1 config system global 2 set timezone 04 3 set admintimeout 480 4 set admin-server-cert "Fortinet_Firmware" 5 set fgd-alert-subscription advisory latest-threat 6 set hostname "FortiGate-VM64-HV" 7 end 8 config system accprofile 9 edit prof_admin 10 set vpngrp read-write 11 set utmgrp read-write 12 set authgrp read-write 13 set wifi read-write 14 set sysgrp read-write 15 set loggrp read-write 16 set mntgrp read-write 17 set netgrp read-write 18 set admingrp read-write 19 set fwgrp read-write 20 set wanoptgrp read-write 21 set updategrp read-write 22 set routegrp read-write 23 set endpoint-control-grp read-write 24 next 25 end 26 config system interface 27 edit port1 28 set ip 192.168.137.154 255.255.255.0 29 set type physical 30 set vdom "root" 31 set allowaccess ping https ssh http fgfm 32 next 33 edit port2 34 set type physical 35 set vdom "root" 36 next 37 edit port3 38 set type physical 39 set vdom "root" 40 next 41 edit port4 42 set type physical 43 set vdom "root" 44 next 45 edit port5 46 set type physical 47 set vdom "root" 48 next 49 edit port6 50 set type physical 51 set vdom "root" 52 next 53 edit port7 54 set type physical 55 set vdom "root" 56 next 57 edit port8 58 set type physical 59 set vdom "root" 60 next 61 edit ssl.root 62 set alias "SSL VPN interface" 63 set type tunnel 64 set vdom "root" 65 next 66 end 67 config system custom-language 68 edit en 69 set filename "en" 70 next 71 edit fr 72 set filename "fr" 73 next 74 edit sp 75 set filename "sp" 76 next 77 edit pg 78 set filename "pg" 79 next 80 edit x-sjis 81 set filename "x-sjis" 82 next 83 edit big5 84 set filename "big5" 85 next 86 edit GB2312 87 set filename "GB2312" 88 next 89 edit euc-kr 90 set filename "euc-kr" 91 next 92 end 93 config system admin 94 edit admin 95 set accprofile "super_admin" 96 set vdom "root" 97 config dashboard-tabs 98 edit 1 99 set name "Status" 100 next 101 end 102 config dashboard 103 edit 1 104 set column 1 105 set tab-id 1 106 next 107 edit 2 108 set column 1 109 set widget-type licinfo 110 set tab-id 1 111 next 112 edit 3 113 set column 1 114 set widget-type jsconsole 115 set tab-id 1 116 next 117 edit 4 118 set column 2 119 set widget-type sysres 120 set tab-id 1 121 next 122 edit 5 123 set column 2 124 set widget-type gui-features 125 set tab-id 1 126 next 127 edit 6 128 set column 2 129 set top-n 10 130 set widget-type alert 131 set tab-id 1 132 next 133 end 134 next 135 end 136 config system ha 137 set override disable 138 end 139 config system dns 140 set primary 208.91.112.53 141 set secondary 208.91.112.52 142 end 143 config system replacemsg-image 144 edit logo_fnet 145 set image-base64 '' 146 set image-type gif 147 next 148 edit logo_fguard_wf 149 set image-base64 '' 150 set image-type gif 151 next 152 edit logo_fw_auth 153 set image-base64 '' 154 set image-type png 155 next 156 edit logo_v2_fnet 157 set image-base64 '' 158 set image-type png 159 next 160 edit logo_v2_fguard_wf 161 set image-base64 '' 162 set image-type png 163 next 164 edit logo_v2_fguard_app 165 set image-base64 '' 166 set image-type png 167 next 168 end 169 config system replacemsg mail email-block 170 end 171 config system replacemsg mail email-dlp-subject 172 end 173 config system replacemsg mail email-dlp-ban 174 end 175 config system replacemsg mail email-filesize 176 end 177 config system replacemsg mail partial 178 end 179 config system replacemsg mail smtp-block 180 end 181 config system replacemsg mail smtp-filesize 182 end 183 config system replacemsg http bannedword 184 end 185 config system replacemsg http url-block 186 end 187 config system replacemsg http urlfilter-err 188 end 189 config system replacemsg http infcache-block 190 end 191 config system replacemsg http http-block 192 end 193 config system replacemsg http http-filesize 194 end 195 config system replacemsg http http-dlp-ban 196 end 197 config system replacemsg http http-archive-block 198 end 199 config system replacemsg http http-contenttypeblock 200 end 201 config system replacemsg http https-invalid-cert-block 202 end 203 config system replacemsg http http-client-block 204 end 205 config system replacemsg http http-client-filesize 206 end 207 config system replacemsg http http-client-bannedword 208 end 209 config system replacemsg http http-post-block 210 end 211 config system replacemsg http http-client-archive-block 212 end 213 config system replacemsg http switching-protocols-block 214 end 215 config system replacemsg webproxy deny 216 end 217 config system replacemsg webproxy user-limit 218 end 219 config system replacemsg webproxy auth-challenge 220 end 221 config system replacemsg webproxy auth-login-fail 222 end 223 config system replacemsg webproxy auth-authorization-fail 224 end 225 config system replacemsg webproxy http-err 226 end 227 config system replacemsg webproxy auth-ip-blackout 228 end 229 config system replacemsg ftp ftp-dl-blocked 230 end 231 config system replacemsg ftp ftp-dl-filesize 232 end 233 config system replacemsg ftp ftp-dl-dlp-ban 234 end 235 config system replacemsg ftp ftp-explicit-banner 236 end 237 config system replacemsg ftp ftp-dl-archive-block 238 end 239 config system replacemsg nntp nntp-dl-blocked 240 end 241 config system replacemsg nntp nntp-dl-filesize 242 end 243 config system replacemsg nntp nntp-dlp-subject 244 end 245 config system replacemsg nntp nntp-dlp-ban 246 end 247 config system replacemsg fortiguard-wf ftgd-block 248 end 249 config system replacemsg fortiguard-wf http-err 250 end 251 config system replacemsg fortiguard-wf ftgd-ovrd 252 end 253 config system replacemsg fortiguard-wf ftgd-quota 254 end 255 config system replacemsg fortiguard-wf