqhjcpYmXZDR+h7Sy0mvJgyJJkCCDJZ11vx+Dk1p1UogwgnGU3vod8OJ
ARh46wR6ZBVvXBSpcTKamhNEGRkGbTGQLtPQr3gdgU+TtxhZ8L2gQXnqNELn6OHa
zv2jyWdgGb+SeKSqpQFK8rOiyYwh1Z+lEO2tzo9/CgUya9tNe4QybFEYeOlkUwAe
NZQwhrFCqN8mVvDJO0qePrMKk9pHD+X1tZsaZd2DYFLUZFPEk9KnybTWYJutepZf
C+tU9UYUJksGceU1+lumTabAspYKt/LZp9u1eCAIHDuYnJldj0cZzXTTMu4VlCdl
WaES24c6DuaQXSq/70RdrlqoXFSML/KkDsH86kSlM50WYq9OyTua1VJHNLEi/yyL
7NWMD9f/YFdaMT3cPH2/eJz6LHvObr/NSzjs1WYSQKthyOVqKjC8D36aTgxW6XmI
UmwyD5/NJOTf7Wui6BlDd/0BgXA6QP2BORu672OXRGhvTcBuNUvXfq6F8ABAElbb
qZuKSdZ3lrOCHx5E7Ab5ZeTDeM6QEPc3KWpKJFRres7PnnSJWp/1Nuv3Kg2vUSt/
30JyHVsho78ewB+d0GaXVnekHHZf/wD546M4lFHVKPuSWEB5xEPedOscfSa5zP/y
j8Qo3ZYZchG5mi5/SvcJ7Pz+iY0sjmwkhM2ERvX8ZdMOAZscWczSad4mMxkl3ClP
QlxPN/kj4dI1rD4NsZ5XINvrS+zTRxBySRQUsSU4e1T3zsY/3aX/TpHUIQo/2kYW
jRbYbWkfuE72YYsJivYWgrXp3Szb51WZmen2tP2AF+8NLr/BLOq9IaWz3yaI1p6O
87h9hHtm6F+f2KUW+a3iBVyvl9zlne+D++morH03+0mxDiE+L/2qXa48OTwz03xX
oBfNMjwLddv68/y5b5bAlUt13rno9TeYw6nwJeFpLHlU+AmGigxDhNVXslfRTfje
WQkq0OZrYRL3Ku7a0lKZKwA7V97nkDGKMbXnVjp8DxvYqsssFV/QRcHwu81pvijX
avOQw91YJ3bWDYzhfO2C7g==
-----END ENCRYPTED PRIVATE KEY-----"
set certificate "-----BEGIN CERTIFICATE-----
MIIG9jCCBd6gAwIBAgIRANu7l3W160NjDYdOIO6nNQEwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMzAzMDYwMDAwMDBaFw0yNDAzMTcyMzU5NTlaMG4xCzAJBgNV
BAYTAlRXMQ8wDQYDVQQIEwZUYWlwZWkxNDAyBgNVBAoTK09OWVggVEEtSE8gRU5W
SVJPTk1FTlRBTCBTRVJWSUNFUyBDTy4sIExURC4xGDAWBgNVBAMMDyoudGFob2hv
LmNvbS50dzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt+xYDDOyBQ
kWHTbinkzt+i/7psk7vzo150Xk6tLAf8oHfjWAisRe1HzHAG8kPlRVVZtE6N6aJT
3MTZnVwoiF6tSWBYt6nFyiwUcKCX8TthR6XQ9A85tU62fonpByHjM4LSzFG7F/ub
HF42CWK6Vmn3HrvS3ID4w/hCVa9XAqJ4Xi9n617sCuUFFiirG9kSmnKM5rozp60D
3qLYuhNFemvY2N59kZHIfD1W32VHX+Oca+SBLOQuy3ZNsLz+gYEjCK7u7OR2w/e/
qQafF6Uvv658jf+RQdaom9c8ukfYHCCNXK9qid5y/YAouOMBWh9g+TY+S+ql9EUO
CgTkzEs4igECAwEAAaOCA2UwggNhMB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2
RIxsqU/rMB0GA1UdDgQWBBQa7MlVs0ONCs5FAkE+xQroSi2AdDAOBgNVHQ8BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0
cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuG
SWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZh
bGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggr
BgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5p
emF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYX
aHR0cDovL29jc3Auc2VjdGlnby5jb20wggGABgorBgEEAdZ5AgQCBIIBcASCAWwB
agB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABhrkotQYAAAQD
AEgwRgIhAPwxUPth+TyNWEiYsqMiZtn8jECDTxRdTYyqgvK5O3VDAiEAmQUhqwTo
lVVzZwSAkE+T5rfIO60c+2efP623qEURRvwAdwDatr9rP7W2Ip+bwrtca+hwkXFs
u1GEhTS9pD0wSNf7qwAAAYa5KLVoAAAEAwBIMEYCIQCZ5YjqWm7MU9fiN5J9uwRH
iW0sJ+JDLzwesHLjDE45TwIhAOAEnsGNj4H2Mggp/L6UapeEOnNt3cCq8PRQGYLB
bfE5AHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGGuSi1XgAA
BAMARzBFAiBQFV5emwpm/rI18ZZPGUBAcDBb3JTuwmcN6SLpsy5p0wIhAPRvs2lF
5gzgEFszC249hNv5HmSR6eC67UEOiYyz+oAtMCkGA1UdEQQiMCCCDyoudGFob2hv
LmNvbS50d4INdGFob2hvLmNvbS50dzANBgkqhkiG9w0BAQsFAAOCAQEATJ+sBxCQ
sFA8j59vQAgEycIFyP+4u5nmyB+m6M4Qhi6tN7EpIMG9yU3hl68xV3OVlLHckB9+
W1e3J+lDSewpaty0RvW+QttgBKVV8D7TIYIei89Ln2yLvdbHhThY7+hbxu23f+SA
BEOv1Q7jYRI9rdlIzKsAQ4X/QeOKq4WtSMh2bh6Eg8omWNsvlh3Jycv8f9B8SKvs
YhfVq1GURwizM8eU1JxVrhbSeAeJQ2RyCMI8NwTmPOiCtcYK6PTaE11jlOodKEx8
bLOQjVw8Z6a7uXU2ghDs6Ev8wjycLX3Rer+r84LKUX50Ea/sJXLTaiKLRXHh1LRm
fGaBzd89FwSZzQ==
-----END CERTIFICATE-----"
set range global
set last-updated 1680052708
next
end
config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
edit "custom2"
set id 141
next
end
config ips sensor
edit "default"
set comment "Prevent critical attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "sniffer-profile"
set comment "Monitor IPS attacks."
config entries
edit 1
set severity medium high critical
next
end
next
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config entries
edit 1
set severity medium high critical
next
end
next
edit "all_default"
set comment "All predefined signatures with default setting."
config entries
edit 1
next
end
next
edit "all_default_pass"
set comment "All predefined signatures with PASS action."
config entries
edit 1
set action pass
next
end
next
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
config entries
edit 1
set location server
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "Protect against email server-side vulnerabilities."
config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
config entries
edit 1
set severity medium high critical
set status enable
set action block
next
edit 2
set severity low
next
end
next
end
config firewall shaper traffic-shaper
edit "high-priority"
set maximum-bandwidth 1048576
set per-policy enable
next
edit "medium-priority"
set maximum-bandwidth 1048576
set priority medium
set per-policy enable
next
edit "low-priority"
set maximum-bandwidth 1048576
set priority low
set per-policy enable
next
edit "guarantee-100kbps"
set guaranteed-bandwidth 100
set maximum-bandwidth 1048576
set per-policy enable
next
edit "shared-1M-pipe"
set maximum-bandwidth 1024
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
end
config application list
edit "default"
set comment "Monitor all applications."
config entries
edit 1
set action pass
next
end
next
edit "sniffer-profile"
set comment "Monitor all applications."
unset options
config entries
edit 1
set action pass
next
end
next
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set deep-app-inspection disable
config entries
edit 1
set action pass
set log disable
next
end
next
edit "block-high-risk"
config entries
edit 1
set category 2 6
next
edit 2
set action pass
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp sensor
edit "default"
set comment "Default sensor."
next
edit "sniffer-profile"
set comment "Log a summary of email and web traffic."
set summary-proto smtp pop3 imap http-get http-post
next
edit "Content_Summary"
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Content_Archive"
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Large-File"
config filter
edit 1
set name "Large-File-Filter"
set proto smtp pop3 imap http-get http-post mapi
set filter-by file-size
set file-size 5120
set action log-only
next
end
next
edit "Credit-Card"
config filter
edit 1
set name "Credit-Card-Filter"
set severity high
set proto smtp pop3 imap http-get http-post mapi
set action log-only
next
edit 2
set name "Credit-Card-Filter"
set severity high
set type message
set proto smtp pop3 imap http-post mapi
set action log-only
next
end
next
edit "SSN-Sensor"
set comment "Match SSN numbers but NOT WebEx invite emails."
