#config-version=FGT30E-6.2.11-FW-build1303-220621:opmode=0:vdom=0:user=B10013 #conf_file_ver=1662276897990606 #buildno=1303 #global_vdom=1 config system global set admin-server-cert "wildcard.tahoho.com.tw" set admin-sport 8443 set alias "FortiGate-30E" set gui-certificates enable set hostname "HBB-JiaYi-Firewall-E2C-IT" set language trach set switch-controller enable set timezone 59 set wifi-ca-certificate "USERTrust_RSA_Certification_Authority" set wifi-certificate "wildcard.tahoho.com.tw" end config system accprofile edit "prof_admin" set secfabgrp read-write set ftviewgrp read-write set authgrp read-write set sysgrp read-write set netgrp read-write set loggrp read-write set fwgrp read-write set vpngrp read-write set utmgrp read-write set wifi read-write next end config system interface edit "wan" set vdom "root" set ip 61.216.60.230 255.255.255.0 set allowaccess ping https http set type physical set role wan set snmp-index 1 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 2 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 3 next edit "lan" set vdom "root" set ip 192.167.3.99 255.255.255.0 set allowaccess ping https ssh http fgfm fabric set type hard-switch set stp enable set device-identification enable set role lan set snmp-index 4 set secondary-IP enable next edit "fortilink" set vdom "root" set fortilink enable set ip 169.254.1.1 255.255.255.0 set allowaccess ping fabric set type hard-switch set lldp-reception enable set lldp-transmission enable set snmp-index 5 next end config system physical-switch edit "sw0" set age-val 0 next end config system virtual-switch edit "lan" set physical-switch "sw0" config port edit "lan1" set speed 1000full next edit "lan2" set speed 1000full next edit "lan3" set speed 1000full next edit "lan4" set speed 1000full next end next edit "fortilink" set physical-switch "sw0" next end config system custom-language edit "en" set filename "en" next edit "fr" set filename "fr" next edit "sp" set filename "sp" next edit "pg" set filename "pg" next edit "x-sjis" set filename "x-sjis" next edit "big5" set filename "big5" next edit "GB2312" set filename "GB2312" next edit "euc-kr" set filename "euc-kr" next end config system admin edit "admin" set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Status" set vdom "root" set permanent enable config widget edit 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 2 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 3 set width 1 set height 1 next edit 5 set type admins set x-pos 4 set width 1 set height 1 next edit 6 set type cpu-usage set x-pos 5 set width 2 set height 1 next edit 7 set type memory-usage set x-pos 6 set width 2 set height 1 next edit 8 set type sessions set x-pos 7 set width 2 set height 1 next end next edit 3 set name "Security" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "compromisedHosts" set fortiview-sort-by "verdict" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 6 set width 6 set height 3 set fortiview-type "threats" set fortiview-sort-by "threatLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type vulnerability-summary set y-pos 3 set width 3 set height 3 next edit 4 set type host-scan-summary set x-pos 3 set y-pos 3 set width 3 set height 3 next edit 5 set type fortiview set x-pos 6 set y-pos 3 set width 6 set height 3 set fortiview-type "endpointDevices" set fortiview-sort-by "vulnerabilities" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 2 set name "Top Usage LAN/DMZ" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "source" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 6 set width 6 set height 3 set fortiview-type "destination" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type fortiview set y-pos 3 set width 6 set height 3 set fortiview-type "application" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 4 set type fortiview set x-pos 6 set y-pos 3 set width 6 set height 3 set fortiview-type "website" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 4 set name "System Events" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "count" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 6 set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "eventLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next end set gui-vdom-menu-favorites "device_definition" set password ENC SH2X+yMzAd4Jwir1oxEYdVCx7R+NcZL23k4HAlT3pKKtuIGy8VW48QGt74aDKo= next edit "coleman" set remote-auth enable set accprofile "super_admin" set vdom "root" set remote-group "RemoteUserGroup" set password ENC SH2TUlsuXAvxmUlyZzHXobkvfDl3TtLpkihApjWEHpZQiI7rHiygtw/fXfkoak= next edit "renhua.gu" set remote-auth enable set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Status" set vdom "root" set permanent enable config widget edit 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 2 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 3 set width 1 set height 1 next edit 5 set type admins set x-pos 4 set width 1 set height 1 next edit 6 set type cpu-usage set x-pos 5 set width 2 set height 1 next edit 7 set type memory-usage set x-pos 6 set width 2 set height 1 next edit 8 set type sessions set x-pos 7 set width 2 set height 1 next end next edit 2 set name "Top Usage LAN/DMZ" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "source" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "destination" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type fortiview set x-pos 2 set width 6 set height 3 set fortiview-type "application" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 4 set type fortiview set x-pos 3 set width 6 set height 3 set fortiview-type "website" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 3 set name "Security" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "compromisedHosts" set fortiview-sort-by "verdict" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "threats" set fortiview-sort-by "threatLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type vulnerability-summary set x-pos 2 set width 3 set height 3 next edit 4 set type host-scan-summary set x-pos 3 set width 3 set height 3 next edit 5 set type fortiview set x-pos 4 set width 6 set height 3 set fortiview-type "endpointDevices" set fortiview-sort-by "vulnerabilities" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 4 set name "System Events" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "count" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "eventLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next end set remote-group "RemoteUserGroup" set password ENC SH2eywD/vg4n4UnQAC8m1c6L7DhVDrFAU0Yg5Ioq2HLSbIHC2+VX4lUFwTHlUI= next edit "B10013" set remote-auth enable set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "Status" set vdom "root" set permanent enable config widget edit 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 2 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 3 set width 1 set height 1 next edit 5 set type admins set x-pos 4 set width 1 set height 1 next edit 6 set type cpu-usage set x-pos 5 set width 2 set height 1 next edit 7 set type memory-usage set x-pos 6 set width 2 set height 1 next edit 8 set type sessions set x-pos 7 set width 2 set height 1 next end next edit 2 set name "Top Usage LAN/DMZ" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "source" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "destination" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type fortiview set x-pos 2 set width 6 set height 3 set fortiview-type "application" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 4 set type fortiview set x-pos 3 set width 6 set height 3 set fortiview-type "website" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 3 set name "Security" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "compromisedHosts" set fortiview-sort-by "verdict" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "threats" set fortiview-sort-by "threatLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type vulnerability-summary set x-pos 2 set width 3 set height 3 next edit 4 set type host-scan-summary set x-pos 3 set width 3 set height 3 next edit 5 set type fortiview set x-pos 4 set width 6 set height 3 set fortiview-type "endpointDevices" set fortiview-sort-by "vulnerabilities" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 4 set name "System Events" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "count" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "eventLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next end set remote-group "RemoteUserGroup" set password ENC SH2mNJtHFr7er0GoXG0bKqyP2VtItdZ6Nz+Z2DkH5N0gy9JVYbX6sr+rPEC8VA= next edit "joy.va" set accprofile "super_admin" set vdom "root" set password ENC SH2Y91ScbcctsfTcM273jp8XLvp9zPkrLEqNen7Fv7f98y598vr33dZFbV+GP0= next edit "itservice" set accprofile "super_admin" set vdom "root" config gui-dashboard edit 1 set name "狀態" set vdom "root" set permanent enable config widget edit 1 set width 1 set height 1 next edit 2 set type licinfo set x-pos 1 set width 1 set height 1 next edit 3 set type forticloud set x-pos 2 set width 1 set height 1 next edit 4 set type security-fabric set x-pos 3 set width 1 set height 1 next edit 5 set type admins set x-pos 4 set width 1 set height 1 next edit 6 set type cpu-usage set x-pos 5 set width 2 set height 1 next edit 7 set type memory-usage set x-pos 6 set width 2 set height 1 next edit 8 set type sessions set x-pos 7 set width 2 set height 1 next end next edit 2 set name "最高用量排行 LAN/DMZ" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "source" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "destination" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type fortiview set x-pos 2 set width 6 set height 3 set fortiview-type "application" set fortiview-sort-by "bytes" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 4 set type fortiview set x-pos 3 set width 6 set height 3 set fortiview-type "website" set fortiview-sort-by "sessions" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 3 set name "安全" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "compromisedHosts" set fortiview-sort-by "verdict" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "threats" set fortiview-sort-by "threatLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 3 set type vulnerability-summary set x-pos 2 set width 3 set height 3 next edit 4 set type host-scan-summary set x-pos 3 set width 3 set height 3 next edit 5 set type fortiview set x-pos 4 set width 6 set height 3 set fortiview-type "endpointDevices" set fortiview-sort-by "vulnerabilities" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next edit 4 set name "系統相關事件" set vdom "root" set layout-type fixed set columns 12 config widget edit 1 set type fortiview set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "count" set fortiview-timeframe "hour" set fortiview-visualization "table" next edit 2 set type fortiview set x-pos 1 set width 6 set height 3 set fortiview-type "systemEvents" set fortiview-sort-by "eventLevel" set fortiview-timeframe "hour" set fortiview-visualization "table" next end next end set password ENC SH2/63HQ23RJ42QiHJqIP/2jqvvtd0c9zDPZ5Tw/3Qji54X8jeNEOIVDmZ1c9k= next end config system sso-admin end config system ha set override disable end config system dns set primary 168.95.1.1 set secondary 8.8.8.8 end config system replacemsg-image edit "logo_fnet" set image-type gif next edit "logo_fguard_wf" set image-type gif next edit "logo_fw_auth" next edit "logo_v2_fnet" next edit "logo_v2_fguard_wf" next edit "logo_v2_fguard_app" next end config system replacemsg mail "email-av-fail" end config system replacemsg mail "email-block" end config system replacemsg mail "email-dlp-subject" end config system replacemsg mail "email-dlp-ban" end config system replacemsg mail "email-filesize" end config system replacemsg mail "email-file-filter" end config system replacemsg mail "partial" end config system replacemsg mail "smtp-block" end config system replacemsg mail "smtp-filesize" end config system replacemsg mail "email-decompress-limit" end config system replacemsg mail "smtp-decompress-limit" end config system replacemsg http "bannedword" end config system replacemsg http "url-block" end config system replacemsg http "urlfilter-err" end config system replacemsg http "infcache-block" end config system replacemsg http "http-block" end config system replacemsg http "http-filesize" end config system replacemsg http "http-dlp-ban" end config system replacemsg http "http-archive-block" end config system replacemsg http "http-contenttypeblock" end config system replacemsg http "https-invalid-cert-block" end config system replacemsg http "https-untrusted-cert-block" end config system replacemsg http "https-blacklisted-cert-block" end config system replacemsg http "http-client-block" end config system replacemsg http "http-client-filesize" end config system replacemsg http "http-client-bannedword" end config system replacemsg http "http-post-block" end config system replacemsg http "http-client-archive-block" end config system replacemsg http "switching-protocols-block" end config system replacemsg webproxy "deny" end config system replacemsg webproxy "user-limit" end config system replacemsg webproxy "auth-challenge" end config system replacemsg webproxy "auth-login-fail" end config system replacemsg webproxy "auth-group-info-fail" end config system replacemsg webproxy "http-err" end config system replacemsg webproxy "auth-ip-blackout" end config system replacemsg ftp "ftp-av-fail" end config system replacemsg ftp "ftp-dl-blocked" end config system replacemsg ftp "ftp-dl-filesize" end config system replacemsg ftp "ftp-dl-dlp-ban" end config system replacemsg ftp "ftp-explicit-banner" end config system replacemsg ftp "ftp-dl-archive-block" end config system replacemsg ftp "ftp-file-filter-block" end config system replacemsg nntp "nntp-av-fail" end config system replacemsg nntp "nntp-dl-blocked" end config system replacemsg nntp "nntp-dl-filesize" end config system replacemsg nntp "nntp-dlp-subject" end config system replacemsg nntp "nntp-dlp-ban" end config system replacemsg nntp "email-decompress-limit" end config system replacemsg fortiguard-wf "ftgd-block" end config system replacemsg fortiguard-wf "http-err" end config system replacemsg fortiguard-wf "ftgd-ovrd" end config system replacemsg fortiguard-wf "ftgd-quota" end config system replacemsg fortiguard-wf "ftgd-warning" end config system replacemsg spam "ipblocklist" end config system replacemsg spam "smtp-spam-dnsbl" end config system replacemsg spam "smtp-spam-feip" end config system replacemsg spam "smtp-spam-helo" end config system replacemsg spam "smtp-spam-emailblack" end config system replacemsg spam "smtp-spam-mimeheader" end config system replacemsg spam "reversedns" end config system replacemsg spam "smtp-spam-bannedword" end config system replacemsg spam "smtp-spam-ase" end config system replacemsg spam "submit" end config system replacemsg alertmail "alertmail-virus" end config system replacemsg alertmail "alertmail-block" end config system replacemsg alertmail "alertmail-nids-event" end config system replacemsg alertmail "alertmail-crit-event" end config system replacemsg alertmail "alertmail-disk-full" end config system replacemsg admin "pre_admin-disclaimer-text" end config system replacemsg admin "post_admin-disclaimer-text" end config system replacemsg auth "auth-disclaimer-page-1" end config system replacemsg auth "auth-disclaimer-page-2" end config system replacemsg auth "auth-disclaimer-page-3" end config system replacemsg auth "auth-reject-page" end config system replacemsg auth "auth-login-page" end config system replacemsg auth "auth-login-failed-page" end config system replacemsg auth "auth-token-login-page" end config system replacemsg auth "auth-token-login-failed-page" end config system replacemsg auth "auth-success-msg" end config system replacemsg auth "auth-challenge-page" end config system replacemsg auth "auth-keepalive-page" end config system replacemsg auth "auth-portal-page" end config system replacemsg auth "auth-password-page" end config system replacemsg auth "auth-fortitoken-page" end config system replacemsg auth "auth-next-fortitoken-page" end config system replacemsg auth "auth-email-token-page" end config system replacemsg auth "auth-sms-token-page" end config system replacemsg auth "auth-email-harvesting-page" end config system replacemsg auth "auth-email-failed-page" end config system replacemsg auth "auth-cert-passwd-page" end config system replacemsg auth "auth-guest-print-page" end config system replacemsg auth "auth-guest-email-page" end config system replacemsg auth "auth-success-page" end config system replacemsg auth "auth-block-notification-page" end config system replacemsg auth "auth-quarantine-page" end config system replacemsg auth "auth-qtn-reject-page" end config system replacemsg auth "auth-saml-page" end config system replacemsg sslvpn "sslvpn-login" end config system replacemsg sslvpn "sslvpn-header" end config system replacemsg sslvpn "sslvpn-limit" end config system replacemsg sslvpn "hostcheck-error" end config system replacemsg device-detection-portal "device-detection-failure" end config system replacemsg nac-quar "nac-quar-virus" end config system replacemsg nac-quar "nac-quar-dos" end config system replacemsg nac-quar "nac-quar-ips" end config system replacemsg nac-quar "nac-quar-dlp" end config system replacemsg nac-quar "nac-quar-admin" end config system replacemsg nac-quar "nac-quar-app" end config system replacemsg traffic-quota "per-ip-shaper-block" end config system replacemsg utm "virus-html" end config system replacemsg utm "client-virus-html" end config system replacemsg utm "virus-text" end config system replacemsg utm "dlp-html" end config system replacemsg utm "dlp-text" end config system replacemsg utm "appblk-html" end config system replacemsg utm "ipsblk-html" end config system replacemsg utm "ipsfail-html" end config system replacemsg utm "exe-text" end config system replacemsg utm "waf-html" end config system replacemsg utm "outbreak-prevention-html" end config system replacemsg utm "outbreak-prevention-text" end config system replacemsg utm "file-filter-text" end config system replacemsg utm "file-size-text" end config system replacemsg utm "internal-error-text" end config system replacemsg icap "icap-req-resp" end config system snmp sysinfo end config