ftgd-warning 256 end 257 config system replacemsg spam ipblocklist 258 end 259 config system replacemsg spam smtp-spam-dnsbl 260 end 261 config system replacemsg spam smtp-spam-feip 262 end 263 config system replacemsg spam smtp-spam-helo 264 end 265 config system replacemsg spam smtp-spam-emailblack 266 end 267 config system replacemsg spam smtp-spam-mimeheader 268 end 269 config system replacemsg spam reversedns 270 end 271 config system replacemsg spam smtp-spam-bannedword 272 end 273 config system replacemsg spam smtp-spam-ase 274 end 275 config system replacemsg spam submit 276 end 277 config system replacemsg im im-file-xfer-block 278 end 279 config system replacemsg im im-file-xfer-name 280 end 281 config system replacemsg im im-file-xfer-infected 282 end 283 config system replacemsg im im-file-xfer-size 284 end 285 config system replacemsg im im-dlp 286 end 287 config system replacemsg im im-dlp-ban 288 end 289 config system replacemsg im im-voice-chat-block 290 end 291 config system replacemsg im im-video-chat-block 292 end 293 config system replacemsg im im-photo-share-block 294 end 295 config system replacemsg im im-long-chat-block 296 end 297 config system replacemsg alertmail alertmail-virus 298 end 299 config system replacemsg alertmail alertmail-block 300 end 301 config system replacemsg alertmail alertmail-nids-event 302 end 303 config system replacemsg alertmail alertmail-crit-event 304 end 305 config system replacemsg alertmail alertmail-disk-full 306 end 307 config system replacemsg admin pre_admin-disclaimer-text 308 end 309 config system replacemsg admin post_admin-disclaimer-text 310 end 311 config system replacemsg auth auth-disclaimer-page-1 312 end 313 config system replacemsg auth auth-disclaimer-page-2 314 end 315 config system replacemsg auth auth-disclaimer-page-3 316 end 317 config system replacemsg auth auth-reject-page 318 end 319 config system replacemsg auth auth-login-page 320 end 321 config system replacemsg auth auth-login-failed-page 322 end 323 config system replacemsg auth auth-token-login-page 324 end 325 config system replacemsg auth auth-token-login-failed-page 326 end 327 config system replacemsg auth auth-success-msg 328 end 329 config system replacemsg auth auth-challenge-page 330 end 331 config system replacemsg auth auth-keepalive-page 332 end 333 config system replacemsg auth auth-portal-page 334 end 335 config system replacemsg auth auth-password-page 336 end 337 config system replacemsg auth auth-fortitoken-page 338 end 339 config system replacemsg auth auth-next-fortitoken-page 340 end 341 config system replacemsg auth auth-email-token-page 342 end 343 config system replacemsg auth auth-sms-token-page 344 end 345 config system replacemsg auth auth-email-harvesting-page 346 end 347 config system replacemsg auth auth-email-failed-page 348 end 349 config system replacemsg auth auth-cert-passwd-page 350 end 351 config system replacemsg auth auth-guest-print-page 352 end 353 config system replacemsg auth auth-guest-email-page 354 end 355 config system replacemsg auth auth-success-page 356 end 357 config system replacemsg auth auth-block-notification-page 358 end 359 config system replacemsg sslvpn sslvpn-login 360 end 361 config system replacemsg sslvpn sslvpn-limit 362 end 363 config system replacemsg sslvpn hostcheck-error 364 end 365 config system replacemsg ec endpt-download-portal 366 end 367 config system replacemsg ec endpt-download-portal-mac 368 end 369 config system replacemsg ec endpt-download-portal-ios 370 end 371 config system replacemsg ec endpt-download-portal-aos 372 end 373 config system replacemsg ec endpt-download-portal-other 374 end 375 config system replacemsg device-detection-portal device-detection-failure 376 end 377 config system replacemsg nac-quar nac-quar-virus 378 end 379 config system replacemsg nac-quar nac-quar-dos 380 end 381 config system replacemsg nac-quar nac-quar-ips 382 end 383 config system replacemsg nac-quar nac-quar-dlp 384 end 385 config system replacemsg nac-quar nac-quar-admin 386 end 387 config system replacemsg traffic-quota per-ip-shaper-block 388 end 389 config system replacemsg utm virus-html 390 end 391 config system replacemsg utm virus-text 392 end 393 config system replacemsg utm dlp-html 394 end 395 config system replacemsg utm dlp-text 396 end 397 config system replacemsg utm appblk-html 398 end 399 config vpn certificate ca 400 end 401 config vpn certificate local 402 edit Fortinet_CA_SSLProxy 403 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- 404 set password ENC eRZ5UNnzW1eAAJn+reDWnDdgQZ1yxFr7z+rp0lzCeKX64OiaEcBKwGIzocIf5y5p37siqf1bPHwEMWkvISqQSXKT8JijvaLtA/oNlqTw8GwglMlW390JTckMS7v60mVQ2Jj1Ng9q4xi2dXKpVGXqYnpc1nDSApGqHTwpL/lgc1+HLh0CQvn4zQpIs8//4hVscjqz0g== 405 set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." 