config filter
edit 1
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by regexp
set regexp "WebEx"
next
edit 2
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by ssn
set action log-only
next
edit 3
set name "SSN-Sensor-Filter"
set severity high
set proto smtp pop3 imap http-get http-post ftp mapi
set filter-by ssn
set action log-only
next
end
next
end
config webfilter ips-urlfilter-setting
end
config webfilter ips-urlfilter-setting6
end
config log threat-weight
config web
edit 1
set category 26
set level high
next
edit 2
set category 61
set level high
next
edit 3
set category 86
set level high
next
edit 4
set category 1
set level medium
next
edit 5
set category 3
set level medium
next
edit 6
set category 4
set level medium
next
edit 7
set category 5
set level medium
next
edit 8
set category 6
set level medium
next
edit 9
set category 12
set level medium
next
edit 10
set category 59
set level medium
next
edit 11
set category 62
set level medium
next
edit 12
set category 83
set level medium
next
edit 13
set category 72
next
edit 14
set category 14
next
end
config application
edit 1
set category 2
next
edit 2
set category 6
set level medium
next
end
end
config icap profile
edit "default"
config icap-headers
edit 1
set name "X-Authenticated-User"
set content "$user"
next
edit 2
set name "X-Authenticated-Groups"
set content "$local_grp"
next
end
next
end
config user ldap
edit "Azure-LDAP-Secure-Server"
set server "gsvr.tahoho.com.tw"
set server-identity-check disable
set cnid "sAMAccountName"
set dn "dc=tahoho,dc=com,dc=tw"
set type regular
set username "tahoho\\tahotbhq.admin"
set password ENC MTAwNFwmch2x1OqHP2qbECPV6E7jwwxFcExtnnwCHc1hhQtkLgQOYammG0/qmZ2JqP8HUpXdlhueR6iKI9KBLKzk/guTRBqVC0V/BtmFPecys4Nr5txe8VFGRr6nviY9oktOX1lF+j3QjmzTnVH2NiKG7ScYfqBP6QmPA9+8x+oYedvbedvgcvvqbzqdUv8AIjYp+g==
set secure ldaps
set port 636
next
end
config user fortitoken
edit "FTKMOB28D1874826"
set license "FTMTRIAL027A1259"
next
edit "FTKMOB287EF58163"
set license "FTMTRIAL027A1259"
next
end
config user local
edit "guest"
set status disable
set type password
set passwd ENC /pVaYSDGJcsTEWrVIqE/szICW+SdHwHcxvI5Hb37eSpCAwWmuMC2kV/4sdstIcTuNtL9lAd5jJVE5fHlp5E+F7VSei9nZtJycvGKuilA7HmFeyQoPT1nl/dBhWnoKeRAcrGYY1sT3AYTQeGrFbFpXbeY+apoKhoLI7C8p1GZ8yhEIBGV9KxWMt2yGZojvWtlc0pXaQ==
next
edit "870559"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "870572"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "910787"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "930734"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "hwangchinchang"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "tsaichinfeng"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "890354"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "930001"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "A50016"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "A60025"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "chennanhsieh"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "pengyehhuang"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "samyslin"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "colemanchen"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "B10013"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "900976"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "880076"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "910776"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "930445"
set type ldap
set ldap-server "Azure-LDAP-Secure-Server"
next
edit "joy.liao"
set type password
set passwd-time 2023-07-05 14:59:48
set passwd ENC xQ0iwFqC0wujTlkul05XomglH7lzKM53qFMJsdS4sz1urX2snIWzleO9t8D+6nVye+GlTYNWyPuMoF8fUfZNVU7dtOwxuGaO3mFFSDb4Xp1zw8cUlnZK9L5SU3Gam0Eu5LggEvUnkQ8BaCdRpkCxaAxM3lTUiCWSKe03uOHOuld5fLIXGeafUALLWDhhLw0ND61z9g==
next
end
config user setting
set auth-cert "wildcard.tahoho.com.tw"
end
config user group
edit "SSO_Guest_Users"
next
edit "Guest-group"
set member "guest"
next
edit "RemoteUserGroup"
set member "Azure-LDAP-Secure-Server"
config match
edit 1
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange Install Domain Servers,CN=Microsoft Exchange System Objects,DC=tahoho,DC=com,DC=tw"
next
edit 2
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Access Control Assistance Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 3
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Account Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 4
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Administrators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 5
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ADSyncAdmins,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 6
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ADSyncBrowse,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 7
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ADSyncOperators,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 8
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ADSyncPasswordSet,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 9
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Allowed RODC Password Replication Group,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 10
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Backup Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 11
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Business Dep_gbl,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 12
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Cert Publishers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 13
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Certificate Service DCOM Access,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 14
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=CERTSVC_DCOM_ACCESS,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 15
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Cloneable Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 16
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Cryptographic Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 17
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 18
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Denied RODC Password Replication Group,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 19
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=DHCP Administrators,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 20
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=DHCP Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 21
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Discovery Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 22
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Distributed COM Users,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 23
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=DnsAdmins,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 24
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=DnsUpdateProxy,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 25
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Domain Admins,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 26
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Domain Computers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 27
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 28
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Domain Guests,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 29
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Domain Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 30
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Enterprise Admins,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 31
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Enterprise Read-only Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 32
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 33
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_BL,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 34
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_CY,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 35
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_LT,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 36
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_LZ,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 37
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_RW,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 38
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_SL,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 39
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_TC,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 40
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_WC,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 41
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_XD,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 42
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_Buyer_YK,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 43
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_GROUP,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 44
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_GROUP_RW,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 45
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_public,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 46
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_TPE_Manager,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 47
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ERP_TPE_PAC,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 48
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Event Log Readers,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 49
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange All Hosted Organizations,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 50
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange Domain Servers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 51
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange Enterprise Servers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 52
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 53
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 54
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 55
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=ExchangeLegacyInterop,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 56
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Google 雲端硬碟,DC=tahoho,DC=com,DC=tw"
next
edit 57
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Group Policy Creator Owners,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 58
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Guests,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 59
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Help Desk,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 60
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=HelpServicesGroup,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 61
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=HubgradeTeam,DC=tahoho,DC=com,DC=tw"
next
edit 62
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=HubgradeUsers,DC=tahoho,DC=com,DC=tw"
next
edit 63
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Hygiene Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 64
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Hyper-V Administrators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 65
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=IIS_IUSRS,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 66
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=IIS_WPG,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 67
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Incoming Forest Trust Builders,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 68
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=MTS Impersonators,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 69
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Netmon Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 70
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Network Configuration Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 71
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 72
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Performance Log Users,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 73
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Performance Monitor Users,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 74
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 75
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Print Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 76
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Protected Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 77
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 78
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=RAS and IAS Servers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 79
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=RDS Endpoint Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 80
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=RDS Management Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 81
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=RDS Remote Access Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 82
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Read-only Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 83
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Recipient Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 84
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Records Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 85
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Remote Desktop Users,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 86
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Remote Management Users,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 87
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Replicator,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 88
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Schema Admins,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 89
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Server Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 90
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Server Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 91
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Smart Phone,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 92
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=SMEX Admin Group,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 93
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=SQLServer2005MSFTEUser$TAHOAD$MICROSOFT\\#\\#SSEE,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 94
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=SQLServer2005MSSQLUser$TAHOAD$MICROSOFT\\#\\#SSEE,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 95
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=SQLServer2005SQLBrowserUser$TAHOAD,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 96
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=SQLServerMSSQLServerADHelperUser$TAHOAD,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 97
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=TAHOAD $ Acronis ApiGateway Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 98
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=TAHOAD $ Acronis ASN Remote Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 99
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=TAHOAD $ Acronis Centralized Admins,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 100
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=TAHOAD $ Acronis Remote Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 101
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=TAHONT $ Acronis Remote Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 102
