config system global set timezone 04 set admintimeout 480 set admin-server-cert "Fortinet_Firmware" set fgd-alert-subscription advisory latest-threat set hostname "FortiGate-VM64-HV" end config system accprofile edit prof_admin set vpngrp read-write set utmgrp read-write set authgrp read-write set wifi read-write set sysgrp read-write set loggrp read-write set mntgrp read-write set netgrp read-write set admingrp read-write set fwgrp read-write set wanoptgrp read-write set updategrp read-write set routegrp read-write set endpoint-control-grp read-write next end config system interface edit port1 set ip 192.168.137.154 255.255.255.0 set type physical set vdom "root" set allowaccess ping https ssh http fgfm next edit port2 set type physical set vdom "root" next edit port3 set type physical set vdom "root" next edit port4 set type physical set vdom "root" next edit port5 set type physical set vdom "root" next edit port6 set type physical set vdom "root" next edit port7 set type physical set vdom "root" next edit port8 set type physical set vdom "root" next edit ssl.root set alias "SSL VPN interface" set type tunnel set vdom "root" next end config system custom-language edit en set filename "en" next edit fr set filename "fr" next edit sp set filename "sp" next edit pg set filename "pg" next edit x-sjis set filename "x-sjis" next edit big5 set filename "big5" next edit GB2312 set filename "GB2312" next edit euc-kr set filename "euc-kr" next end config system admin edit admin set accprofile "super_admin" set vdom "root" config dashboard-tabs edit 1 set name "Status" next end config dashboard edit 1 set column 1 set tab-id 1 next edit 2 set column 1 set widget-type licinfo set tab-id 1 next edit 3 set column 1 set widget-type jsconsole set tab-id 1 next edit 4 set column 2 set widget-type sysres set tab-id 1 next edit 5 set column 2 set widget-type gui-features set tab-id 1 next edit 6 set column 2 set top-n 10 set widget-type alert set tab-id 1 next end next end config system ha set override disable end config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system replacemsg-image edit logo_fnet set image-base64 '' set image-type gif next edit logo_fguard_wf set image-base64 '' set image-type gif next edit logo_fw_auth set image-base64 '' set image-type png next edit logo_v2_fnet set image-base64 '' set image-type png next edit logo_v2_fguard_wf set image-base64 '' set image-type png next edit logo_v2_fguard_app set image-base64 '' set image-type png next end config system replacemsg mail email-block end config system replacemsg mail email-dlp-subject end config system replacemsg mail email-dlp-ban end config system replacemsg mail email-filesize end config system replacemsg mail partial end config system replacemsg mail smtp-block end config system replacemsg mail smtp-filesize end config system replacemsg http bannedword end config system replacemsg http url-block end config system replacemsg http urlfilter-err end config system replacemsg http infcache-block end config system replacemsg http http-block end config system replacemsg http http-filesize end config system replacemsg http http-dlp-ban end config system replacemsg http http-archive-block end config system replacemsg http http-contenttypeblock end config system replacemsg http https-invalid-cert-block end config system replacemsg http http-client-block end config system replacemsg http http-client-filesize end config system replacemsg http http-client-bannedword end config system replacemsg http http-post-block end config system replacemsg http http-client-archive-block end config system replacemsg http switching-protocols-block end config system replacemsg webproxy deny end config system replacemsg webproxy user-limit end config system replacemsg webproxy auth-challenge end config system replacemsg webproxy auth-login-fail end config system replacemsg webproxy auth-authorization-fail end config system replacemsg webproxy http-err end config system replacemsg webproxy auth-ip-blackout end config system replacemsg ftp ftp-dl-blocked end config system replacemsg ftp ftp-dl-filesize end config system replacemsg ftp ftp-dl-dlp-ban end config system replacemsg ftp ftp-explicit-banner end config system replacemsg ftp ftp-dl-archive-block end config system replacemsg nntp nntp-dl-blocked end config system replacemsg nntp nntp-dl-filesize end config system replacemsg nntp nntp-dlp-subject end config system replacemsg nntp nntp-dlp-ban end config system replacemsg fortiguard-wf ftgd-block end config system replacemsg fortiguard-wf http-err end config system replacemsg fortiguard-wf ftgd-ovrd end config system replacemsg fortiguard-wf ftgd-quota end config system replacemsg fortiguard-wf ftgd-warning end config system replacemsg spam ipblocklist end config system replacemsg spam smtp-spam-dnsbl end config system replacemsg spam smtp-spam-feip end config system replacemsg spam smtp-spam-helo end config system replacemsg spam smtp-spam-emailblack end config system replacemsg spam smtp-spam-mimeheader end config system replacemsg spam reversedns end config system replacemsg spam smtp-spam-bannedword end config system replacemsg spam smtp-spam-ase end config system replacemsg spam submit end config system replacemsg im im-file-xfer-block end config system replacemsg im im-file-xfer-name end config system replacemsg im im-file-xfer-infected end config system replacemsg im im-file-xfer-size end config system replacemsg im im-dlp end config system replacemsg im im-dlp-ban end config system replacemsg im im-voice-chat-block end config system replacemsg im im-video-chat-block end config system replacemsg im im-photo-share-block end config system replacemsg im im-long-chat-block end config system replacemsg alertmail alertmail-virus end config system replacemsg alertmail alertmail-block end config system replacemsg alertmail alertmail-nids-event end config system replacemsg alertmail alertmail-crit-event end config system replacemsg alertmail alertmail-disk-full