406 set certificate "-----BEGIN CERTIFICATE----- 407 next 408 edit Fortinet_SSLProxy 409 set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- 410 set password ENC JGQ1Psth3oHimOP5bRUzt+zfBA5PlPBXZj6xLvqp7JILLBa6Der02qjotGI4UnaKAGSad7uEkPKLq2ePjzBy/Rc/E55FJO8OjffWzIOgpT1jYMmw8IOuAlB50weCRpzMowrLT+FKFF53SxG+oe5n4EaoiqR92WZsXzOTFpNdSFXyvggt/lmOz4Zm08AMD3sWFWg/ZA== 411 set certificate "-----BEGIN CERTIFICATE----- 412 next 413 end 414 config user device-category 415 edit ipad 416 next 417 edit iphone 418 next 419 edit gaming-console 420 next 421 edit blackberry-phone 422 next 423 edit blackberry-playbook 424 next 425 edit linux-pc 426 next 427 edit mac 428 next 429 edit windows-pc 430 next 431 edit android-phone 432 next 433 edit android-tablet 434 next 435 edit media-streaming 436 next 437 edit windows-phone 438 next 439 edit windows-tablet 440 next 441 edit fortinet-device 442 next 443 edit ip-phone 444 next 445 edit router-nat-device 446 next 447 edit printer 448 next 449 edit other-network-device 450 next 451 edit collected-emails 452 next 453 edit all 454 next 455 end 456 config system session-sync 457 end 458 config system fortiguard 459 set webfilter-sdns-server-ip "208.91.112.220" 460 end 461 config ips global 462 set default-app-cat-mask 18446744073474670591 463 end 464 config ips dbinfo 465 set version 1 466 end 467 config gui console 468 end 469 config system session-helper 470 edit 1 471 set protocol 6 472 set name pptp 473 set port 1723 474 next 475 edit 2 476 set protocol 6 477 set name h323 478 set port 1720 479 next 480 edit 3 481 set protocol 17 482 set name ras 483 set port 1719 484 next 485 edit 4 486 set protocol 6 487 set name tns 488 set port 1521 489 next 490 edit 5 491 set protocol 17 492 set name tftp 493 set port 69 494 next 495 edit 6 496 set protocol 6 497 set name rtsp 498 set port 554 499 next 500 edit 7 501 set protocol 6 502 set name rtsp 503 set port 7070 504 next 505 edit 8 506 set protocol 6 507 set name rtsp 508 set port 8554 509 next 510 edit 9 511 set protocol 6 512 set name ftp 513 set port 21 514 next 515 edit 10 516 set protocol 6 517 set name mms 518 set port 1863 519 next 520 edit 11 521 set protocol 6 522 set name pmap 523 set port 111 524 next 525 edit 12 526 set protocol 17 527 set name pmap 528 set port 111 529 next 530 edit 13 531 set protocol 17 532 set name sip 533 set port 5060 534 next 535 edit 14 536 set protocol 17 537 set name dns-udp 538 set port 53 539 next 540 edit 15 541 set protocol 6 542 set name rsh 543 set port 514 544 next 545 edit 16 546 set protocol 6 547 set name rsh 548 set port 512 549 next 550 edit 17 551 set protocol 6 552 set name dcerpc 553 set port 135 554 next 555 edit 18 556 set protocol 17 557 set name dcerpc 558 set port 135 559 next 560 edit 19 561 set protocol 17 562 set name mgcp 563 set port 2427 564 next 565 edit 20 566 set protocol 17 567 set name mgcp 568 set port 2727 569 next 570 end 571 config system auto-install 572 set auto-install-config enable 573 set auto-install-image enable 574 end 575 config system ntp 576 set ntpsync enable 577 set syncinterval 60 578 end 579 config system settings 580 end 581 config firewall address 582 edit SSLVPN_TUNNEL_ADDR1 583 set type iprange 584 set end-ip 10.212.134.210 585 set start-ip 10.212.134.200 586 next 587 edit all 588 next 589 edit none 590 set subnet 0.0.0.0 255.255.255.255 591 next 592 edit apple 593 set type fqdn 594 set fqdn "*.apple.com" 595 next 596 edit dropbox.com 597 set type fqdn 598 set fqdn "*.dropbox.com" 599 next 600 edit Gotomeeting 601 set type fqdn 602 set fqdn "*.gotomeeting.com" 603 next 604 edit icloud 605 set type fqdn 606 set fqdn "*.icloud.com" 607 next 608 edit itunes 609 set type fqdn 610 set fqdn "*itunes.apple.com" 611 next 612 edit android 613 set type fqdn 614 set fqdn "*.android.com" 615 next 616 edit skype 617 set type fqdn 618 set fqdn "*.messenger.live.com" 619 next 620 edit swscan.apple.com 621 set type fqdn 622 set fqdn "swscan.apple.com" 623 next 624 edit update.microsoft.com 625 set type fqdn 626 set fqdn "update.microsoft.com" 627 next 628 edit appstore 629 set type fqdn 630 set fqdn "*.appstore.com" 631 next 632 edit eease 633 set type fqdn 634 set fqdn "*.eease.com" 635 next 636 edit google-drive 637 set type fqdn 638 set fqdn "*drive.google.com" 639 next 640 edit google-play 641 set type fqdn 642 set fqdn "play.google.com" 643 next 644 edit google-play2 645 set type fqdn 646 set fqdn "*.ggpht.com" 647 next 648 edit google-play3 649 set type fqdn 650 set fqdn "*.books.google.com" 651 next 652 edit microsoft 653 set type fqdn 654 set fqdn "*.microsoft.com" 655 next 656 edit adobe 657 set type fqdn 658 set fqdn "*.adobe.com" 659 next 660 edit Adobe Login 661 set type fqdn 662 set fqdn "*.adobelogin.com" 663 next 664 edit fortinet 665 set type fqdn 666 set fqdn "*.fortinet.com" 667 next 668 edit googleapis.com 669 set type fqdn 670 set fqdn "*.googleapis.com" 671 next 672 edit citrix 673 set type fqdn 674 set fqdn "*.citrixonline.com" 675 next 676 edit verisign 677 set type fqdn 678 set fqdn "*.verisign.com" 679 next 680 edit Windows update 2 681 set type fqdn 682 set fqdn "*.windowsupdate.com" 683 next 684 edit *.live.com 685 set type fqdn 686 set fqdn "*.live.com" 687 next 688 edit auth.gfx.ms 689 set type fqdn 690 set fqdn "auth.gfx.ms" 691 next 692 edit autoupdate.opera.com 693 set type fqdn 694 set fqdn "autoupdate.opera.com" 695 next 696 edit softwareupdate.vmware.com 697 set type fqdn 698 set fqdn "softwareupdate.vmware.com" 699 next 700 edit firefox update server 701 set type fqdn 702 set fqdn "aus*.mozilla.org" 703 next 704 end 705 config firewall multicast-address 706 edit all 707 set end-ip 239.255.255.255 708 set start-ip 224.0.0.0 709 next 710 edit all_hosts 711 set end-ip 224.0.0.1 712 set start-ip 224.0.0.1 713 next 714 edit all_routers 715 set end-ip 224.0.0.2 716 set start-ip 224.0.0.2 717 next 718 edit Bonjour 719 set end-ip 224.0.0.251 720 set start-ip 224.0.0.251 721 next 722 edit EIGRP 723 set end-ip 224.0.0.10 724 set start-ip 224.0.0.10 725 next 726 edit OSPF 727 set end-ip 224.0.0.6 728 set start-ip 224.0.0.5 729 next 730 end 731 config firewall address6 732 edit SSLVPN_TUNNEL_IPv6_ADDR1 733 set ip6 fdff:ffff::/120 734 next 735 edit all 736 next 737 edit none 738 set ip6 ::/128 739 next 740 end 741 config firewall service category 742 edit General 743 set comment "General services." 744 next 745 edit Web Access 746 set comment "Web access." 