system central-management set type fortiguard end config firewall internet-service-definition end config system cluster-sync end config system fortiguard set service-account-id "godelchen@tahoho.com.tw" set sdns-server-ip "208.91.112.220" end config ips global end config log syslogd setting set status enable set server "hb.tahoho.com.tw" end config log fortiguard setting set status enable set upload-option 1-minute end config system email-server set server "notification.fortinet.net" set port 465 set security smtps end config system session-helper edit 1 set name pptp set protocol 6 set port 1723 next edit 2 set name h323 set protocol 6 set port 1720 next edit 3 set name ras set protocol 17 set port 1719 next edit 4 set name tns set protocol 6 set port 1521 next edit 5 set name tftp set protocol 17 set port 69 next edit 6 set name rtsp set protocol 6 set port 554 next edit 7 set name rtsp set protocol 6 set port 7070 next edit 8 set name rtsp set protocol 6 set port 8554 next edit 9 set name ftp set protocol 6 set port 21 next edit 10 set name mms set protocol 6 set port 1863 next edit 11 set name pmap set protocol 6 set port 111 next edit 12 set name pmap set protocol 17 set port 111 next edit 13 set name sip set protocol 17 set port 5060 next edit 14 set name dns-udp set protocol 17 set port 53 next edit 15 set name rsh set protocol 6 set port 514 next edit 16 set name rsh set protocol 6 set port 512 next edit 17 set name dcerpc set protocol 6 set port 135 next edit 18 set name dcerpc set protocol 17 set port 135 next edit 19 set name mgcp set protocol 17 set port 2427 next edit 20 set name mgcp set protocol 17 set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set server-mode enable set interface "fortilink" end config system object-tagging edit "default" next end config switch-controller traffic-policy edit "quarantine" set description "Rate control for quarantined traffic" set guaranteed-bandwidth 163840 set guaranteed-burst 8192 set maximum-burst 163840 set cos-queue 0 set id 1 next edit "sniffer" set description "Rate control for sniffer mirrored traffic" set guaranteed-bandwidth 50000 set guaranteed-burst 8192 set maximum-burst 163840 set cos-queue 0 set id 2 next end config system settings end config system dhcp server edit 2 set ntp-service local set default-gateway 169.254.1.1 set netmask 255.255.255.0 set interface "fortilink" config ip-range edit 1 set start-ip 169.254.1.2 set end-ip 169.254.1.254 next end set vci-match enable set vci-string "FortiSwitch" "FortiExtender" next edit 3 set lease-time 300 set dns-service default set default-gateway 192.167.3.99 set netmask 255.255.255.0 set interface "lan" config ip-range edit 1 set start-ip 192.167.3.109 set end-ip 192.167.3.149 next end next end config firewall address edit "none" set uuid 9d07a54a-abf9-51ec-caad-f75e7de4b639 set subnet 0.0.0.0 255.255.255.255 next edit "login.microsoftonline.com" set uuid 9d07c50c-abf9-51ec-8dd8-df792cd4cfe9 set type fqdn set fqdn "login.microsoftonline.com" next edit "login.microsoft.com" set uuid 9d07e3f2-abf9-51ec-a291-fd7f28ec5c36 set type fqdn set fqdn "login.microsoft.com" next edit "login.windows.net" set uuid 9d07fdc4-abf9-51ec-9153-4663f5a6de18 set type fqdn set fqdn "login.windows.net" next edit "gmail smtp" set uuid 9d0816d8-abf9-51ec-0694-7380a35b0a1b set type fqdn set fqdn "smtp.gmail.com" next edit "wildcard.google.com" set uuid 9d082f88-abf9-51ec-bd5c-ca362b006acc set type fqdn set fqdn "*.google.com" next edit "wildcard.dropbox.com" set uuid 9d08623c-abf9-51ec-d940-6ac3ce6eb434 set type fqdn set fqdn "*.dropbox.com" next edit "all" set uuid 9d48383a-abf9-51ec-f02e-eadb8b852ac0 next edit "FIREWALL_AUTH_PORTAL_ADDRESS" set uuid 9d484366-abf9-51ec-1031-8de750ffbade set visibility disable next edit "FABRIC_DEVICE" set uuid 9d484d52-abf9-51ec-b974-8800bf577db6 set comment "IPv4 addresses of Fabric Devices." next edit "SSLVPN_TUNNEL_ADDR1" set uuid 9d4a7d5c-abf9-51ec-ad03-977671f54698 set type iprange set associated-interface "ssl.root" set start-ip 192.167.3.200 set end-ip 192.167.3.250 next edit "lan" set uuid a57f0470-abf9-51ec-8a90-d85223852221 set type interface-subnet set subnet 192.167.3.99 255.255.255.0 set interface "lan" next edit "AzureS2SVPN_local_subnet" set uuid ee291f2a-b0aa-51ec-a30d-2b8339849a8b set subnet 192.168.1.0 255.255.255.0 next edit "AzureS2SVPN_remote_subnet" set uuid 0514790a-b0ab-51ec-ad39-24094eb53d85 set subnet 10.100.0.0 255.255.0.0 next edit "LocalNetwork_192.168.1.0" set uuid 373e3036-b11b-51ec-1ec9-cd1b8be323c7 set associated-interface "lan" set subnet 192.168.1.0 255.255.255.0 next edit "advantech-machine" set uuid e5f3803c-b15b-51ec-d55d-b2eae187f4ee set type mac set start-mac c4:00:ad:8b:60:3a set end-mac c4:00:ad:8b:60:3a set comment "Created for DHCP Reservation" set associated-interface "lan" next edit "Anydesk" set uuid 67eb1f40-1d2d-51ed-adb6-296da629d022 set type fqdn set fqdn "*.net.anydesk.com" next edit "GCP" set uuid 7f8e2dcc-1d2d-51ed-8e31-56c320c6f3ee set type fqdn set fqdn "*.googleapis.com" next edit "AWS" set uuid 8a743b96-1d2d-51ed-91a5-f7862fa13ae1 set type fqdn set fqdn "aws.amazon.com" next edit "IT component" set uuid ccfdf286-1d2d-51ed-9657-a8d63ee8c4bf set subnet 192.167.3.110 255.255.255.255 next edit "Git" set uuid 821e6ed4-245e-51ed-36cf-7b025f1ba89d set type fqdn set fqdn "raw.githubusercontent.com" next edit "AWS1" set uuid ca73b252-245e-51ed-4ab9-0786e46af67f set type fqdn set fqdn "amazon.com" next edit "AWS2" set uuid 81ce14fc-2869-51ed-2aa1-8e4befe91aff set type fqdn set fqdn "*.amazonaws.com" next edit "GLPI-Server" set uuid cce3026e-6c60-51ed-681a-97eb11321407 set type fqdn set associated-interface "wan" set fqdn "glpi.tahoho.com.tw" next edit "Advantech-MQTT-Broker" set uuid d4b73d0e-8b12-51ed-24c2-6e8c30515320 set subnet 20.187.120.82 255.255.255.255 next edit "Advantech_MQTT Broker_DCCS Server" set uuid e7f905fa-8b12-51ed-fd6a-d7eacc9bc20b set subnet 20.205.0.212 255.255.255.255 next edit "time.google.com" set uuid e9a21dac-3b10-51ee-1395-981db1177a2d set type fqdn set fqdn "time.google.com" next edit "time.windows.com" set uuid f64b817e-3b10-51ee-0bd2-5ad16352ba54 set type fqdn set fqdn "time.windows.com" next edit "tw.ntp.org.cn" set uuid 013dd942-3b11-51ee-cb57-e3a24af234b5 set type fqdn set fqdn "tw.ntp.org.cn" next edit "Cloud Scada" set uuid c13f83c0-b0fb-51ee-f216-2e3323a1b254 set type fqdn set fqdn "scadabroker.myvecid.net" next edit "Cloud Scada2" set uuid d306de6e-b0fb-51ee-b3ee-5405d656abde set type fqdn set fqdn "cloudscada.myvecid.net" next end config firewall multicast-address edit "all" set start-ip 224.0.0.0 set end-ip 239.255.255.255 next edit "all_hosts" set start-ip 224.0.0.1 set end-ip 224.0.0.1 next edit "all_routers" set start-ip 224.0.0.2 set end-ip 224.0.0.2 next edit "Bonjour" set start-ip 224.0.0.251 set end-ip 224.0.0.251 next edit "EIGRP" set start-ip 224.0.0.10 set end-ip 224.0.0.10 next edit "OSPF" set start-ip 224.0.0.5 set end-ip 224.0.0.6 next end config firewall address6 edit "SSLVPN_TUNNEL_IPv6_ADDR1" set uuid 9d4a8ffe-abf9-51ec-5bfb-9c6fb1cb2dca set ip6 fdff:ffff::/120 next edit "all" set uuid 9d08da6e-abf9-51ec-6f76-196ec7635adf next edit "none" set uuid 9d08f1ca-abf9-51ec-e0ea-b27bb0863c37 set ip6 ::/128 next end config firewall multicast-address6 edit "all" set ip6 ff00::/8 next end config firewall addrgrp edit "G Suite" set uuid 9d088780-abf9-51ec-34a0-df6362185fae set member "gmail smtp" "wildcard.google.com" next edit "Microsoft Office 365" set uuid 9d08abde-abf9-51ec-f0a2-bb74e5f7edfc set member "login.microsoftonline.com" "login.microsoft.com" "login.windows.net" next end config firewall wildcard-fqdn custom edit "adobe" set uuid 9e4ff470-abf9-51ec-ea83-bda0c8f44e57 set wildcard-fqdn "*.adobe.com" next edit "Adobe Login" set uuid 9e4ffc36-abf9-51ec-154a-115667d74de0 set wildcard-fqdn "*.adobelogin.com" next edit "android" set uuid 9e500348-abf9-51ec-25c3-651446a4e92e set wildcard-fqdn "*.android.com" next edit "apple" set uuid 9e500a50-abf9-51ec-ba40-79995f217bef set wildcard-fqdn "*.apple.com" next edit "appstore" set uuid 9e501144-abf9-51ec-c872-d48566f2ad9b set wildcard-fqdn "*.appstore.com" next edit "auth.gfx.ms" set uuid 9e501856-abf9-51ec-4fe8-a1cb67a10ecb set wildcard-fqdn "*.auth.gfx.ms" next edit "citrix" set uuid 9e501f5e-abf9-51ec-7737-9dd8334679e6 set wildcard-fqdn "*.citrixonline.com" next edit "dropbox.com" set uuid 9e502666-abf9-51ec-0f50-3c197d0d40b3 set wildcard-fqdn "*.dropbox.com" next edit "eease" set uuid 9e502d6e-abf9-51ec-959d-4b4ef9ddc1a1 set wildcard-fqdn "*.eease.com" next edit "firefox update server" set uuid 9e503476-abf9-51ec-430b-e773c93ad13b set wildcard-fqdn "aus*.mozilla.org" next edit "fortinet" set uuid 9e503b7e-abf9-51ec-92aa-a27340cfd046 set wildcard-fqdn "*.fortinet.com" next edit "googleapis.com" set uuid 9e504290-abf9-51ec-4a61-55953f92b251 set wildcard-fqdn "*.googleapis.com" next edit "google-drive" set uuid 9e504998-abf9-51ec-519f-2cb48caed35f set wildcard-fqdn "*drive.google.com" next edit "google-play2" set uuid 9e5050b4-abf9-51ec-c0c8-c28fba433b09 set wildcard-fqdn "*.ggpht.com" next edit "google-play3" set uuid 9e5057d0-abf9-51ec-6b83-423ab85f08ba set wildcard-fqdn "*.books.google.com" next edit "Gotomeeting" set uuid 9e505ef6-abf9-51ec-7862-75778c818507 set wildcard-fqdn "*.gotomeeting.com" next edit "icloud" set uuid 9e506b3a-abf9-51ec-d88f-74ab5e4c8a71 set wildcard-fqdn "*.icloud.com" next edit "itunes" set uuid 9e5073dc-abf9-51ec-72a8-dbac61b7c2b0 set wildcard-fqdn "*itunes.apple.com" next edit "microsoft" set uuid 9e507b2a-abf9-51ec-999b-42fa39e5e3bc set wildcard-fqdn "*.microsoft.com" next edit "skype" set uuid 9e50825a-abf9-51ec-0d6f-f25ecfc95d12 set wildcard-fqdn "*.messenger.live.com" next edit "softwareupdate.vmware.com" set uuid 9e508980-abf9-51ec-a0b3-01ce49a1f30f set wildcard-fqdn "*.softwareupdate.vmware.com" next edit "verisign" set uuid 9e5090b0-abf9-51ec-065b-ba2a07341365 set wildcard-fqdn "*.verisign.com" next edit "Windows update 2" set uuid 9e5097cc-abf9-51ec-036c-bafa6e6ffade set wildcard-fqdn "*.windowsupdate.com" next edit "live.com" set uuid 9e509efc-abf9-51ec-7d0b-c03c1915faa8 set wildcard-fqdn "*.live.com" next edit "google-play" set uuid 9e50a780-abf9-51ec-f527-29b2a676e712 set wildcard-fqdn "*play.google.com" next edit "update.microsoft.com" set uuid 9e50aee2-abf9-51ec-f336-c71675a5db25 set wildcard-fqdn "*update.microsoft.com" next edit "swscan.apple.com" set uuid 9e50b626-abf9-51ec-d0e5-29ba1f82198f set wildcard-fqdn "*swscan.apple.com" next edit "autoupdate.opera.com" set uuid 9e50bd60-abf9-51ec-a821-45ed06030221 set wildcard-fqdn "*autoupdate.opera.com" next end config firewall service category edit "General" set comment "General services." next edit "Web Access" set comment "Web access." next edit "File Access" set comment "File access." next edit "Email" set comment "Email services." next edit "Network Services" set comment "Network services." next edit "Authentication" set comment "Authentication service." next edit "Remote Access" set comment "Remote access." next edit "Tunneling" set comment "Tunneling service." next edit "VoIP, Messaging & Other Applications" set comment "VoIP, messaging, and other applications." next edit "Web Proxy" set comment "Explicit web proxy." next end config firewall service custom edit "DNS" set category "Network Services" set tcp-portrange 53 set udp-portrange 53 next edit "HTTP" set category "Web Access" set tcp-portrange 80 next edit "HTTPS" set category "Web Access" set tcp-portrange 443 next edit "IMAP" set category "Email" set tcp-portrange 143 next edit "IMAPS" set category "Email" set tcp-portrange 993 next edit "LDAP" set category "Authentication" set tcp-portrange 389 next edit "DCE-RPC" set category "Remote Access" set tcp-portrange 135 set udp-portrange 135 next edit "POP3" set category "Email" set tcp-portrange 110 next edit "POP3S" set category "Email" set tcp-portrange 995 next edit "SAMBA" set category "File Access" set tcp-portrange 139 next edit "SMTP" set category "Email" set tcp-portrange 25 next edit "SMTPS" set category "Email" set tcp-portrange 465 next edit "KERBEROS" set category "Authentication" set tcp-portrange 88 464 set udp-portrange 88 464 next edit "LDAP_UDP" set category "Authentication" set udp-portrange 389 next edit "SMB" set category "File Access" set tcp-portrange 445 next edit "ALL" set category "General" set protocol IP next edit "ALL_TCP" set category "General" set tcp-portrange 1-65535 next edit "ALL_UDP" set category "General" set udp-portrange 1-65535 next edit "ALL_ICMP" set category "General" set protocol ICMP unset icmptype next edit "ALL_ICMP6" set category "General" set protocol ICMP6 unset icmptype next edit "GRE" set category "Tunneling" set protocol IP set protocol-number 47 next edit "AH" set category "Tunneling" set protocol IP set protocol-number 51 next edit "ESP" set category "Tunneling" set protocol IP set protocol-number 50 next edit "AOL" set visibility disable set tcp-portrange 5190-5194 next edit "BGP" set category "Network Services" set tcp-portrange 179 next edit "DHCP" set category "Network Services" set udp-portrange 67-68 next edit "FINGER" set visibility disable set tcp-portrange 79 next edit "FTP" set category "File Access" set tcp-portrange 21 next edit "FTP_GET" set category "File Access" set tcp-portrange 21 next edit "FTP_PUT" set category "File Access" set tcp-portrange 21 next edit "GOPHER" set visibility disable set tcp-portrange 70 next edit "H323" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1720 1503 set udp-portrange 1719 next edit "IKE" set category "Tunneling" set udp-portrange 500 4500 next edit "Internet-Locator-Service" set visibility disable set tcp-portrange 389 next edit "IRC" set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit "L2TP" set category "Tunneling" set tcp-portrange 1701 set udp-portrange 1701 next edit "NetMeeting" set visibility disable set tcp-portrange 1720 next edit "NFS" set category "File Access" set tcp-portrange 111 2049 set udp-portrange 111 2049 next edit "NNTP" set visibility disable set tcp-portrange 119 next edit "NTP" set category "Network Services" set tcp-portrange 123 set udp-portrange 123 next edit "OSPF" set category "Network Services" set protocol IP set protocol-number 89 next edit "PC-Anywhere" set category "Remote Access" set tcp-portrange 5631 set udp-portrange 5632 next edit "PING" set category "Network Services" set protocol ICMP set icmptype 8 unset icmpcode next edit "TIMESTAMP" set protocol ICMP set visibility disable set icmptype 13 unset icmpcode next edit "INFO_REQUEST" set protocol ICMP set visibility disable set icmptype 15 unset icmpcode next edit "INFO_ADDRESS" set protocol ICMP set visibility disable set icmptype 17 unset icmpcode next edit "ONC-RPC" set category "Remote Access" set tcp-portrange 111 set udp-portrange 111 next edit "PPTP" set category "Tunneling" set tcp-portrange 1723 next edit "QUAKE" set visibility disable set udp-portrange 26000 27000 27910 27960 next edit "RAUDIO" set visibility disable set udp-portrange 7070 next edit "REXEC" set visibility disable set tcp-portrange 512 next edit "RIP" set category "Network Services" set udp-portrange 520 next edit "RLOGIN" set visibility disable set tcp-portrange 513:512-1023 next edit "RSH" set visibility disable set tcp-portrange 514:512-1023 next edit "SCCP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit "SIP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 5060 set udp-portrange 5060 next edit "SIP-MSNmessenger" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit "SNMP" set category "Network Services" set tcp-portrange 161-162 set udp-portrange 161-162 next edit "SSH" set category "Remote Access" set tcp-portrange 22 next edit "SYSLOG" set category "Network Services" set udp-portrange 514 next edit "TALK" set visibility disable set udp-portrange 517-518 next edit "TELNET" set category "Remote Access" set tcp-portrange 23 next edit "TFTP" set category "File Access" set udp-portrange 69 next edit "MGCP" set visibility disable set udp-portrange 2427 2727 next edit "UUCP" set visibility disable set tcp-portrange 540 next edit "VDOLIVE" set visibility disable set tcp-portrange 7000-7010 next edit "WAIS" set visibility disable set tcp-portrange 210 next edit "WINFRAME" set visibility disable set tcp-portrange 1494 2598 next edit "X-WINDOWS" set category "Remote Access" set tcp-portrange 6000-6063 next edit "PING6" set protocol ICMP6 set visibility disable set icmptype 128 unset icmpcode next edit "MS-SQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit "MYSQL" set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit "RDP" set category "Remote Access" set tcp-portrange 3389 next edit "VNC" set category "Remote Access" set tcp-portrange 5900 next edit "DHCP6" set category "Network Services" set udp-portrange 546 547 next edit "SQUID" set category "Tunneling" set tcp-portrange 3128 next edit "SOCKS" set category "Tunneling" set tcp-portrange 1080 set udp-portrange 1080 next edit "WINS" set category "Remote Access" set tcp-portrange 1512 set udp-portrange 1512 next edit "RADIUS" set category "Authentication" set udp-portrange 1812 1813 next edit "RADIUS-OLD" set visibility disable set udp-portrange 1645 1646 next edit "CVSPSERVER" set visibility disable set tcp-portrange 2401 set udp-portrange 2401 next edit "AFS3" set category "File Access" set tcp-portrange 7000-7009 set udp-portrange 7000-7009 next edit "TRACEROUTE" set category "Network Services" set udp-portrange 33434-33535 next edit "RTSP" set category "VoIP, Messaging & Other Applications" set tcp-portrange 554 7070 8554 set udp-portrange 554 next edit "MMS" set visibility disable set tcp-portrange 1755 set udp-portrange 1024-5000 next edit "NONE" set visibility disable set tcp-portrange 0 next edit "webproxy" set proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 0-65535:0-65535 next edit "OPC UA" set comment "for opc ua access" set tcp-portrange 49320 next edit "UDP53" set category "Web Access" set udp-portrange 53 next edit "MQTT" set tcp-portrange 1883 8883 443 next edit "Advantech-Testing-MQTT-8883" set tcp-portrange 8883 next edit "gmail" set tcp-portrange 465 next end config firewall service group edit "Email Access" set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit "Web Access" set member "DNS" "HTTP" "HTTPS" next edit "Windows