end config system replacemsg admin pre_admin-disclaimer-text end config system replacemsg admin post_admin-disclaimer-text end config system replacemsg auth auth-disclaimer-page-1 end config system replacemsg auth auth-disclaimer-page-2 end config system replacemsg auth auth-disclaimer-page-3 end config system replacemsg auth auth-reject-page end config system replacemsg auth auth-login-page end config system replacemsg auth auth-login-failed-page end config system replacemsg auth auth-token-login-page end config system replacemsg auth auth-token-login-failed-page end config system replacemsg auth auth-success-msg end config system replacemsg auth auth-challenge-page end config system replacemsg auth auth-keepalive-page end config system replacemsg auth auth-portal-page end config system replacemsg auth auth-password-page end config system replacemsg auth auth-fortitoken-page end config system replacemsg auth auth-next-fortitoken-page end config system replacemsg auth auth-email-token-page end config system replacemsg auth auth-sms-token-page end config system replacemsg auth auth-email-harvesting-page end config system replacemsg auth auth-email-failed-page end config system replacemsg auth auth-cert-passwd-page end config system replacemsg auth auth-guest-print-page end config system replacemsg auth auth-guest-email-page end config system replacemsg auth auth-success-page end config system replacemsg auth auth-block-notification-page end config system replacemsg sslvpn sslvpn-login end config system replacemsg sslvpn sslvpn-limit end config system replacemsg sslvpn hostcheck-error end config system replacemsg ec endpt-download-portal end config system replacemsg ec endpt-download-portal-mac end config system replacemsg ec endpt-download-portal-ios end config system replacemsg ec endpt-download-portal-aos end config system replacemsg ec endpt-download-portal-other end config system replacemsg device-detection-portal device-detection-failure end config system replacemsg nac-quar nac-quar-virus end config system replacemsg nac-quar nac-quar-dos end config system replacemsg nac-quar nac-quar-ips end config system replacemsg nac-quar nac-quar-dlp end config system replacemsg nac-quar nac-quar-admin end config system replacemsg traffic-quota per-ip-shaper-block end config system replacemsg utm virus-html end config system replacemsg utm virus-text end config system replacemsg utm dlp-html end config system replacemsg utm dlp-text end config system replacemsg utm appblk-html end config vpn certificate ca end config vpn certificate local edit Fortinet_CA_SSLProxy set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g== set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set certificate "-----BEGIN CERTIFICATE----- next edit Fortinet_SSLProxy set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA== set certificate "-----BEGIN CERTIFICATE----- next end config user device-category edit ipad next edit iphone next edit gaming-console next edit blackberry-phone next edit blackberry-playbook next edit linux-pc next edit mac next edit windows-pc next edit android-phone next edit android-tablet next edit media-streaming next edit windows-phone next edit windows-tablet next edit fortinet-device next edit ip-phone next edit router-nat-device next edit printer next edit other-network-device next edit collected-emails next edit all next end config system session-sync end config system fortiguard set webfilter-sdns-server-ip "208.91.112.220" end config ips global set default-app-cat-mask 18446744073474670591 end config ips dbinfo set version 1 end config gui console end config system session-helper edit 1 set protocol 6 set name pptp set port 1723 next edit 2 set protocol 6 set name h323 set port 1720 next edit 3 set protocol 17 set name ras set port 1719 next edit 4 set protocol 6 set name tns set port 1521 next edit 5 set protocol 17 set name tftp set port 69 next edit 6 set protocol 6 set name rtsp set port 554 next edit 7 set protocol 6 set name rtsp set port 7070 next edit 8 set protocol 6 set name rtsp set port 8554 next edit 9 set protocol 6 set name ftp set port 21 next edit 10 set protocol 6 set name mms set port 1863 next edit 11 set protocol 6 set name pmap set port 111 next edit 12 set protocol 17 set name pmap set port 111 next edit 13 set protocol 17 set name sip set port 5060 next edit 14 set protocol 17 set name dns-udp set port 53 next edit 15 set protocol 6 set name rsh set port 514 next edit 16 set protocol 6 set name rsh set port 512 next edit 17 set protocol 6 set name dcerpc set port 135 next edit 18 set protocol 17 set name dcerpc set port 135 next edit 19 set protocol 17 set name mgcp set port 2427 next edit 20 set protocol 17 set name mgcp set port 2727 next end config system auto-install set auto-install-config enable set auto-install-image enable end config system ntp set ntpsync enable set syncinterval 60 end config system settings end config firewall address edit SSLVPN_TUNNEL_ADDR1 set type iprange set end-ip 10.212.134.210 set start-ip 10.212.134.200 next edit all next edit none set subnet 0.0.0.0 255.255.255.255 next edit apple set type fqdn set fqdn "*.apple.com" next edit dropbox.com set type fqdn set fqdn "*.dropbox.com" next edit Gotomeeting set type fqdn set fqdn "*.gotomeeting.com" next edit icloud set type fqdn set fqdn "*.icloud.com" next edit itunes set type fqdn set fqdn "*itunes.apple.com" next edit android set type fqdn set fqdn "*.android.com" next edit skype set type fqdn set fqdn "*.messenger.live.com" next edit swscan.apple.com set type fqdn set fqdn "swscan.apple.com" next edit update.microsoft.com set type fqdn set fqdn "update.microsoft.com" next edit appstore set type fqdn set fqdn "*.appstore.com" next edit eease set type fqdn set fqdn "*.eease.com" next edit google-drive set type fqdn set fqdn "*drive.google.com" next edit google-play set type fqdn set fqdn "play.google.com" next edit google-play2 set type fqdn set fqdn "*.ggpht.com" next edit