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Technical Dep_gbl,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 103
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Technical Dep_loc,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 104
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=TelnetClients,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 105
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Terminal Server License Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 106
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=UM Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 107
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Users,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 108
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=vendor_group,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 109
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Veolia Distribution Group,OU=Veolia,DC=tahoho,DC=com,DC=tw"
next
edit 110
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=VeoliaSecurityGroup,OU=Veolia,DC=tahoho,DC=com,DC=tw"
next
edit 111
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=View-Only Organization Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw"
next
edit 112
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=Windows Authorization Access Group,CN=Builtin,DC=tahoho,DC=com,DC=tw"
next
edit 113
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=WINS Users,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 114
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=WSUS Administrators,CN=Users,DC=tahoho,DC=com,DC=tw"
next
edit 115
set server-name "Azure-LDAP-Secure-Server"
set group-name "CN=WSUS Reporters,CN=Users,DC=tahoho,DC=com,DC=tw"
next
end
next
edit "ssl_vpn_user"
set member "870559" "870572" "880076" "890354" "900976" "910776" "910787" "930001" "930445" "930734" "A50016" "A60025" "B10013" "chennanhsieh" "colemanchen" "hwangchinchang" "pengyehhuang" "samyslin" "tsaichinfeng"
next
end
config vpn ssl web host-check-software
edit "FortiClient-AV"
set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7"
next
edit "FortiClient-FW"
set type fw
set guid "528CB157-D384-4593-AAAA-E42DFF111CED"
next
edit "FortiClient-AV-Vista"
set guid "385618A6-2256-708E-3FB9-7E98B93F91F9"
next
edit "FortiClient-FW-Vista"
set type fw
set guid "006D9983-6839-71D6-14E6-D7AD47ECD682"
next
edit "FortiClient5-AV"
set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7"
next
edit "AVG-Internet-Security-AV"
set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF"
next
edit "AVG-Internet-Security-FW"
set type fw
set guid "8DECF618-9569-4340-B34A-D78D28969B66"
next
edit "AVG-Internet-Security-AV-Vista-Win7"
set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82"
next
edit "AVG-Internet-Security-FW-Vista-Win7"
set type fw
set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9"
next
edit "CA-Anti-Virus"
set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93"
next
edit "CA-Internet-Security-AV"
set guid "6B98D35F-BB76-41C0-876B-A50645ED099A"
next
edit "CA-Internet-Security-FW"
set type fw
set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3"
next
edit "CA-Internet-Security-AV-Vista-Win7"
set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F"
next
edit "CA-Internet-Security-FW-Vista-Win7"
set type fw
set guid "06D680B0-4024-4FAB-E710-E675E50F6324"
next
edit "CA-Personal-Firewall"
set type fw
set guid "14CB4B80-8E52-45EA-905E-67C1267B4160"
next
edit "F-Secure-Internet-Security-AV"
set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15"
next
edit "F-Secure-Internet-Security-FW"
set type fw
set guid "D4747503-0346-49EB-9262-997542F79BF4"
next
edit "F-Secure-Internet-Security-AV-Vista-Win7"
set guid "15414183-282E-D62C-CA37-EF24860A2F17"
next
edit "F-Secure-Internet-Security-FW-Vista-Win7"
set type fw
set guid "2D7AC0A6-6241-D774-E168-461178D9686C"
next
edit "Kaspersky-AV"
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-FW"
set type fw
set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0"
next
edit "Kaspersky-AV-Vista-Win7"
set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE"
next
edit "Kaspersky-FW-Vista-Win7"
set type fw
set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5"
next
edit "McAfee-Internet-Security-Suite-AV"
set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83"
next
edit "McAfee-Internet-Security-Suite-FW"
set type fw
set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8"
next
edit "McAfee-Internet-Security-Suite-AV-Vista-Win7"
set guid "86355677-4064-3EA7-ABB3-1B136EB04637"
next
edit "McAfee-Internet-Security-Suite-FW-Vista-Win7"
set type fw
set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C"
next
edit "McAfee-Virus-Scan-Enterprise"
set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0"
next
edit "Norton-360-2.0-AV"
set guid "A5F1BC7C-EA33-4247-961C-0217208396C4"
next
edit "Norton-360-2.0-FW"
set type fw
set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3"
next
edit "Norton-360-3.0-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-360-3.0-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV"
set guid "E10A9785-9598-4754-B552-92431C1C35F8"
next
edit "Norton-Internet-Security-FW"
set type fw
set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220"
next
edit "Norton-Internet-Security-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Norton-Internet-Security-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Symantec-Endpoint-Protection-AV"
set guid "FB06448E-52B8-493A-90F3-E43226D3305C"
next
edit "Symantec-Endpoint-Protection-FW"
set type fw
set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6"
next
edit "Symantec-Endpoint-Protection-AV-Vista-Win7"
set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855"
next
edit "Symantec-Endpoint-Protection-FW-Vista-Win7"
set type fw
set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E"
next
edit "Panda-Antivirus+Firewall-2008-AV"
set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A"
next
edit "Panda-Antivirus+Firewall-2008-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Panda-Internet-Security-AV"
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2006~2007-FW"
set type fw
set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0"
next
edit "Panda-Internet-Security-2008~2009-FW"
set type fw
set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8"
next
edit "Sophos-Anti-Virus"
set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW"
set type fw
set guid "0786E95E-326A-4524-9691-41EF88FB52EA"
next
edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7"
set guid "479CCF92-4960-B3E0-7373-BF453B467D2C"
next
edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7"
set type fw
set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57"
next
edit "Trend-Micro-AV"
set guid "7D2296BC-32CC-4519-917E-52E652474AF5"
next
edit "Trend-Micro-FW"
set type fw
set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6"
next
edit "Trend-Micro-AV-Vista-Win7"
set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50"
next
edit "Trend-Micro-FW-Vista-Win7"
set type fw
set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B"
next
edit "ZoneAlarm-AV"
set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF"
next
edit "ZoneAlarm-FW"
set type fw
set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B"
next
edit "ZoneAlarm-AV-Vista-Win7"
set guid "D61596DF-D219-341C-49B3-AD30538CBC5B"
next
edit "ZoneAlarm-FW-Vista-Win7"
set type fw
set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20"
next
edit "ESET-Smart-Security-AV"
set guid "19259FAE-8396-A113-46DB-15B0E7DFA289"
next
edit "ESET-Smart-Security-FW"
set type fw
set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2"
next
end
config vpn ssl web portal
edit "E2C-Hubgrade-JiaYi-VPN-Portal"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set web-mode enable
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "Firewall"
set url "https://192.168.32.1:8443"
next
edit "Hubgrade"
set url "https://twjy.tahoho.com.tw"
next
end
next
end
set heading "E2C-Hubgrade-JiaYi-VPN-Portal"
next
end
config vpn ssl settings
set servercert "wildcard.tahoho.com.tw"
set tunnel-ip-pools "AzureS2SVPN_local_subnet"
set source-interface "wan"
set source-address "all"
set source-address6 "all"
set default-portal "E2C-Hubgrade-JiaYi-VPN-Portal"
config authentication-rule
edit 1
set groups "RemoteUserGroup"
set portal "E2C-Hubgrade-JiaYi-VPN-Portal"
next
end
end
config vpn ssl web user-bookmark
edit "godelchen#RemoteUserGroup"
config bookmarks
edit "U2484"
set apptype rdp
set description "U2484"
set host "192.167.3.110"
set port 3389
set logon-user "godelchen"
set logon-password ENC ZvJcCYRlJUYX7KCPjhEAtvOyMB11n+v1KeYEz4/Nx0YuimNu8mXeI2LFJH2p9E0UFksP2bWf/OB7u42F/YHHuL4/dN4as045KWpkkojYWQEd+oLQsOZVW7DORFEWsos/ESblQGdh/4535IG3oUG+uUBuDS7BXNXI6X+Hmp5LfBbxYyVPlW9EBj1bU5ky8ZyWW6d10g==
next
edit "E2C Hubgrade FireWall"
set description "E2C Hubgrade FireWall"
set url "https://192.167.3.99"
next
end
next
edit "itservice#RemoteUserGroup"
next
end
config voip profile
edit "default"
set comment "Default VoIP profile."
next
edit "strict"
config sip
set malformed-request-line discard
set malformed-header-via discard
set malformed-header-from discard
set malformed-header-to discard
set malformed-header-call-id discard
set malformed-header-cseq discard
set malformed-header-rack discard
set malformed-header-rseq discard
set malformed-header-contact discard
set malformed-header-record-route discard
set malformed-header-route discard
set malformed-header-expires discard
set malformed-header-content-type discard
set malformed-header-content-length discard
set malformed-header-max-forwards discard
set malformed-header-allow discard
set malformed-header-p-asserted-identity discard
set malformed-header-sdp-v discard
set malformed-header-sdp-o discard
set malformed-header-sdp-s discard
set malformed-header-sdp-i discard
set malformed-header-sdp-c discard
set malformed-header-sdp-b discard
set malformed-header-sdp-z discard
set malformed-header-sdp-k discard
set malformed-header-sdp-a discard
set malformed-header-sdp-t discard
set malformed-header-sdp-r discard
set malformed-header-sdp-m discard
end
next
end
config dnsfilter profile
edit "default"
set comment "Default dns filtering."
config ftgd-dns
config filters
edit 1
set category 2
next
edit 2
set category 7
next
edit 3
set category 8
next
edit 4
set category 9
next
edit 5
set category 11
next
edit 6
set category 12
next
edit 7
set category 13
next
edit 8
set category 14
next
edit 9
set category 15
next
edit 10
set category 16
next
edit 11
next
edit 12
set category 57
next
edit 13
set category 63
next
edit 14
set category 64
next
edit 15
set category 65
next
edit 16
set category 66
next
edit 17
set category 67
next
edit 18
set category 26
set action block
next
edit 19
set category 61
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
set block-botnet enable
next
end
config antivirus settings
set grayware enable
end
config antivirus profile
edit "default"
set comment "Scan files and block viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "sniffer-profile"
set comment "Scan files and monitor viruses."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
set executables virus
end
config pop3
set options scan
set executables virus
end
config smtp
set options scan
set executables virus
end
next
end
config webfilter profile
edit "default"
set comment "Default web filtering."
config ftgd-wf
unset options
config filters
edit 1
set action block
next
edit 2
set category 2
set action block
next
edit 3
set category 7
set action block
next
edit 4
set category 8
set action block
next
edit 5
set category 9
set action block
next
edit 6
set category 11
set action block
next
edit 7
set category 12
set action block
next
edit 8
set category 13
set action block
next
edit 9
set category 14
set action block
next
edit 10
set category 15
set action block
next
edit 11
set category 16
set action block
next
edit 12
set category 26
set action block
next
edit 13
set category 57
set action block
next
edit 14
set category 61
set action block
next
edit 15
set category 63
set action block
next
edit 16
set category 64
set action block
next
edit 17
set category 65
set action block
next
edit 18
set category 66
set action block
next
edit 19
set category 67
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
edit "sniffer-profile"
set comment "Monitor web traffic."
config ftgd-wf
config filters
edit 1
next
edit 2
set category 1
next
edit 3
set category 2
next
edit 4
set category 3
next
edit 5
set category 4
next
edit 6
set category 5
next
edit 7
set category 6
next
edit 8
set category 7
next
edit 9
set category 8
next
edit 10
set category 9
next
edit 11
set category 11
next
edit 12
set category 12
next
edit 13
set category 13
next
edit 14
set category 14
next
edit 15
set category 15
next
edit 16
set category 16
next
edit 17
set category 17
next
edit 18
set category 18
next
edit 19
set category 19
next
edit 20
set category 20
next
edit 21
set category 23
next
edit 22
set category 24
next
edit 23
set category 25
next
edit 24
set category 26
next
edit 25
set category 28
next
edit 26
set category 29
next
edit 27
set category 30
next
edit 28
set category 31
next
edit 29
set category 33
next
edit 30
set category 34
next
edit 31
set category 35
next
edit 32
set category 36
next
edit 33
set category 37
next
edit 34
set category 38
next
edit 35
set category 39
next
edit 36
set category 40
next
edit 37
set category 41
next
edit 38
set category 42
next
edit 39
set category 43
next
edit 40
set category 44
next
edit 41
set category 46
next
edit 42
set category 47
next
edit 43
set category 48
next
edit 44
set category 49
next
edit 45
set category 50
next
edit 46
set category 51
next
edit 47
set category 52
next
edit 48
set category 53
next
edit 49
set category 54
next
edit 50
set category 55
next
edit 51
set category 56
next
edit 52
set category 57
next
edit 53
set category 58
next
edit 54
set category 59
next
edit 55
set category 61
next
edit 56
set category 62
next
edit 57
set category 63
next
edit 58
set category 64
next
edit 59
set category 65
next
edit 60
set category 66
next
edit 61
set category 67
next
edit 62
set category 68
next
edit 63
set category 69
next
edit 64
set category 70
next
edit 65
set category 71
next
edit 66
set category 72
next
edit 67
set category 75
next
edit 68
set category 76
next
edit 69
set category 77
next
edit 70
set category 78
next
edit 71
set category 79
next
edit 72
set category 80
next
edit 73
set category 81
next
edit 74
set category 82
next
edit 75
set category 83
next
edit 76
set category 84
next
edit 77
set category 85
next
edit 78
set category 86
next
edit 79
set category 87
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
next
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set options block-invalid-url
config ftgd-wf
unset options
config filters
edit 1
next
edit 2
set category 2
set action block
next
edit 3
set category 7
set action block
next
edit 4
set category 8
set action block
next
edit 5
set category 9
set action block
next
edit 6
set category 11
set action block
next
edit 7
set category 12
set action block
next
edit 8
set category 13
set action block
next
edit 9
set category 14
set action block
next
edit 10
set category 15
set action block
next
edit 11
set category 16
set action block
next
edit 12
set category 26
set action block
next
edit 13
set category 57
set action block
next
edit 14
set category 61
set action block
next
edit 15
set category 63
set action block
next
edit 16
set category 64
set action block
next
edit 17
set category 65
set action block
next
edit 18
set category 66
set action block
next
edit 19
set category 67
set action block
next
edit 20
set category 86
set action block
next
edit 21
set category 88
set action block
next
edit 22
set category 90
set action block
next
edit 23
set category 91
set action block
next
end
end
next
edit "monitor-all"
set comment "Monitor and log all visited URLs, flow-based."