AD" set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit "Exchange Server" set member "DCE-RPC" "DNS" "HTTPS" next end config vpn certificate ca end config vpn certificate local edit "Fortinet_CA_SSL" set password ENC sVuxydH4EXq4h+Dr3MKZYU+r8k4KxxvxlDAeujeg35eLddIzANulEwGFeJevvE8sRwnjsgRmo0P781LUcWsF2ZnDN211hBUt6VbpGwDgwDNzuFFB9eAh/vXxQMDocI8ZraB7SGONlEFtO3jN9SiynWhLE2Mxe93Ki3kuczMM62bOi92MdFAtkmDJXxgdLVqEqFyVKw== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIVHGVTevfHuoCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAsuftPSaeyoBIIEyLwdrP3UTvDy ISQ6xfm1Dd4kBd886en83dMXCpSQN1rmsNHmCbjXMw80S6YBsHb1+lG1Ol4okwFO H5g6aeKnlqelQHSH2dpScf6LrTXeA1vi7/Ae/dKekMGEA/3lMt/gqMWRpQR2KJFm AgQJ65nDrc5lanpsx4SAXmHwwPntYwU/OwZA2u7iNE4XTZqPpW3BXWvtXQhRlQuZ oRB0++67PU06rcP6C/1ZZfIDzHaaWVJwg2OMgNBdrduwwWo9r9zfNwJ+PAKJkCpQ tgHcG8UPeBqQWrZuxe8YSnbsrgDiikwxZoY0ptjPF1VkQetPd1UVCyyznjDDuek1 QVI+46p/DDduPl4BFfV6JTOr50HR3R0OZsTcYw9LIew11K3eSbkG3Y8JVswgye7D M5ZRLeam99GhGHWZzXMf12mQrQz5yzrrP5OMXqACXsEIf7aDbA1qGzXYK//BfpuS mEK+YM8tLH5l/DIqtHo97mi/vpa031InoYVUpIi9JHCWEXv8orTePKYQbmbGayL2 TGbZgHd3U6erfl2K0YtlyjMdT1SDHfWQ1vQtunuVeKh8wfiBpwvxPxH/4DwGnmfp XsdeCuI8Y8IoWdZu/QhPMRnjMN6yLkjUYMTDTzENA5kDcA8/lI95VNvXiVwCB8iv y4ftIemXgzJUts5Z6BuyNDsoJUN42rnyawdMEJTrJDQokN2OxYz5BVkHMLTeFNtZ 5KyKN6JCJ+OPyAtWgH6U/MtUjiukbkeUV8p8AiMFZBvmuIKTGjh0p0uJyftQS3aI vQREBgpFq6Jye9wtsTq8ZbAay4U+MyhT5VY+6VbCwcd7ia70qLcc+W9s0nxZ6vrk G8vQVi2/ZGoe1H2n2GlL96cSWISlswXulqFIfVvxcZQ2+6RVQIHEU6T0jybtNhEo U03PqiH6UvFmo4/fYyDAzsMT4+jtrDELpP6SXOgWtHBP7wktiBw1nzEfkCttPNk9 Uk36pXmMvY6j6N8zXuqIflWEWFEb6trxTz842mcfZJ83mixoVJI8CBt6ZYXPwz2Y LwH1zaiyM4ri17Qs09WyOm0rponrZShCXWmzSu6aJtAQujAtn5i6YC3lepxL4d/A XHmIUj5iOJ6d3nOiZTvxHIiWO2KaAs+KbEBKzcHtTjr6kK31p2dmAu8txv4PoAYW +1adJetw4Lw3+T1AIzkenkHxs7hkkOR2OVu8p4icYXYe0xlcBYgZqGaxsIw/dWiT cjmvSgwN6SADwlfBL+VjYjQ1smTDSuxVeF4j5iBuo1ZW23lnIryk9bx/b+jfhfKN KI9NLPvPUHaiY/WAAtZZc/l7JnBU4F2M2nrUxOlwR4Zc+J05RxlCLn5K8qaPTzmt a7d8nIYY/A8zo1jumVfdv7+G6lDSnOSohfW7BQvD7eSxKzXMvdAWekskdZ1J3klP YLuZJY6a8RgwALO8JO2wVoDEFsX5PHPBWdnwLmaEnCFiK1POBXbdQT0Ga3Y1g170 TliMkf7dj3aUkHpqZn7RjuQocI+UlEcTGk9XxwIJxfBQBkZbsG1A4iehOsdjjFeS 9ZkT9S264mb8fz00DxZ40IyuDlVuTwdBEbS4odnXEuGISG6VAiQIy/Ur3joVOOCL SGoVaRcS+QBAsyy5XoT6Ow== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID4jCCAsqgAwIBAgIEGe3NtjANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEZ MBcGA1UEAwwQRkdUMzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9y dEBmb3J0aW5ldC5jb20wHhcNMjIwMzI1MDUwNzUwWhcNMzIwMzI1MDUwNzUwWjCB qTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1 bm55dmFsZTERMA8GA1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRl IEF1dGhvcml0eTEZMBcGA1UEAwwQRkdUMzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3 DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDl4RyNkBuLnDu9zEh5CFJKz9c9ykuqmjQ8+knHetWg7t3gnPrG 3PG5eReqpXCul4FzCLpFFl/IXPqqxp0OPHw1JchSZUjiAeceEPJawvfPUUCj6xr5 2xAMrOezywjn5OqpUEDiFJPoVwwkirL3ER42cZe3nhDtWC2KRZ16s3HZuKRJ/HUn hZwzDXhDpSEfk04WYjc+/OFiQ1D1rslhinCHNcpVtcXQIRpMO3Z52GP+m6X8SQNb YRnDI/c1tm7eoGN7AyQwIXWxDaTpyjwhLx52cB1lg5t+uTaXgVfZvvvLvRA3tNYm 2ZRdfDlL0kY0oDPYK9vWJsspmK0OL/oRI+SrAgMBAAGjEDAOMAwGA1UdEwQFMAMB Af8wDQYJKoZIhvcNAQELBQADggEBANrUs/Cd1lH8Zdz1Rd42rYfpE3DLEVo/qGoN hm6yiqxea5yyTRZkTjuSljPQ9Y+krXecMC7JX7CiIdOgMVq/SfYddsHMDzjnWKSe imBDQARYwiMFQwogPfcdpIXQg1F+wzeu5da4Q3mai3PuhmKSPxZ+BNO+u2c9Tb7G xMRwtnBqOYSbJCcAjaUkOUSAWs5wuFWCLH8nV0aSlc/9gZqhJ3u9GU19iuHDKh6v 3KPsfl4vsG5PbgZznCD4EYLi3/H1vDo/H/3o0l3Juc9UoC6UmvjgPAg4o3ck/J22 t4bF+9aA47Cq/LFW8vgPHzfpTBpqKONsuKxnkFBeZlK2KkghUjg= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_CA_Untrusted" set password ENC WFC6K6kkRAxP9LmPEq5i/Lnrfivo0xvx0PILoCGpDAQ2zff3sJopq6wtMdwJ/IUO7L65HXN29U8jH11ElNeW4cijlOI+GBdrCKukpld2ZE/tSDECYcK2dmdRs7NAaKRub8WR07r0JB5hyQ6pHN78rHjA1LeV3r1+G/M8HLosdHZd50mHxgFWzVB5KdV4FkRVRDZvRg== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQISs221avPrrACAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGBJkvyj/e4wBIIEyNhJc/buDOGN 0EhVsvUh687nKk6B9wPMUaXM/dC002mBL0Ck32OBgqba6TiAE0YgoJtR2p8RCST/ JMYDOZJquUK0Uts6orHS6MP9XOeYDNgASmlafToxlcEUHmtFCL0x2ljmlFZldeoO e8vrHCE+xLax/cUE0RhFy+BsT5ZN+o6/K0LwPLGgEk+ykIMKAOrViOrXY0kyBiZW ECQDual24BOz4+Bnix7Ps5lsjtHCIIGy8cDYUs24q7f3F/MVgBekF120ix18HAcx YqPzCykIj4GsazVly1Y3VKhhQ7ugTYJUW0b/cut0wQNyH/pqnJKipELuVr5lOP8t XdIivnVP3YWRFGhYb/Sl9CeuHAZjRRFqXbBF897U4jD2y+Fyzl/gL5iRanzq34rM 6wtNwDdV8TByaWKbq6mNd7vlg6bslCTz9rk1FXpYQpf61oJlE+LDp1aryBp+Sym/ Wanfo+efWjAajy7prqXqDPjNq5pPv4oKJN+o9BI0+6KDyhNCKB47BR2A63fX9Fah U2ld5tuDWyei7ppUue31Dh541H5OPhv6nn5tNHQiMvlX7f/og4Zfgwq0pM4qVNGM i3uQPAEHbRe/EcOwoWcAd0Kpt+iRF25NV6U6/E8VXbEgZZsgSWAq/+2AlSNdGPfI Ir5/wJVLUY3W7fIb54dxSrd1fVe9zLwJOWZaoG2MdHZp9h7AhEmFHEVngeWma2Zj 1Zh7vI9v5wthBA+rb07lgnxWeEF/SqRgZMlrUwGW9Qi6jF48p864UM0nyMk2ToKu T4TV6IwKJO828YtkomUsMoas8WYLgFrAGt9uWHvylJZ4Fn26mictfXKnwsavaQ54 B5NeExDkZnFfX8sh+kEkBHS/DamQyk0zi2wkeIuMC/lj8W69Agl3cjSooDcBiJKs R2fGWMbmV8VTR++1NsPASp99M7X82S3erT3eSpd4RdGEGWuDFyQVM7BIHlt//864 9TVhWcklEB3aluH8zH/3EGk9ABlJp4lo1HvuQQMy0h/YnP9zHapbr4YrwI6X5S7E EZ6F7kM5D2+EtFH8/YAXMc/jwqbQ8smKxcvXM3Ng+HIz1yGpCuqNRszxeOfwPzbG DIeLcyEoPBxt7Ad5e6CG4ToE7LH6vtuabqhOoEtdfMmsoTSxkDnfhllENettJTpN ihK8fuXjpKS4aHdSZ71oLFijjzgjHwsCcN+ymxCS9q7NdPyk5JUYY+b5jN0MycP3 PzuFpZZPg1S2e/p8hIeeFTr5u9/wjT34rbQLGBVDZAZSUV83g+kz6M0k/cu2+ZaM GTqr/NHlTac4tUIbyecb8c8tniEn3ZQx1sJ6uIRupeiVuc3FA0gL+nNL1Dgnfk7r b/wLsmOyTXN+I3HitDR+ywPGLN+TnIhiKZyVPypjYzQnKm9jss2XB0sg8wPyMVQx tD5CyQ5R40u0c3r8jqDIoLm8gcXsx2/JkOP0ZzZu1FvzWGAuodvn351YMqe4AwQS 4HYGJVpAClsTHtqwlUFbaBBpxA/8C4aPHfAzRe/Vu2kLbjuVoj7piRYMkq2LTjxR HTd9djCqVmxpmZ7KUhpEtKWrDrnMPjoaOw2MGavI0bHZ4Abjb9IPEK4T8tTXTC9O ranKVlyzvTqdKvmZ5OnKNA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIID7DCCAtSgAwIBAgIEJIONLjANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEe MBwGA1UEAwwVRm9ydGluZXQgVW50cnVzdGVkIENBMSMwIQYJKoZIhvcNAQkBFhRz dXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0yMjAzMjUwNTA3NTJaFw0zMjAzMjUwNTA3 NTJaMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UE BwwJU3Vubnl2YWxlMREwDwYDVQQKDAhGb3J0aW5ldDEeMBwGA1UECwwVQ2VydGlm aWNhdGUgQXV0aG9yaXR5MR4wHAYDVQQDDBVGb3J0aW5ldCBVbnRydXN0ZWQgQ0Ex IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1UknozG8ksmSrhY696brkKk9vY7sYRFz83/ Nx5wytCDmtFNvr2LgHy69XNsu1cvzi/owR4UKzC+KoUup/OdVsjUsmW/XdxrjIm7 7StO+MXTMfmU2N8+dZFcjBW5WMpjBODkCJA/PuiNjdQtI71/gZ562ynoIytiDS4s s7CdE/8weBmC8/IV8dRWg46CcsuoWqWfFuTDTuiw2xvm3t7AnJOqQuaAubvh8UpS SP4MIwhjICsJGg24GEkG3VzcAjP9Iu0LzD2OBrSo7KopM6OK0cLm9PzjAUmF2dwK HMHa5I0ZMnzAJNoZwj+cMk4e2zm8+Sj7ozFQWIlb7F4s7dYPCQIDAQABoxAwDjAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB41lQ+1DTun4sqBcXHDpEW K2760naNMONIp+oD13XPWTly8/e+hNJNM0Ir7Mek/lLwEkOSa0cE6Z6sHsSo/eQM ISQO0wkzi/DkVGkNf9p9V6X7dy62sCvacsOLImo0fT/ZTnpfNjimFGChEA035cjY 7uCxgoIfvaee4NlEJk/q5sGchcekJPlg/PaQCmB7PMDwhOFIZHvdzrJ3W1NM7zhe a0hf1iIvf8cuTdwnKAz0v17ntADlweq2mwdfLANgpt8J6H4auSbIz+vUP5fgRrVf 4BIJakx9TTBo0UoOCtOnek4sZfi+LAPIa8uLUnna/kNji5UEJ0wZs3XJBPsl6/2E -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL" set password ENC F0uN2+WLi4lSTqqTOJUXAuXvQGUn19iE7Yl2HkQR9gqPfJtWUhF5qYZAnBGhbnOHtbr5GsE7xWRmJB8C1yD5Z1CiJOVo2P8np23Osm9vGUjYfNraLFp3N9KKE5D/KFuu5wGbtbvQxROwpFUce8hgWL4n8AHqcsH+BzbAHGSx2jWQrT2VC6jMt/fH5uBfFHOm1ZGx+w== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFsHKHUSYEzwCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCFup7bM0yfFBIIEyOe9+FYDwRzS 8fViFSAi4NnXf2XV5Mdnv9BQK+taRtSPvMG0TCFU07GeZ59jMNpFK0SUiq6d3kzp QGQTt+8J7nDqvvYpQd8bwHT/ZmhqEmrPox9CUYvzi6/qJaNAkAZ/tZ7eI4uLmNNm I1DXC0dXnu7zO3UqSQ1p+84vaL77azbzrHXi4LW78rlrxhM4DY6Yo3N5Ud+YyfST CWLrPJhutnc+R+XTgc9+lKNdBgTckcF4GMPru2/+3Ly3e1hxbbLWUwKrV+P5ycPf Xtbz/RpMVXFygjKI0paNFuLrwwG7qHYkKu0EHQX5d8xQIX93Il5gtjPrjPCQWIXB 2FRgZBU0vLccLw2aIaUOd6DiEjM7m7LiS85EnuQFF9uFpmhA38WAxvKd/2SUP8JT JIMHuMmUKoiLe6HuSSkfz9CU4RauDtE/v+P9JlTzxBZEv27h0WHZYbDXZZfjzcrc vZc6b+keKm3oCtdiWJvGWi1EKnsPGEn1glZ7hIn7bRiBe47X2YDDMMSjQioyKj05 wwPcdPGT0+Mu7vbiBJBqYoFRC+p8owjRigSyXqYF/q+TbdiQICYp6DnBTdY3oTxE Zra3Cq9SgWvvfQYpOlkrY5TazIMDwhENdllLaGKelCDI9BNsFL42O9hvXmtPhvsj bOKVnqHvxnAB92SZuXM7Y77aFx3VYGV3ZuYCMQksoOEtqeEFDt7aCIaa7whIxxVp /2O3U60HuozLquwfzwBANUdbbNhw/ZKSJ8OIESpDw2trVbb7+ejXsiQBxfzs8Ry8 15eFiEH6RMHdmJQtMWEBdvsNx/sSpo8tbTv9bJP0UdUuSp2FQ+HBlVZpIt3PtRzF MbBua2FF9959FOWh7qi5lkG9kOzB2ngR9Aoc9/P7G8s/kbQmOIPusu2G6if5GVh9 34vfD043jcrkbBqnE2iJxzt0S5W/rQJlLmyR0LEijBsHXYIFXVmiQy+Eq+IYDsvg LnIbY94UEjC65/5WcdHMrC3v7dfTvJvQ297pZ8dGRybpxDxnTOEx8YdMOdCUT7Up j2wpg2rXi9SaJ8E6+yLdIg6pasM73PVkt2g0QarfL6h4+ZW5ag37x/X6w3fNPFbF 4BiAYaRUVxXWLpJgB8KJNlmvegUbaGZk/sb6aWd51KTxnZyi1iEtU/89wJDpJap1 SVHa84YwRyGblwGJa3keaAPUMOiMH6NJo55wRxMf211hzkPiL7eDrHHnc/Jty+0t 1JlvvbuMAKHgqR1Hy27nXirTw4ZkNZ6skFAIypwhgrygNWr3IE3j5dT0zqIQBDZj pA+vCHd2107v+No1UoAFZsipJ4qdlLGygwXk3sC1t0Cztq5kBEZ/9WSZG4xBXfj2 oU8yXJUlLwoU+Wimf9sNsLjIEFQgUoPw5Orc6tVVhQuqbaRFjCb4q1oJdNr30Je8 eSD0XkPDQOqBXxjieH973I0zRC++Rs5zeI+ddw9IFDVJ+h+2xutpTpDXsHOlhxTO lv5QHERLRcPkzmbMUoHykRm9rdxW7kNbFNG7rlAKhi+Y6AsBy5EIfnJZ4aZOFhof ZfdnWk8km1DK0nhcswtD2jF9EbsCdDneI3HW78WJUZzk3X5LoCHe8H3jijkrTOab m+X/JXd5WWDy5lv/HZ0J1A== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEKZvPbzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjIwMzI1MDUwNzU0WhcNMzIwMzI1MDUwNzU0WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs5wbjR2ELYAX+6zyt eddUxDSIQ+3brW3l3I9rQRJJdt693IpQ7moxJ0DDEGtfdzMt6hFkyZgR5FrcL3Qp xKFF7CDckQYWpHX4IXAaFBwAA5ymMCb5ARSPocmttBZCWvYE1/n+phqRLJ51KcvU MBSRsD/0OgVta1VLSi90W4Cro2VqCqOGpvpdC0cLnbZ+zFgkcjqWrvCN3IW0i8Au qHEd7++Oyp8ZRpahmNk0vhAPI2A/6ns5/stj8yNDLt3Odmm0Ll5aH4rGtp09OPun aKDpXw/2t9TJ6lesyURnxNFDj4vtOpB2xh4mfUZzJckj+zLgubZ9GYNTOY0FeQZy QQaJAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAItCNy7E S2syfaTaCNJyTzUJPo1VOl2xm/CO50DJmw0LOCRFBczZnh2xsT76iTQv9aja6VA+ +YOVyz15WTNF5BN4Rbv8bL8AdXy22VC981+nP9Kqo3MRVG0MKULVmUHevL5+wvZW YHPvAT//pebibhp4qqwINbzqkxM9vR26d71cK4GoDVJc46dxYoxOOPDZG0VQGJcF 9ANAPygJGIYR/sRhm0CSF6hm2ZZFP4Lfvp2/X4sXFh2LV2Xw3w97K7Ht8H3Xic7F dkTvTHhY1WBmf+gdfvSECBTFT3igdKpKwO6KIWXCYMkRx0SijnYv5uSz29VpYeed nAX6sZkjQObaVRI= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_RSA1024" set password ENC YpbiotPNemlqjNSpCMRRN09Nyk4lMndEICTp+RLpqOTfTsX2sA1Szp1ikfC4FTKiTC85VNO8gI14lquJuTBpPXn/T0mD21A5HyqNOD6GFv5ou0kibXfyIk1OvA0rroghLD1YPqA1HLicOZeABtLYz1q1XrrJtb32vdhJcj+mROgMO/SLaW76C3eyisJrbUNkNMhYGA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIauckp8wDGlcCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKU/QKpl2GjrBIICgOrRGjstRQli 3StB5P1bnsoWOfGXaETGAM3gKGNhKGYm+gW8caCeCD/G5v+n49zszPBUdD/pe5Hs g4Vy8tLNGvWRpyDMR3nirGRs8Xi8wgshb3aZ3a5MwODSJQyp0mASsR4QYeMfu/Pn EuXrWP7PgUoWU4Ng8lxLDFMP88jzEGgknvitH+6+elW034QEhEMdWLyCvg0UOccW fXtdAlKM4Ar4uTUlqjQUq3XdXX3n2OxfLCfRkdpp8xMTIooLOvSqYAm6GEaT0x16 +ixw64Q44ht2otKIJHtcKN0mWYazEERR6YlhIb94XFaTu5x0H+CU44itkUFEm6Cc eeanjPjsfGHyPtcG63/LNp2XjwQGP1LtCh6dEkzoqOpgVIdXlFRTlT2q5DZJYMe+ wPc/e6HIBDqfzztUS1/YEQE7s1G4Z/CGxRuFkt155n8DzQ6QY4a/AIE/ld840yo6 9jBAuutciNcKu5vq+7wmpP4lSfZaJ7h9e++JQsBXgl7Z5O6UbZhVzcwl8BDmA2jn tLbNL+jHkkkL2mlxdm3Sq1kMUuQSMjHZyVV60FyGV6X0QATnIZ1LTjL94NEM23JF 8NVCoObbzc/qObyDAB9YdiIInFDhRwblbJawETdHujh7dQrhQSohr+yAyaQhZdcr f5+8GQxrlhlxLYm5ww/u8XPnbBCWbrQXYav/+G9RO2FRHtoxLR5PNIurh4MnQ98/ yA47VpPbwhtr5aFgdPu+kPao15slGzqdvzVdOFLYQ0GKuhwn7addawGnuK3iWqnK pzm/thlD2vtL4SUnQ66xBfPq3LDrGfKRuQhLfFaLY0+jOMnuV9eSqk4dyvKwHe5v 7/GIWTCeb8k= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICwjCCAiugAwIBAgIEaXQPYzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjIwMzI1MDUwNzU1WhcNMzIwMzI1MDUwNzU1WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANTDpn2vd0SsFKMom3KsdVXo jVlTL7qLBUP0h1dkG7w2TtBR2dHrSZVn+eUz1PjnWOVNOj5is65Qm7mU7R1QtVFj LIDD6i+3demycWlSV0k/ISz/QWE5uJMZmcsmDwmuJp68+v4IiZ/DzbE6iwgKsyFR EGwsoCeXMRBbju+orskPAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL BQADgYEATHySVHPT0hmrR4p4JXHqcu7iKZ1ZEDRsVOW7IHkUfMXEJmxUuaulqW2J qqqNb0GisL1z5FqJV78Pkukuu9VdWVwQK4B7okgYIiR94TAvOVwldiZqctEZtW7y Ov8n+NHQYNHr2GazhufjZa/cpxe34jNRBgLsV5yTzXe6PviFXCs= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_RSA2048" set password ENC uzNbh2HOC8dxsgaQ2RPqkY5TDUH9h/mRbbcBxK4WD+zRzeEzrUaqT5s3kl8zfATM4+XHshKbRmhMfEF67QHLd6WOSfnQV3PeED6ejiZ4XWp+3qwKvvb5PCDhtu7pcwHuJKPff2peeuGlkqgRrg45XkVToPEc5heFtrW5l42wzfhRXPxyf1ZHiwY+v6w9CG7tfeZYtA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIJIhCUdR+JAECAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECF+2IdJvker6BIIEyIaJfwvNqoZv P13i30FWAwzEE8cMe+jVOAjSL1usNzRMHkK+snLdQW/kphDyvPbzKSN9Rq1SjHx7 JfNJlb+HDKbw9PIzwM88z4Q17q6yq8zFYQQD8BZkyeqvKdy/VR6aFgrZebGWBuMl tyO80/yhhqwx7XXKCecjxWGXSnjOrsHfxB18epei+JCwJFINNIQ4VVxd8+uxKgby S6lE/lJCQc+tNj2shdeJkmn5m23tGz4AI+6G7uTJAPwTUuuXRi3nhbbch1g5zHG4 CTZxMzVFBxvHr/8XzBbPhIbo9ATsDOrpgvNjhbj57kX6B2Uc2e2yugttNV2vlq6f lO568zgq1n7etLaXGz6HExA8l1kmA5v3QHKubtJFHn1tRYJY4VnPuWcpHGrDNXOg KMhCoGgsubnJ0HxbjO1E1huTitciN/i+MyedlkTJYVZEOhNBwHDq1qmRypLtWXP+ jtjHS5Hb42Y72+BoZAl19V9zS+xqmhop8eYH4Ea+9kGIlmUuLJuPyekBKaUm05fy ElqMh9+ojTB0uRivqvsKu+AX6xtYTB7/Rnnz0bLxzgTD/JRW2nZjiEeaawFf9jJv ZN8hSQ8qMmRFiNqhvFPYgNHHOsrhbKfrliyIgYMsfrxnEpe/T/s/cjPQYcExJgm2 MK1GDHn3iYgrGAtuDXz38lt48LVwP8yuVD2W1pTUvEEgfYidw5DKMGGcCXX4sEYv iwyEDAx3S2LydoyB4Qa161sUABLh24lcGNtS6k71p+VDtzh+lK1Biw8rLG5wAexR Nz9i7IQQr8hR1PjGO6hhS8PtFOfJuvzH2AJaYKzaCMPn+mC8U/5ix59Nfd5fHKLV aVPIa+GgkHc/RUbWU1uUopr+2Q0jQbmckIOHqIgo1COVWkfqCLUQnXqjADY+2u8B SrwvBorrIRpv7jPE11cU3cdnefsFvz2D0LZx6pYqlUsabJYRcd+4h7iYK0m/st++ jlMWlMkDu9upGl+zOH68fY3qK9UR/EtjojrKEL8iL33wnYQPUAVbf/DENkajW35r 7h5SYBRLHuTTzdtx3/1yKu//GxfyRukOFD2CBrSufxeBIsdRAC6ppCaUft1UqWaa YkQ8JVfaD2c4ikH8yU8GVK5AsoE/QRr/ByiUEKzv6mxg9pWBYLUyTkL1qJNYNSDI rCNSt13c5ljPfyd9caJBkblp2hBpUfL7B7TJVM9ntLqkAbBaBR7vVeFRfXf+KlSw r303Mki/j1pJ7fCeDEfjt9To626NDKO8fZglKnrc0gg2LFpgjOOLeBbxaS71JVip EJ2wQfQksNDn9WFIJFxsGTDGjDm+bd9aDtZzhRTcg0xTV24S17MLMxq/ruFCmFHp jQWVHj+Z2rK7+RABUAGikoO8tr1P5I1A3+UgnAeqQXAFmnCiOaUECxXH6AD5IbTZ cBvJYZkjnfiCqhYeVH3XNaiqNbVtudmj/olPA/HY9yxDkc5V77uaMe/LPVf9J7bz vAhYBRt7/KMT/s0EIAhDBHKhWkhD2l3B3gAiD79YPyuOzxjYiSAYnjh+mw4vzMV+ 8WoxwshpNAosOSVoe5svDITwHWkdV4BE9tAokAfXMtd8R+clVQ9jAVJICD44zWLO p3Rr8P8EfFS56UL1yaOIlA== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDxzCCAq+gAwIBAgIEUlYm4DANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjIwMzI1MDUwNzU3WhcNMzIwMzI1MDUwNzU3WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv28KT45WXJdBj3Nfa L17+YxY2QiTG3oVktT1tPszBiNBWVh79ohOGC4T0sYTtN7DYG2FZV3/XZ1gmJ6lx PT8qOhV4M3dyCIf+qqFa1/Pq5aB8APB5MBt9ceXzyA5tFaglCLY9Fpj9/QUxt+Yw Wkbr+uIPmhP7KOW2+F+UWFIe0tLiEkd5wAvp9/gAMw+/BVVpH/kPFgDwmij4nB/a DWSPibZ/VkHi9dhNe24ZMRuW7Sjq9IXLYcmCiLC24Fki3RfaUUKkm6KEAiOhw0lc yMfBHFruaYVHOI5aHdyx3s/KW+f3Ortl7PknYYaxoivu6NvRWH9nYeaaoJSow1ct VdG5AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADk6/0Qw QJd+gdWWxVHYTdyf1lqRfPH1g5WegiBdfrentMkD4NizD0c/JnpMDF0Ob1mglKDd alIDbLEOD9x+QSDIxkHDtQCVop/yQY9U2OdEvJ+07cCKXbVF2kD+EzjhU8UDWEAO 4EoErPhAZZwDKvqEsQE8cU+Hz55e4VrZ9jCjKAR4EAivHCyTuAI5eX9cqSF+EBgp xyqi8S082n2JlTwDHftHEExrCvzsD2L0w4hBbAWgh3NsNPsatOwUNVBynI7/LMkP nSTCA36xteGTbvGO7cpq8QR9P0CosLf06ljOKOaUFYz/UUrMSn6qBMUsUZJc346+ sm2AeP7qODW1kFs= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_RSA4096" set password ENC QJbYOpHZR3sC7V6Qr1grxpnqwu0VKhl6QLiI5m3oxbr4uJsq0Ffm9Hy+QJgMRzmEm2A3QJb4uf5SXw+sCu1BSOtY/5oMX45t2tWep+iz1N1BvygrNpQojctZmgDz8/aU0f/bP5nt4UgKKsMY23mm9i0ApU44LGmcVU/Slj3jqlqeF1BPTfv1kEn25LwqxZ8mAn2rNw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIvpwhmGAi7uUCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJ+ZnkqcLOGYBIIJSFe+G5yxbJHj 7uAUF3NbGMG/Iv+XJ8orY/f8ZfIyX1W5o5dgpcl9qCkCJn9j7bLE913sahL6PtZy SHm829NpPonInFcIGeUIqmA5qsE2b7BbcR1RTd0BmrIqgOFlZJ+qTRvWrvcEZZwU eGCslKb6pYcfDHFIlyM07jsXG1W3LBBiBtwAy+u39IaQif3q69XPxEwHzD51F+Q8 /Vc6XYeytuA84e5wg9YscDFVjry2+cRpk6EIY1yLIbWzcOc98BHgJuy6fFnTOJr7 E+uD83AKPii8nWEKYULc4wVL36SfmJlenJLp0LdeAvM5DhXFmbn6ltgMvVYUPDoC 62atgCIOF+ro9Hfu1DD5tUOdRfdFVmFy2QVRtgf358uwPL42GJS/XYFhdgoc4bk5 aN0GUWa8a055bJbwL5mfAIrDj9vruCWJ0b7rRR25RwGlynLwzfvRgjmR/GM6uHX6 /1udchPtfqwS8V45yVElGGOQEFAbdjfMaNpH/YGuaG5JjXs0l5aav8jd1C6aEzjz rL7swxKmMUZEc333DbYCP+nmxI3Q363ynEtkM8zMXxBwl1cY1MKF1XaU5bO2L+0C y1LUOL8YlenVxctirnRtA8D8RKsiPg/oUPFr+jEoSKXfaR/W7GSViXVV8R8prszV X5WCXuwJnQE9hUNVplE3MlPQxpc0bgwY/7UbPEg0PD0TrDC/V/ZFly/hMcWk0wVh WlzRJYBjXA8ZhO9kGSQGEGnG7owI6q3L304ePYXgPff7hN9CpMVgefjw+bMahFrl 8bUNJmPf4G5K8/GyNPovkjcfyyWOtR9xA6GdE3kYA2CWFpcqmeXimzFr15Wc10mp y5+98Za9rxL6uRPMcifcdTv/1YQgrH0d0Q7IBd5PzzyBYofa15IpbLcb4np7VcAR iChB6tJHZeCjZOnojcSDp1x6newf2By/Wc5EiqaWbhNnPJND+8TIyv3TsG9cRJK3 BtnRQWcpbt+gAdzp12Yl/24WLzSCYzjA2uXzTRQjKADu5cMtF1F0doM/MKGQ5Ucx ZaFCIUAsmUG4RF0fKACGSTIQgOy8TQX7yx1GxbxeNIl7n8qMUTo272RW8QBWMNYL 8eo1GXic8FdIdcscixCuFPqNwFkmvrjyCR4VR2SeEuDohxGLW3tHWh/oik2dOkwh BxPhtAEb57DIAVW0Z9Na/piTmKMc1DKKvOgb0/ENYTF/vDA71le+tXPetpf38R7c RXdSMe+XddrYuxZVBaW0ouiNkSYivzPUGA+iaQvCU5J+E+K3U4r7i0LRBU7u0XMc xrdzbGyH8S3MwCOBEPMK6JqsuhWGDK+kUDpkK9wMInQzKfPPIK5qL7NcwggctnGF WLhQd2hNuNj9DKK12pEdqHW3uE9ELLTf+cFxNnxd8A6oh2VXJQKRMA3avQIJuATn A594PC+KAl6NMNJo2NfXJeVT0w3ueMjYc6nVUScsiBBhrxfHXmURxH9u3SImS6Md KYgHhuT3ZBCjzHr8noR/ZCowx3z9LHkdzc6VFkSFwZ+U1ST0xHSFCURu1g8nt7ER jR3tS41Os0xGilLdKhB0mNv5qFC3e/Y9d9OFSjDsMWfk8t3QO7n/1vPlarrWOdpU hQpVeGkpm4rC8RLaIDCBURI9rTHkr6YyuVie90aKu0kXcHMHZbLc398GFo4uToKW OCSPDAO8U5dzXtoqodTDRVYM+/9MR45DB0awGLpSuX4W5C48TfswnGJkcMgW/Wmr sjs7SVHnncQH1Zp+b2ELUv/XXBFp9PPYX3AYxuUWNg2qxhJWfifMOScK0U277MeQ w0BHDsgU8ahMlBBkk4EI33wGZPvIHy4nhPY2bgm/hZEFvcT7ZUEjrvSD1prYH24Z DYOElF9U3+TWdrcLGRqs9ZqeZir4NxmONozUW4hIF3HWAkh4NigEq3NC8vLWHFdb /F6aqOdHvBDFGfK5U8OprozUGV5RVjOMqXRX2Y0/BEx77Kwh4VyyY/byjQCnyKxf dagGRZV771Vzx1sBGvfWsQr/zYHgKnRX/M5lIWFm/cuYgSJCBMofEREx6oYHrlAA Y8Um5AM71DDqNqTzMpCkscvtTurobnj3DjzRgv4fxgmnqhz9/NsnwsMvV8iZPucl qw3m9AMbacNcWSiK/fnSPWRbp6/Xs0c4zfFYWiRwBRRP2TLXfOuXRpoHvp1LEneJ UhpnEaAW5xpOxQao0a+lOptYV6Dzf6KrWr8TDwohPUi1a8QNJwyHoOWFWABz3qSC sxtsgM65V7Rp4XQEZOmHk+Osn+Wu3JfnTk5ZvkJ9byZyLxvWlFVIzjkaXVJwMEea P3nsevJ6BDCLR+qms2NkDBqLDGYLUSB18W2grNQWmrpACiXTGnHwXbqfg2jq4S3F N2CFQxCmlObN3vzwPTaTMPCu3//7j8AltZyw9pB1K2Lir0c85XIVfYMvi2gotac/ /QFSFWELR/LhGvHhNWGGRpkhndyUofPZy6n2a90YLTgkPea6CirhtTxIMyGgtSoV RYKmQWLda8Fex/mFQQpFkm0ZUottAANAtAsI7ilU12EOnwNLd/x3kYwg3frivISQ tNRhY0sgbN05aH0khvQGaoPEmFSZRahMsAWzpWiGRQGihPATJ151USqwwoAOasHd ZLI7U8ly5DsNROS9axum50rp6vgcVUxWHHOfW/ln2WL0PPxl9CsWVCkhGt4IK2/b 7s8s2GdphFABGjCylMfRfW3bVcWV7jPQadLdCMkD4XV1S/b5YlGd66A69GaMPuZ2 /a7NpdyT32O5vpYIQphLT/Js/W3znpfMltr5VKzKSYf70e5O+2q6jrUQ1Gp1DBDV 9WO14hlGBPRlXAVJtyruQWAiGq3JUsoEUAkvStVrdg3mHudq5IGb0B+RdXs4iKzG 3S0V8Klr2Y0SMR3w60ci79jUo3y1lGbnQz0NHT7HWds0LesRguIHjnm/dcgkO6Je Bk/boR70x+P/E90GiV8nSO0QYMdU1y2LFDVeuvMlwsPVTKdqIvQ0roqdn+vW8MPW bHxqEHTkqaRwx+ezdfoaOusOImxsvwQLkmsyegXQLvglHPHy74gvw4bTNJpBZd0I