google-play3 set type fqdn set fqdn "*.books.google.com" next edit microsoft set type fqdn set fqdn "*.microsoft.com" next edit adobe set type fqdn set fqdn "*.adobe.com" next edit Adobe Login set type fqdn set fqdn "*.adobelogin.com" next edit fortinet set type fqdn set fqdn "*.fortinet.com" next edit googleapis.com set type fqdn set fqdn "*.googleapis.com" next edit citrix set type fqdn set fqdn "*.citrixonline.com" next edit verisign set type fqdn set fqdn "*.verisign.com" next edit Windows update 2 set type fqdn set fqdn "*.windowsupdate.com" next edit *.live.com set type fqdn set fqdn "*.live.com" next edit auth.gfx.ms set type fqdn set fqdn "auth.gfx.ms" next edit autoupdate.opera.com set type fqdn set fqdn "autoupdate.opera.com" next edit softwareupdate.vmware.com set type fqdn set fqdn "softwareupdate.vmware.com" next edit firefox update server set type fqdn set fqdn "aus*.mozilla.org" next end config firewall multicast-address edit all set end-ip 239.255.255.255 set start-ip 224.0.0.0 next edit all_hosts set end-ip 224.0.0.1 set start-ip 224.0.0.1 next edit all_routers set end-ip 224.0.0.2 set start-ip 224.0.0.2 next edit Bonjour set end-ip 224.0.0.251 set start-ip 224.0.0.251 next edit EIGRP set end-ip 224.0.0.10 set start-ip 224.0.0.10 next edit OSPF set end-ip 224.0.0.6 set start-ip 224.0.0.5 next end config firewall address6 edit SSLVPN_TUNNEL_IPv6_ADDR1 set ip6 fdff:ffff::/120 next edit all next edit none set ip6 ::/128 next end config firewall service category edit General set comment "General services." next edit Web Access set comment "Web access." next edit File Access set comment "File access." next edit Email set comment "Email services." next edit Network Services set comment "Network services." next edit Authentication set comment "Authentication service." next edit Remote Access set comment "Remote access." next edit Tunneling set comment "Tunneling service." next edit VoIP, Messaging & Other Applications set comment "VoIP, messaging, and other applications." next edit Web Proxy set comment "Explicit web proxy." next end config firewall service custom edit ALL set category "General" set protocol IP next edit ALL_TCP set category "General" set tcp-portrange 1-65535 next edit ALL_UDP set category "General" set udp-portrange 1-65535 next edit ALL_ICMP set category "General" set protocol ICMP next edit ALL_ICMP6 set category "General" set protocol ICMP6 next edit GRE set category "Tunneling" set protocol-number 47 set protocol IP next edit AH set category "Tunneling" set protocol-number 51 set protocol IP next edit ESP set category "Tunneling" set protocol-number 50 set protocol IP next edit AOL set visibility disable set tcp-portrange 5190-5194 next edit BGP set category "Network Services" set tcp-portrange 179 next edit DHCP set category "Network Services" set udp-portrange 67-68 next edit DNS set category "Network Services" set udp-portrange 53 set tcp-portrange 53 next edit FINGER set visibility disable set tcp-portrange 79 next edit FTP set category "File Access" set tcp-portrange 21 next edit FTP_GET set category "File Access" set tcp-portrange 21 next edit FTP_PUT set category "File Access" set tcp-portrange 21 next edit GOPHER set visibility disable set tcp-portrange 70 next edit H323 set category "VoIP, Messaging & Other Applications" set udp-portrange 1719 set tcp-portrange 1720 1503 next edit HTTP set category "Web Access" set tcp-portrange 80 next edit HTTPS set category "Web Access" set tcp-portrange 443 next edit IKE set category "Tunneling" set udp-portrange 500 4500 next edit IMAP set category "Email" set tcp-portrange 143 next edit IMAPS set category "Email" set tcp-portrange 993 next edit Internet-Locator-Service set visibility disable set tcp-portrange 389 next edit IRC set category "VoIP, Messaging & Other Applications" set tcp-portrange 6660-6669 next edit L2TP set category "Tunneling" set udp-portrange 1701 set tcp-portrange 1701 next edit LDAP set category "Authentication" set tcp-portrange 389 next edit NetMeeting set visibility disable set tcp-portrange 1720 next edit NFS set category "File Access" set udp-portrange 111 2049 set tcp-portrange 111 2049 next edit NNTP set visibility disable set tcp-portrange 119 next edit NTP set category "Network Services" set udp-portrange 123 set tcp-portrange 123 next edit OSPF set category "Network Services" set protocol-number 89 set protocol IP next edit PC-Anywhere set category "Remote Access" set udp-portrange 5632 set tcp-portrange 5631 next edit PING set category "Network Services" set protocol ICMP set icmptype 8 next edit TIMESTAMP set protocol ICMP set visibility disable set icmptype 13 next edit INFO_REQUEST set protocol ICMP set visibility disable set icmptype 15 next edit INFO_ADDRESS set protocol ICMP set visibility disable set icmptype 17 next edit ONC-RPC set category "Remote Access" set udp-portrange 111 set tcp-portrange 111 next edit DCE-RPC set category "Remote Access" set udp-portrange 135 set tcp-portrange 135 next edit POP3 set category "Email" set tcp-portrange 110 next edit POP3S set category "Email" set tcp-portrange 995 next edit PPTP set category "Tunneling" set tcp-portrange 1723 next edit QUAKE set udp-portrange 26000 27000 27910 27960 set visibility disable next edit RAUDIO set udp-portrange 7070 set visibility disable next edit REXEC set visibility disable set tcp-portrange 512 next edit RIP set category "Network Services" set udp-portrange 520 next edit RLOGIN set visibility disable set tcp-portrange 513:512-1023 next edit RSH set visibility disable set tcp-portrange 514:512-1023 next edit SCCP set category "VoIP, Messaging & Other Applications" set tcp-portrange 2000 next edit SIP set category "VoIP, Messaging & Other Applications" set udp-portrange 5060 set tcp-portrange 5060 next edit SIP-MSNmessenger set category "VoIP, Messaging & Other Applications" set tcp-portrange 1863 next edit SAMBA set category "File Access" set tcp-portrange 139 next edit SMTP set category "Email" set