747 next 748 edit File Access 749 set comment "File access." 750 next 751 edit Email 752 set comment "Email services." 753 next 754 edit Network Services 755 set comment "Network services." 756 next 757 edit Authentication 758 set comment "Authentication service." 759 next 760 edit Remote Access 761 set comment "Remote access." 762 next 763 edit Tunneling 764 set comment "Tunneling service." 765 next 766 edit VoIP, Messaging & Other Applications 767 set comment "VoIP, messaging, and other applications." 768 next 769 edit Web Proxy 770 set comment "Explicit web proxy." 771 next 772 end 773 config firewall service custom 774 edit ALL 775 set category "General" 776 set protocol IP 777 next 778 edit ALL_TCP 779 set category "General" 780 set tcp-portrange 1-65535 781 next 782 edit ALL_UDP 783 set category "General" 784 set udp-portrange 1-65535 785 next 786 edit ALL_ICMP 787 set category "General" 788 set protocol ICMP 789 next 790 edit ALL_ICMP6 791 set category "General" 792 set protocol ICMP6 793 next 794 edit GRE 795 set category "Tunneling" 796 set protocol-number 47 797 set protocol IP 798 next 799 edit AH 800 set category "Tunneling" 801 set protocol-number 51 802 set protocol IP 803 next 804 edit ESP 805 set category "Tunneling" 806 set protocol-number 50 807 set protocol IP 808 next 809 edit AOL 810 set visibility disable 811 set tcp-portrange 5190-5194 812 next 813 edit BGP 814 set category "Network Services" 815 set tcp-portrange 179 816 next 817 edit DHCP 818 set category "Network Services" 819 set udp-portrange 67-68 820 next 821 edit DNS 822 set category "Network Services" 823 set udp-portrange 53 824 set tcp-portrange 53 825 next 826 edit FINGER 827 set visibility disable 828 set tcp-portrange 79 829 next 830 edit FTP 831 set category "File Access" 832 set tcp-portrange 21 833 next 834 edit FTP_GET 835 set category "File Access" 836 set tcp-portrange 21 837 next 838 edit FTP_PUT 839 set category "File Access" 840 set tcp-portrange 21 841 next 842 edit GOPHER 843 set visibility disable 844 set tcp-portrange 70 845 next 846 edit H323 847 set category "VoIP, Messaging & Other Applications" 848 set udp-portrange 1719 849 set tcp-portrange 1720 1503 850 next 851 edit HTTP 852 set category "Web Access" 853 set tcp-portrange 80 854 next 855 edit HTTPS 856 set category "Web Access" 857 set tcp-portrange 443 858 next 859 edit IKE 860 set category "Tunneling" 861 set udp-portrange 500 4500 862 next 863 edit IMAP 864 set category "Email" 865 set tcp-portrange 143 866 next 867 edit IMAPS 868 set category "Email" 869 set tcp-portrange 993 870 next 871 edit Internet-Locator-Service 872 set visibility disable 873 set tcp-portrange 389 874 next 875 edit IRC 876 set category "VoIP, Messaging & Other Applications" 877 set tcp-portrange 6660-6669 878 next 879 edit L2TP 880 set category "Tunneling" 881 set udp-portrange 1701 882 set tcp-portrange 1701 883 next 884 edit LDAP 885 set category "Authentication" 886 set tcp-portrange 389 887 next 888 edit NetMeeting 889 set visibility disable 890 set tcp-portrange 1720 891 next 892 edit NFS 893 set category "File Access" 894 set udp-portrange 111 2049 895 set tcp-portrange 111 2049 896 next 897 edit NNTP 898 set visibility disable 899 set tcp-portrange 119 900 next 901 edit NTP 902 set category "Network Services" 903 set udp-portrange 123 904 set tcp-portrange 123 905 next 906 edit OSPF 907 set category "Network Services" 908 set protocol-number 89 909 set protocol IP 910 next 911 edit PC-Anywhere 912 set category "Remote Access" 913 set udp-portrange 5632 914 set tcp-portrange 5631 915 next 916 edit PING 917 set category "Network Services" 918 set protocol ICMP 919 set icmptype 8 920 next 921 edit TIMESTAMP 922 set protocol ICMP 923 set visibility disable 924 set icmptype 13 925 next 926 edit INFO_REQUEST 927 set protocol ICMP 928 set visibility disable 929 set icmptype 15 930 next 931 edit INFO_ADDRESS 932 set protocol ICMP 933 set visibility disable 934 set icmptype 17 935 next 936 edit ONC-RPC 937 set category "Remote Access" 938 set udp-portrange 111 939 set tcp-portrange 111 940 next 941 edit DCE-RPC 942 set category "Remote Access" 943 set udp-portrange 135 944 set tcp-portrange 135 945 next 946 edit POP3 947 set category "Email" 948 set tcp-portrange 110 949 next 950 edit POP3S 951 set category "Email" 952 set tcp-portrange 995 953 next 954 edit PPTP 955 set category "Tunneling" 956 set tcp-portrange 1723 957 next 958 edit QUAKE 959 set udp-portrange 26000 27000 27910 27960 960 set visibility disable 961 next 962 edit RAUDIO 963 set udp-portrange 7070 964 set visibility disable 965 next 966 edit REXEC 967 set visibility disable 968 set tcp-portrange 512 969 next 970 edit RIP 971 set category "Network Services" 972 set udp-portrange 520 973 next 974 edit RLOGIN 975 set visibility disable 976 set tcp-portrange 513:512-1023 977 next 978 edit RSH 979 set visibility disable 980 set tcp-portrange 514:512-1023 981 next 982 edit SCCP 983 set category "VoIP, Messaging & Other Applications" 984 set tcp-portrange 2000 985 next 986 edit SIP 987 set category "VoIP, Messaging & Other Applications" 988 set udp-portrange 5060 989 set tcp-portrange 5060 990 next 991 edit SIP-MSNmessenger 992 set category "VoIP, Messaging & Other Applications" 993 set tcp-portrange 1863 994 next 995 edit SAMBA 996 set category "File Access" 997 set tcp-portrange 139 998 next 999 edit SMTP 1000 set category "Email" 1001 set tcp-portrange 25 1002 next 1003 edit SMTPS 1004 set category "Email" 1005 set tcp-portrange 465 1006 next 1007 edit SNMP 1008 set category "Network Services" 1009 set udp-portrange 161-162 1010 set tcp-portrange 161-162 1011 next 1012 edit SSH 1013 