mH2u5RHEna8txfmPKhcoPZXdz0X9OsKeL7X7j6IGyp56Ae2tpCWeQSnXI5ATUCXK 4SlMXK5SK32lNowg6YTkVQ== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIFxzCCA6+gAwIBAgIEMXkbGzANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wHhcNMjIwMzI1MDUwODE1WhcNMzIwMzI1MDUwODE1WjCBnTELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8G A1UECgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdU MzBFNTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5j b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDjjen6sYFmeXlAhj1h 8rLRRh2lLo2dKEO/b86ZSJtivn7tuAgG0DayJA64BFr9+/BJa2GbwlUkvMBgXgjt BljxHz3xdDsOu6Gt2ifAZ9u1ik7h6wvJ73752o6y3/9GQA90DclIVkGhQugSSdru rCRkeSQbCByAftCSOtNmSlFpkiCewEz1SfG4EbUhDWf3QQxef1HMzKGH6TWFD+wI u6yq8vuNuA2Zs62C7OE/O1AMX5KBQzXVh4FX920YHU951apDOskwaiRG2gaQad1F ueWpOvhfyEDPfUX436cibm5iwKT9HKQXFX1xs0C9wKkn4pQX8E7rWaxtV/cAQbeY uw+VzXKcTI62N6GlCHujptnXA3a9t04gJBp2iIFFv2elZMyIkY1E0P1sQ7cUEB9G Uq3iUbAMXaVjYfY/QVfsMn0Yh3Eh+9eOl9dFM7XfRsrJT3a8yosSpEmYSH1f8q06 2eajbswAyDsaE9msmDGCwMycwgcdWF8vZVsjayB+MSdqyAsWPNBYpzYV1UCKvXzm H3at6Zt6jbtdrNf5eyhAxPcnC9OalYW6Y0l7y1ZF2mKKaWvT/QgVTd3t0IQ+CEx5 gDfZXwvZtNA7gwj5qc7n/UOZ8ldtnRXrq/FnvAlVEqJT7/lmY6Do3AvAZ7rVHyEF TnHxsTw9ABjYS2ssfHZQT/72xQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3 DQEBCwUAA4ICAQC66a4HPDO6NDZu9kpXV3ys8Zq5yXDwWegqQxBGeTosv4Z02C3B SX34O2Z4MFZjDbTf+uBE+H3Z9FoRgGeDN0qT+2lHjyLhyx/v615zw2GbxC0D6rz5 D7H13SJf+4UabMJ0+uhbtj5nW5dzi5xb0Isoch6eg4q82HPLk/gG6bhoYvXTQI6o 4zsbifsRQINp9aO6uP+6JtWQN0+0xNlzA18cehWLFKOYa6DIDbjC5L44GcdewDDA rZCMiKvufSqiEQGVEL1LNd06I2eEdYkJv8N0dekOT6vZZH8hT2lcNErxUOsodXHx amZuv4RMRHqqcKV3XvjGcIohptdGC7Wu3RuHcb0nCS/1Kg4wLT58NDV+ZZGRbEMm gH5Fc9eEo3Y4BVoWTmNyMJjRh9OyXmty7VTxDtM6e3vl197VkkqPwbm57YMVGhPr eGY1fjyeth/eJmqXFGIWF8TgGVkxx+VeQ7Xq/OjC/VAfB7z/PtNSQOfMLPTGE6xl W36TWjrqoHCOZ7/kasKl+JMG3o0bfOi/RXwo5stkBiHvzmLd2DRbRidGj9F3GK1+ UByUx74EjI1Hy3OFZ3Y26afbQXCKr60RtiL6dVvWluUqDtdpNk1PpiLhdNih7liR 0em0DXdpEcCs4zZwJN6Z4nR7RPXSasOrNF42MMhfltRuBPan70NwFO22cw== -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_DSA1024" set password ENC SfEI14XVlV9Bl1oddtRcGfOJX0klARC8NTjHgONR3OCEQv5eyRxkMfymzL2PzmokZGwI6o6IUh0Dl028WFQeT/vVCSZ0PdquGhIhakC95EgNiIbo+xhc16uw4v19ziGteheTX1tUU6bHTytKzKeqorkfplyBPjtuAu19boFhhGS9xgIbZLSdoWJnz614ljPJsib8Qw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI4GPMoANobBcCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYmmMG6QYyLBIIBUFTVWVc/Kjyc /GL+qMfLEn+QnD+lDv+0k0uoyg0jMVUSVvmKx3S4ngHAb+a1tn+wYb1tR58VSubz 3jfw6kei+iEBGS5zlhtHrZR8rArssMPguZ1LC5Ez/T833/TiNzNTXkz/rZAP8TZY OtMsZoBQJiCTWl+5ThPvA6bZ/8cmcULKKQeN4Se5OL3iqcYxluJLodzGkoZFSUe/ p3aUGtuWm9s8uF3bWYkMnmTsAWRAf6Ptk9x3x7IgB3RmlCsANEEC8cdb2plLA0K2 odHiiCkm62kKKE4WQNQXerfplKNaJinxt3EfVD+jzSBYKy+fHrDzcDZRoSSDleXc zfTbqILvPZMesJTOCiOdA+Ht7QPVVywXkLPOudFsjadNMyMyx+vE15ituQtaZYXr U/0XdlJQiloqNottrzwEzRy5+FKKKBmimmAaTdhmpPMys5cx6r6Z8w== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIDgzCCA0GgAwIBAgIEZJIRaTALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTIyMDMyNTA1MDgxN1oXDTMyMDMyNTA1MDgxN1owgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIBtjCCASsGByqGSM44BAEwggEeAoGBAOSUQtOiA2bOvVf0Ckns3zyywEaSNrcZ ttJd+Vx//9RHEPrqRv8+OF58iIG9ZnIw+8qz/cxaV7mxIZuNTE8xMK3ocbFzd59f epE7yaPzqABcuoyx2kj970w06S7sd/9MHdH+bD5MJBQFjJOtfD9HyPxqyDbHDLE/ N07gSOyu1O65AhUAgCuvSLD89PrnNAnnyLiUqPsL6ykCgYB3ChbZ3HXm3i9hM8GN XZDUPyxCIbLdfsrnip3MO+5RQ9XbFVC13SDlThPRJPVtcahFr1s+d7a+nad5Wexv Yxp15apkUsvYHJ2CDPE4vRcGkjpCluTkVcyd6778VUyjwFxUw0rDQ8OQvsaE/IMQ ikz1ainzNQXEwL/cGwH5KuloTAOBhAACgYBEOQ2ZStm0hferJ+YjUij8X1sm78yg 7E5fHckTrjZJMovbK1crsW5ozDO/a55gC1Vy8oLhqZBO+2qlzo5C0fhCb4F5z183 mnjpMKIb0mddwlLDDFzghSY2L4J2H4MheLc03gmk9CE+kDRUJ0YlVJO7j3QjHkoq TspzJCbVYTV2TaMNMAswCQYDVR0TBAIwADALBglghkgBZQMEAwIDLwAwLAIUGVxu JQAg9Q392sZtJ94qDHraIwICFB0cwmK4nIKay0jEKMXIsdwvLFcH -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_DSA2048" set password ENC w+BMfVv3vTRVPovpckBq+v0fFrP6rWsolhUaHaEb91r/zRUGlS5e4ol8FQaFZAy8BL1DwmcXh/51wSCsN/B2Z6jPHv7hoKn25LdpsupvHrm4q8l5INVI815fWBArYkYe0g60SI1L2GR0KQEZImmfQUNDlOisBXYK2qHjc/3VPOAaO0ZYgX0CBmxVTSxb5fib7Kv3yA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIICxDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIPqi511qCwPECAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECK01l8qlC+pVBIICcLX8YpPohzQI OEUO/z9Fgr02utQ1Zru9VZhglhl499FWr+OxWbkuZhWhBoBB2gT3tn26OpUq9G56 iCmLFtYbVUh1DN5bLPTzdPu0EeV3I4fHa6BngS689c+wBG1Y6hw4+FWKYoWE5FhE zSzpch4qxSkfJUiPk5HHwgwNpIEBJT7W9XSbO2pjO1v+0Sfxksb132zL7NlEiJZ+ /LRevBNSpCq0uMFhrQlVRvbQYBU1a71+mFkuhtDoADHwCrVkwIJ0XlmVWRQpXZdb uz6Uszen7QmXynPWlqsUzlIAINzU4MbuSDvto51WI105sJhGlT3Bq0UCaxuxaW4f oJOBLlNYWllDDTTZi+HTbfVdRk9Ie1bJy/qFd0vduESXmJBIirPhemD1UT/12cZ8 swCjTeBqROCAZJqsdXavM9Bd/nXb6xgS5hkxR+LoHeJzn/JnIa/3x0xTgCy7F9C7 aiTqFJPf+f563IVRGEqwqeqauGjRIEcHE2JsT0pLuO0X+N7wK8gFUykyZr1asOQQ QI1Ylroq8I5Ob0VqX0uH9lmISIwErrbwUdWVxBJzU5USsBsIqaS0DAmUYRNY0DUH ncrZijsMurLyFzpx9b82lpSwS2zvK6D3jslh7usgap33jTwbH0q8BMjklTv92yEf 75amgqd99T2ruLsHGMgmLnH8PSVPqafYqqB4fgs5PwstqvGGfShjeCbFKnGXBjP7 Ja40ZpR52IgjHUGbQlDBAwDaxlJxoceqvRjRw0utAeAwvvASGz8+3aU5BD7dZsUE XeAX8aF3F5kb7P8DxhrH5izbxGmyRuGs9aubtavPIGH+p0lQaWI23Q== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIFLDCCBNKgAwIBAgIEeOzvoTALBglghkgBZQMEAwIwgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MB4XDTIyMDMyNTA1MDgyN1oXDTMyMDMyNTA1MDgyN1owgZ0xCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNV BAoMCEZvcnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMw RTU2MjAwMTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29t MIIDRzCCAjoGByqGSM44BAEwggItAoIBAQC3+hT7dEHGXrQMhG9ZM6lqjQVA8gfE IT+VlCIYlHmZbgLS+YQbGDfe0i3rZLxe5eq48ozTSbXY3cEyNC+LyFAh3VPuzwHV IdMQ09y0k+N7qrap/upFjxcUbl+HYL9CLdErpVBfEtM5RoiIM9RkZj2cl0YK5t9k qJ98NREig68zODKaHAuWoBk1nt5Aow0CRkS+EkVp3wJ/jvuMXE+WzQyqx5Dg1Vqx ANEBMIcQcuGwpDgcqqfMeORacyuOS4P0M1RTyRtgjszItrp3BMDY6iSYOu3WDwR7 LCN9RFyvhYdchW6JZBqLBNn7KLqGgk3yfRMfGIAwQpc4QXcdXFNNa+UFAiEA1F8w Te0+Q+YKjFWD20dJs/6OOsij964QuIOxcjUhPfECggEBAJRgkibqGht3vCIAlPcN 49j+CT2p/tBlPFQbqOBqzbx4UIuJM7h/QWSYJkyceiVEYQaG33E9Ca06/kmOx5gs kajk+BBFIh+NNyTzmPR0hz2Dq9zKA3sWwhSyEEMZZ44ZfHfambhYwB0nbDJQCN5n 2AhCU06fZsZQj6hQTt/CcFv9bdptPRNh6ALRmQOa+4D9Di7wWQDK8gD9j4jagZQY viwRiEGJzhquQMFbc2cyuLwlP2SStVt5WGOkkdr1r2E84f194/HcFxF+2Jjr9aHr 616hg93Ib0dzHtgXzGMMnK4NnjDRlG4ZTMdLM9yC6UQDfxdiyiOkeicOx4dWaGhG u2ADggEFAAKCAQAEr8il4CWW5OwRtRUiuBhu/U/2Yctcq0jwHklmRtuBzCV+xOP6 cBP9hU59zzjPL142zlYJhFx7TaJwSWCbB7Gr0qu9zn51FPjLYzOtt6D9PhT61UPC JMsa0rgnUyCfoGfos47YsRCephhJZ3/fGi+LEd1fCLMSTADYTH9rypR0raEEvkrw Sh8PmPhlsEYtxPNSNxJV6cNcnxY92iJ61+xxaxjAI7R+zBnTwZc1ispKP5htixKu hBbkCY+6h5fBddK8hBGaTcU88ahlpxKSvdLil5oSTFj+QDuFhAax2H1cPyWtQ4YE Du5nWBOdmgmvYBS8eBQUoii51ZL45Sb4IY39ow0wCzAJBgNVHRMEAjAAMAsGCWCG SAFlAwQDAgNHADBEAiAk7PnrX8TqJpsfNl/cIGmvvIJIigtbVwNXmRCCl8oORwIg MfRAzXfV6nARbWE+5PzV7XR32lL0PUM1WTMItEboahA= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_ECDSA256" set password ENC W2nRz2UPXZgZdMfO0gGwhiTEWjN42KpF689ldeAyYBj6ZBxaRNFqljD/tHzlv/0xE+SlaXBCqtyjLtZvxYptEmrTuUO0hD099//z52lynYkQrKHjmW/mD04jff3VUD91Tz3ckxcZbMYjdvaSnVg/OkNi5o1unCiVXVII7V4VQib3qpBNml6TcrNvJpQECDIegsBoCA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAisnsuvGfQs0AICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQILzBDJuHuAE0EgZCh4QpBYNGgrl6Y N8gbjP343mnf7hRrFIuvKwFLU/nrHwxxHNSosLvjxoMyEuNgH9gbFB4HKjJ8fx/2 YLywoI412ylA/jQ0A/8J7XUtlA2axYazoz8bKmnaim6RoN5WpmRitRrpkMMAGvtv 1a+TZO2REXj8vdO9AVQc/kGuPJ10ixwROTkWP06Tb10D2JRJUCo= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICOzCCAeGgAwIBAgIEOR8JIDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMjIwMzI1MDUwODI3WhcNMzIwMzI1MDUwODI3WjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdW9WGk7Ji515DgG1A+cdHcvM9htpC 5/4CpbhqC/wh4OGjceG8D+L9RiN4VkUjSwRWzqaADe7g/Alv2dENFLz0ow0wCzAJ BgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDdIS/0WpOoatXJ0113B5hUwTf4 Z+o2VnOuAOZm2yPUogIgREDoJ76zCmhEXS82CdtcVFhWQEEMLEmG9I+NOuu0O9s= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_ECDSA384" set password ENC DtRVeNOHOJDVG/Bazm/2jxcuZzw1CFflaJq95GmhsoWGYnG3HUpCHjZ2LoWre386DoNVebwkrAOsDRtiJwxDZ3qejfIwJ0lOkN9v4WgC49jtjb2wf3l6ohoO8XeZnPHMDa+QG+FmWaN4AgYDRL5c4CwSMndagDy6BdXA/J+00xu+shrEmB18+RFB3HT/UGPeEOc4Ug== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBEzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIQ7A8MeE8LTgCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECP8QWBJ9Nj/zBIHABlOnrWpUhfP5 saVRSqx9PjiRbd6makJL3SJpSfHVQktFba7w+cZjH+KiKjmcK23BMBVZKkhb0jRw FkQgPopBajG2nAwF9XIl/ocflfjj+YniC+ZQ8D0fD8opSnT2TsPcBFKQkn69q9ym CquitBrrWoFSOmK+/4hk97GQQdEbu+rc3PFC1zqXyEt5oK6SW5Sd0FDvTtnfBVcP BKiag/67A6nDORNouCujlFdrPAHHKO4k4cLt9XglAuMhbGFntHmG -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICdzCCAf6gAwIBAgIEbYz5pDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMjIwMzI1MDUwODI3WhcNMzIwMzI1MDUwODI3WjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w djAQBgcqhkjOPQIBBgUrgQQAIgNiAARNrFN9XzDundodrdrx/2nlEmwD5KtohZAK MWV0reiGKCsSrQTJd7vikDAa+PsRJ5390GATL5UA8xIvGMIGAavfQBYHi4d+CQDw WlAxdHhbZItAuXxJTiPQB5Ey+JG/CtqjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0E AwIDZwAwZAIwT2lFs2+ZYR7hWwXhvRaIyGgu4AxeSYNmtC/y8J7SgPUSFOwn5K9y xZyzYMsvE9AWAjBoFcLdeFuioF4X2heju+SUAHbpZ8UowCjVALbwBd9RB2jn3YyZ NwLewrqmdVft2cM= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_ECDSA521" set password ENC yimxP1elDTy9Xq63AWJFs12NQUEjnrQYYKQeXGdcK0pdvaFawQ56qFCT276EHZ22M5J8cq6R3JUh9RTTnKZ2V+arMS0qUkUjVQWzcI97JAT2ZbYt6TOc7B0J5fnHaBWiXhQRCUntJgjpzPUOvxhl6peM6SfjHgVJQaw565ZwkPgC/8g1f+A/egMp7BvxyEzaowOlMw== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIBSzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIaipQn9U38n8CAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE1/5eoa+KOeBIH4e9d12GZWpeZv KWDn5zLYXhkX124sm0/2YdR5v7IHT+Ou+Ecbk45TSm7qfZiMnWr3E8tHaOO0xlWv UvOxd8mIAxCsTKbvW4VARco9V38uvG2C3dvY7ZjGWg/3PFZz2ErdZnbshh/4heui +xw+NvDTb/ZfcvFNWFlAYgbtliam7nygpY+L7govEbc8IIgVvQ6PdPgTT8bYuF5R yW/Q8Qnz+XLHWuzgPGYExACME3toLBqQvn51qpeRIZvFBiQt/KEe9vjkzVkj7kFx G0gZ5Iir66T3wkcRq4IYK7RgSdL1Qm0y+rnk/phJRumzcjoeY4IWoyZzYRC8hjQ= -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICwjCCAiSgAwIBAgIEd/NYyDAKBggqhkjOPQQDAjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w HhcNMjIwMzI1MDUwODI3WhcNMzIwMzI1MDUwODI3WjCBnTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTERMA8GA1UE CgwIRm9ydGluZXQxEjAQBgNVBAsMCUZvcnRpR2F0ZTEZMBcGA1UEAwwQRkdUMzBF NTYyMDAxMDczMTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20w gZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACTvpjfSegFdtcqIL1LIXkA/tlyPUoF TwJnXiMGWORXdq59OtyZ4vTBJVChFOU9xvg1hh1CKFnLGdadcknlAxXKywCF8xnf Ikv7MDEv5bhyRDpLuhz/L6Jmp4qYPCJSHrL9DxOJXhqLpb7u8JQc6iBUnvwZogaE U7Z94X7QN0zq2JaSEqMNMAswCQYDVR0TBAIwADAKBggqhkjOPQQDAgOBiwAwgYcC QWKepPQtpd1Gq67b3k/NsWAlCY/xKMw099O1aPRVffAwl/vITcD08YgeFby96c9W SyypjrqfmMfgKSJ/swbGo5TVAkIBB6PDhO68ClX9FxN10hFCuaBi/C/c1hS5ft6l DAr+OjvDm30wlduyYBmHFTQprqa8zEs1CsPgZZ7IZUSO40CSh7k= -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_ED25519" set password ENC l4LsbBw5c+mse67PzqcXBfc2Y+hp+L8NPPm8xIV9pWX8IFgCYMi24V470g40JuMK9YPIiO7ZNknUw6IWiO1QSdnect9jWBOTxG91UUFpMUdNtuBZi2KuyO6wKLP8B2l9hI5Zvt66hWmdhJEK+Jp6ANf0HAUHzgipYj0yKpAUQv2kdrBIa7Nss2a1zq8wNM6mFCny8Q== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIGKME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhJoKrOuT/vowICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIrlzv2JJPPtwEOEtMd4Wo7yqzcCIx cGQnfbZ0cm5UTvy1qhfthZ8NO9uwb7v6Onas0+AR6cd04oAfHI51P04LW6S9 -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIB+zCCAa2gAwIBAgIETYE4iDAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTIy MDMyNTA1MDgyN1oXDTMyMDMyNTA1MDgyN1owgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMCowBQYD K2VwAyEAeu2JaQVT1J+UNHptHFFK3Ehz4iQSrrMr+VEN+iKsQQ6jDTALMAkGA1Ud EwQCMAAwBQYDK2VwA0EAgsDtWm6E7eNbgenrcc/yCTPAbc4SJoxXZQlDctf5waCn bqSyc42lrKVB3xx5GH36OdaAGA+EYLVlrBlimgwfDA== -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "Fortinet_SSL_ED448" set password ENC m5fyujRf341X8XLM/0xClU8W2MLmLgnc+oYVi+EfWXlxOmHQbci8+BM1RKMa+lzbqj3S2+RnY0uoXAbtDriZkZZVgKpeWv3T8BgIjhXXLvR3W6Fghdnm8l6AZ033UiF6z9pvyfgMfqEa09Cftu43rOP+U6yPEK2gjLuFVFrp0E+BgBnPBNh2rv/sqzcaaeT2M4SKYA== set comments "This certificate is embedded in the hardware at the factory and is unique to this unit. " set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIGiME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjaNI7hJp5AcgICCAAw DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIIMlQ6VUV3gMEUH6z0w6j3AszClQ/ nkg02r5R1wvwXT7wURTjRMcrpZXg3VpFW1A53GHV5l4+QOXztj/muU1w6Xh5Ws/M S+smaZy16qsXkdWzClIoibLnC/TC -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIICRjCCAcagAwIBAgIEM6RTFDAFBgMrZXEwgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTIy MDMyNTA1MDgyN1oXDTMyMDMyNTA1MDgyN1owgZ0xCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxETAPBgNVBAoMCEZv cnRpbmV0MRIwEAYDVQQLDAlGb3J0aUdhdGUxGTAXBgNVBAMMEEZHVDMwRTU2MjAw MTA3MzExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMEMwBQYD K2VxAzoA5Yt3DOoOM3lM8Hd9HS1mTVY4cz+rCTUs7M99ZdSazU/3xYic1LUpvOzh S6PBZjdo4b8yIPniE+UAow0wCzAJBgNVHRMEAjAAMAUGAytlcQNzAChQTZOZ+YkO kkbMzdsczGHL95O/p/AAUW3dnk9Ard1+ro6qgbYbTrRC+achgFiZBMr12DS+N46a gHW/8ILEn6F+MBQdP+6C/qHxEaJqNhbgvUuXLbjRW3VoNSC5k3C0wPdPh+pn57xH CD3iCsRFBZAPAA== -----END CERTIFICATE-----" set range global set source factory set last-updated 1648184911 next edit "wildcard.tahoho.com.tw" set password ENC 8k752DlL8j9uSYrVvHY2Wn1P215O0HMoZDfPPFg/v7OK5fohn75T7u52VuzI3G9p9MK6/1uX0K8blVJX+p3h7AJGZM9UXluzACuoBz8Sf2j2oKImfpkcYg8eQY6OmHFrb9NLkMExUxLxzVgmdYFBot4Q8L5WKkJJ6zn47GC3aAB0Zv8Zbj8IdqxwtvdZDfdCGM4Oaw== set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxvt/J5TkHDECAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJ04n6/7fCIcBIIEyL04UdpwjYVf Kxu4mYIJQbWdP9HeJiYlPkiPGspARfd1G7ucYnXujvWFjy/nWPAWf1Hht4J+LsG6 GKKgpIvh4fL1fa1GsuaQ1zqTWn6Bx4GLHSO0AiVF0ccU+ARvUm/tTnn52Jykd13T zJVDSmba7bL73jRZa2Zpl6irSpTswCewtNbqKV8I3glWBeibjLiz6AA6xDeW3M64 brt79WMQ/Z/sRz2heSiuoNsD+T4ymSiYSZjP+xp6PUF7mincrW1jf3w5FuVi9DTQ 7jGLUl1CI2MXKf0xrNOPMx6NwX8eShkHlmjc/yxzGT1OFygEwWzD8pcs2EnMLo9G ueZUAtMvW5jIJmPt2/Sn1+t0Y6ZxiTFc2BbCzBDr+KOMcFUKGAAktyRRaUXXJsoK v28zJh/s9dNXa16VZoaG9Nmep2TPHtFZ/kuH58wB2wFEz1849v4nD/hAgp6ahuWu a+HM4iGQGA3s4Rxd/exoU1rdEVyZz3LXx7nyb0igiPrtNmToeF/KBos4fwTASk0l VxUqm/NWAywXDRmD3YdYfFHgKEx8cVau7UxpGJPtZXacJp1BcCgi/IaPbHt1uZTK 4vlHqJ4yYqhjcpYmXZDR+h7Sy0mvJgyJJkCCDJZ11vx+Dk1p1UogwgnGU3vod8OJ ARh46wR6ZBVvXBSpcTKamhNEGRkGbTGQLtPQr3gdgU+TtxhZ8L2gQXnqNELn6OHa zv2jyWdgGb+SeKSqpQFK8rOiyYwh1Z+lEO2tzo9/CgUya9tNe4QybFEYeOlkUwAe NZQwhrFCqN8mVvDJO0qePrMKk9pHD+X1tZsaZd2DYFLUZFPEk9KnybTWYJutepZf C+tU9UYUJksGceU1+lumTabAspYKt/LZp9u1eCAIHDuYnJldj0cZzXTTMu4VlCdl WaES24c6DuaQXSq/70RdrlqoXFSML/KkDsH86kSlM50WYq9OyTua1VJHNLEi/yyL 7NWMD9f/YFdaMT3cPH2/eJz6LHvObr/NSzjs1WYSQKthyOVqKjC8D36aTgxW6XmI UmwyD5/NJOTf7Wui6BlDd/0BgXA6QP2BORu672OXRGhvTcBuNUvXfq6F8ABAElbb qZuKSdZ3lrOCHx5E7Ab5ZeTDeM6QEPc3KWpKJFRres7PnnSJWp/1Nuv3Kg2vUSt/ 30JyHVsho78ewB+d0GaXVnekHHZf/wD546M4lFHVKPuSWEB5xEPedOscfSa5zP/y j8Qo3ZYZchG5mi5/SvcJ7Pz+iY0sjmwkhM2ERvX8ZdMOAZscWczSad4mMxkl3ClP QlxPN/kj4dI1rD4NsZ5XINvrS+zTRxBySRQUsSU4e1T3zsY/3aX/TpHUIQo/2kYW jRbYbWkfuE72YYsJivYWgrXp3Szb51WZmen2tP2AF+8NLr/BLOq9IaWz3yaI1p6O 87h9hHtm6F+f2KUW+a3iBVyvl9zlne+D++morH03+0mxDiE+L/2qXa48OTwz03xX oBfNMjwLddv68/y5b5bAlUt13rno9TeYw6nwJeFpLHlU+AmGigxDhNVXslfRTfje WQkq0OZrYRL3Ku7a0lKZKwA7V97nkDGKMbXnVjp8DxvYqsssFV/QRcHwu81pvijX avOQw91YJ3bWDYzhfO2C7g== -----END ENCRYPTED PRIVATE KEY-----" set certificate "-----BEGIN CERTIFICATE----- MIIG9jCCBd6gAwIBAgIRANu7l3W160NjDYdOIO6nNQEwDQYJKoZIhvcNAQELBQAw gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl cnZlciBDQTAeFw0yMzAzMDYwMDAwMDBaFw0yNDAzMTcyMzU5NTlaMG4xCzAJBgNV BAYTAlRXMQ8wDQYDVQQIEwZUYWlwZWkxNDAyBgNVBAoTK09OWVggVEEtSE8gRU5W SVJPTk1FTlRBTCBTRVJWSUNFUyBDTy4sIExURC4xGDAWBgNVBAMMDyoudGFob2hv LmNvbS50dzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt+xYDDOyBQ kWHTbinkzt+i/7psk7vzo150Xk6tLAf8oHfjWAisRe1HzHAG8kPlRVVZtE6N6aJT 3MTZnVwoiF6tSWBYt6nFyiwUcKCX8TthR6XQ9A85tU62fonpByHjM4LSzFG7F/ub HF42CWK6Vmn3HrvS3ID4w/hCVa9XAqJ4Xi9n617sCuUFFiirG9kSmnKM5rozp60D 3qLYuhNFemvY2N59kZHIfD1W32VHX+Oca+SBLOQuy3ZNsLz+gYEjCK7u7OR2w/e/ qQafF6Uvv658jf+RQdaom9c8ukfYHCCNXK9qid5y/YAouOMBWh9g+TY+S+ql9EUO CgTkzEs4igECAwEAAaOCA2UwggNhMB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2 RIxsqU/rMB0GA1UdDgQWBBQa7MlVs0ONCs5FAkE+xQroSi2AdDAOBgNVHQ8BAf8E BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0 cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuG SWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZh bGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggr BgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5p emF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYX aHR0cDovL29jc3Auc2VjdGlnby5jb20wggGABgorBgEEAdZ5AgQCBIIBcASCAWwB agB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABhrkotQYAAAQD AEgwRgIhAPwxUPth+TyNWEiYsqMiZtn8jECDTxRdTYyqgvK5O3VDAiEAmQUhqwTo lVVzZwSAkE+T5rfIO60c+2efP623qEURRvwAdwDatr9rP7W2Ip+bwrtca+hwkXFs u1GEhTS9pD0wSNf7qwAAAYa5KLVoAAAEAwBIMEYCIQCZ5YjqWm7MU9fiN5J9uwRH iW0sJ+JDLzwesHLjDE45TwIhAOAEnsGNj4H2Mggp/L6UapeEOnNt3cCq8PRQGYLB bfE5AHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGGuSi1XgAA BAMARzBFAiBQFV5emwpm/rI18ZZPGUBAcDBb3JTuwmcN6SLpsy5p0wIhAPRvs2lF 5gzgEFszC249hNv5HmSR6eC67UEOiYyz+oAtMCkGA1UdEQQiMCCCDyoudGFob2hv LmNvbS50d4INdGFob2hvLmNvbS50dzANBgkqhkiG9w0BAQsFAAOCAQEATJ+sBxCQ sFA8j59vQAgEycIFyP+4u5nmyB+m6M4Qhi6tN7EpIMG9yU3hl68xV3OVlLHckB9+ W1e3J+lDSewpaty0RvW+QttgBKVV8D7TIYIei89Ln2yLvdbHhThY7+hbxu23f+SA BEOv1Q7jYRI9rdlIzKsAQ4X/QeOKq4WtSMh2bh6Eg8omWNsvlh3Jycv8f9B8SKvs YhfVq1GURwizM8eU1JxVrhbSeAeJQ2RyCMI8NwTmPOiCtcYK6PTaE11jlOodKEx8 bLOQjVw8Z6a7uXU2ghDs6Ev8wjycLX3Rer+r84LKUX50Ea/sJXLTaiKLRXHh1LRm fGaBzd89FwSZzQ== -----END CERTIFICATE-----" set range global set last-updated 1680052708 next end config webfilter ftgd-local-cat edit "custom1" set id 140 next edit "custom2" set id 141 next end config ips sensor edit "default" set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit "sniffer-profile" set comment "Monitor IPS attacks." config entries edit 1 set severity medium high critical next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config entries edit 1 set severity medium high critical next end next edit "all_default" set comment "All predefined signatures with default setting." config entries edit 1 next end next edit "all_default_pass" set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit "protect_http_server" set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set location server set protocol HTTP