tcp-portrange 25 next edit SMTPS set category "Email" set tcp-portrange 465 next edit SNMP set category "Network Services" set udp-portrange 161-162 set tcp-portrange 161-162 next edit SSH set category "Remote Access" set tcp-portrange 22 next edit SYSLOG set category "Network Services" set udp-portrange 514 next edit TALK set udp-portrange 517-518 set visibility disable next edit TELNET set category "Remote Access" set tcp-portrange 23 next edit TFTP set category "File Access" set udp-portrange 69 next edit MGCP set udp-portrange 2427 2727 set visibility disable next edit UUCP set visibility disable set tcp-portrange 540 next edit VDOLIVE set visibility disable set tcp-portrange 7000-7010 next edit WAIS set visibility disable set tcp-portrange 210 next edit WINFRAME set visibility disable set tcp-portrange 1494 2598 next edit X-WINDOWS set category "Remote Access" set tcp-portrange 6000-6063 next edit PING6 set protocol ICMP6 set visibility disable set icmptype 128 next edit MS-SQL set category "VoIP, Messaging & Other Applications" set tcp-portrange 1433 1434 next edit MYSQL set category "VoIP, Messaging & Other Applications" set tcp-portrange 3306 next edit RDP set category "Remote Access" set tcp-portrange 3389 next edit VNC set category "Remote Access" set tcp-portrange 5900 next edit DHCP6 set category "Network Services" set udp-portrange 546 547 next edit SQUID set category "Tunneling" set tcp-portrange 3128 next edit SOCKS set category "Tunneling" set udp-portrange 1080 set tcp-portrange 1080 next edit WINS set category "Remote Access" set udp-portrange 1512 set tcp-portrange 1512 next edit RADIUS set category "Authentication" set udp-portrange 1812 1813 next edit RADIUS-OLD set udp-portrange 1645 1646 set visibility disable next edit CVSPSERVER set udp-portrange 2401 set visibility disable set tcp-portrange 2401 next edit AFS3 set category "File Access" set udp-portrange 7000-7009 set tcp-portrange 7000-7009 next edit TRACEROUTE set category "Network Services" set udp-portrange 33434-33535 next edit RTSP set category "VoIP, Messaging & Other Applications" set udp-portrange 554 set tcp-portrange 554 7070 8554 next edit MMS set udp-portrange 1024-5000 set visibility disable set tcp-portrange 1755 next edit KERBEROS set category "Authentication" set udp-portrange 88 set tcp-portrange 88 next edit LDAP_UDP set category "Authentication" set udp-portrange 389 next edit SMB set category "File Access" set tcp-portrange 445 next edit NONE set visibility disable set tcp-portrange 0 next edit webproxy set category "Web Proxy" set explicit-proxy enable set protocol ALL set tcp-portrange 0-65535:0-65535 next end config firewall service group edit Email Access set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" next edit Web Access set member "DNS" "HTTP" "HTTPS" next edit Windows AD set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" next edit Exchange Server set member "DCE-RPC" "DNS" "HTTPS" next end config webfilter ftgd-local-cat edit custom1 set id 140 next edit custom2 set id 141 next end config ips sensor edit default set comment "Prevent critical attacks." config entries edit 1 set severity medium high critical next end next edit all_default set comment "All predefined signatures with default setting." config entries edit 1 next end next edit all_default_pass set comment "All predefined signatures with PASS action." config entries edit 1 set action pass next end next edit protect_http_server set comment "Protect against HTTP server-side vulnerabilities." config entries edit 1 set protocol HTTP set location server next end next edit protect_email_server set comment "Protect against email server-side vulnerabilities." config entries edit 1 set protocol SMTP POP3 IMAP set location server next end next edit protect_client set comment "Protect against client-side vulnerabilities." config entries edit 1 set location client next end next edit high_security set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" config entries edit 1 set status enable set action block set severity medium high critical next edit 2 set severity low next end next end config firewall shaper traffic-shaper edit high-priority set per-policy enable set maximum-bandwidth 1048576 next edit medium-priority set priority medium set per-policy enable set maximum-bandwidth 1048576 next edit low-priority set priority low set per-policy enable set maximum-bandwidth 1048576 next edit guarantee-100kbps set guaranteed-bandwidth 100 set maximum-bandwidth 1048576 set per-policy enable next edit shared-1M-pipe set maximum-bandwidth 1024 next end config web-proxy global set proxy-fqdn "default.fqdn" end config application list edit default set comment "Monitor all applications." config entries edit 1 set action pass next end next edit block-p2p config entries edit 1 set category 2 next end next edit monitor-p2p-and-media config entries edit 1 set category 2 set action pass next edit 2 set category 5 set action pass next end next end config dlp filepattern edit 1 set name "builtin-patterns" config entries edit *.bat next edit *.com next edit *.dll next edit *.doc next edit *.exe next edit *.gz next edit *.hta next edit *.ppt next edit *.rar next edit *.scr next edit *.tar next edit *.tgz next edit *.vb? next edit *.wps next edit *.xl? next edit *.zip next edit *.pif next edit *.cpl next end next edit 2 set name "all_executables" config entries edit bat set file-type bat set filter-type type next edit exe set file-type exe set filter-type type next edit elf set file-type elf set filter-type type next edit hta set file-type hta set filter-type type next end next end config dlp fp-sensitivity edit Private next edit Critical next edit Warning next end config dlp sensor edit default set comment "Log a summary of email and web traffic." set summary-proto smtp pop3 imap http-get http-post next end config webfilter content end config webfilter urlfilter end config spamfilter bword end config spamfilter bwl end config spamfilter mheader end