set category "Remote Access" 1014 set tcp-portrange 22 1015 next 1016 edit SYSLOG 1017 set category "Network Services" 1018 set udp-portrange 514 1019 next 1020 edit TALK 1021 set udp-portrange 517-518 1022 set visibility disable 1023 next 1024 edit TELNET 1025 set category "Remote Access" 1026 set tcp-portrange 23 1027 next 1028 edit TFTP 1029 set category "File Access" 1030 set udp-portrange 69 1031 next 1032 edit MGCP 1033 set udp-portrange 2427 2727 1034 set visibility disable 1035 next 1036 edit UUCP 1037 set visibility disable 1038 set tcp-portrange 540 1039 next 1040 edit VDOLIVE 1041 set visibility disable 1042 set tcp-portrange 7000-7010 1043 next 1044 edit WAIS 1045 set visibility disable 1046 set tcp-portrange 210 1047 next 1048 edit WINFRAME 1049 set visibility disable 1050 set tcp-portrange 1494 2598 1051 next 1052 edit X-WINDOWS 1053 set category "Remote Access" 1054 set tcp-portrange 6000-6063 1055 next 1056 edit PING6 1057 set protocol ICMP6 1058 set visibility disable 1059 set icmptype 128 1060 next 1061 edit MS-SQL 1062 set category "VoIP, Messaging & Other Applications" 1063 set tcp-portrange 1433 1434 1064 next 1065 edit MYSQL 1066 set category "VoIP, Messaging & Other Applications" 1067 set tcp-portrange 3306 1068 next 1069 edit RDP 1070 set category "Remote Access" 1071 set tcp-portrange 3389 1072 next 1073 edit VNC 1074 set category "Remote Access" 1075 set tcp-portrange 5900 1076 next 1077 edit DHCP6 1078 set category "Network Services" 1079 set udp-portrange 546 547 1080 next 1081 edit SQUID 1082 set category "Tunneling" 1083 set tcp-portrange 3128 1084 next 1085 edit SOCKS 1086 set category "Tunneling" 1087 set udp-portrange 1080 1088 set tcp-portrange 1080 1089 next 1090 edit WINS 1091 set category "Remote Access" 1092 set udp-portrange 1512 1093 set tcp-portrange 1512 1094 next 1095 edit RADIUS 1096 set category "Authentication" 1097 set udp-portrange 1812 1813 1098 next 1099 edit RADIUS-OLD 1100 set udp-portrange 1645 1646 1101 set visibility disable 1102 next 1103 edit CVSPSERVER 1104 set udp-portrange 2401 1105 set visibility disable 1106 set tcp-portrange 2401 1107 next 1108 edit AFS3 1109 set category "File Access" 1110 set udp-portrange 7000-7009 1111 set tcp-portrange 7000-7009 1112 next 1113 edit TRACEROUTE 1114 set category "Network Services" 1115 set udp-portrange 33434-33535 1116 next 1117 edit RTSP 1118 set category "VoIP, Messaging & Other Applications" 1119 set udp-portrange 554 1120 set tcp-portrange 554 7070 8554 1121 next 1122 edit MMS 1123 set udp-portrange 1024-5000 1124 set visibility disable 1125 set tcp-portrange 1755 1126 next 1127 edit KERBEROS 1128 set category "Authentication" 1129 set udp-portrange 88 1130 set tcp-portrange 88 1131 next 1132 edit LDAP_UDP 1133 set category "Authentication" 1134 set udp-portrange 389 1135 next 1136 edit SMB 1137 set category "File Access" 1138 set tcp-portrange 445 1139 next 1140 edit NONE 1141 set visibility disable 1142 set tcp-portrange 0 1143 next 1144 edit webproxy 1145 set category "Web Proxy" 1146 set explicit-proxy enable 1147 set protocol ALL 1148 set tcp-portrange 0-65535:0-65535 1149 next 1150 end 1151 config firewall service group 1152 edit Email Access 1153 set member "DNS" "IMAP" "IMAPS" "POP3" "POP3S" "SMTP" "SMTPS" 1154 next 1155 edit Web Access 1156 set member "DNS" "HTTP" "HTTPS" 1157 next 1158 edit Windows AD 1159 set member "DCE-RPC" "DNS" "KERBEROS" "LDAP" "LDAP_UDP" "SAMBA" "SMB" 1160 next 1161 edit Exchange Server 1162 set member "DCE-RPC" "DNS" "HTTPS" 1163 next 1164 end 1165 config webfilter ftgd-local-cat 1166 edit custom1 1167 set id 140 1168 next 1169 edit custom2 1170 set id 141 1171 next 1172 end 1173 config ips sensor 1174 edit default 1175 set comment "Prevent critical attacks." 1176 config entries 1177 edit 1 1178 set severity medium high critical 1179 next 1180 end 1181 next 1182 edit all_default 1183 set comment "All predefined signatures with default setting." 1184 config entries 1185 edit 1 1186 next 1187 end 1188 next 1189 edit all_default_pass 1190 set comment "All predefined signatures with PASS action." 1191 config entries 1192 edit 1 1193 set action pass 1194 next 1195 end 1196 next 1197 edit protect_http_server 1198 set comment "Protect against HTTP server-side vulnerabilities." 1199 config entries 1200 edit 1 1201 set protocol HTTP 1202 set location server 1203 next 1204 end 1205 next 1206 edit protect_email_server 1207 set comment "Protect against email server-side vulnerabilities." 1208 config entries 1209 edit 1 1210 set protocol SMTP POP3 IMAP 1211 set location server 1212 next 1213 end 1214 next 1215 edit protect_client 1216 set comment "Protect against client-side vulnerabilities." 1217 config entries 1218 edit 1 1219 set location client 1220 next 1221 end 1222 next 1223 edit high_security 1224 set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" 1225 config entries 1226 edit 1 1227 set status enable 1228 set action block 1229 set severity medium high critical 1230 next 1231 edit 2 1232 set severity low 1233 next 1234 end 1235 next 1236 end 1237 config firewall shaper traffic-shaper 1238 edit high-priority 1239 set per-policy enable 1240 set maximum-bandwidth 1048576 1241 next 1242 edit medium-priority 1243 set priority medium 1244 set per-policy enable 1245 set maximum-bandwidth 1048576 1246 next 1247 edit low-priority 1248 set priority low 1249 set per-policy enable 1250 set maximum-bandwidth 1048576 1251 next 1252 edit guarantee-100kbps 1253 set guaranteed-bandwidth 100 1254 set maximum-bandwidth 1048576 1255 set per-policy enable 1256 next 1257 edit shared-1M-pipe 1258 set maximum-bandwidth 1024 1259 next 1260 end 1261 config web-proxy global 1262 set proxy-fqdn "default.fqdn" 1263 end 1264 config application list 1265 edit default 1266 set comment "Monitor all applications." 