next end next edit "protect_email_server" set comment "Protect against email server-side vulnerabilities." config entries edit 1 set location server set protocol SMTP POP3 IMAP next end next edit "protect_client" set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit "high_security" set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" config entries edit 1 set severity medium high critical set status enable set action block next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit "high-priority" set maximum-bandwidth 1048576 set per-policy enable next edit "medium-priority" set maximum-bandwidth 1048576 set priority medium set per-policy enable next edit "low-priority" set maximum-bandwidth 1048576 set priority low set per-policy enable next edit "guarantee-100kbps" set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit "shared-1M-pipe" set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit "default" set comment "Monitor all applications." config entries edit 1 set action pass next end next edit "sniffer-profile" set comment "Monitor all applications." unset options config entries edit 1 set action pass next end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set deep-app-inspection disable config entries edit 1 set action pass set log disable next end next edit "block-high-risk" config entries edit 1 set category 2 6 next edit 2 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit "*.bat" next edit "*.com" next edit "*.dll" next edit "*.doc" next edit "*.exe" next edit "*.gz" next edit "*.hta" next edit "*.ppt" next edit "*.rar" next edit "*.scr" next edit "*.tar" next edit "*.tgz" next edit "*.vb?" next edit "*.wps" next edit "*.xl?" next edit "*.zip" next edit "*.pif" next edit "*.cpl" next end next edit 2 set name "all_executables" config entries edit "bat" set filter-type type set file-type bat next edit "exe" set filter-type type set file-type exe next edit "elf" set filter-type type set file-type elf next edit "hta" set filter-type type set file-type hta next end next end config dlp sensitivity edit "Private" next edit "Critical" next edit "Warning" next end config dlp sensor edit "default" set comment "Default sensor." next edit "sniffer-profile" set comment "Log a summary of email and web traffic." set summary-proto smtp pop3 imap http-get http-post next edit "Content_Summary" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Content_Archive" set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi next edit "Large-File" config filter edit 1 set name "Large-File-Filter" set proto smtp pop3 imap http-get http-post mapi set filter-by file-size set file-size 5120 set action log-only next end next edit "Credit-Card" config filter edit 1 set name "Credit-Card-Filter" set severity high set proto smtp pop3 imap http-get http-post mapi set action log-only next edit 2 set name "Credit-Card-Filter" set severity high set type message set proto smtp pop3 imap http-post mapi set action log-only next end next edit "SSN-Sensor" set comment "Match SSN numbers but NOT WebEx invite emails." config filter edit 1 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by regexp set regexp "WebEx" next edit 2 set name "SSN-Sensor-Filter" set severity high set type message set proto smtp pop3 imap mapi set filter-by ssn set action log-only next edit 3 set name "SSN-Sensor-Filter" set severity high set proto smtp pop3 imap http-get http-post ftp mapi set filter-by ssn set action log-only next end next end config webfilter ips-urlfilter-setting end config webfilter ips-urlfilter-setting6 end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next end end config icap profile edit "default" config icap-headers edit 1 set name "X-Authenticated-User" set content "$user" next edit 2 set name "X-Authenticated-Groups" set content "$local_grp" next end next end config user ldap edit "Azure-LDAP-Secure-Server" set server "gsvr.tahoho.com.tw" set server-identity-check disable set cnid "sAMAccountName" set dn "dc=tahoho,dc=com,dc=tw" set type regular set username "tahoho\\tahotbhq.admin" set password ENC MTAwNFwmch2x1OqHP2qbECPV6E7jwwxFcExtnnwCHc1hhQtkLgQOYammG0/qmZ2JqP8HUpXdlhueR6iKI9KBLKzk/guTRBqVC0V/BtmFPecys4Nr5txe8VFGRr6nviY9oktOX1lF+j3QjmzTnVH2NiKG7ScYfqBP6QmPA9+8x+oYedvbedvgcvvqbzqdUv8AIjYp+g== set secure ldaps set port 636 next end config user fortitoken edit "FTKMOB28D1874826" set license "FTMTRIAL027A1259" next edit "FTKMOB287EF58163" set license "FTMTRIAL027A1259" next end config user local edit "guest" set status disable set type password set passwd ENC /pVaYSDGJcsTEWrVIqE/szICW+SdHwHcxvI5Hb37eSpCAwWmuMC2kV/4sdstIcTuNtL9lAd5jJVE5fHlp5E+F7VSei9nZtJycvGKuilA7HmFeyQoPT1nl/dBhWnoKeRAcrGYY1sT3AYTQeGrFbFpXbeY+apoKhoLI7C8p1GZ8yhEIBGV9KxWMt2yGZojvWtlc0pXaQ== next edit "870559" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "870572" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "910787" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "930734" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "hwangchinchang" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "tsaichinfeng" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "890354" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "930001" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "A50016" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "A60025" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "chennanhsieh" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "pengyehhuang" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "samyslin" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "colemanchen" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "B10013" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "900976" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "880076" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "910776" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "930445" set type ldap set ldap-server "Azure-LDAP-Secure-Server" next edit "joy.liao" set type password set passwd-time 2023-07-05 14:59:48 set passwd ENC xQ0iwFqC0wujTlkul05XomglH7lzKM53qFMJsdS4sz1urX2snIWzleO9t8D+6nVye+GlTYNWyPuMoF8fUfZNVU7dtOwxuGaO3mFFSDb4Xp1zw8cUlnZK9L5SU3Gam0Eu5LggEvUnkQ8BaCdRpkCxaAxM3lTUiCWSKe03uOHOuld5fLIXGeafUALLWDhhLw0ND61z9g== next end config user setting set auth-cert "wildcard.tahoho.com.tw" end config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next edit "RemoteUserGroup" set member "Azure-LDAP-Secure-Server" config match edit 1 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange Install Domain Servers,CN=Microsoft Exchange System Objects,DC=tahoho,DC=com,DC=tw" next edit 2 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Access Control Assistance Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 3 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Account Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 4 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Administrators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 5 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ADSyncAdmins,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 6 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ADSyncBrowse,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 7 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ADSyncOperators,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 8 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ADSyncPasswordSet,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 9 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Allowed RODC Password Replication Group,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 10 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Backup Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 11 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Business Dep_gbl,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 12 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Cert Publishers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 13 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Certificate Service DCOM Access,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 14 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=CERTSVC_DCOM_ACCESS,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 15 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Cloneable Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 16 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Cryptographic Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 17 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Delegated Setup,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 18 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Denied RODC Password Replication Group,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 19 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=DHCP Administrators,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 20 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=DHCP Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 21 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Discovery Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 22 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Distributed COM Users,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 23 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=DnsAdmins,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 24 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=DnsUpdateProxy,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 25 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Domain Admins,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 26 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Domain Computers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 27 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 28 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Domain Guests,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 29 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Domain Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 30 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Enterprise Admins,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 31 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Enterprise Read-only Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 32 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 33 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_BL,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 34 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_CY,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 35 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_LT,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 36 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_LZ,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 37 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_RW,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 38 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_SL,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 39 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_TC,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 40 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_WC,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 41 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_XD,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 42 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_Buyer_YK,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 43 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_GROUP,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 44 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_GROUP_RW,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 45 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_public,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 46 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_TPE_Manager,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 47 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ERP_TPE_PAC,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 48 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Event Log Readers,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 49 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange All Hosted Organizations,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 50 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange Domain Servers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 51 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange Enterprise Servers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 52 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange Servers,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 53 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 54 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 55 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=ExchangeLegacyInterop,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 56 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Google 雲端硬碟,DC=tahoho,DC=com,DC=tw" next edit 57 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Group Policy Creator Owners,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 58 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Guests,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 59 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Help Desk,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 60 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=HelpServicesGroup,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 61 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=HubgradeTeam,DC=tahoho,DC=com,DC=tw" next edit 62 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=HubgradeUsers,DC=tahoho,DC=com,DC=tw" next edit 63 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Hygiene Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 64 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Hyper-V Administrators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 65 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=IIS_IUSRS,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 66 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=IIS_WPG,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 67 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Incoming Forest Trust Builders,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 68 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=MTS Impersonators,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 69 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Netmon Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 70 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Network Configuration Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 71 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 72 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Performance Log Users,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 73 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Performance Monitor Users,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 74 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 75 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Print Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 76 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Protected Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 77 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 78 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=RAS and IAS Servers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 79 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=RDS Endpoint Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 80 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=RDS Management Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 81 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=RDS Remote Access Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 82 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Read-only Domain Controllers,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 83 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Recipient Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 84 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Records Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 85 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Remote Desktop Users,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 86 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Remote Management Users,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 87 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Replicator,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 88 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Schema Admins,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 89 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Server Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 90 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Server Operators,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 91 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Smart Phone,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 92 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=SMEX Admin Group,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 93 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=SQLServer2005MSFTEUser$TAHOAD$MICROSOFT\\#\\#SSEE,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 94 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=SQLServer2005MSSQLUser$TAHOAD$MICROSOFT\\#\\#SSEE,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 95 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=SQLServer2005SQLBrowserUser$TAHOAD,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 96 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=SQLServerMSSQLServerADHelperUser$TAHOAD,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 97 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=TAHOAD $ Acronis ApiGateway Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 98 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=TAHOAD $ Acronis ASN Remote Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 99 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=TAHOAD $ Acronis Centralized