config spamfilter dnsbl end config spamfilter iptrust end config log threat-weight config web edit 1 set category 26 set level high next edit 2 set category 61 set level high next edit 3 set category 86 set level high next edit 4 set category 1 set level medium next edit 5 set category 3 set level medium next edit 6 set category 4 set level medium next edit 7 set category 5 set level medium next edit 8 set category 6 set level medium next edit 9 set category 12 set level medium next edit 10 set category 59 set level medium next edit 11 set category 62 set level medium next edit 12 set category 83 set level medium next edit 13 set category 72 next edit 14 set category 14 next end config application edit 1 set category 2 next edit 2 set category 6 set level medium next edit 3 set category 19 set level critical next end end config icap profile edit default next end config user local edit guest set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g== set type password next end config user group edit SSO_Guest_Users next edit Guest-group set member "guest" next end config user device-group edit Mobile Devices set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" set comment "Phones, tablets, etc." next edit Network Devices set member "fortinet-device" "other-network-device" "router-nat-device" set comment "Routers, firewalls, gateways, etc." next edit Others set member "gaming-console" "media-streaming" set comment "Other devices." next end config vpn ssl web host-check-software edit FortiClient-AV set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" next edit FortiClient-FW set guid "528CB157-D384-4593-AAAA-E42DFF111CED" set type fw next edit FortiClient-AV-Vista-Win7 set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" next edit FortiClient-FW-Vista-Win7 set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" set type fw next edit AVG-Internet-Security-AV set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" next edit AVG-Internet-Security-FW set guid "8DECF618-9569-4340-B34A-D78D28969B66" set type fw next edit AVG-Internet-Security-AV-Vista-Win7 set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" next edit AVG-Internet-Security-FW-Vista-Win7 set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" set type fw next edit CA-Anti-Virus set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" next edit CA-Internet-Security-AV set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" next edit CA-Internet-Security-FW set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" set type fw next edit CA-Internet-Security-AV-Vista-Win7 set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" next edit CA-Internet-Security-FW-Vista-Win7 set guid "06D680B0-4024-4FAB-E710-E675E50F6324" set type fw next edit CA-Personal-Firewall set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" set type fw next edit F-Secure-Internet-Security-AV set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" next edit F-Secure-Internet-Security-FW set guid "D4747503-0346-49EB-9262-997542F79BF4" set type fw next edit F-Secure-Internet-Security-AV-Vista-Win7 set guid "15414183-282E-D62C-CA37-EF24860A2F17" next edit F-Secure-Internet-Security-FW-Vista-Win7 set guid "2D7AC0A6-6241-D774-E168-461178D9686C" set type fw next edit Kaspersky-AV set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" next edit Kaspersky-FW set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" set type fw next edit Kaspersky-AV-Vista-Win7 set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" next edit Kaspersky-FW-Vista-Win7 set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" set type fw next edit McAfee-Internet-Security-Suite-AV set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" next edit McAfee-Internet-Security-Suite-FW set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" set type fw next edit McAfee-Internet-Security-Suite-AV-Vista-Win7 set guid "86355677-4064-3EA7-ABB3-1B136EB04637" next edit McAfee-Internet-Security-Suite-FW-Vista-Win7 set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" set type fw next edit McAfee-Virus-Scan-Enterprise set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" next edit Norton-360-2.0-AV set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" next edit Norton-360-2.0-FW set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" set type fw next edit Norton-360-3.0-AV set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit Norton-360-3.0-FW set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" set type fw next edit Norton-Internet-Security-AV set guid "E10A9785-9598-4754-B552-92431C1C35F8" next edit Norton-Internet-Security-FW set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" set type fw next edit Norton-Internet-Security-AV-Vista-Win7 set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit Norton-Internet-Security-FW-Vista-Win7 set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" set type fw next edit Symantec-Endpoint-Protection-AV set guid "FB06448E-52B8-493A-90F3-E43226D3305C" next edit Symantec-Endpoint-Protection-FW set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" set type fw next edit Symantec-Endpoint-Protection-AV-Vista-Win7 set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" next edit Symantec-Endpoint-Protection-FW-Vista-Win7 set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" set type fw next edit Panda-Antivirus+Firewall-2008-AV set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" next edit Panda-Antivirus+Firewall-2008-FW set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" set type fw next edit Panda-Internet-Security-AV set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" next edit Panda-Internet-Security-2006~2007-FW set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" set type fw next edit Panda-Internet-Security-2008~2009-FW set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" set type fw next edit Sophos-Anti-Virus set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" next