1267 config entries 1268 edit 1 1269 set action pass 1270 next 1271 end 1272 next 1273 edit block-p2p 1274 config entries 1275 edit 1 1276 set category 2 1277 next 1278 end 1279 next 1280 edit monitor-p2p-and-media 1281 config entries 1282 edit 1 1283 set category 2 1284 set action pass 1285 next 1286 edit 2 1287 set category 5 1288 set action pass 1289 next 1290 end 1291 next 1292 end 1293 config dlp filepattern 1294 edit 1 1295 set name "builtin-patterns" 1296 config entries 1297 edit *.bat 1298 next 1299 edit *.com 1300 next 1301 edit *.dll 1302 next 1303 edit *.doc 1304 next 1305 edit *.exe 1306 next 1307 edit *.gz 1308 next 1309 edit *.hta 1310 next 1311 edit *.ppt 1312 next 1313 edit *.rar 1314 next 1315 edit *.scr 1316 next 1317 edit *.tar 1318 next 1319 edit *.tgz 1320 next 1321 edit *.vb? 1322 next 1323 edit *.wps 1324 next 1325 edit *.xl? 1326 next 1327 edit *.zip 1328 next 1329 edit *.pif 1330 next 1331 edit *.cpl 1332 next 1333 end 1334 next 1335 edit 2 1336 set name "all_executables" 1337 config entries 1338 edit bat 1339 set file-type bat 1340 set filter-type type 1341 next 1342 edit exe 1343 set file-type exe 1344 set filter-type type 1345 next 1346 edit elf 1347 set file-type elf 1348 set filter-type type 1349 next 1350 edit hta 1351 set file-type hta 1352 set filter-type type 1353 next 1354 end 1355 next 1356 end 1357 config dlp fp-sensitivity 1358 edit Private 1359 next 1360 edit Critical 1361 next 1362 edit Warning 1363 next 1364 end 1365 config dlp sensor 1366 edit default 1367 set comment "Log a summary of email and web traffic." 1368 set summary-proto smtp pop3 imap http-get http-post 1369 next 1370 end 1371 config webfilter content 1372 end 1373 config webfilter urlfilter 1374 end 1375 config spamfilter bword 1376 end 1377 config spamfilter bwl 1378 end 1379 config spamfilter mheader 1380 end 1381 config spamfilter dnsbl 1382 end 1383 config spamfilter iptrust 1384 end 1385 config log threat-weight 1386 config web 1387 edit 1 1388 set category 26 1389 set level high 1390 next 1391 edit 2 1392 set category 61 1393 set level high 1394 next 1395 edit 3 1396 set category 86 1397 set level high 1398 next 1399 edit 4 1400 set category 1 1401 set level medium 1402 next 1403 edit 5 1404 set category 3 1405 set level medium 1406 next 1407 edit 6 1408 set category 4 1409 set level medium 1410 next 1411 edit 7 1412 set category 5 1413 set level medium 1414 next 1415 edit 8 1416 set category 6 1417 set level medium 1418 next 1419 edit 9 1420 set category 12 1421 set level medium 1422 next 1423 edit 10 1424 set category 59 1425 set level medium 1426 next 1427 edit 11 1428 set category 62 1429 set level medium 1430 next 1431 edit 12 1432 set category 83 1433 set level medium 1434 next 1435 edit 13 1436 set category 72 1437 next 1438 edit 14 1439 set category 14 1440 next 1441 end 1442 config application 1443 edit 1 1444 set category 2 1445 next 1446 edit 2 1447 set category 6 1448 set level medium 1449 next 1450 edit 3 1451 set category 19 1452 set level critical 1453 next 1454 end 1455 end 1456 config icap profile 1457 edit default 1458 next 1459 end 1460 config user local 1461 edit guest 1462 set passwd ENC EntYbQ4nWAFLGsQz5QbIt8MIxko4Ms6Nm/9fMo/5+L7FJO42JRExvl705N++oKwIB0NvfdWaiqfZ/LGPDSOVqRZnqn4pUWOlNVE6yfGxbCZUIXTlcSL58A2ok3Yd428rHETuf7mNrOJMdVS1tfnrx5+92ofsXVzAn/kpKeJLrtBRWNfBQ1YplQ2FfEDCHHW27akz4g== 1463 set type password 1464 next 1465 end 1466 config user group 1467 edit SSO_Guest_Users 1468 next 1469 edit Guest-group 1470 set member "guest" 1471 next 1472 end 1473 config user device-group 1474 edit Mobile Devices 1475 set member "android-phone" "android-tablet" "blackberry-phone" "blackberry-playbook" "ipad" "iphone" "windows-phone" "windows-tablet" 1476 set comment "Phones, tablets, etc." 1477 next 1478 edit Network Devices 1479 set member "fortinet-device" "other-network-device" "router-nat-device" 1480 set comment "Routers, firewalls, gateways, etc." 1481 next 1482 edit Others 1483 set member "gaming-console" "media-streaming" 1484 set comment "Other devices." 1485 next 1486 end 1487 config vpn ssl web host-check-software 1488 edit FortiClient-AV 1489 set guid "C86EC76D-5A4C-40E7-BD94-59358E544D81" 1490 next 1491 edit FortiClient-FW 1492 set guid "528CB157-D384-4593-AAAA-E42DFF111CED" 1493 set type fw 1494 next 1495 edit FortiClient-AV-Vista-Win7 1496 set guid "385618A6-2256-708E-3FB9-7E98B93F91F9" 1497 next 1498 edit FortiClient-FW-Vista-Win7 1499 set guid "006D9983-6839-71D6-14E6-D7AD47ECD682" 1500 set type fw 1501 next 1502 edit AVG-Internet-Security-AV 1503 set guid "17DDD097-36FF-435F-9E1B-52D74245D6BF" 1504 next 1505 edit AVG-Internet-Security-FW 1506 set guid "8DECF618-9569-4340-B34A-D78D28969B66" 1507 set type fw 1508 next 1509 edit AVG-Internet-Security-AV-Vista-Win7 1510 set guid "0C939084-9E57-CBDB-EA61-0B0C7F62AF82" 1511 next 1512 edit AVG-Internet-Security-FW-Vista-Win7 1513 set guid "34A811A1-D438-CA83-C13E-A23981B1E8F9" 1514 set type fw 1515 next 1516 edit CA-Anti-Virus 1517 set guid "17CFD1EA-56CF-40B5-A06B-BD3A27397C93" 1518 next 1519 edit CA-Internet-Security-AV 1520 set guid "6B98D35F-BB76-41C0-876B-A50645ED099A" 1521 next 1522 edit CA-Internet-Security-FW 1523 set guid "38102F93-1B6E-4922-90E1-A35D8DC6DAA3" 1524 set type fw 1525 next 1526 edit CA-Internet-Security-AV-Vista-Win7 1527 set guid "3EED0195-0A4B-4EF3-CC4F-4F401BDC245F" 1528 next 1529 edit CA-Internet-Security-FW-Vista-Win7 1530 set guid "06D680B0-4024-4FAB-E710-E675E50F6324" 1531 