Admins,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 100 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=TAHOAD $ Acronis Remote Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 101 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=TAHONT $ Acronis Remote Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 102 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Technical Dep_gbl,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 103 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Technical Dep_loc,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 104 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=TelnetClients,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 105 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Terminal Server License Servers,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 106 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=UM Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 107 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Users,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 108 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=vendor_group,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 109 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Veolia Distribution Group,OU=Veolia,DC=tahoho,DC=com,DC=tw" next edit 110 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=VeoliaSecurityGroup,OU=Veolia,DC=tahoho,DC=com,DC=tw" next edit 111 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=View-Only Organization Management,OU=Microsoft Exchange Security Groups,DC=tahoho,DC=com,DC=tw" next edit 112 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=Windows Authorization Access Group,CN=Builtin,DC=tahoho,DC=com,DC=tw" next edit 113 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=WINS Users,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 114 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=WSUS Administrators,CN=Users,DC=tahoho,DC=com,DC=tw" next edit 115 set server-name "Azure-LDAP-Secure-Server" set group-name "CN=WSUS Reporters,CN=Users,DC=tahoho,DC=com,DC=tw" next end next edit "ssl_vpn_user" set member "870559" "870572" "880076" "890354" "900976" "910776" "910787" "930001" "930445" "930734" "A50016" "A60025" "B10013" "chennanhsieh" "colemanchen" "hwangchinchang" "pengyehhuang" "samyslin" "tsaichinfeng" next end config vpn ssl web host-check-software edit "FortiClient-AV" set guid "1A0271D5-3D4F-46DB-0C2C-AB37BA90D9F7" next edit "FortiClient-FW" set type fw set guid "528CB157-D384-4593-AAAA-E42DFF111CED" next edit "FortiClient-AV-Vista" set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit "FortiClient-FW-Vista" set type fw set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" next edit "FortiClient5-AV" set guid "5EEDDB8C-C27A-6714-3657-DBD811D1F1B7" next edit "AVG-Internet-Security-AV" set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit "AVG-Internet-Security-FW" set type fw set guid "8DECF618-9569-4340-B34A-D78D28969B66" next edit "AVG-Internet-Security-AV-Vista-Win7" set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit "AVG-Internet-Security-FW-Vista-Win7" set type fw set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" next edit "CA-Anti-Virus" set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit "CA-Internet-Security-AV" set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit "CA-Internet-Security-FW" set type fw set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" next edit "CA-Internet-Security-AV-Vista-Win7" set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit "CA-Internet-Security-FW-Vista-Win7" set type fw set guid "06D680B0-4024-4FAB-E710-E675E50F6324" next edit "CA-Personal-Firewall" set type fw set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" next edit "F-Secure-Internet-Security-AV" set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit "F-Secure-Internet-Security-FW" set type fw set guid "D4747503-0346-49EB-9262-997542F79BF4" next edit "F-Secure-Internet-Security-AV-Vista-Win7" set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit "F-Secure-Internet-Security-FW-Vista-Win7" set type fw set guid "2D7AC0A6-6241-D774-E168-461178D9686C" next edit "Kaspersky-AV" set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-FW" set type fw set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit "Kaspersky-AV-Vista-Win7" set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit "Kaspersky-FW-Vista-Win7" set type fw set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" next edit "McAfee-Internet-Security-Suite-AV" set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit "McAfee-Internet-Security-Suite-FW" set type fw set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" next edit "McAfee-Internet-Security-Suite-AV-Vista-Win7" set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit "McAfee-Internet-Security-Suite-FW-Vista-Win7" set type fw set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" next edit "McAfee-Virus-Scan-Enterprise" set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit "Norton-360-2.0-AV" set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit "Norton-360-2.0-FW" set type fw set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" next edit "Norton-360-3.0-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-360-3.0-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV" set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit "Norton-Internet-Security-FW" set type fw set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" next edit "Norton-Internet-Security-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Norton-Internet-Security-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Symantec-Endpoint-Protection-AV" set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit "Symantec-Endpoint-Protection-FW" set type fw set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" next edit "Symantec-Endpoint-Protection-AV-Vista-Win7" set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit "Symantec-Endpoint-Protection-FW-Vista-Win7" set type fw set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" next edit "Panda-Antivirus+Firewall-2008-AV" set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit "Panda-Antivirus+Firewall-2008-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Panda-Internet-Security-AV" set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2006~2007-FW" set type fw set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit "Panda-Internet-Security-2008~2009-FW" set type fw set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" next edit "Sophos-Anti-Virus" set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit "Sophos-Enpoint-Secuirty-and-Control-FW" set type fw set guid "0786E95E-326A-4524-9691-41EF88FB52EA" next edit "Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7" set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit "Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7" set type fw set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" next edit "Trend-Micro-AV" set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit "Trend-Micro-FW" set type fw set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" next edit "Trend-Micro-AV-Vista-Win7" set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit "Trend-Micro-FW-Vista-Win7" set type fw set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" next edit "ZoneAlarm-AV" set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit "ZoneAlarm-FW" set type fw set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" next edit "ZoneAlarm-AV-Vista-Win7" set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit "ZoneAlarm-FW-Vista-Win7" set type fw set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" next edit "ESET-Smart-Security-AV" set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit "ESET-Smart-Security-FW" set type fw set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" next end config vpn ssl web portal edit "E2C-Hubgrade-JiaYi-VPN-Portal" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" config bookmark-group edit "gui-bookmarks" config bookmarks edit "Firewall" set url "https://192.168.32.1:8443" next edit "Hubgrade" set url "https://twjy.tahoho.com.tw" next end next end set heading "E2C-Hubgrade-JiaYi-VPN-Portal" next end config vpn ssl settings set servercert "wildcard.tahoho.com.tw" set tunnel-ip-pools "AzureS2SVPN_local_subnet" set source-interface "wan" set source-address "all" set source-address6 "all" set default-portal "E2C-Hubgrade-JiaYi-VPN-Portal" config authentication-rule edit 1 set groups "RemoteUserGroup" set portal "E2C-Hubgrade-JiaYi-VPN-Portal" next end end config vpn ssl web user-bookmark edit "godelchen#RemoteUserGroup" config bookmarks edit "U2484" set apptype rdp set description "U2484" set host "192.167.3.110" set port 3389 set logon-user "godelchen" set logon-password ENC ZvJcCYRlJUYX7KCPjhEAtvOyMB11n+v1KeYEz4/Nx0YuimNu8mXeI2LFJH2p9E0UFksP2bWf/OB7u42F/YHHuL4/dN4as045KWpkkojYWQEd+oLQsOZVW7DORFEWsos/ESblQGdh/4535IG3oUG+uUBuDS7BXNXI6X+Hmp5LfBbxYyVPlW9EBj1bU5ky8ZyWW6d10g== next edit "E2C Hubgrade FireWall" set description "E2C Hubgrade FireWall" set url "https://192.167.3.99" next end next edit "itservice#RemoteUserGroup" next end config voip profile edit "default" set comment "Default VoIP profile." next edit "strict" config sip set malformed-request-line discard set malformed-header-via discard set malformed-header-from discard set malformed-header-to discard set malformed-header-call-id discard set malformed-header-cseq discard set malformed-header-rack discard set malformed-header-rseq discard set malformed-header-contact discard set malformed-header-record-route discard set malformed-header-route discard set malformed-header-expires discard set malformed-header-content-type discard set malformed-header-content-length discard set malformed-header-max-forwards discard set malformed-header-allow discard set malformed-header-p-asserted-identity discard set malformed-header-sdp-v discard set malformed-header-sdp-o discard set malformed-header-sdp-s discard set malformed-header-sdp-i discard set malformed-header-sdp-c discard set malformed-header-sdp-b discard set malformed-header-sdp-z discard set malformed-header-sdp-k discard set malformed-header-sdp-a discard set malformed-header-sdp-t discard set malformed-header-sdp-r discard set malformed-header-sdp-m discard end next end config dnsfilter profile edit "default" set comment "Default dns filtering." config ftgd-dns config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next edit 19 set category 61 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end set block-botnet enable next end config antivirus settings set grayware enable end config antivirus profile edit "default" set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "sniffer-profile" set comment "Scan files and monitor viruses." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." config http set options scan end config ftp set options scan end config imap set options scan set executables virus end config pop3 set options scan set executables virus end config smtp set options scan set executables virus end next end config webfilter profile edit "default" set comment "Default web filtering." config ftgd-wf unset options config filters edit 1 set action block next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 12 set action block next edit 8 set category 13 set action block next edit 9 set category 14 set action block next edit 10 set category 15 set action block next edit 11 set category 16 set action block next edit 12 set category 26 set action block next edit 13 set category 57 set action block next edit 14 set category 61 set action block next edit 15 set category 63 set action block next edit 16 set category 64 set action block next edit 17 set category 65 set action block next edit 18 set category 66 set action block next edit 19 set category 67 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "sniffer-profile" set comment "Monitor web traffic." config ftgd-wf config filters edit 1 next edit 2 set category 1 next edit 3 set category 2 next edit 4 set category 3 next edit 5 set category 4 next edit 6 set category 5 next edit 7 set category 6 next edit 8 set category 7 next edit 9 set category 8 next edit 10 set category 9 next edit 11 set category 11 next edit 12 set category 12 next edit 13 set category 13 next edit 14 set category 14 next edit 15 set category 15 next edit 16 set category 16 next edit 17 set category 17 next edit 18 set category 18 next edit 19 set category 19 next edit 20 set category 20 next edit 21 set category 23 next edit 22 set category 24 next edit 23 set category 25 next edit 24 set category 26 next edit 25 set category 28 next edit 26 set category 29 next edit 27 set category 30 next edit 28 set category 31 next edit 29 set category 33 next edit 30 set category 34 next edit 31 set category 35 next edit 32 set category 36 next edit 33 set category 37 next edit 34 set category 38 next edit 35 set category 39 next edit 36 set category 40 next edit 37 set category 41 next edit 38 set category 42 next edit 39 set category 43 next edit 40 set category 44 next edit 41 set category 46 next edit 42 set category 47 next edit 43 set category 48 next edit 44 set category 49 next edit 45 set category 50 next edit 46 set category 51 next edit 47 set category 52 next edit 48 set category 53 next edit 49 set category 54 next edit 50 set category 55 next edit 51 set category 56 next edit 52 set category 57 next edit 53 set category 58 next edit 54 set category 59 next edit 55 set category 61 next edit 56 set category 62 next edit 57 set category 63 next edit 58 set category 64 next edit 59 set category 65 next edit 60 set category 66 next edit 61 set category 67 next edit 62 set category 68 next edit 63 set category 69 next edit 64 set category 70 next edit 65 set category 71 next edit 66 set category 72 next edit 67 set category 75 next edit 68 set category 76 next edit 69 set category 77 next edit 70 set category 78 next edit 71 set category 79 next edit 72 set category 80 next edit 73 set category 81 next edit 74 set category 82 next edit 75 set category 83 next edit 76 set category 84 next edit 77 set category 85 next edit 78 set category 86 next edit 79 set category 87 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end next edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set options block-invalid-url config ftgd-wf unset options config filters edit 1 next edit 2 set category 2 set action block next edit 3 set category 7 set action block next edit 4 set category 8 set action block next edit 5 set category 9 set action block next edit 6 set category 11 set action block next edit 7 set category 12 set action block next edit 8 set category 13 set action block next edit 9 set category 14 set action block next edit 10 set category 15 set action block next edit 11 set category 16 set action block next edit 12 set category 26 set action block next edit 13 set category 57 set action block next edit 14 set category 61 set action block next edit 15 set category 63 set action block next edit 16 set category 64 set action block next edit 17 set category 65 set action block next edit 18 set category 66 set action block next edit 19 set category 67 set action block next edit 20 set category 86 set action block next edit 21 set category 88 set action block next edit 22 set category 90 set action block next edit 23 set category 91 set action block next end end next edit "monitor-all" set comment "Monitor and log all visited URLs, flow-based." config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next edit 80 set category 88 next edit 81 set category 89 next edit 82 set category 90 next edit 83 set category 91 next edit 84 set category 92 next edit 85 set category 93 next edit 86 set category 94 next edit 87 set category 95 next end end set log-all-url enable set web-content-log disable set web-filter-activex-log disable set web-filter-command-block-log disable set web-filter-cookie-log disable set web-filter-applet-log disable set web-filter-jscript-log disable set web-filter-js-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-referer-log disable set web-filter-cookie-removal-log disable set web-url-log disable set web-invalid-domain-log disable set web-ftgd-err-log disable set web-ftgd-quota-usage disable next end config webfilter search-engine edit "google" set hostname ".*\\.google\\..*" set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set safesearch-str "&safe=active" next edit "yahoo" set hostname ".*\\.yahoo\\..*" set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set safesearch-str "&vm=r" next edit "bing" set hostname ".*\\.bing\\..*" set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch header next edit "yandex" set hostname "yandex\\..*" set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set safesearch-str "&family=yes" next edit "youtube" set hostname ".*youtube.*" set safesearch header next edit "baidu" set hostname ".*\\.baidu\\.com" set url "^\\/s?\\?" set query "wd=" next edit "baidu2" set hostname ".