edit Sophos-Enpoint-Secuirty-and-Control-FW set guid "0786E95E-326A-4524-9691-41EF88FB52EA" set type fw next edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7 set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" next edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7 set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" set type fw next edit Trend-Micro-AV set guid "7D2296BC-32CC-4519-917E-52E652474AF5" next edit Trend-Micro-FW set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" set type fw next edit Trend-Micro-AV-Vista-Win7 set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" next edit Trend-Micro-FW-Vista-Win7 set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" set type fw next edit ZoneAlarm-AV set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" next edit ZoneAlarm-FW set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" set type fw next edit ZoneAlarm-AV-Vista-Win7 set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" next edit ZoneAlarm-FW-Vista-Win7 set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" set type fw next edit ESET-Smart-Security-AV set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" next edit ESET-Smart-Security-FW set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" set type fw next end config vpn ssl web portal edit full-access set web-mode enable set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set page-layout double-column set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-tunnel-mode enable set tunnel-mode enable next edit web-access set web-mode enable next edit tunnel-access set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-tunnel-mode enable set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set tunnel-mode enable next end config vpn ssl settings set servercert "self-sign" set port 443 end config voip profile edit default set comment "Default VoIP profile." next edit strict config sip set malformed-header-max-forwards discard set malformed-header-rack discard set malformed-header-allow discard set malformed-header-call-id discard set malformed-header-sdp-v discard set malformed-header-record-route discard set malformed-header-contact discard set malformed-header-sdp-s discard set malformed-header-content-length discard set malformed-header-sdp-z discard set malformed-header-from discard set malformed-header-route discard set malformed-header-sdp-b discard set malformed-header-sdp-c discard set malformed-header-sdp-a discard set malformed-header-sdp-o discard set malformed-header-sdp-m discard set malformed-header-sdp-k discard set malformed-header-sdp-i discard set malformed-header-to discard set malformed-header-via discard set malformed-header-sdp-t discard set malformed-request-line discard set malformed-header-sdp-r discard set malformed-header-content-type discard set malformed-header-expires discard set malformed-header-rseq discard set malformed-header-p-asserted-identity discard set malformed-header-cseq discard end next end config webfilter profile edit default set comment "Default web filtering." set post-action comfort config ftgd-wf config filters edit 1 set category 2 set action warning next edit 2 set category 7 set action warning next edit 3 set category 8 set action warning next edit 4 set category 9 set action warning next edit 5 set category 11 set action warning next edit 6 set category 12 set action warning next edit 7 set category 13 set action warning next edit 8 set category 14 set action warning next edit 9 set category 15 set action warning next edit 10 set category 16 set action warning next edit 11 set action warning next edit 12 set category 57 set action warning next edit 13 set category 63 set action warning next edit 14 set category 64 set action warning next edit 15 set category 65 set action warning next edit 16 set category 66 set action warning next edit 17 set category 67 set action warning next edit 18 set category 26 set action block next end end next edit web-filter-flow set comment "Flow-based web filter profile." set inspection-mode flow-based set post-action comfort config ftgd-wf config filters edit 1 set category 2 next edit 2 set category 7 next edit 3 set category 8 next edit 4 set category 9 next edit 5 set category 11 next edit 6 set category 12 next edit 7 set category 13 next edit 8 set category 14 next edit 9 set category 15 next edit 10 set category 16 next edit 11 next edit 12 set category 57 next edit 13 set category 63 next edit 14 set category 64 next edit 15 set category 65 next edit 16 set category 66 next edit 17 set category 67 next edit 18 set category 26 set action block next end end next edit monitor-all set comment "Monitor and log all visited URLs, proxy-based." set web-content-log disable set web-filter-applet-log disable set web-ftgd-err-log disable set web-filter-command-block-log disable set web-filter-jscript-log disable set web-filter-activex-log disable set web-filter-referer-log disable set web-filter-js-log disable set web-invalid-domain-log disable set web-ftgd-quota-usage disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-cookie-log disable set log-all-url enable set web-filter-cookie-removal-log disable set web-url-log disable config ftgd-wf config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next end end next edit flow-monitor-all set comment "Monitor and log all visited URLs, flow-based." set web-content-log disable set web-filter-applet-log disable set web-ftgd-err-log disable set web-filter-jscript-log disable set web-filter-activex-log disable set web-filter-referer-log disable set web-filter-js-log disable set web-invalid-domain-log disable set inspection-mode flow-based set web-ftgd-quota-usage disable set web-filter-command-block-log disable set web-filter-vbs-log disable set web-filter-unknown-log disable set web-filter-cookie-log disable set log-all-url enable set web-filter-cookie-removal-log disable set web-url-log disable config ftgd-wf config filters edit 1 