set type fw 1532 next 1533 edit CA-Personal-Firewall 1534 set guid "14CB4B80-8E52-45EA-905E-67C1267B4160" 1535 set type fw 1536 next 1537 edit F-Secure-Internet-Security-AV 1538 set guid "E7512ED5-4245-4B4D-AF3A-382D3F313F15" 1539 next 1540 edit F-Secure-Internet-Security-FW 1541 set guid "D4747503-0346-49EB-9262-997542F79BF4" 1542 set type fw 1543 next 1544 edit F-Secure-Internet-Security-AV-Vista-Win7 1545 set guid "15414183-282E-D62C-CA37-EF24860A2F17" 1546 next 1547 edit F-Secure-Internet-Security-FW-Vista-Win7 1548 set guid "2D7AC0A6-6241-D774-E168-461178D9686C" 1549 set type fw 1550 next 1551 edit Kaspersky-AV 1552 set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" 1553 next 1554 edit Kaspersky-FW 1555 set guid "2C4D4BC6-0793-4956-A9F9-E252435469C0" 1556 set type fw 1557 next 1558 edit Kaspersky-AV-Vista-Win7 1559 set guid "AE1D740B-8F0F-D137-211D-873D44B3F4AE" 1560 next 1561 edit Kaspersky-FW-Vista-Win7 1562 set guid "9626F52E-C560-D06F-0A42-2E08BA60B3D5" 1563 set type fw 1564 next 1565 edit McAfee-Internet-Security-Suite-AV 1566 set guid "84B5EE75-6421-4CDE-A33A-DD43BA9FAD83" 1567 next 1568 edit McAfee-Internet-Security-Suite-FW 1569 set guid "94894B63-8C7F-4050-BDA4-813CA00DA3E8" 1570 set type fw 1571 next 1572 edit McAfee-Internet-Security-Suite-AV-Vista-Win7 1573 set guid "86355677-4064-3EA7-ABB3-1B136EB04637" 1574 next 1575 edit McAfee-Internet-Security-Suite-FW-Vista-Win7 1576 set guid "BE0ED752-0A0B-3FFF-80EC-B2269063014C" 1577 set type fw 1578 next 1579 edit McAfee-Virus-Scan-Enterprise 1580 set guid "918A2B0B-2C60-4016-A4AB-E868DEABF7F0" 1581 next 1582 edit Norton-360-2.0-AV 1583 set guid "A5F1BC7C-EA33-4247-961C-0217208396C4" 1584 next 1585 edit Norton-360-2.0-FW 1586 set guid "371C0A40-5A0C-4AD2-A6E5-69C02037FBF3" 1587 set type fw 1588 next 1589 edit Norton-360-3.0-AV 1590 set guid "E10A9785-9598-4754-B552-92431C1C35F8" 1591 next 1592 edit Norton-360-3.0-FW 1593 set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" 1594 set type fw 1595 next 1596 edit Norton-Internet-Security-AV 1597 set guid "E10A9785-9598-4754-B552-92431C1C35F8" 1598 next 1599 edit Norton-Internet-Security-FW 1600 set guid "7C21A4C9-F61F-4AC4-B722-A6E19C16F220" 1601 set type fw 1602 next 1603 edit Norton-Internet-Security-AV-Vista-Win7 1604 set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" 1605 next 1606 edit Norton-Internet-Security-FW-Vista-Win7 1607 set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" 1608 set type fw 1609 next 1610 edit Symantec-Endpoint-Protection-AV 1611 set guid "FB06448E-52B8-493A-90F3-E43226D3305C" 1612 next 1613 edit Symantec-Endpoint-Protection-FW 1614 set guid "BE898FE3-CD0B-4014-85A9-03DB9923DDB6" 1615 set type fw 1616 next 1617 edit Symantec-Endpoint-Protection-AV-Vista-Win7 1618 set guid "88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855" 1619 next 1620 edit Symantec-Endpoint-Protection-FW-Vista-Win7 1621 set guid "B0F2DB13-C654-2E74-30D4-99C9310F0F2E" 1622 set type fw 1623 next 1624 edit Panda-Antivirus+Firewall-2008-AV 1625 set guid "EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A" 1626 next 1627 edit Panda-Antivirus+Firewall-2008-FW 1628 set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" 1629 set type fw 1630 next 1631 edit Panda-Internet-Security-AV 1632 set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" 1633 next 1634 edit Panda-Internet-Security-2006~2007-FW 1635 set guid "4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0" 1636 set type fw 1637 next 1638 edit Panda-Internet-Security-2008~2009-FW 1639 set guid "7B090DC0-8905-4BAF-8040-FD98A41C8FB8" 1640 set type fw 1641 next 1642 edit Sophos-Anti-Virus 1643 set guid "3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD" 1644 next 1645 edit Sophos-Enpoint-Secuirty-and-Control-FW 1646 set guid "0786E95E-326A-4524-9691-41EF88FB52EA" 1647 set type fw 1648 next 1649 edit Sophos-Enpoint-Secuirty-and-Control-AV-Vista-Win7 1650 set guid "479CCF92-4960-B3E0-7373-BF453B467D2C" 1651 next 1652 edit Sophos-Enpoint-Secuirty-and-Control-FW-Vista-Win7 1653 set guid "7FA74EB7-030F-B2B8-582C-1670C5953A57" 1654 set type fw 1655 next 1656 edit Trend-Micro-AV 1657 set guid "7D2296BC-32CC-4519-917E-52E652474AF5" 1658 next 1659 edit Trend-Micro-FW 1660 set guid "3E790E9E-6A5D-4303-A7F9-185EC20F3EB6" 1661 set type fw 1662 next 1663 edit Trend-Micro-AV-Vista-Win7 1664 set guid "48929DFC-7A52-A34F-8351-C4DBEDBD9C50" 1665 next 1666 edit Trend-Micro-FW-Vista-Win7 1667 set guid "70A91CD9-303D-A217-A80E-6DEE136EDB2B" 1668 set type fw 1669 next 1670 edit ZoneAlarm-AV 1671 set guid "5D467B10-818C-4CAB-9FF7-6893B5B8F3CF" 1672 next 1673 edit ZoneAlarm-FW 1674 set guid "829BDA32-94B3-44F4-8446-F8FCFF809F8B" 1675 set type fw 1676 next 1677 edit ZoneAlarm-AV-Vista-Win7 1678 set guid "D61596DF-D219-341C-49B3-AD30538CBC5B" 1679 next 1680 edit ZoneAlarm-FW-Vista-Win7 1681 set guid "EE2E17FA-9876-3544-62EC-0405AD5FFB20" 1682 set type fw 1683 next 1684 edit ESET-Smart-Security-AV 1685 set guid "19259FAE-8396-A113-46DB-15B0E7DFA289" 1686 next 1687 edit ESET-Smart-Security-FW 1688 set guid "211E1E8B-C9F9-A04B-6D84-BC85190CE5F2" 1689 set type fw 1690 next 1691 end 1692 config vpn ssl web portal 1693 edit full-access 1694 set web-mode enable 1695 set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" 1696 set page-layout double-column 1697 set ip-pools "SSLVPN_TUNNEL_ADDR1" 1698 set ipv6-tunnel-mode enable 1699 set tunnel-mode enable 1700 next 1701 edit web-access 1702 set web-mode enable 1703 next 1704 edit tunnel-access 1705 set ip-pools "SSLVPN_TUNNEL_ADDR1" 1706 set ipv6-tunnel-mode enable 1707 set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" 1708 set tunnel-mode enable 1709 next 1710 end 1711 config vpn ssl settings 1712 set servercert "self-sign" 1713 set port 443 1714 end 1715 config voip profile 1716 edit default 1717 set comment "Default VoIP profile." 