*\\.baidu\\.com" set url "^\\/(ns|q|m|i|v)\\?" set query "word=" next edit "baidu3" set hostname "tieba\\.baidu\\.com" set url "^\\/f\\?" set query "kw=" next end config emailfilter profile edit "sniffer-profile" set comment "Malware and phishing URL monitoring." next edit "default" set comment "Malware and phishing URL filtering." next end config system virtual-wan-link config health-check edit "Default_Office_365" set server "www.office.com" set protocol http set interval 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_Gmail" set server "gmail.com" set interval 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 2 next end next edit "Default_AWS" set server "aws.amazon.com" set protocol http set interval 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_Google Search" set server "www.google.com" set protocol http set interval 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next edit "Default_FortiGuard" set server "fortiguard.com" set protocol http set interval 1000 set recoverytime 10 config sla edit 1 set latency-threshold 250 set jitter-threshold 50 set packetloss-threshold 5 next end next end end config firewall schedule recurring edit "always" set day sunday monday tuesday wednesday thursday friday saturday next edit "none" next edit "default-darrp-optimize" set start 01:00 set end 01:30 set day sunday monday tuesday wednesday thursday friday saturday next end config firewall vip edit "Hubgrade-Port-49320" set uuid 2302020e-ac08-51ec-a763-dd644375d642 set extip 61.216.60.230 set extintf "any" set portforward enable set mappedip "192.167.3.110" set extport 49320 set mappedport 49320 next edit "Hubgrade-port-1883" set uuid e42c1b2e-4936-51ed-48d9-3c7359845c7b set extip 61.216.60.230 set extintf "any" set portforward enable set mappedip "192.167.3.110" set extport 1883 set mappedport 1883 next end config firewall profile-protocol-options edit "default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config ssh unset options end config dns set ports 53 end config cifs set ports 445 end next end config firewall ssl-ssh-profile edit "deep-inspection" set comment "Read-only deep inspection profile." config https set ports 443 set status deep-inspection end config ftps set ports 990 set status deep-inspection end config imaps set ports 993 set status deep-inspection end config pop3s set ports 995 set status deep-inspection end config smtps set ports 465 set status deep-inspection end config ssh set ports 22 set status disable end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 4 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 5 set type wildcard-fqdn set wildcard-fqdn "android" next edit 6 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 7 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 8 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 9 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 10 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 13 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 14 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 15 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 16 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 17 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 22 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 23 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 24 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 25 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 26 set type wildcard-fqdn set wildcard-fqdn "live.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "google-play" next edit 28 set type wildcard-fqdn set wildcard-fqdn "update.microsoft.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "swscan.apple.com" next edit 30 set type wildcard-fqdn set wildcard-fqdn "autoupdate.opera.com" next end next edit "custom-deep-inspection" set comment "Customizable deep inspection profile." config https set ports 443 set status deep-inspection end config ftps set ports 990 set status deep-inspection end config imaps set ports 993 set status deep-inspection end config pop3s set ports 995 set status deep-inspection end config smtps set ports 465 set status deep-inspection end config ssh set ports 22 set status disable end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set type wildcard-fqdn set wildcard-fqdn "adobe" next edit 4 set type wildcard-fqdn set wildcard-fqdn "Adobe Login" next edit 5 set type wildcard-fqdn set wildcard-fqdn "android" next edit 6 set type wildcard-fqdn set wildcard-fqdn "apple" next edit 7 set type wildcard-fqdn set wildcard-fqdn "appstore" next edit 8 set type wildcard-fqdn set wildcard-fqdn "auth.gfx.ms" next edit 9 set type wildcard-fqdn set wildcard-fqdn "citrix" next edit 10 set type wildcard-fqdn set wildcard-fqdn "dropbox.com" next edit 11 set type wildcard-fqdn set wildcard-fqdn "eease" next edit 12 set type wildcard-fqdn set wildcard-fqdn "firefox update server" next edit 13 set type wildcard-fqdn set wildcard-fqdn "fortinet" next edit 14 set type wildcard-fqdn set wildcard-fqdn "googleapis.com" next edit 15 set type wildcard-fqdn set wildcard-fqdn "google-drive" next edit 16 set type wildcard-fqdn set wildcard-fqdn "google-play2" next edit 17 set type wildcard-fqdn set wildcard-fqdn "google-play3" next edit 18 set type wildcard-fqdn set wildcard-fqdn "Gotomeeting" next edit 19 set type wildcard-fqdn set wildcard-fqdn "icloud" next edit 20 set type wildcard-fqdn set wildcard-fqdn "itunes" next edit 21 set type wildcard-fqdn set wildcard-fqdn "microsoft" next edit 22 set type wildcard-fqdn set wildcard-fqdn "skype" next edit 23 set type wildcard-fqdn set wildcard-fqdn "softwareupdate.vmware.com" next edit 24 set type wildcard-fqdn set wildcard-fqdn "verisign" next edit 25 set type wildcard-fqdn set wildcard-fqdn "Windows update 2" next edit 26 set type wildcard-fqdn set wildcard-fqdn "live.com" next edit 27 set type wildcard-fqdn set wildcard-fqdn "google-play" next edit 28 set type wildcard-fqdn set wildcard-fqdn "update.microsoft.com" next edit 29 set type wildcard-fqdn set wildcard-fqdn "swscan.apple.com" next edit 30 set type wildcard-fqdn set wildcard-fqdn "autoupdate.opera.com" next end next edit "no-inspection" set comment "Read-only profile that does no inspection." config https set status disable end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next edit "certificate-inspection" set comment "Read-only SSL handshake inspection profile." config https set ports 443 set status certificate-inspection end config ftps set status disable end config imaps set status disable end config pop3s set status disable end config smtps set status disable end config ssh set ports 22 set status disable end next end config waf profile edit "default" config signature config main-class 100000000 set action block set log disable set severity high end config main-class 20000000 set log disable end config main-class 30000000 set status enable set action block set log disable set severity high end config main-class 40000000 set log disable end config main-class 50000000 set status enable set action block set log disable set severity high end config main-class 60000000 set log disable end config main-class 70000000 set status enable set action block set log disable set severity high end config main-class 80000000 set status enable set log disable set severity low end config main-class 110000000 set status enable set log disable set severity high end config main-class 90000000 set status enable set action block set log disable set severity high end set disabled-signature 80080005 80200001 60030001 60120001 80080003 90410001 90410002 end config constraint config header-length set status enable set log enable set severity low end config content-length set status enable set log enable set severity low end config param-length set status enable set log enable set severity low end config line-length set status enable set log enable set severity low end config url-param-length set status enable set log enable set severity low end config version set log enable end config method set action block set log enable end config hostname set action block set log enable end config malformed set log enable end config max-cookie set status enable set log enable set severity low end config max-header-line set status enable set log enable set severity low end config max-url-param set status enable set log enable set severity low end config max-range-segment set status enable set log enable set severity high end end next end config firewall policy edit 2 set name "UA access" set uuid ead8365c-ac14-51ec-a98b-97ea6d1d57f6 set srcintf "wan" set dstintf "lan" set srcaddr "all" set dstaddr "Hubgrade-Port-49320" set action accept set schedule "always" set service "OPC UA" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 5 set name "E2C" set uuid 216dc99a-1d2e-51ed-a5ca-c1dc2aea8dec set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "AWS" "GCP" "Git" "AWS1" "AWS2" set action accept set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 6 set name "DNS" set uuid 613ff1dc-1d2f-51ed-8827-981d49d22e56 set srcintf "lan" set dstintf "wan" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "DNS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 7 set name "Anydesk" set uuid a8b2d8cc-1d2f-51ed-5fbd-e24764b3ce05 set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "Anydesk" set action accept set schedule "always" set service "HTTPS" set ssl-ssh-profile "certificate-inspection" set nat enable next edit 8 set name "MQTT" set uuid 5709ecec-327c-51ed-51c0-ac0064610f60 set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "all" set action accept set schedule "always" set service "OPC UA" "MQTT" set nat enable next edit 9 set name "E2C-Hubgrde-Firewall-VPN-Policy" set uuid fc05c934-445e-51ed-61fc-cf2948db03aa set srcintf "ssl.root" set dstintf "lan" set srcaddr "all" set dstaddr "lan" set action accept set status disable set schedule "always" set service "ALL" set groups "RemoteUserGroup" set nat enable next edit 10 set name "GLPI" set uuid b4773b3c-6c60-51ed-783a-dda3d686ce2b set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "GLPI-Server" set action accept set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 11 set name "Advantech-Outward-To-DCCS-Server" set uuid 82359436-8b12-51ed-e38e-763c83ce9014 set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "Advantech_MQTT Broker_DCCS Server" set action accept set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 13 set name "Advantech-Outward-To-MQTT-Broker" set uuid 134198c6-8b13-51ed-acc7-6690303deb7c set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "Advantech-MQTT-Broker" set action accept set schedule "always" set service "HTTP" "HTTPS" "Advantech-Testing-MQTT-8883" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 14 set name "Advantech-Inward-To-DCCS-Server" set uuid 4861d12e-8b13-51ed-9c06-1cb14276fd19 set srcintf "wan" set dstintf "lan" set srcaddr "Advantech_MQTT Broker_DCCS Server" set dstaddr "IT component" set action accept set schedule "always" set service "HTTP" "HTTPS" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 15 set name "Advantech-Inward-To-MQTT-Broker" set uuid 77ed7c7c-8b13-51ed-1d5f-b7c08b501bc5 set srcintf "wan" set dstintf "lan" set srcaddr "Advantech-MQTT-Broker" set dstaddr "IT component" set action accept set schedule "always" set service "HTTP" "HTTPS" "Advantech-Testing-MQTT-8883" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 12 set name "E2C Gmail Alarm" set uuid d9bb4206-ed77-51ed-d396-1b4e46966c8d set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "gmail smtp" set action accept set schedule "always" set service "gmail" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 16 set name "E2C U2484 to NTP Server" set uuid 5a041b18-3b11-51ee-a55c-032a4f76b285 set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "time.google.com" "time.windows.com" "tw.ntp.org.cn" set action accept set schedule "always" set service "NTP" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set nat enable next edit 17 set name "E2C MQTT" set uuid 056a1484-b0fc-51ee-5ac9-39366064e3bf set srcintf "lan" set dstintf "wan" set srcaddr "IT component" set dstaddr "Cloud Scada" "Cloud Scada2" set action accept set schedule "always" set service "MQTT" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set application-list "default" set nat enable next end config firewall ssh local-key edit "Fortinet_SSH_RSA2048" set password ENC k2ME4ORMTZCWmlQvab5uU+V8iSgQ5t9rPBzX46i5BZU6CnJi7ZKE3WKubSAdNZcfcXzjE8sWrJfYByC5E8lntPvbkY/kw9Zu7a5XCi/pUBXenfEWOPqR0vRiqb8AaLiM05+IkaClu2pNiOC0GP8ZuvgNsZw1O2nt+mL+xICXKA8oZXNiKax1yMUKSUvF5AuWQjoNmQ== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCqlXNVUB oAd+DXXD5R5gtVAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDhhDji7ZZ8 2xSVKiKVGF6PVKkKrQI36RSkp7k9uP2LpYwZR20N5F0FOaH4CxUzbt8Swbmj/HoZX+qiSE DoxQUSu7bME1UAi11Lr72Ipcc22hHCT/itT1mrHiWSiLqGpmQrj9ymL+/9ozwzIoDMspZx 6Vu+2RE358UUm46P23hbX6bkYkK1YrzZfapVVhwGwM/IwQFFWI1iavXsfbGhEpSf/DSpQ2 wzJtazq08msJCHTniPNGiZWoVqyavm0FJF0Aa84G2Mo0AAH/PF5Uo5dak/P04YsV/pP0uR ojZpcVn9uVjyReQHb/RWkanwNiNaX+YeoEetLD+LRvbdHiXYJfgbAAADwPTO9GVMHpMtuV fK1d7SR67wNuwp15O13Qdf1gRkrshsLfli518pDoY3JNL2q9gAAOXHdCviez07jCe43Kt7 wvC2bgPacTOKRFzkRgmHAerKp9zijdZGviL4UZbcjrt/GVXno+83GuN59aKKbbk92Y1pxD ko+FJx+ozLLg8b6gbu2P3TZ5qv0JXYyNMEE0qp/s/ztCbcGm0HGXnk94mXECmOCd7ptFVT PzLd+0JwsVzcq2MUh4Pp8YgSy3TfqoGo11T6ruu3JoVj2OeveES/UNKQKCUD4vuEDwbWkg a0OXRQUzRJ/jnfbR9Zj+AdM0Jo7THyc2ucv9wNstT7kCMCZOvOUnzaAhdyw6I77RmxFFB2 jXDGjq0MoGdhQyUGKLynTWaWskvmc6JTdya4Cm/hAhsD7pNEwaMj98Z4vqADgt0zaUe2ID IlRYd9z8CVfIp5GupSNb4Zpj8HY7ihgVIgY/NEL4fKgAfb9VRY7krrQzqcoUvuq35DhRC6 AvRIQgBexxsgG2SUdaKMYvwVV0WlXiHxDyQMNTIF76GkY0o3T994vqhh3tEMJXcY/3Euyc uUoWj9yHlvaGAV5VW9wx7I8AGmgBTl4qG7C01bT5N8ZH6ADnDJ9OybVyxDKAyg5GQQipLE wR0mdruoQgO0KPNnRtTZPU68ypXz8jYDg0QrL2XCeqzOpheNj8W4CS1jWdH3U2qLp5Ersh x/F/QCPrZzWvEzhy4AWsOBeuZpHUbMOCJx5dutZf1hzA1ySiEpvarDE613YiRCLqyp/Xw6 YFtTJfqjPVGlRzSk9gUxv2ryILhMxsVr5pYEvRs+Bfs36LmGeiPc7LvRbho+iaqwGfnzFx Se9kwk09+Etj+K3mubRoMWjQnQt9Kdw4PuaGreuOK6kEQa61n0hEzlBN2vzT53cUXQCyRJ POC4X+vnBzNrBnct/F1djdTZDEZdVaGzQCKM3DDLEjLEyBbqYHwlFrIcIN9z7fKztHxtPh rU36WGz/0go29j6tfGccWiTFjE61RF7dqyYZX0fWqYyzBHWTTi9NsILhgWR66SzCUKJBEw Nx548adDYcoJdFQlBKe7DgI7oNkTGtJdDEkI1uboayhtj0lJaUEWdEV8/L23WF+7wqlyPP KaXaiFLMt5XOQ5EgSVFnRkCUttrUXp+lddU38q1WLdqKYubGEnOec6FA3fGZTHqXWj5lbC JTw6Ymu+V7T2Esn9MO/IpX0NM83EE04wPoA3M3NDBIlM9608O0rOX6JvwhJgEsG3rY3SYz GgyoJtvQ== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhhDji7ZZ82xSVKiKVGF6PVKkKrQI36RSkp7k9uP2LpYwZR20N5F0FOaH4CxUzbt8Swbmj/HoZX+qiSEDoxQUSu7bME1UAi11Lr72Ipcc22hHCT/itT1mrHiWSiLqGpmQrj9ymL+/9ozwzIoDMspZx6Vu+2RE358UUm46P23hbX6bkYkK1YrzZfapVVhwGwM/IwQFFWI1iavXsfbGhEpSf/DSpQ2wzJtazq08msJCHTniPNGiZWoVqyavm0FJF0Aa84G2Mo0AAH/PF5Uo5dak/P04YsV/pP0uRojZpcVn9uVjyReQHb/RWkanwNiNaX+YeoEetLD+LRvbdHiXYJfgb" set source built-in next edit "Fortinet_SSH_DSA1024" set password ENC k2ME4GK3Y226RxwPIB+s6rM5v51zm+nv51uzXrfJYrLqQiOXkC94ihfhYpX4IYgJwAJFT53Mc/QCCu15W48/vw/vWIMyj0jxw1qzUqTFi6CbDfDhh8jeoBHVXtertonQZ0qbUAoP/h0lKwdiIEH12fSpULgitWQ3fS5KrCxya4qmpTzUBYUEX77DQUxTJ/1BHXyQAA== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDYTyT2eq Txu/Je5cSpmWcoAAAAEAAAAAEAAAGyAAAAB3NzaC1kc3MAAACBAJJjbxnS2+MuAf5iQ2Ea DHTuBketGLe4Y7/k5aQXEJw9d1SvndcTCy8nYA4gSVS3BMz0zGl3qHmgoNZtkFfSWSf3xw 3SsmK9BNP+kW4hdax00qKLt7SC7WCRDRTBCaZdCXucB9cq6VWhSb4U4vXEW/Z5weKgqJqs QFghJduDkSu3AAAAFQC1OHEBctoh4j3qoF7OhMCzi8ZRywAAAIEAkEvKwAJWP+qvqx2dHD 2oROgDujKBrqYbdUlG3+Sl7Qp9UxYucrZBzps7Wbfc45y79duq/zVWKnkhNVrEUgwDSY0U aUD4j0GYM0j0LUzBVRNebxScjWeizMy+6aFTwrG3SkBunrt2C7AoR/AYC+aTaNPCj3FyaY N0XeXNDfnCsUwAAACARj9SQC9fd2Vlhn7lgrqpYI7k0trCmQHPlTAflgCiNOsh08uZRSOI 61i0PMKKvDEewz15vsm/1rVsayCUSRPwcQiYuBk2qrC1KJHhURnsft7feNZuvpnrWn5M44 jn8mbfLbPTBJpQDDk+CVuk+WxpjgI9H0cO5ohHY4IjJQe3TToAAAHgOpBslOQ3NflITsMY OuqpBvH2obR5/w+FGSrQ3QYYUxvZXedXPsbvkn1hQ1IGfb1WIL6X41oxXkDrDavT1HqZLf KQSj8pTXyOZ4acun5aN8R4DXPZ7rXDOsFQelSRvS9B0IvMn3+vjKeFdUjGEd4xPTneWXxl 6ci2Em1ed2bpg/X+cRzgZmNUy7bC9Caq0RoZsmrR6n15s5ji9ynjHD0EqDoPnYm3rifMgG 51cqtw+07Kmhl7AkEt+7CZzx+obAjMtmYk3f4MKjKyn93Y8++XlpX0jEp+0IesROG+kcYb E3VGWAI5L+6/0VFDssK2nPEtIZHj71efvhPqMlGA6/ZXa12qNOyVcXE6/eEhTRR+4iJPx6 dtiYAs8VffS3Ez5EEjPaWoOoDNr9nlWGU78ul3OWvB5dEJb4e+G7p08K3EjMZPccny4JR7 u9DZvwCneEfCRjUxFCyEIWPmaU14Kse2n7Kn3YYgcoMZAV0rHZX4mhqdbM0deBdoI6J+Y6 EVaqm8plPWYHk8fjWRxcPKkDo78PxgGiH1PVRn5zdqyOVr9g3xsNOcZBQ+5LIkW4N5D0l3 T8E49Q18hfgpjTWT2L+c7qa/84UhvI7OV03U1gPxXURC8bp6yJyhKR+zgrfdFKDS -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-dss AAAAB3NzaC1kc3MAAACBAJJjbxnS2+MuAf5iQ2EaDHTuBketGLe4Y7/k5aQXEJw9d1SvndcTCy8nYA4gSVS3BMz0zGl3qHmgoNZtkFfSWSf3xw3SsmK9BNP+kW4hdax00qKLt7SC7WCRDRTBCaZdCXucB9cq6VWhSb4U4vXEW/Z5weKgqJqsQFghJduDkSu3AAAAFQC1OHEBctoh4j3qoF7OhMCzi8ZRywAAAIEAkEvKwAJWP+qvqx2dHD2oROgDujKBrqYbdUlG3+Sl7Qp9UxYucrZBzps7Wbfc45y79duq/zVWKnkhNVrEUgwDSY0UaUD4j0GYM0j0LUzBVRNebxScjWeizMy+6aFTwrG3SkBunrt2C7AoR/AYC+aTaNPCj3FyaYN0XeXNDfnCsUwAAACARj9SQC9fd2Vlhn7lgrqpYI7k0trCmQHPlTAflgCiNOsh08uZRSOI61i0PMKKvDEewz15vsm/1rVsayCUSRPwcQiYuBk2qrC1KJHhURnsft7feNZuvpnrWn5M44jn8mbfLbPTBJpQDDk+CVuk+WxpjgI9H0cO5ohHY4IjJQe3TTo=" set source built-in next edit "Fortinet_SSH_ECDSA256" set password ENC k2ME4O1FuuLMsvcYdHtwdhCOrin2kR86eIVMa1DU+hO2UhlLUhHRGitKERFJ1xSylcGbOVAYGrs61W5d+B1iclwvPam74Z3tNsgmUPWr44dJocoiQLuLw71DB1DpYGzao0BNwvdyXAJCvS8aFOaoj2tAz+JvdYpUi6CdSAUbNP9oU6iKDKt8tFr5YBQx1Hl+Eo9yvw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAaRIYnwu TWWPo0dt4pa8eHAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz dHAyNTYAAABBBIYE67MOaXGAVs3feRGqnMNfiDv9F/6VbZuM+4BJr6lEJo2T7cz/V8Iv+s yRPo0phL2Twt1fDGvSWFF59gQ8iDwAAACg0y3xLv61P1yiCr7EwdH38QatL8n0+k0ccACE fxWD5K0yH6szssah9NPU3sSS4hzXEmuoTmFEfIJvMqPBy2Xyk/PP1WQGsAZ7C9EX0qiElc Wrs7eZCS18T4tMq0kTxQyt2tMfXtORtxCSCtDUr/QRz1bgAIucjP7gNgYnQj2cGjN+1Mmj atXj1HMue5YhjRgoqAK70L2L9ttP3bL1bforHw== -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIYE67MOaXGAVs3feRGqnMNfiDv9F/6VbZuM+4BJr6lEJo2T7cz/V8Iv+syRPo0phL2Twt1fDGvSWFF59gQ8iDw=" set source built-in next edit "Fortinet_SSH_ECDSA384" set password ENC k2ME4H9pQ9z5O09WZMaZrHLwZMJEcMsUviFOcm0LKhVRzar4ogbecvpZ8qx8KYaxYDlbMWk7vewZBqaka2mSvmapssmYuiDm6GbI7DGZdQZSrpmknVPVbqk86/QAJ3GzgHbXI1uT+O9mDI6azNe+6SdMyZ+cFiyg4VeF9bmJv8Js/V4r+dlen8Whf5x7tKeNy19+KA== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCBj/F2kS oZru/9Px8S+weDAAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz dHAzODQAAABhBHxCnHB7p5OLX/NuxEV8GU8LnL3DqFs0jwYelPScNQd+d2F/6Ea7SsKhj4 4aYuMov9fqGwEaBdV/9q+ODwTYRSKqxtE89O5434eV7f2qSdZq5kRgMvQvxBje6RxFNGAA UwAAANBWaSWpDxQOUkRvdD42VbPeYLF9SMf66osZYjzCbo6+eq1EiphOdcFBAcy8ajfjAY ui3vf33kdVZYOh2inl0xZCu8iz2m8WX4Xk5O09JiMuOq4p2IIUq7MnAwpthAtyXzWz0Hpe F7CCsDMmfbBFnv295ZPE0qY/+/OiLQYQK2bO3r6AZgeA6GopzwA2102WdAPj5/YzBDxMnu jBzciVYB2oE0eSPdzIPMM0QhQAtX6rI92JTxNAL6j504j6YrO3s/jooRtnsRz9g0HtvSjQ YxWn -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHxCnHB7p5OLX/NuxEV8GU8LnL3DqFs0jwYelPScNQd+d2F/6Ea7SsKhj44aYuMov9fqGwEaBdV/9q+ODwTYRSKqxtE89O5434eV7f2qSdZq5kRgMvQvxBje6RxFNGAAUw==" set source built-in next edit "Fortinet_SSH_ECDSA521" set password ENC k2ME4PR8Nm/Bi61k9v/tT5/wQXmLzuzmojubPbGjlmUXHxCNny+HIUwVufob9hBc1KxnigWzT6M6eNl45pjXO2ATl+eU4GwDO6BFIoes+GU/3V34CTIYiBGFZ0Z4coVkpUR7dG1EUtWWIBjsrNHmQESdlq6kughi4Czo382Elhr20vccN0bShJnntY5OXnRcyFDhdQ== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB51ngMYf pT5HgVTRbff6XlAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz dHA1MjEAAACFBADfgrLSSIyJ37CbvCU+yCrrGG9tkkPcl5P6K6PKEQKp+4P7LodTYtkN2L 9GGdUsXsyva/JiTysaa4fJT2JCUowX+gA4MwFDB0A1IRS3nzhXpkD2lTCuKeZbII+CVZoo CTkTErQU63ZkabNz+DhROBe1vSo2x1VkjkyNY1WWYi3MdNVIJQAAAQACN+qIbdvFefq0BS