config ftgd-wf
unset options
config filters
edit 1
set category 1
next
edit 2
set category 3
next
edit 3
set category 4
next
edit 4
set category 5
next
edit 5
set category 6
next
edit 6
set category 12
next
edit 7
set category 59
next
edit 8
set category 62
next
edit 9
set category 83
next
edit 10
set category 2
next
edit 11
set category 7
next
edit 12
set category 8
next
edit 13
set category 9
next
edit 14
set category 11
next
edit 15
set category 13
next
edit 16
set category 14
next
edit 17
set category 15
next
edit 18
set category 16
next
edit 19
set category 57
next
edit 20
set category 63
next
edit 21
set category 64
next
edit 22
set category 65
next
edit 23
set category 66
next
edit 24
set category 67
next
edit 25
set category 19
next
edit 26
set category 24
next
edit 27
set category 25
next
edit 28
set category 72
next
edit 29
set category 75
next
edit 30
set category 76
next
edit 31
set category 26
next
edit 32
set category 61
next
edit 33
set category 86
next
edit 34
set category 17
next
edit 35
set category 18
next
edit 36
set category 20
next
edit 37
set category 23
next
edit 38
set category 28
next
edit 39
set category 29
next
edit 40
set category 30
next
edit 41
set category 33
next
edit 42
set category 34
next
edit 43
set category 35
next
edit 44
set category 36
next
edit 45
set category 37
next
edit 46
set category 38
next
edit 47
set category 39
next
edit 48
set category 40
next
edit 49
set category 42
next
edit 50
set category 44
next
edit 51
set category 46
next
edit 52
set category 47
next
edit 53
set category 48
next
edit 54
set category 54
next
edit 55
set category 55
next
edit 56
set category 58
next
edit 57
set category 68
next
edit 58
set category 69
next
edit 59
set category 70
next
edit 60
set category 71
next
edit 61
set category 77
next
edit 62
set category 78
next
edit 63
set category 79
next
edit 64
set category 80
next
edit 65
set category 82
next
edit 66
set category 85
next
edit 67
set category 87
next
edit 68
set category 31
next
edit 69
set category 41
next
edit 70
set category 43
next
edit 71
set category 49
next
edit 72
set category 50
next
edit 73
set category 51
next
edit 74
set category 52
next
edit 75
set category 53
next
edit 76
set category 56
next
edit 77
set category 81
next
edit 78
set category 84
next
edit 79
next
edit 80
set category 88
next
edit 81
set category 89
next
edit 82
set category 90
next
edit 83
set category 91
next
edit 84
set category 92
next
edit 85
set category 93
next
edit 86
set category 94
next
edit 87
set category 95
next
end
end
set log-all-url enable
set web-content-log disable
set web-filter-activex-log disable
set web-filter-command-block-log disable
set web-filter-cookie-log disable
set web-filter-applet-log disable
set web-filter-jscript-log disable
set web-filter-js-log disable
set web-filter-vbs-log disable
set web-filter-unknown-log disable
set web-filter-referer-log disable
set web-filter-cookie-removal-log disable
set web-url-log disable
set web-invalid-domain-log disable
set web-ftgd-err-log disable
set web-ftgd-quota-usage disable
next
end
config webfilter search-engine
edit "google"
set hostname ".*\\.google\\..*"
set url "^\\/((custom|search|images|videosearch|webhp)\\?)"
set query "q="
set safesearch url
set safesearch-str "&safe=active"
next
edit "yahoo"
set hostname ".*\\.yahoo\\..*"
set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)"
set query "p="
set safesearch url
set safesearch-str "&vm=r"
next
edit "bing"
set hostname ".*\\.bing\\..*"
set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?"
set query "q="
set safesearch header
next
edit "yandex"
set hostname "yandex\\..*"
set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?"
set query "text="
set safesearch url
set safesearch-str "&family=yes"
next
edit "youtube"
set hostname ".*youtube.*"
set safesearch header
next
edit "baidu"
set hostname ".*\\.baidu\\.com"
set url "^\\/s?\\?"
set query "wd="
next
edit "baidu2"
set hostname ".*\\.baidu\\.com"
set url "^\\/(ns|q|m|i|v)\\?"
set query "word="
next
edit "baidu3"
set hostname "tieba\\.baidu\\.com"
set url "^\\/f\\?"
set query "kw="
next
end
config emailfilter profile
edit "sniffer-profile"
set comment "Malware and phishing URL monitoring."
next
edit "default"
set comment "Malware and phishing URL filtering."
next
end
config system virtual-wan-link
config health-check
edit "Default_Office_365"
set server "www.office.com"
set protocol http
set interval 1000
set recoverytime 10
config sla
edit 1
set latency-threshold 250
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
edit "Default_Gmail"
set server "gmail.com"
set interval 1000
set recoverytime 10
config sla
edit 1
set latency-threshold 250
set jitter-threshold 50
set packetloss-threshold 2
next
end
next
edit "Default_AWS"
set server "aws.amazon.com"
set protocol http
set interval 1000
set recoverytime 10
config sla
edit 1
set latency-threshold 250
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
edit "Default_Google Search"
set server "www.google.com"
set protocol http
set interval 1000
set recoverytime 10
config sla
edit 1
set latency-threshold 250
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
edit "Default_FortiGuard"
set server "fortiguard.com"
set protocol http
set interval 1000
set recoverytime 10
config sla
edit 1
set latency-threshold 250
set jitter-threshold 50
set packetloss-threshold 5
next
end
next
end
end
config firewall schedule recurring
edit "always"
set day sunday monday tuesday wednesday thursday friday saturday
next
edit "none"
next
edit "default-darrp-optimize"
set start 01:00
set end 01:30
set day sunday monday tuesday wednesday thursday friday saturday
next
end
config firewall vip
edit "Hubgrade-Port-49320"
set uuid 2302020e-ac08-51ec-a763-dd644375d642
set extip 61.216.60.230
set extintf "any"
set portforward enable
set mappedip "192.167.3.110"
set extport 49320
set mappedport 49320
next
edit "Hubgrade-port-1883"
set uuid e42c1b2e-4936-51ed-48d9-3c7359845c7b
set extip 61.216.60.230
set extintf "any"
set portforward enable
set mappedip "192.167.3.110"
set extport 1883
set mappedport 1883
next
end
config firewall profile-protocol-options
edit "default"
set comment "All default services."
config http
set ports 80
unset options
unset post-lang
end
config ftp
set ports 21
set options splice
end
config imap
set ports 143
set options fragmail
end
config mapi
set ports 135
set options fragmail
end
config pop3
set ports 110
set options fragmail
end
config smtp
set ports 25
set options fragmail splice
end
config nntp
set ports 119
set options splice
end
config ssh
unset options
end
config dns
set ports 53
end
config cifs
set ports 445
end
next
end
config firewall ssl-ssh-profile
edit "deep-inspection"
set comment "Read-only deep inspection profile."
config https
set ports 443
set status deep-inspection
end
config ftps
set ports 990
set status deep-inspection
end
config imaps
set ports 993
set status deep-inspection
end
config pop3s
set ports 995
set status deep-inspection
end
config smtps
set ports 465
set status deep-inspection
end
config ssh
set ports 22
set status disable
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type wildcard-fqdn
set wildcard-fqdn "adobe"
next
edit 4
set type wildcard-fqdn
set wildcard-fqdn "Adobe Login"
next
edit 5
set type wildcard-fqdn
set wildcard-fqdn "android"
next
edit 6
set type wildcard-fqdn
set wildcard-fqdn "apple"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "appstore"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "auth.gfx.ms"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "citrix"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "dropbox.com"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "firefox update server"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "fortinet"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "googleapis.com"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "google-drive"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "google-play2"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "google-play3"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "Gotomeeting"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "icloud"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "itunes"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "microsoft"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "skype"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "softwareupdate.vmware.com"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "verisign"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "Windows update 2"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "live.com"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "google-play"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "update.microsoft.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "swscan.apple.com"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "autoupdate.opera.com"
next
end
next
edit "custom-deep-inspection"
set comment "Customizable deep inspection profile."
config https
set ports 443
set status deep-inspection
end
config ftps
set ports 990
set status deep-inspection
end
config imaps
set ports 993
set status deep-inspection
end
config pop3s
set ports 995
set status deep-inspection
end
config smtps
set ports 465
set status deep-inspection
end
config ssh
set ports 22
set status disable
end
config ssl-exempt
edit 1
set fortiguard-category 31
next
edit 2
set fortiguard-category 33
next
edit 3
set type wildcard-fqdn
set wildcard-fqdn "adobe"
next
edit 4
set type wildcard-fqdn
set wildcard-fqdn "Adobe Login"
next
edit 5
set type wildcard-fqdn
set wildcard-fqdn "android"
next
edit 6
set type wildcard-fqdn
set wildcard-fqdn "apple"
next
edit 7
set type wildcard-fqdn
set wildcard-fqdn "appstore"
next
edit 8
set type wildcard-fqdn
set wildcard-fqdn "auth.gfx.ms"
next
edit 9
set type wildcard-fqdn
set wildcard-fqdn "citrix"
next
edit 10
set type wildcard-fqdn
set wildcard-fqdn "dropbox.com"
next
edit 11
set type wildcard-fqdn
set wildcard-fqdn "eease"
next
edit 12
set type wildcard-fqdn
set wildcard-fqdn "firefox update server"
next
edit 13
set type wildcard-fqdn
set wildcard-fqdn "fortinet"
next
edit 14
set type wildcard-fqdn
set wildcard-fqdn "googleapis.com"
next
edit 15
set type wildcard-fqdn
set wildcard-fqdn "google-drive"
next
edit 16
set type wildcard-fqdn
set wildcard-fqdn "google-play2"
next
edit 17
set type wildcard-fqdn
set wildcard-fqdn "google-play3"
next
edit 18
set type wildcard-fqdn
set wildcard-fqdn "Gotomeeting"
next
edit 19
set type wildcard-fqdn
set wildcard-fqdn "icloud"
next
edit 20
set type wildcard-fqdn
set wildcard-fqdn "itunes"
next
edit 21
set type wildcard-fqdn
set wildcard-fqdn "microsoft"
next
edit 22
set type wildcard-fqdn
set wildcard-fqdn "skype"
next
edit 23
set type wildcard-fqdn
set wildcard-fqdn "softwareupdate.vmware.com"
next
edit 24
set type wildcard-fqdn
set wildcard-fqdn "verisign"
next
edit 25
set type wildcard-fqdn
set wildcard-fqdn "Windows update 2"
next
edit 26
set type wildcard-fqdn
set wildcard-fqdn "live.com"
next
edit 27
set type wildcard-fqdn
set wildcard-fqdn "google-play"
next
edit 28
set type wildcard-fqdn
set wildcard-fqdn "update.microsoft.com"
next
edit 29
set type wildcard-fqdn
set wildcard-fqdn "swscan.apple.com"
next
edit 30
set type wildcard-fqdn
set wildcard-fqdn "autoupdate.opera.com"
next
end
next
edit "no-inspection"
set comment "Read-only profile that does no inspection."