set category 1 next edit 2 set category 3 next edit 3 set category 4 next edit 4 set category 5 next edit 5 set category 6 next edit 6 set category 12 next edit 7 set category 59 next edit 8 set category 62 next edit 9 set category 83 next edit 10 set category 2 next edit 11 set category 7 next edit 12 set category 8 next edit 13 set category 9 next edit 14 set category 11 next edit 15 set category 13 next edit 16 set category 14 next edit 17 set category 15 next edit 18 set category 16 next edit 19 set category 57 next edit 20 set category 63 next edit 21 set category 64 next edit 22 set category 65 next edit 23 set category 66 next edit 24 set category 67 next edit 25 set category 19 next edit 26 set category 24 next edit 27 set category 25 next edit 28 set category 72 next edit 29 set category 75 next edit 30 set category 76 next edit 31 set category 26 next edit 32 set category 61 next edit 33 set category 86 next edit 34 set category 17 next edit 35 set category 18 next edit 36 set category 20 next edit 37 set category 23 next edit 38 set category 28 next edit 39 set category 29 next edit 40 set category 30 next edit 41 set category 33 next edit 42 set category 34 next edit 43 set category 35 next edit 44 set category 36 next edit 45 set category 37 next edit 46 set category 38 next edit 47 set category 39 next edit 48 set category 40 next edit 49 set category 42 next edit 50 set category 44 next edit 51 set category 46 next edit 52 set category 47 next edit 53 set category 48 next edit 54 set category 54 next edit 55 set category 55 next edit 56 set category 58 next edit 57 set category 68 next edit 58 set category 69 next edit 59 set category 70 next edit 60 set category 71 next edit 61 set category 77 next edit 62 set category 78 next edit 63 set category 79 next edit 64 set category 80 next edit 65 set category 82 next edit 66 set category 85 next edit 67 set category 87 next edit 68 set category 31 next edit 69 set category 41 next edit 70 set category 43 next edit 71 set category 49 next edit 72 set category 50 next edit 73 set category 51 next edit 74 set category 52 next edit 75 set category 53 next edit 76 set category 56 next edit 77 set category 81 next edit 78 set category 84 next edit 79 next end end next edit block-security-risks set comment "Block security risks." config ftgd-wf set options rate-server-ip config filters edit 1 set category 26 set action block next edit 2 set category 61 set action block next edit 3 set category 86 set action block next edit 4 set action warning next end end next end config webfilter override end config webfilter override-user end config webfilter ftgd-warning end config webfilter ftgd-local-rating end config webfilter search-engine edit google set url "^\\/((custom|search|images|videosearch|webhp)\\?)" set query "q=" set safesearch url set hostname ".*\\.google\\..*" set safesearch-str "&safe=active" next edit yahoo set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" set query "p=" set safesearch url set hostname ".*\\.yahoo\\..*" set safesearch-str "&vm=r" next edit bing set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" set query "q=" set safesearch url set hostname "www\\.bing\\.com" set safesearch-str "&adlt=strict" next edit yandex set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" set query "text=" set safesearch url set hostname "yandex\\..*" set safesearch-str "&family=yes" next edit youtube set safesearch header set hostname ".*\\.youtube\\..*" next edit baidu set url "^\\/s?\\?" set query "wd=" set hostname ".*\\.baidu\\.com" next edit baidu2 set url "^\\/(ns|q|m|i|v)\\?" set query "word=" set hostname ".*\\.baidu\\.com" next edit baidu3 set url "^\\/f\\?" set query "kw=" set hostname "tieba\\.baidu\\.com" next end config antivirus profile edit default set comment "Scan files and block viruses." config http set options scan end config ftp set options scan end config imap set options scan end config pop3 set options scan end config smtp set options scan end next end config spamfilter profile edit default set comment "Malware and phishing URL filtering." next end config wanopt settings set host-id "default-id" end config wanopt profile edit default set comments "Default WANopt profile." next end config firewall schedule recurring edit always set day sunday monday tuesday wednesday thursday friday saturday next edit none set day none next end config firewall profile-protocol-options edit default set comment "All default services." config http set ports 80 end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next end config firewall ssl-ssh-profile edit deep-inspection set comment "Deep inspection." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 end config smtps set ports 465 end config ssh set ports 22 end config ssl-exempt edit 1 set fortiguard-category 31 next edit 2 set fortiguard-category 33 next edit 3 set fortiguard-category 87 next edit 4 set type address set address "apple" next edit 5 set type address set address "appstore" next edit 6 set type address set address "dropbox.com" next edit 7 set type address set address "Gotomeeting" next edit 8 set type address set address "icloud" next edit 9 set type address set address "itunes" next edit 10 set type address set address "android" next edit 11 set type address set address "skype" next edit 12 set type address set address "swscan.apple.com" next edit 13 set type address set address "update.microsoft.com" next edit 14 set type address set address "eease" next edit 15 set type address set address "google-drive" next edit 16 set type address set address "google-play" next edit 17 set type address set address "google-play2" next edit 18 set type address set address "google-play3" next edit 19 set type address set address "microsoft" next edit 20 set type address set address "adobe" next edit 21 set type address set address "Adobe Login" next edit 22 set type address set address "fortinet" next edit 23 set type address set address "googleapis.com" next edit 