GuYDSt1+8rAwVRzf0lkC+FCCCYkhhHRVmdv992lZ0XR6eR3SddB2pSK8ZC/qP0SCdY020f b2RczP54nbr46Dqr/BNHoEJsfnX/l6E7ojX4b/Gps+RpJaU+YSfuUU94JLKBf4KgAkV7jk Gr3+gk3Se/dgASO/thbZRCaWfA1IhI0L7364ioKTW9T/J+6Ltw/9j0YoTkqscm4TIpYOKK wg1LxVcJA/wMExUU5QdKQ+bElYhvbtk7UExcOeUTOCUIBe6de/LW3I9rakQGkGlVdLmilB DXTwSUZzKD63YFor9/0AZj25ctTczG3f+Rra1eI7o4HEe2 -----END OPENSSH PRIVATE KEY----- " set public-key "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADfgrLSSIyJ37CbvCU+yCrrGG9tkkPcl5P6K6PKEQKp+4P7LodTYtkN2L9GGdUsXsyva/JiTysaa4fJT2JCUowX+gA4MwFDB0A1IRS3nzhXpkD2lTCuKeZbII+CVZooCTkTErQU63ZkabNz+DhROBe1vSo2x1VkjkyNY1WWYi3MdNVIJQ==" set source built-in next edit "Fortinet_SSH_ED25519" set password ENC Bv/6AaWMymvm6vT43ojvk8nObsfopCAWDLIJsGr6XcgGExAsHs6+iqL6qHWQ6spox7HDm0+Na6+60xK4tDr+EZmbZ5TVo9+eAM89HmLZwUxSPj0/ykcq34h7P8Yu1ufj4o9m+ySes2ok3k8WPi5SOsFAYB1H0SQD2it3D2EFhVNNelPxlnmgLmF2KEk3LFYkNGjGGg== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCEyy+PDE dZy4DJyO89p/GsAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIA63uERGvFz/lxba lYDe/NGyoU7aYPxsErxR9745LdnKAAAAkFHNjg6JUFmoqZNJehSehukG6ybdWEjTDyeh7w wxNXBzPUQYVurU1iAk/udItZq+S1eMWEi+BMgpEhlZgvlvlFTvW4lxSdUazOEC0HGWiiVW P3ekMJW8pNOnTOc+tjaZRmZz03TjOd+8LRW+P5+kfx5OMm/EvfWpYFP2SzA+XZ26sFDnOe GppuBDJh1X+x33PQ== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA63uERGvFz/lxbalYDe/NGyoU7aYPxsErxR9745LdnK" set source built-in next end config firewall ssh local-ca edit "Fortinet_SSH_CA" set password ENC oMcAAbqavKnf6eIuRNeFzI7zVT81lcd3+R7JkqhDbZ2B5IbU6m7S03UfRdFVfd4kKHR9Ay8AiOwqo5kWt2RbfvU1xSpiMz6wxLFN4lTKjdmVyTHLn2QIGUJJ0700PwN3M3M1L1baNh1whM/5kdS89ceUFYrYfAGhoYBxERizDm37Yjcl4x5cwe1Zp3G/ui5LxVmmgA== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA3LuiNec izyRQDYE/rGLBeAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDtFHQsHk+Z en8jYXn505fTvT+ASpA8mnQcfg3h0BbnPxEZnBBAmmK7aLy4iAey9KGUJPQNsG7RtLUsYi 4ftqmkoc6NpBzmIAmXBVruTQ9R2aRlBK4UVXP5WEck5dcBTF0UYZFn/lX/k+lFOgxo3fB/ wsyeahviOWtdkBBt2IppwAoo3/p8rAwdI84z5iK8jrgXtpveKdNLRpFDhs+WSUhUdCcQYW YWv4c79oNbFLt2O8Q1j8i9dKaRloTrAJlYOX5OxLP+iC+0dcn/FssOEB404GdHOP3wRkaU +STte1Y7J2MwNLHETcowYmNC9duW+cJ1gHZmTEaZTWi/hLdhuNupAAADwKs3rmAQdizSsg FhxUYVcylop/T0iuTY6gegNA2YIYqhlH1U0mPVh0RUp4h7jQyBB63aP0ikFqmLBq5jEYMt FTdqdXljAZEiWyb7j5TsVDbe5ndNpsNrzbtZP5NWj0y56DvaBKt1Rz0vmZ8vT1HYlUf6TR mEcUs19sRQ5O8eCA6CxRaDGinmdZXn+h5nncn5x3pI87mvi/62CcLE9P/VGqiWI2zfX/eS 8FoNjtQ6VXb6czM7TSCPXFX2u7GbB3G8t/Lc45evQ/g68p2mGVmun15GLS23LdHeqsg9h6 8K3RUVY0fbAEJQ1iwodvh1K4cJYGir6I5QVV6n3CtwTIbGpg/LIBVCXa6+YWkshGWnUJyg kyYoklqO4R6vu9JVHiDrMDzZioEEWj++OAIE/lZC+XhKEXpjMPpd1HnDJt87O5rX3cKL2F 7HMblkpQjstimhWbSGzdai4iyVOUUFqChgb0R0emkVmHHXn/I5Tc3WQgNyknQHs3UTJF24 sekqoT95h6GARttD2bKg4MVrjumVUQt0/Mbv0GMXquSiJRwc4xBVRX+iq/S97z1Fsmx+XF 72jw0JggJKe9Sw4Kpru3KL3BxerjBY6Z7XBNDGCqQ7TuatYNtrzDcfRjgx2UL4h8lFKM8e cm3k/WJkdc3TFDg6fuaENduXopIxt5y2Mc/lgNl+wbz99jHkE+9ub5D/t/hKjDHTT0upC6 JyUvP7LGwYVD8GG9LMWTt9KZ4trXv+cgJ6Cga2ySHcF6I9JNoUgfi1hufygXAOr9UTQ3dD 42uSFybN04nnU73EbPWocleiD6o7ZTMToYYGqSXmcy3+C3vFjPaNjZImALs0b0GTkU48qn QNDrdHR7KGk01bzzvPDDf4zykQmIxKsyQ59jFwRtQEVLufU4QSChRlJ62VDAqA3m73ujOn IvITCq9BOD1ygv29jgp34nsPHwNXtGP1/B1tU58R+YIoDXwtbL2UeiJEWGpbhGi31BlJG1 2DTKpAJftss/Gwy/LE/SVi21jtMDRGp5WQ51XaBxrcWatJVUWkf+A0dWhtqAF45rawj1NS cj6DxvENtINZox3KJ1ydqqTQsMxqK3L66i7iFgJktnTzYNjc/yykOYmI8v4Ut65gK6REqN olsRDhe0tbIoNTBto6nn+JsyqD4p+uMRTdn0L6Yb6daNGOzyE5gFQSEDfKDulRopHOtmM/ hnfFdAhQnkNCMBiP4IgCuMpcHcUYFEYqEU9B2LcJPAgG1/Jeru553hLaqcSYhEpdJucGja n2Q3oZAA== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtFHQsHk+Zen8jYXn505fTvT+ASpA8mnQcfg3h0BbnPxEZnBBAmmK7aLy4iAey9KGUJPQNsG7RtLUsYi4ftqmkoc6NpBzmIAmXBVruTQ9R2aRlBK4UVXP5WEck5dcBTF0UYZFn/lX/k+lFOgxo3fB/wsyeahviOWtdkBBt2IppwAoo3/p8rAwdI84z5iK8jrgXtpveKdNLRpFDhs+WSUhUdCcQYWYWv4c79oNbFLt2O8Q1j8i9dKaRloTrAJlYOX5OxLP+iC+0dcn/FssOEB404GdHOP3wRkaU+STte1Y7J2MwNLHETcowYmNC9duW+cJ1gHZmTEaZTWi/hLdhuNup" set source built-in next edit "Fortinet_SSH_CA_Untrusted" set password ENC oMcAAWg3AkvDTNuScDETHK+9pHd5tOZJ0YNpQibU6wyMGmSP/aSDpyuztzp93BbtrRsCY6n6RwpYyjm33x6neoLOkBtcJJvEyqeKEpGN5kE+kSqHeCa8x2Gr97/qNpMD+c+cPQk8wXWzIsGVRFWiGl8MekCpuVbF0t/DMAqkJes42Sw8FHnu0Z+hhGi++Sim/4u0Nw== set private-key "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCtTmX91k XKlCWrbQnq+Qm4AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCpt/xME0tA wAUBYUlCbSGs1yROQ+mHF2D4I7rJl+j4UIagNj8ftYRKOF6uQmr4If95S9zCD/FH4Rdjl4 ZmFhAdrFCwz89RoFz2PT76cje5oshiW5ZJQyX5idmufnnmUWwtngu6gBltM83vFthzW+Js iO7mlD93T4b/M2Hs0pI2tHstsPL5EYS3Zce9J9gsp6TGj0784IUYynGFS0u0344E14WVxF wlvvMlIJSNRQF7SC88AsKRntTIacpfguFRcVxy08PoMaGeYflYnsWIcclnlZX91srP0LW+ CN3i5J8Za7ZNNkHQb08ymiXF/Kats+zsdKj7uJK9QV2D52mztly/AAADwEZIxchtIJN3O7 MWtSttQYfuqMxEBCTZGt32fOX+9sWM4lMN9pgx/rVHQl8mPUo+U0NrDysp3FBsXABckrJN Vu+lyZow+mK7VCNBk7tTUqEjNxa5cTxMElLONynYPM4AgcEdvm4dsBAigkvqL4NeVbwDYG 8gvP/Lc0/XoOe3GAN58wYZN3sfXfzP7ZoUwY7SRKSzmCgttd/bKnmmdx1wXB7pmK1H5FTI 7E8VK1CwD1fBmGV1de1+/hP0D2iAzlJcYagStd6RFxXzgQDEcauDyP6Ed4QiIzGO/sQXv9 ggJ841H07vbYb7Y3PA72I1cokA6yE8pka1mDEqTQe3ZBTW35lzM/46/yV1Is+4p1p/Tk5d Z4aIYj6HFfF3H9YuMBl2+uUbt4lv+svcx+GtNqj0U0GHFaOxLHxBeslN4NyxWQMGh3h5l3 TrbkkL2l5X0EK2ZoJJQa+8VTITuKMW5Yeyo8C6yceE5qOULafGhKlKmD2YFfV/1WeLZyCt 6R8M2lRm21JR2gTqXtQfgYZ7Ohpy0RNhCe/MV4MROKvK1l5GyZMjNWRYhVrjhDFjx7I2rS UHNZ91Gdwjy4QKkneEII+tahiiEc/wVPRyy4SGTh0JBvt/1oOYDL2AHZ0UMCV+KDKtB+hH hTAtZI4hWgBHnDZbQuHqYqLbbtmwxtqn+HXd3dZP5s801Z5OFvjOJ9S/KOqSUQ2pD0jUzb /695DiLPEL7H+/BgiiXCDAYh0ik4Y6Lx9nsyzj2mnzJosGBqkZHweI9304ypqbTXQNVfU3 NFbxji67ONsMdGRoRWNJBqhwNiSM/Ek1XzgeiquTIeuoSQH3UJKp4D6G2ezzzKXCInCB5X iNrOjU1mIgtl/knTyW/54pH+CSJGD1++F1TwynUoQnBHVkEBbusW/kDN2pDKUMM8i2tkOI K/Cc9vAnZI2r89zQ9M8Jgs6JyYQ+k1KQm3xjM77fbq2rXB//b+D4Yh2P1GvUX+V/cZqmoS AXMbtzuZBB+r8RUm85uF8m4frJhs5oXqaME12RwNy3Aqj+6C8T7cXhiwgBnOGg/M/oimKA YHEHJMVPQPEMZqWxdSjzxW6gpLO2ywUt3IEwdpc+Z90NBJWas5bbSZickiSve6IIPoLIhp jtBfgpRWoL+UEKsGJyYM31EtWoPtbUYA6JnmqIhdZhmDNlkFDOKStSXBnoSeUlpb2Ulafv 3SSBoQGPIpAX1Ys1hXxizbeIciQz1jjkWBFr+yJIB3XIMmCefsYj5uQEvG+B+DbuaDM7tf 8N8OaNng== -----END OPENSSH PRIVATE KEY----- " set public-key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpt/xME0tAwAUBYUlCbSGs1yROQ+mHF2D4I7rJl+j4UIagNj8ftYRKOF6uQmr4If95S9zCD/FH4Rdjl4ZmFhAdrFCwz89RoFz2PT76cje5oshiW5ZJQyX5idmufnnmUWwtngu6gBltM83vFthzW+JsiO7mlD93T4b/M2Hs0pI2tHstsPL5EYS3Zce9J9gsp6TGj0784IUYynGFS0u0344E14WVxFwlvvMlIJSNRQF7SC88AsKRntTIacpfguFRcVxy08PoMaGeYflYnsWIcclnlZX91srP0LW+CN3i5J8Za7ZNNkHQb08ymiXF/Kats+zsdKj7uJK9QV2D52mztly/" set source built-in next end config firewall ssh setting set caname "Fortinet_SSH_CA" set untrusted-caname "Fortinet_SSH_CA_Untrusted" set hostkey-rsa2048 "Fortinet_SSH_RSA2048" set hostkey-dsa1024 "Fortinet_SSH_DSA1024" set hostkey-ecdsa256 "Fortinet_SSH_ECDSA256" set hostkey-ecdsa384 "Fortinet_SSH_ECDSA384" set hostkey-ecdsa521 "Fortinet_SSH_ECDSA521" set hostkey-ed25519 "Fortinet_SSH_ED25519" end config switch-controller security-policy 802-1X edit "802-1X-policy-default" set user-group "SSO_Guest_Users" set mac-auth-bypass disable set open-auth disable set eap-passthru enable set guest-vlan disable set auth-fail-vlan disable set framevid-apply enable set radius-timeout-overwrite disable next end config switch-controller security-policy local-access edit "default" set mgmt-allowaccess https ping ssh set internal-allowaccess https ping ssh next end config switch-controller lldp-profile edit "default" set med-tlvs inventory-management network-policy location-identification set auto-isl disable config med-network-policy edit "voice" next edit "voice-signaling" next edit "guest-voice" next edit "guest-voice-signaling" next edit "softphone-voice" next edit "video-conferencing" next edit "streaming-video" next edit "video-signaling" next end config med-location-service edit "coordinates" next edit "address-civic" next edit "elin-number" next end next edit "default-auto-isl" next end config switch-controller qos dot1p-map edit "voice-dot1p" set priority-0 queue-4 set priority-1 queue-4 set priority-2 queue-3 set priority-3 queue-2 set priority-4 queue-3 set priority-5 queue-1 set priority-6 queue-2 set priority-7 queue-2 next end config switch-controller qos ip-dscp-map edit "voice-dscp" config map edit "1" set cos-queue 1 set value 46 next edit "2" set cos-queue 2 set value 24,26,48,56 next edit "5" set cos-queue 3 set value 34 next end next end config switch-controller qos queue-policy edit "default" set schedule round-robin set rate-by kbps config cos-queue edit "queue-0" next edit "queue-1" next edit "queue-2" next edit "queue-3" next edit "queue-4" next edit "queue-5" next edit "queue-6" next edit "queue-7" next end next edit "voice-egress" set schedule weighted set rate-by kbps config cos-queue edit "queue-0" next edit "queue-1" set weight 0 next edit "queue-2" set weight 6 next edit "queue-3" set weight 37 next edit "queue-4" set weight 12 next edit "queue-5" next edit "queue-6" next edit "queue-7" next end next end config switch-controller qos qos-policy edit "default" next edit "voice-qos" set trust-dot1p-map "voice-dot1p" set trust-ip-dscp-map "voice-dscp" set queue-policy "voice-egress" next end config switch-controller storm-control-policy edit "default" set description "default storm control on all port" next edit "auto-config" set description "storm control policy for fortilink-isl-icl port" set storm-control-mode disabled next end config switch-controller auto-config policy edit "default" next edit "default-icl" set poe-status disable set igmp-flood-report enable set igmp-flood-traffic enable next end config switch-controller switch-profile edit "default" next end config switch-controller remote-log edit "syslogd" next edit "syslogd2" next end config wireless-controller setting set darrp-optimize-schedules "default-darrp-optimize" end config wireless-controller wids-profile edit "default" set comment "Default WIDS profile." set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default-wids-apscan-enabled" set ap-scan enable next end config wireless-controller wtp-profile edit "FAP23JF-default" config platform set type 23JF set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11ax end config radio-2 set band 802.11ax-5G end config radio-3 set mode monitor end next edit "FAP234F-default" config platform set type 234F set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11ax end config radio-2 set band 802.11ax-5G end config radio-3 set mode monitor end next edit "FAP231F-default" config platform set type 231F set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11ax end config radio-2 set band 802.11ax-5G end config radio-3 set mode monitor end next edit "FAP433F-default" config platform set type 433F set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11ax end config radio-2 set band 802.11ax-5G end config radio-3 set mode monitor end next edit "FAP432F-default" config platform set type 432F set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11ax end config radio-2 set band 802.11ax-5G end config radio-3 set mode monitor end next edit "FAP431F-default" config platform set type 431F set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11ax end config radio-2 set band 802.11ax-5G end config radio-3 set mode monitor end next edit "FAP231E-default" config platform set type 231E set ddscan enable end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end config radio-3 set mode monitor end next edit "FAPU433F-default" config platform set type U433F set mode dual-5G end set handoff-sta-thresh 30 config radio-1 set band 802.11ax-5G set band-5g-type 5g-low end config radio-2 set band 802.11ax-5G set band-5g-type 5g-high end config radio-3 set band 802.11n,g-only end next edit "FAPU431F-default" config platform set type U431F set mode dual-5G end set handoff-sta-thresh 30 config radio-1 set band 802.11ax-5G set band-5g-type 5g-low end config radio-2 set band 802.11ax-5G set band-5g-type 5g-high end config radio-3 set band 802.11n,g-only end next edit "FAPU323EV-default" config platform set type U323EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU321EV-default" config platform set type U321EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU24JEV-default" config platform set type U24JEV end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU223EV-default" config platform set type U223EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU221EV-default" config platform set type U221EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU423E-default" config platform set type U423E end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU422EV-default" config platform set type U422EV end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPU421E-default" config platform set type U421E end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP321E-default" config platform set type 321E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS223E-default" config platform set type S223E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS221E-default" config platform set type S221E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP224E-default" config platform set type 224E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223E-default" config platform set type 223E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP222E-default" config platform set type 222E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP221E-default" set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP423E-default" config platform set type 423E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP421E-default" config platform set type 421E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS423E-default" config platform set type S423E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS422E-default" config platform set type S422E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS421E-default" config platform set type S421E end set handoff-sta-thresh 55 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS323CR-default" config platform set type S323CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322CR-default" config platform set type S322CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321CR-default" config platform set type S321CR end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS313C-default" config platform set type S313C end set handoff-sta-thresh 30 config radio-1 set band 802.11ac end next edit "FAPS311C-default" config platform set type S311C end set handoff-sta-thresh 30 config radio-1 set band 802.11ac end next edit "FAPS323C-default" config platform set type S323C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS322C-default" config platform set type S322C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAPS321C-default" config platform set type S321C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP321C-default" config platform set type 321C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP223C-default" config platform set type 223C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP112D-default" config platform set type 112D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP24D-default" config platform set type 24D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP21D-default" config platform set type 21D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FK214B-default" config platform set type 214B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP224D-default" config platform set type 224D end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP222C-default" config platform set type 222C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP25D-default" config platform set type 25D end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP221C-default" config platform set type 221C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP320C-default" config platform set type 320C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11ac end next edit "FAP28C-default" config platform set type 28C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP223B-default" config platform set type 223B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP14C-default" config platform set type 14C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP11C-default" config platform set type 11C end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP320B-default" config platform set type 320B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "FAP112B-default" config platform set type 112B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP222B-default" config platform set type 222B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end config radio-2 set band 802.11n-5G end next edit "FAP210B-default" config platform set type 210B end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next edit "FAP220B-default" config platform set type 220B end set handoff-sta-thresh 30 config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n,g-only end next edit "AP-11N-default" config platform set type AP-11N end set handoff-sta-thresh 30 config radio-1 set band 802.11n,g-only end next end config wireless-controller utm-profile edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." set ips-sensor "wifi-default" set application-list "wifi-default" set antivirus-profile "wifi-default" set webfilter-profile "wifi-default" next end config log memory setting set status enable end config log null-device setting set status disable end config log setting set local-in-allow enable set local-in-deny-unicast enable set local-in-deny-broadcast enable set local-out enable end config router rip config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router ripng config redistribute "connected" end config redistribute "static" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "isis" end end config router static edit 1 set gateway 61.216.60.254 set device "wan" next end config router ospf config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router ospf6 config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end config router bgp config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "static" end config redistribute "isis" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "static" end config redistribute6 "isis" end end config router isis config redistribute "connected" end config redistribute "rip" end config redistribute "ospf" end config redistribute "bgp" end config redistribute "static" end config redistribute6 "connected" end config redistribute6 "rip" end config redistribute6 "ospf" end config redistribute6 "bgp" end config redistribute6 "static" end end config router multicast end