config https
set status disable
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
edit "certificate-inspection"
set comment "Read-only SSL handshake inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
next
end
config waf profile
edit "default"
config signature
config main-class 100000000
set action block
set log disable
set severity high
end
config main-class 20000000
set log disable
end
config main-class 30000000
set status enable
set action block
set log disable
set severity high
end
config main-class 40000000
set log disable
end
config main-class 50000000
set status enable
set action block
set log disable
set severity high
end
config main-class 60000000
set log disable
end
config main-class 70000000
set status enable
set action block
set log disable
set severity high
end
config main-class 80000000
set status enable
set log disable
set severity low
end
config main-class 110000000
set status enable
set log disable
set severity high
end
config main-class 90000000
set status enable
set action block
set log disable
set severity high
end
set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002
end
config constraint
config header-length
set status enable
set log enable
set severity low
end
config content-length
set status enable
set log enable
set severity low
end
config param-length
set status enable
set log enable
set severity low
end
config line-length
set status enable
set log enable
set severity low
end
config url-param-length
set status enable
set log enable
set severity low
end
config version
set log enable
end
config method
set action block
set log enable
end
config hostname
set action block
set log enable
end
config malformed
set log enable
end
config max-cookie
set status enable
set log enable
set severity low
end
config max-header-line
set status enable
set log enable
set severity low
end
config max-url-param
set status enable
set log enable
set severity low
end
config max-range-segment
set status enable
set log enable
set severity high
end
end
next
end
config firewall policy
edit 2
set name "UA access"
set uuid ead8365c-ac14-51ec-a98b-97ea6d1d57f6
set srcintf "wan"
set dstintf "lan"
set srcaddr "all"
set dstaddr "Hubgrade-Port-49320"
set action accept
set schedule "always"
set service "OPC UA"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 5
set name "E2C"
set uuid 216dc99a-1d2e-51ed-a5ca-c1dc2aea8dec
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "AWS" "GCP" "Git" "AWS1" "AWS2"
set action accept
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 6
set name "DNS"
set uuid 613ff1dc-1d2f-51ed-8827-981d49d22e56
set srcintf "lan"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "DNS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 7
set name "Anydesk"
set uuid a8b2d8cc-1d2f-51ed-5fbd-e24764b3ce05
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "Anydesk"
set action accept
set schedule "always"
set service "HTTPS"
set ssl-ssh-profile "certificate-inspection"
set nat enable
next
edit 8
set name "MQTT"
set uuid 5709ecec-327c-51ed-51c0-ac0064610f60
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "all"
set action accept
set schedule "always"
set service "OPC UA" "MQTT"
set nat enable
next
edit 9
set name "E2C-Hubgrde-Firewall-VPN-Policy"
set uuid fc05c934-445e-51ed-61fc-cf2948db03aa
set srcintf "ssl.root"
set dstintf "lan"
set srcaddr "all"
set dstaddr "lan"
set action accept
set status disable
set schedule "always"
set service "ALL"
set groups "RemoteUserGroup"
set nat enable
next
edit 10
set name "GLPI"
set uuid b4773b3c-6c60-51ed-783a-dda3d686ce2b
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "GLPI-Server"
set action accept
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 11
set name "Advantech-Outward-To-DCCS-Server"
set uuid 82359436-8b12-51ed-e38e-763c83ce9014
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "Advantech_MQTT Broker_DCCS Server"
set action accept
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 13
set name "Advantech-Outward-To-MQTT-Broker"
set uuid 134198c6-8b13-51ed-acc7-6690303deb7c
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "Advantech-MQTT-Broker"
set action accept
set schedule "always"
set service "HTTP" "HTTPS" "Advantech-Testing-MQTT-8883"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 14
set name "Advantech-Inward-To-DCCS-Server"
set uuid 4861d12e-8b13-51ed-9c06-1cb14276fd19
set srcintf "wan"
set dstintf "lan"
set srcaddr "Advantech_MQTT Broker_DCCS Server"
set dstaddr "IT component"
set action accept
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 15
set name "Advantech-Inward-To-MQTT-Broker"
set uuid 77ed7c7c-8b13-51ed-1d5f-b7c08b501bc5
set srcintf "wan"
set dstintf "lan"
set srcaddr "Advantech-MQTT-Broker"
set dstaddr "IT component"
set action accept
set schedule "always"
set service "HTTP" "HTTPS" "Advantech-Testing-MQTT-8883"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 12
set name "E2C Gmail Alarm"
set uuid d9bb4206-ed77-51ed-d396-1b4e46966c8d
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "gmail smtp"
set action accept
set schedule "always"
set service "gmail"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 16
set name "E2C U2484 to NTP Server"
set uuid 5a041b18-3b11-51ee-a55c-032a4f76b285
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "time.google.com" "time.windows.com" "tw.ntp.org.cn"
set action accept
set schedule "always"
set service "NTP"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set nat enable
next
edit 17
set name "E2C MQTT"
set uuid 056a1484-b0fc-51ee-5ac9-39366064e3bf
set srcintf "lan"
set dstintf "wan"
set srcaddr "IT component"
set dstaddr "Cloud Scada" "Cloud Scada2"
set action accept
set schedule "always"
set service "MQTT"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set application-list "default"
set nat enable
next
end
config firewall ssh local-key
edit "Fortinet_SSH_RSA2048"
set password ENC k2ME4ORMTZCWmlQvab5uU+V8iSgQ5t9rPBzX46i5BZU6CnJi7ZKE3WKubSAdNZcfcXzjE8sWrJfYByC5E8lntPvbkY/kw9Zu7a5XCi/pUBXenfEWOPqR0vRiqb8AaLiM05+IkaClu2pNiOC0GP8ZuvgNsZw1O2nt+mL+xICXKA8oZXNiKax1yMUKSUvF5AuWQjoNmQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCqlXNVUB
oAd+DXXD5R5gtVAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDhhDji7ZZ8
2xSVKiKVGF6PVKkKrQI36RSkp7k9uP2LpYwZR20N5F0FOaH4CxUzbt8Swbmj/HoZX+qiSE
DoxQUSu7bME1UAi11Lr72Ipcc22hHCT/itT1mrHiWSiLqGpmQrj9ymL+/9ozwzIoDMspZx
6Vu+2RE358UUm46P23hbX6bkYkK1YrzZfapVVhwGwM/IwQFFWI1iavXsfbGhEpSf/DSpQ2
wzJtazq08msJCHTniPNGiZWoVqyavm0FJF0Aa84G2Mo0AAH/PF5Uo5dak/P04YsV/pP0uR
ojZpcVn9uVjyReQHb/RWkanwNiNaX+YeoEetLD+LRvbdHiXYJfgbAAADwPTO9GVMHpMtuV
fK1d7SR67wNuwp15O13Qdf1gRkrshsLfli518pDoY3JNL2q9gAAOXHdCviez07jCe43Kt7
wvC2bgPacTOKRFzkRgmHAerKp9zijdZGviL4UZbcjrt/GVXno+83GuN59aKKbbk92Y1pxD
ko+FJx+ozLLg8b6gbu2P3TZ5qv0JXYyNMEE0qp/s/ztCbcGm0HGXnk94mXECmOCd7ptFVT
PzLd+0JwsVzcq2MUh4Pp8YgSy3TfqoGo11T6ruu3JoVj2OeveES/UNKQKCUD4vuEDwbWkg
a0OXRQUzRJ/jnfbR9Zj+AdM0Jo7THyc2ucv9wNstT7kCMCZOvOUnzaAhdyw6I77RmxFFB2
jXDGjq0MoGdhQyUGKLynTWaWskvmc6JTdya4Cm/hAhsD7pNEwaMj98Z4vqADgt0zaUe2ID
IlRYd9z8CVfIp5GupSNb4Zpj8HY7ihgVIgY/NEL4fKgAfb9VRY7krrQzqcoUvuq35DhRC6
AvRIQgBexxsgG2SUdaKMYvwVV0WlXiHxDyQMNTIF76GkY0o3T994vqhh3tEMJXcY/3Euyc
uUoWj9yHlvaGAV5VW9wx7I8AGmgBTl4qG7C01bT5N8ZH6ADnDJ9OybVyxDKAyg5GQQipLE
wR0mdruoQgO0KPNnRtTZPU68ypXz8jYDg0QrL2XCeqzOpheNj8W4CS1jWdH3U2qLp5Ersh
x/F/QCPrZzWvEzhy4AWsOBeuZpHUbMOCJx5dutZf1hzA1ySiEpvarDE613YiRCLqyp/Xw6
YFtTJfqjPVGlRzSk9gUxv2ryILhMxsVr5pYEvRs+Bfs36LmGeiPc7LvRbho+iaqwGfnzFx
Se9kwk09+Etj+K3mubRoMWjQnQt9Kdw4PuaGreuOK6kEQa61n0hEzlBN2vzT53cUXQCyRJ
POC4X+vnBzNrBnct/F1djdTZDEZdVaGzQCKM3DDLEjLEyBbqYHwlFrIcIN9z7fKztHxtPh
rU36WGz/0go29j6tfGccWiTFjE61RF7dqyYZX0fWqYyzBHWTTi9NsILhgWR66SzCUKJBEw
Nx548adDYcoJdFQlBKe7DgI7oNkTGtJdDEkI1uboayhtj0lJaUEWdEV8/L23WF+7wqlyPP
KaXaiFLMt5XOQ5EgSVFnRkCUttrUXp+lddU38q1WLdqKYubGEnOec6FA3fGZTHqXWj5lbC
JTw6Ymu+V7T2Esn9MO/IpX0NM83EE04wPoA3M3NDBIlM9608O0rOX6JvwhJgEsG3rY3SYz
GgyoJtvQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhhDji7ZZ82xSVKiKVGF6PVKkKrQI36RSkp7k9uP2LpYwZR20N5F0FOaH4CxUzbt8Swbmj/HoZX+qiSEDoxQUSu7bME1UAi11Lr72Ipcc22hHCT/itT1mrHiWSiLqGpmQrj9ymL+/9ozwzIoDMspZx6Vu+2RE358UUm46P23hbX6bkYkK1YrzZfapVVhwGwM/IwQFFWI1iavXsfbGhEpSf/DSpQ2wzJtazq08msJCHTniPNGiZWoVqyavm0FJF0Aa84G2Mo0AAH/PF5Uo5dak/P04YsV/pP0uRojZpcVn9uVjyReQHb/RWkanwNiNaX+YeoEetLD+LRvbdHiXYJfgb"
set source built-in
next
edit "Fortinet_SSH_DSA1024"
set password ENC k2ME4GK3Y226RxwPIB+s6rM5v51zm+nv51uzXrfJYrLqQiOXkC94ihfhYpX4IYgJwAJFT53Mc/QCCu15W48/vw/vWIMyj0jxw1qzUqTFi6CbDfDhh8jeoBHVXtertonQZ0qbUAoP/h0lKwdiIEH12fSpULgitWQ3fS5KrCxya4qmpTzUBYUEX77DQUxTJ/1BHXyQAA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDYTyT2eq
Txu/Je5cSpmWcoAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAJJjbxnS2+MuAf5iQ2Ea
DHTuBketGLe4Y7/k5aQXEJw9d1SvndcTCy8nYA4gSVS3BMz0zGl3qHmgoNZtkFfSWSf3xw
3SsmK9BNP+kW4hdax00qKLt7SC7WCRDRTBCaZdCXucB9cq6VWhSb4U4vXEW/Z5weKgqJqs
QFghJduDkSu3AAAAFQC1OHEBctoh4j3qoF7OhMCzi8ZRywAAAIEAkEvKwAJWP+qvqx2dHD
2oROgDujKBrqYbdUlG3+Sl7Qp9UxYucrZBzps7Wbfc45y79duq/zVWKnkhNVrEUgwDSY0U
aUD4j0GYM0j0LUzBVRNebxScjWeizMy+6aFTwrG3SkBunrt2C7AoR/AYC+aTaNPCj3FyaY
N0XeXNDfnCsUwAAACARj9SQC9fd2Vlhn7lgrqpYI7k0trCmQHPlTAflgCiNOsh08uZRSOI
61i0PMKKvDEewz15vsm/1rVsayCUSRPwcQiYuBk2qrC1KJHhURnsft7feNZuvpnrWn5M44
jn8mbfLbPTBJpQDDk+CVuk+WxpjgI9H0cO5ohHY4IjJQe3TToAAAHgOpBslOQ3NflITsMY
OuqpBvH2obR5/w+FGSrQ3QYYUxvZXedXPsbvkn1hQ1IGfb1WIL6X41oxXkDrDavT1HqZLf
KQSj8pTXyOZ4acun5aN8R4DXPZ7rXDOsFQelSRvS9B0IvMn3+vjKeFdUjGEd4xPTneWXxl
6ci2Em1ed2bpg/X+cRzgZmNUy7bC9Caq0RoZsmrR6n15s5ji9ynjHD0EqDoPnYm3rifMgG
51cqtw+07Kmhl7AkEt+7CZzx+obAjMtmYk3f4MKjKyn93Y8++XlpX0jEp+0IesROG+kcYb
E3VGWAI5L+6/0VFDssK2nPEtIZHj71efvhPqMlGA6/ZXa12qNOyVcXE6/eEhTRR+4iJPx6
dtiYAs8VffS3Ez5EEjPaWoOoDNr9nlWGU78ul3OWvB5dEJb4e+G7p08K3EjMZPccny4JR7
u9DZvwCneEfCRjUxFCyEIWPmaU14Kse2n7Kn3YYgcoMZAV0rHZX4mhqdbM0deBdoI6J+Y6
EVaqm8plPWYHk8fjWRxcPKkDo78PxgGiH1PVRn5zdqyOVr9g3xsNOcZBQ+5LIkW4N5D0l3
T8E49Q18hfgpjTWT2L+c7qa/84UhvI7OV03U1gPxXURC8bp6yJyhKR+zgrfdFKDS
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAJJjbxnS2+MuAf5iQ2EaDHTuBketGLe4Y7/k5aQXEJw9d1SvndcTCy8nYA4gSVS3BMz0zGl3qHmgoNZtkFfSWSf3xw3SsmK9BNP+kW4hdax00qKLt7SC7WCRDRTBCaZdCXucB9cq6VWhSb4U4vXEW/Z5weKgqJqsQFghJduDkSu3AAAAFQC1OHEBctoh4j3qoF7OhMCzi8ZRywAAAIEAkEvKwAJWP+qvqx2dHD2oROgDujKBrqYbdUlG3+Sl7Qp9UxYucrZBzps7Wbfc45y79duq/zVWKnkhNVrEUgwDSY0UaUD4j0GYM0j0LUzBVRNebxScjWeizMy+6aFTwrG3SkBunrt2C7AoR/AYC+aTaNPCj3FyaYN0XeXNDfnCsUwAAACARj9SQC9fd2Vlhn7lgrqpYI7k0trCmQHPlTAflgCiNOsh08uZRSOI61i0PMKKvDEewz15vsm/1rVsayCUSRPwcQiYuBk2qrC1KJHhURnsft7feNZuvpnrWn5M44jn8mbfLbPTBJpQDDk+CVuk+WxpjgI9H0cO5ohHY4IjJQe3TTo="
set source built-in
next
edit "Fortinet_SSH_ECDSA256"
set password ENC k2ME4O1FuuLMsvcYdHtwdhCOrin2kR86eIVMa1DU+hO2UhlLUhHRGitKERFJ1xSylcGbOVAYGrs61W5d+B1iclwvPam74Z3tNsgmUPWr44dJocoiQLuLw71DB1DpYGzao0BNwvdyXAJCvS8aFOaoj2tAz+JvdYpUi6CdSAUbNP9oU6iKDKt8tFr5YBQx1Hl+Eo9yvw==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAaRIYnwu
TWWPo0dt4pa8eHAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
dHAyNTYAAABBBIYE67MOaXGAVs3feRGqnMNfiDv9F/6VbZuM+4BJr6lEJo2T7cz/V8Iv+s
yRPo0phL2Twt1fDGvSWFF59gQ8iDwAAACg0y3xLv61P1yiCr7EwdH38QatL8n0+k0ccACE
fxWD5K0yH6szssah9NPU3sSS4hzXEmuoTmFEfIJvMqPBy2Xyk/PP1WQGsAZ7C9EX0qiElc
Wrs7eZCS18T4tMq0kTxQyt2tMfXtORtxCSCtDUr/QRz1bgAIucjP7gNgYnQj2cGjN+1Mmj
atXj1HMue5YhjRgoqAK70L2L9ttP3bL1bforHw==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIYE67MOaXGAVs3feRGqnMNfiDv9F/6VbZuM+4BJr6lEJo2T7cz/V8Iv+syRPo0phL2Twt1fDGvSWFF59gQ8iDw="
set source built-in
next
edit "Fortinet_SSH_ECDSA384"
set password ENC k2ME4H9pQ9z5O09WZMaZrHLwZMJEcMsUviFOcm0LKhVRzar4ogbecvpZ8qx8KYaxYDlbMWk7vewZBqaka2mSvmapssmYuiDm6GbI7DGZdQZSrpmknVPVbqk86/QAJ3GzgHbXI1uT+O9mDI6azNe+6SdMyZ+cFiyg4VeF9bmJv8Js/V4r+dlen8Whf5x7tKeNy19+KA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBj/F2kS
oZru/9Px8S+weDAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz
dHAzODQAAABhBHxCnHB7p5OLX/NuxEV8GU8LnL3DqFs0jwYelPScNQd+d2F/6Ea7SsKhj4
4aYuMov9fqGwEaBdV/9q+ODwTYRSKqxtE89O5434eV7f2qSdZq5kRgMvQvxBje6RxFNGAA
UwAAANBWaSWpDxQOUkRvdD42VbPeYLF9SMf66osZYjzCbo6+eq1EiphOdcFBAcy8ajfjAY
ui3vf33kdVZYOh2inl0xZCu8iz2m8WX4Xk5O09JiMuOq4p2IIUq7MnAwpthAtyXzWz0Hpe
F7CCsDMmfbBFnv295ZPE0qY/+/OiLQYQK2bO3r6AZgeA6GopzwA2102WdAPj5/YzBDxMnu
jBzciVYB2oE0eSPdzIPMM0QhQAtX6rI92JTxNAL6j504j6YrO3s/jooRtnsRz9g0HtvSjQ
YxWn
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHxCnHB7p5OLX/NuxEV8GU8LnL3DqFs0jwYelPScNQd+d2F/6Ea7SsKhj44aYuMov9fqGwEaBdV/9q+ODwTYRSKqxtE89O5434eV7f2qSdZq5kRgMvQvxBje6RxFNGAAUw=="
set source built-in
next
edit "Fortinet_SSH_ECDSA521"
set password ENC k2ME4PR8Nm/Bi61k9v/tT5/wQXmLzuzmojubPbGjlmUXHxCNny+HIUwVufob9hBc1KxnigWzT6M6eNl45pjXO2ATl+eU4GwDO6BFIoes+GU/3V34CTIYiBGFZ0Z4coVkpUR7dG1EUtWWIBjsrNHmQESdlq6kughi4Czo382Elhr20vccN0bShJnntY5OXnRcyFDhdQ==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB51ngMYf
pT5HgVTRbff6XlAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz
dHA1MjEAAACFBADfgrLSSIyJ37CbvCU+yCrrGG9tkkPcl5P6K6PKEQKp+4P7LodTYtkN2L
9GGdUsXsyva/JiTysaa4fJT2JCUowX+gA4MwFDB0A1IRS3nzhXpkD2lTCuKeZbII+CVZoo
CTkTErQU63ZkabNz+DhROBe1vSo2x1VkjkyNY1WWYi3MdNVIJQAAAQACN+qIbdvFefq0BS
GuYDSt1+8rAwVRzf0lkC+FCCCYkhhHRVmdv992lZ0XR6eR3SddB2pSK8ZC/qP0SCdY020f
b2RczP54nbr46Dqr/BNHoEJsfnX/l6E7ojX4b/Gps+RpJaU+YSfuUU94JLKBf4KgAkV7jk
Gr3+gk3Se/dgASO/thbZRCaWfA1IhI0L7364ioKTW9T/J+6Ltw/9j0YoTkqscm4TIpYOKK
wg1LxVcJA/wMExUU5QdKQ+bElYhvbtk7UExcOeUTOCUIBe6de/LW3I9rakQGkGlVdLmilB
DXTwSUZzKD63YFor9/0AZj25ctTczG3f+Rra1eI7o4HEe2
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADfgrLSSIyJ37CbvCU+yCrrGG9tkkPcl5P6K6PKEQKp+4P7LodTYtkN2L9GGdUsXsyva/JiTysaa4fJT2JCUowX+gA4MwFDB0A1IRS3nzhXpkD2lTCuKeZbII+CVZooCTkTErQU63ZkabNz+DhROBe1vSo2x1VkjkyNY1WWYi3MdNVIJQ=="
set source built-in
next
edit "Fortinet_SSH_ED25519"
set password ENC Bv/6AaWMymvm6vT43ojvk8nObsfopCAWDLIJsGr6XcgGExAsHs6+iqL6qHWQ6spox7HDm0+Na6+60xK4tDr+EZmbZ5TVo9+eAM89HmLZwUxSPj0/ykcq34h7P8Yu1ufj4o9m+ySes2ok3k8WPi5SOsFAYB1H0SQD2it3D2EFhVNNelPxlnmgLmF2KEk3LFYkNGjGGg==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCEyy+PDE
dZy4DJyO89p/GsAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIA63uERGvFz/lxba
lYDe/NGyoU7aYPxsErxR9745LdnKAAAAkFHNjg6JUFmoqZNJehSehukG6ybdWEjTDyeh7w
wxNXBzPUQYVurU1iAk/udItZq+S1eMWEi+BMgpEhlZgvlvlFTvW4lxSdUazOEC0HGWiiVW
P3ekMJW8pNOnTOc+tjaZRmZz03TjOd+8LRW+P5+kfx5OMm/EvfWpYFP2SzA+XZ26sFDnOe
GppuBDJh1X+x33PQ==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA63uERGvFz/lxbalYDe/NGyoU7aYPxsErxR9745LdnK"
set source built-in
next
end
config firewall ssh local-ca
edit "Fortinet_SSH_CA"
set password ENC oMcAAbqavKnf6eIuRNeFzI7zVT81lcd3+R7JkqhDbZ2B5IbU6m7S03UfRdFVfd4kKHR9Ay8AiOwqo5kWt2RbfvU1xSpiMz6wxLFN4lTKjdmVyTHLn2QIGUJJ0700PwN3M3M1L1baNh1whM/5kdS89ceUFYrYfAGhoYBxERizDm37Yjcl4x5cwe1Zp3G/ui5LxVmmgA==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA3LuiNec
izyRQDYE/rGLBeAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDtFHQsHk+Z
en8jYXn505fTvT+ASpA8mnQcfg3h0BbnPxEZnBBAmmK7aLy4iAey9KGUJPQNsG7RtLUsYi
4ftqmkoc6NpBzmIAmXBVruTQ9R2aRlBK4UVXP5WEck5dcBTF0UYZFn/lX/k+lFOgxo3fB/
wsyeahviOWtdkBBt2IppwAoo3/p8rAwdI84z5iK8jrgXtpveKdNLRpFDhs+WSUhUdCcQYW
YWv4c79oNbFLt2O8Q1j8i9dKaRloTrAJlYOX5OxLP+iC+0dcn/FssOEB404GdHOP3wRkaU
+STte1Y7J2MwNLHETcowYmNC9duW+cJ1gHZmTEaZTWi/hLdhuNupAAADwKs3rmAQdizSsg
FhxUYVcylop/T0iuTY6gegNA2YIYqhlH1U0mPVh0RUp4h7jQyBB63aP0ikFqmLBq5jEYMt
FTdqdXljAZEiWyb7j5TsVDbe5ndNpsNrzbtZP5NWj0y56DvaBKt1Rz0vmZ8vT1HYlUf6TR
mEcUs19sRQ5O8eCA6CxRaDGinmdZXn+h5nncn5x3pI87mvi/62CcLE9P/VGqiWI2zfX/eS
8FoNjtQ6VXb6czM7TSCPXFX2u7GbB3G8t/Lc45evQ/g68p2mGVmun15GLS23LdHeqsg9h6
8K3RUVY0fbAEJQ1iwodvh1K4cJYGir6I5QVV6n3CtwTIbGpg/LIBVCXa6+YWkshGWnUJyg
kyYoklqO4R6vu9JVHiDrMDzZioEEWj++OAIE/lZC+XhKEXpjMPpd1HnDJt87O5rX3cKL2F
7HMblkpQjstimhWbSGzdai4iyVOUUFqChgb0R0emkVmHHXn/I5Tc3WQgNyknQHs3UTJF24
sekqoT95h6GARttD2bKg4MVrjumVUQt0/Mbv0GMXquSiJRwc4xBVRX+iq/S97z1Fsmx+XF