24 set type address set address "citrix" next edit 25 set type address set address "verisign" next edit 26 set type address set address "Windows update 2" next edit 27 set type address set address "*.live.com" next edit 28 set type address set address "auth.gfx.ms" next edit 29 set type address set address "autoupdate.opera.com" next edit 30 set type address set address "softwareupdate.vmware.com" next edit 31 set type address set address "firefox update server" next end next edit certificate-inspection set comment "SSL handshake inspection." config https set status certificate-inspection set ports 443 end config ftps set status disable set ports 990 end config imaps set status disable set ports 993 end config pop3s set status disable set ports 995 end config smtps set status disable set ports 465 end config ssh set status disable set ports 22 end next end config firewall identity-based-route end config firewall policy end config firewall local-in-policy end config firewall policy6 end config firewall local-in-policy6 end config firewall ttl-policy end config firewall policy64 end config firewall policy46 end config firewall explicit-proxy-policy end config firewall interface-policy end config firewall interface-policy6 end config firewall DoS-policy end config firewall DoS-policy6 end config firewall sniffer end config endpoint-control profile edit default config forticlient-winmac-settings set forticlient-wf-profile "default" end config forticlient-android-settings end config forticlient-ios-settings end next end config wireless-controller wids-profile edit default set comment "Default WIDS profile." set deauth-broadcast enable set assoc-frame-flood enable set invalid-mac-oui enable set ap-scan enable set long-duration-attack enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-start-flood enable set eapol-fail-flood enable set wireless-bridge enable set eapol-pre-succ-flood enable set auth-frame-flood enable set asleap-attack enable set eapol-pre-fail-flood enable set spoofed-deauth enable set weak-wep-iv enable set null-ssid-probe-resp enable next edit default-wids-apscan-enabled set ap-scan enable next end config wireless-controller wtp-profile edit FAP112B-default set ap-country US config platform set type 112B end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP220B-default set ap-country US config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit FAP223B-default set ap-country US config platform set type 223B end config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit FAP210B-default set ap-country US config platform set type 210B end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP222B-default set ap-country US config platform set type 222B end config radio-1 set band 802.11n end config radio-2 set band 802.11n-5G end next edit FAP320B-default set ap-country US config platform set type 320B end config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit FAP11C-default set ap-country US config platform set type 11C end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP14C-default set ap-country US config platform set type 14C end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP28C-default set ap-country US config platform set type 28C end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP320C-default set ap-country US config platform set type 320C end config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit FAP221C-default set ap-country US config platform set type 221C end config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit FAP25D-default set ap-country US config platform set type 25D end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP222C-default set ap-country US config platform set type 222C end config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit FAP224D-default set ap-country US config platform set type 224D end config radio-1 set band 802.11n-5G end config radio-2 set band 802.11n end next edit FK214B-default set ap-country US config platform set type 214B end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP21D-default set ap-country US config platform set type 21D end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP24D-default set ap-country US config platform set type 24D end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP112D-default set ap-country US config platform set type 112D end config radio-1 set band 802.11n end config radio-2 set mode disabled end next edit FAP223C-default set ap-country US config platform set type 223C end config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next edit FAP321C-default set ap-country US config platform set type 321C end config radio-1 set band 802.11n end config radio-2 set band 802.11ac end next end config log memory setting set status enable end config router rip config redistribute connected end config redistribute static end config redistribute ospf end config redistribute bgp end config redistribute isis end end config router ripng config redistribute connected end config redistribute static end config redistribute ospf end config redistribute bgp end config redistribute isis end end config router ospf config redistribute connected end config redistribute static end config redistribute rip end config redistribute bgp end config redistribute isis end end config router ospf6 config redistribute connected end config redistribute static end config redistribute rip end config redistribute bgp end config redistribute isis end end config router bgp config redistribute connected end config redistribute rip end config redistribute ospf end config redistribute static end config redistribute isis end config redistribute6 connected end config redistribute6 rip end config redistribute6 ospf end config redistribute6 static end config redistribute6 isis end end config router isis config redistribute connected end config redistribute rip end config redistribute ospf end config redistribute bgp end config redistribute static end end config router multicast end