72jw0JggJKe9Sw4Kpru3KL3BxerjBY6Z7XBNDGCqQ7TuatYNtrzDcfRjgx2UL4h8lFKM8e
cm3k/WJkdc3TFDg6fuaENduXopIxt5y2Mc/lgNl+wbz99jHkE+9ub5D/t/hKjDHTT0upC6
JyUvP7LGwYVD8GG9LMWTt9KZ4trXv+cgJ6Cga2ySHcF6I9JNoUgfi1hufygXAOr9UTQ3dD
42uSFybN04nnU73EbPWocleiD6o7ZTMToYYGqSXmcy3+C3vFjPaNjZImALs0b0GTkU48qn
QNDrdHR7KGk01bzzvPDDf4zykQmIxKsyQ59jFwRtQEVLufU4QSChRlJ62VDAqA3m73ujOn
IvITCq9BOD1ygv29jgp34nsPHwNXtGP1/B1tU58R+YIoDXwtbL2UeiJEWGpbhGi31BlJG1
2DTKpAJftss/Gwy/LE/SVi21jtMDRGp5WQ51XaBxrcWatJVUWkf+A0dWhtqAF45rawj1NS
cj6DxvENtINZox3KJ1ydqqTQsMxqK3L66i7iFgJktnTzYNjc/yykOYmI8v4Ut65gK6REqN
olsRDhe0tbIoNTBto6nn+JsyqD4p+uMRTdn0L6Yb6daNGOzyE5gFQSEDfKDulRopHOtmM/
hnfFdAhQnkNCMBiP4IgCuMpcHcUYFEYqEU9B2LcJPAgG1/Jeru553hLaqcSYhEpdJucGja
n2Q3oZAA==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtFHQsHk+Zen8jYXn505fTvT+ASpA8mnQcfg3h0BbnPxEZnBBAmmK7aLy4iAey9KGUJPQNsG7RtLUsYi4ftqmkoc6NpBzmIAmXBVruTQ9R2aRlBK4UVXP5WEck5dcBTF0UYZFn/lX/k+lFOgxo3fB/wsyeahviOWtdkBBt2IppwAoo3/p8rAwdI84z5iK8jrgXtpveKdNLRpFDhs+WSUhUdCcQYWYWv4c79oNbFLt2O8Q1j8i9dKaRloTrAJlYOX5OxLP+iC+0dcn/FssOEB404GdHOP3wRkaU+STte1Y7J2MwNLHETcowYmNC9duW+cJ1gHZmTEaZTWi/hLdhuNup"
set source built-in
next
edit "Fortinet_SSH_CA_Untrusted"
set password ENC oMcAAWg3AkvDTNuScDETHK+9pHd5tOZJ0YNpQibU6wyMGmSP/aSDpyuztzp93BbtrRsCY6n6RwpYyjm33x6neoLOkBtcJJvEyqeKEpGN5kE+kSqHeCa8x2Gr97/qNpMD+c+cPQk8wXWzIsGVRFWiGl8MekCpuVbF0t/DMAqkJes42Sw8FHnu0Z+hhGi++Sim/4u0Nw==
set private-key "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCtTmX91k
XKlCWrbQnq+Qm4AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCpt/xME0tA
wAUBYUlCbSGs1yROQ+mHF2D4I7rJl+j4UIagNj8ftYRKOF6uQmr4If95S9zCD/FH4Rdjl4
ZmFhAdrFCwz89RoFz2PT76cje5oshiW5ZJQyX5idmufnnmUWwtngu6gBltM83vFthzW+Js
iO7mlD93T4b/M2Hs0pI2tHstsPL5EYS3Zce9J9gsp6TGj0784IUYynGFS0u0344E14WVxF
wlvvMlIJSNRQF7SC88AsKRntTIacpfguFRcVxy08PoMaGeYflYnsWIcclnlZX91srP0LW+
CN3i5J8Za7ZNNkHQb08ymiXF/Kats+zsdKj7uJK9QV2D52mztly/AAADwEZIxchtIJN3O7
MWtSttQYfuqMxEBCTZGt32fOX+9sWM4lMN9pgx/rVHQl8mPUo+U0NrDysp3FBsXABckrJN
Vu+lyZow+mK7VCNBk7tTUqEjNxa5cTxMElLONynYPM4AgcEdvm4dsBAigkvqL4NeVbwDYG
8gvP/Lc0/XoOe3GAN58wYZN3sfXfzP7ZoUwY7SRKSzmCgttd/bKnmmdx1wXB7pmK1H5FTI
7E8VK1CwD1fBmGV1de1+/hP0D2iAzlJcYagStd6RFxXzgQDEcauDyP6Ed4QiIzGO/sQXv9
ggJ841H07vbYb7Y3PA72I1cokA6yE8pka1mDEqTQe3ZBTW35lzM/46/yV1Is+4p1p/Tk5d
Z4aIYj6HFfF3H9YuMBl2+uUbt4lv+svcx+GtNqj0U0GHFaOxLHxBeslN4NyxWQMGh3h5l3
TrbkkL2l5X0EK2ZoJJQa+8VTITuKMW5Yeyo8C6yceE5qOULafGhKlKmD2YFfV/1WeLZyCt
6R8M2lRm21JR2gTqXtQfgYZ7Ohpy0RNhCe/MV4MROKvK1l5GyZMjNWRYhVrjhDFjx7I2rS
UHNZ91Gdwjy4QKkneEII+tahiiEc/wVPRyy4SGTh0JBvt/1oOYDL2AHZ0UMCV+KDKtB+hH
hTAtZI4hWgBHnDZbQuHqYqLbbtmwxtqn+HXd3dZP5s801Z5OFvjOJ9S/KOqSUQ2pD0jUzb
/695DiLPEL7H+/BgiiXCDAYh0ik4Y6Lx9nsyzj2mnzJosGBqkZHweI9304ypqbTXQNVfU3
NFbxji67ONsMdGRoRWNJBqhwNiSM/Ek1XzgeiquTIeuoSQH3UJKp4D6G2ezzzKXCInCB5X
iNrOjU1mIgtl/knTyW/54pH+CSJGD1++F1TwynUoQnBHVkEBbusW/kDN2pDKUMM8i2tkOI
K/Cc9vAnZI2r89zQ9M8Jgs6JyYQ+k1KQm3xjM77fbq2rXB//b+D4Yh2P1GvUX+V/cZqmoS
AXMbtzuZBB+r8RUm85uF8m4frJhs5oXqaME12RwNy3Aqj+6C8T7cXhiwgBnOGg/M/oimKA
YHEHJMVPQPEMZqWxdSjzxW6gpLO2ywUt3IEwdpc+Z90NBJWas5bbSZickiSve6IIPoLIhp
jtBfgpRWoL+UEKsGJyYM31EtWoPtbUYA6JnmqIhdZhmDNlkFDOKStSXBnoSeUlpb2Ulafv
3SSBoQGPIpAX1Ys1hXxizbeIciQz1jjkWBFr+yJIB3XIMmCefsYj5uQEvG+B+DbuaDM7tf
8N8OaNng==
-----END OPENSSH PRIVATE KEY-----
"
set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpt/xME0tAwAUBYUlCbSGs1yROQ+mHF2D4I7rJl+j4UIagNj8ftYRKOF6uQmr4If95S9zCD/FH4Rdjl4ZmFhAdrFCwz89RoFz2PT76cje5oshiW5ZJQyX5idmufnnmUWwtngu6gBltM83vFthzW+JsiO7mlD93T4b/M2Hs0pI2tHstsPL5EYS3Zce9J9gsp6TGj0784IUYynGFS0u0344E14WVxFwlvvMlIJSNRQF7SC88AsKRntTIacpfguFRcVxy08PoMaGeYflYnsWIcclnlZX91srP0LW+CN3i5J8Za7ZNNkHQb08ymiXF/Kats+zsdKj7uJK9QV2D52mztly/"
set source built-in
next
end
config firewall ssh setting
set caname "Fortinet_SSH_CA"
set untrusted-caname "Fortinet_SSH_CA_Untrusted"
set hostkey-rsa2048 "Fortinet_SSH_RSA2048"
set hostkey-dsa1024 "Fortinet_SSH_DSA1024"
set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256"
set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384"
set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521"
set hostkey-ed25519 "Fortinet_SSH_ED25519"
end
config switch-controller security-policy 802-1X
edit "802-1X-policy-default"
set user-group "SSO_Guest_Users"
set mac-auth-bypass disable
set open-auth disable
set eap-passthru enable
set guest-vlan disable
set auth-fail-vlan disable
set framevid-apply enable
set radius-timeout-overwrite disable
next
end
config switch-controller security-policy local-access
edit "default"
set mgmt-allowaccess https ping ssh
set internal-allowaccess https ping ssh
next
end
config switch-controller lldp-profile
edit "default"
set med-tlvs inventory-management network-policy location-identification
set auto-isl disable
config med-network-policy
edit "voice"
next
edit "voice-signaling"
next
edit "guest-voice"
next
edit "guest-voice-signaling"
next
edit "softphone-voice"
next
edit "video-conferencing"
next
edit "streaming-video"
next
edit "video-signaling"
next
end
config med-location-service
edit "coordinates"
next
edit "address-civic"
next
edit "elin-number"
next
end
next
edit "default-auto-isl"
next
end
config switch-controller qos dot1p-map
edit "voice-dot1p"
set priority-0 queue-4
set priority-1 queue-4
set priority-2 queue-3
set priority-3 queue-2
set priority-4 queue-3
set priority-5 queue-1
set priority-6 queue-2
set priority-7 queue-2
next
end
config switch-controller qos ip-dscp-map
edit "voice-dscp"
config map
edit "1"
set cos-queue 1
set value 46
next
edit "2"
set cos-queue 2
set value 24,26,48,56
next
edit "5"
set cos-queue 3
set value 34
next
end
next
end
config switch-controller qos queue-policy
edit "default"
set schedule round-robin
set rate-by kbps
config cos-queue
edit "queue-0"
next
edit "queue-1"
next
edit "queue-2"
next
edit "queue-3"
next
edit "queue-4"
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
edit "voice-egress"
set schedule weighted
set rate-by kbps
config cos-queue
edit "queue-0"
next
edit "queue-1"
set weight 0
next
edit "queue-2"
set weight 6
next
edit "queue-3"
set weight 37
next
edit "queue-4"
set weight 12
next
edit "queue-5"
next
edit "queue-6"
next
edit "queue-7"
next
end
next
end
config switch-controller qos qos-policy
edit "default"
next
edit "voice-qos"
set trust-dot1p-map "voice-dot1p"
set trust-ip-dscp-map "voice-dscp"
set queue-policy "voice-egress"
next
end
config switch-controller storm-control-policy
edit "default"
set description "default storm control on all port"
next
edit "auto-config"
set description "storm control policy for fortilink-isl-icl port"
set storm-control-mode disabled
next
end
config switch-controller auto-config policy
edit "default"
next
edit "default-icl"
set poe-status disable
set igmp-flood-report enable
set igmp-flood-traffic enable
next
end
config switch-controller switch-profile
edit "default"
next
end
config switch-controller remote-log
edit "syslogd"
next
edit "syslogd2"
next
end
config wireless-controller setting
set darrp-optimize-schedules "default-darrp-optimize"
end
config wireless-controller wids-profile
edit "default"
set comment "Default WIDS profile."
set ap-scan enable
set wireless-bridge enable
set deauth-broadcast enable
set null-ssid-probe-resp enable
set long-duration-attack enable
set invalid-mac-oui enable
set weak-wep-iv enable
set auth-frame-flood enable
set assoc-frame-flood enable
set spoofed-deauth enable
set asleap-attack enable
set eapol-start-flood enable
set eapol-logoff-flood enable
set eapol-succ-flood enable
set eapol-fail-flood enable
set eapol-pre-succ-flood enable
set eapol-pre-fail-flood enable
next
edit "default-wids-apscan-enabled"
set ap-scan enable
next
end
config wireless-controller wtp-profile
edit "FAP23JF-default"
config platform
set type 23JF
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11ax
end
config radio-2
set band 802.11ax-5G
end
config radio-3
set mode monitor
end
next
edit "FAP234F-default"
config platform
set type 234F
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11ax
end
config radio-2
set band 802.11ax-5G
end
config radio-3
set mode monitor
end
next
edit "FAP231F-default"
config platform
set type 231F
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11ax
end
config radio-2
set band 802.11ax-5G
end
config radio-3
set mode monitor
end
next
edit "FAP433F-default"
config platform
set type 433F
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11ax
end
config radio-2
set band 802.11ax-5G
end
config radio-3
set mode monitor
end
next
edit "FAP432F-default"
config platform
set type 432F
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11ax
end
config radio-2
set band 802.11ax-5G
end
config radio-3
set mode monitor
end
next
edit "FAP431F-default"
config platform
set type 431F
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11ax
end
config radio-2
set band 802.11ax-5G
end
config radio-3
set mode monitor
end
next
edit "FAP231E-default"
config platform
set type 231E
set ddscan enable
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
config radio-3
set mode monitor
end
next
edit "FAPU433F-default"
config platform
set type U433F
set mode dual-5G
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ax-5G
set band-5g-type 5g-low
end
config radio-2
set band 802.11ax-5G
set band-5g-type 5g-high
end
config radio-3
set band 802.11n,g-only
end
next
edit "FAPU431F-default"
config platform
set type U431F
set mode dual-5G
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ax-5G
set band-5g-type 5g-low
end
config radio-2
set band 802.11ax-5G
set band-5g-type 5g-high
end
config radio-3
set band 802.11n,g-only
end
next
edit "FAPU323EV-default"
config platform
set type U323EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU321EV-default"
config platform
set type U321EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU24JEV-default"
config platform
set type U24JEV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU223EV-default"
config platform
set type U223EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU221EV-default"
config platform
set type U221EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU423E-default"
config platform
set type U423E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU422EV-default"
config platform
set type U422EV
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPU421E-default"
config platform
set type U421E
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321E-default"
config platform
set type 321E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS223E-default"
config platform
set type S223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS221E-default"
config platform
set type S221E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP224E-default"
config platform
set type 224E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223E-default"
config platform
set type 223E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP222E-default"
config platform
set type 222E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP221E-default"
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP423E-default"
config platform
set type 423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP421E-default"
config platform
set type 421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS423E-default"
config platform
set type S423E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS422E-default"
config platform
set type S422E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS421E-default"
config platform
set type S421E
end
set handoff-sta-thresh 55
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS323CR-default"
config platform
set type S323CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322CR-default"
config platform
set type S322CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321CR-default"
config platform
set type S321CR
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS313C-default"
config platform
set type S313C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS311C-default"
config platform
set type S311C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11ac
end
next
edit "FAPS323C-default"
config platform
set type S323C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS322C-default"
config platform
set type S322C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAPS321C-default"
config platform
set type S321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP321C-default"
config platform
set type 321C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP223C-default"
config platform
set type 223C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP112D-default"
config platform
set type 112D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP24D-default"
config platform
set type 24D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP21D-default"
config platform
set type 21D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FK214B-default"
config platform
set type 214B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP224D-default"
config platform
set type 224D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP222C-default"
config platform
set type 222C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP25D-default"
config platform
set type 25D
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP221C-default"
config platform
set type 221C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP320C-default"
config platform
set type 320C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11ac
end
next
edit "FAP28C-default"
config platform
set type 28C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP223B-default"
config platform
set type 223B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP14C-default"
config platform
set type 14C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP11C-default"
config platform
set type 11C
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP320B-default"
config platform
set type 320B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "FAP112B-default"
config platform
set type 112B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP222B-default"
config platform
set type 222B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
config radio-2
set band 802.11n-5G
end
next
edit "FAP210B-default"
config platform
set type 210B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
edit "FAP220B-default"
config platform
set type 220B
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n-5G
end
config radio-2
set band 802.11n,g-only
end
next
edit "AP-11N-default"
config platform
set type AP-11N
end
set handoff-sta-thresh 30
config radio-1
set band 802.11n,g-only
end
next
end
config wireless-controller utm-profile
edit "wifi-default"
set comment "Default configuration for offloading WiFi traffic."
set ips-sensor "wifi-default"
set application-list "wifi-default"
set antivirus-profile "wifi-default"
set webfilter-profile "wifi-default"
next
end
config log memory setting
set status enable
end
config log null-device setting
set status disable
end
config log setting
set local-in-allow enable
set local-in-deny-unicast enable
set local-in-deny-broadcast enable
set local-out enable
end
config router rip
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ripng
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router static
edit 1
set gateway 61.216.60.254
set device "wan"
next
end
config router ospf
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router ospf6
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
config router bgp
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
config router isis
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "bgp"
end
config redistribute "static"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "bgp"
end
config redistribute6 "static"
end
end
config router multicast
end
(2-2/6)