1718 next 1719 edit strict 1720 config sip 1721 set malformed-header-max-forwards discard 1722 set malformed-header-rack discard 1723 set malformed-header-allow discard 1724 set malformed-header-call-id discard 1725 set malformed-header-sdp-v discard 1726 set malformed-header-record-route discard 1727 set malformed-header-contact discard 1728 set malformed-header-sdp-s discard 1729 set malformed-header-content-length discard 1730 set malformed-header-sdp-z discard 1731 set malformed-header-from discard 1732 set malformed-header-route discard 1733 set malformed-header-sdp-b discard 1734 set malformed-header-sdp-c discard 1735 set malformed-header-sdp-a discard 1736 set malformed-header-sdp-o discard 1737 set malformed-header-sdp-m discard 1738 set malformed-header-sdp-k discard 1739 set malformed-header-sdp-i discard 1740 set malformed-header-to discard 1741 set malformed-header-via discard 1742 set malformed-header-sdp-t discard 1743 set malformed-request-line discard 1744 set malformed-header-sdp-r discard 1745 set malformed-header-content-type discard 1746 set malformed-header-expires discard 1747 set malformed-header-rseq discard 1748 set malformed-header-p-asserted-identity discard 1749 set malformed-header-cseq discard 1750 end 1751 next 1752 end 1753 config webfilter profile 1754 edit default 1755 set comment "Default web filtering." 1756 set post-action comfort 1757 config ftgd-wf 1758 config filters 1759 edit 1 1760 set category 2 1761 set action warning 1762 next 1763 edit 2 1764 set category 7 1765 set action warning 1766 next 1767 edit 3 1768 set category 8 1769 set action warning 1770 next 1771 edit 4 1772 set category 9 1773 set action warning 1774 next 1775 edit 5 1776 set category 11 1777 set action warning 1778 next 1779 edit 6 1780 set category 12 1781 set action warning 1782 next 1783 edit 7 1784 set category 13 1785 set action warning 1786 next 1787 edit 8 1788 set category 14 1789 set action warning 1790 next 1791 edit 9 1792 set category 15 1793 set action warning 1794 next 1795 edit 10 1796 set category 16 1797 set action warning 1798 next 1799 edit 11 1800 set action warning 1801 next 1802 edit 12 1803 set category 57 1804 set action warning 1805 next 1806 edit 13 1807 set category 63 1808 set action warning 1809 next 1810 edit 14 1811 set category 64 1812 set action warning 1813 next 1814 edit 15 1815 set category 65 1816 set action warning 1817 next 1818 edit 16 1819 set category 66 1820 set action warning 1821 next 1822 edit 17 1823 set category 67 1824 set action warning 1825 next 1826 edit 18 1827 set category 26 1828 set action block 1829 next 1830 end 1831 end 1832 next 1833 edit web-filter-flow 1834 set comment "Flow-based web filter profile." 1835 set inspection-mode flow-based 1836 set post-action comfort 1837 config ftgd-wf 1838 config filters 1839 edit 1 1840 set category 2 1841 next 1842 edit 2 1843 set category 7 1844 next 1845 edit 3 1846 set category 8 1847 next 1848 edit 4 1849 set category 9 1850 next 1851 edit 5 1852 set category 11 1853 next 1854 edit 6 1855 set category 12 1856 next 1857 edit 7 1858 set category 13 1859 next 1860 edit 8 1861 set category 14 1862 next 1863 edit 9 1864 set category 15 1865 next 1866 edit 10 1867 set category 16 1868 next 1869 edit 11 1870 next 1871 edit 12 1872 set category 57 1873 next 1874 edit 13 1875 set category 63 1876 next 1877 edit 14 1878 set category 64 1879 next 1880 edit 15 1881 set category 65 1882 next 1883 edit 16 1884 set category 66 1885 next 1886 edit 17 1887 set category 67 1888 next 1889 edit 18 1890 set category 26 1891 set action block 1892 next 1893 end 1894 end 1895 next 1896 edit monitor-all 1897 set comment "Monitor and log all visited URLs, proxy-based." 1898 set web-content-log disable 1899 set web-filter-applet-log disable 1900 set web-ftgd-err-log disable 1901 set web-filter-command-block-log disable 1902 set web-filter-jscript-log disable 1903 set web-filter-activex-log disable 1904 set web-filter-referer-log disable 1905 set web-filter-js-log disable 1906 set web-invalid-domain-log disable 1907 set web-ftgd-quota-usage disable 1908 set web-filter-vbs-log disable 1909 set web-filter-unknown-log disable 1910 set web-filter-cookie-log disable 1911 set log-all-url enable 1912 set web-filter-cookie-removal-log disable 1913 set web-url-log disable 1914 config ftgd-wf 1915 config filters 1916 edit 1 1917 set category 1 1918 next 1919 edit 2 1920 set category 3 1921 next 1922 edit 3 1923 set category 4 1924 next 1925 edit 4 1926 set category 5 1927 next 1928 edit 5 1929 set category 6 1930 next 1931 edit 6 1932 set category 12 1933 next 1934 edit 7 1935 set category 59 1936 next 1937 edit 8 1938 set category 62 1939 next 1940 edit 9 1941 set category 83 1942 next 1943 edit 10 1944 set category 2 1945 next 1946 edit 11 1947 set category 7 1948 next 1949 edit 12 1950 set category 8 1951 next 1952 edit 13 1953 set category 9 1954 next 1955 edit 14 1956 set category 11 1957 next 1958 edit 15 1959 set category 13 1960 next 1961 edit 16 1962 set category 14 1963 next 1964 edit 17 1965 set category 15 1966 next 1967 edit 18 1968 set category 16 1969 next 1970 edit 19 1971 set category 57 1972 next 1973 edit 20 1974 set category 63 1975 next 1976 edit 21 1977 set category 64 1978 next 1979 edit 22 1980 set category 65 1981 next 1982 edit 23 1983 set category 66 1984 next 1985 edit 24 1986 set category 67 1987 next 1988 edit 25 1989 set category 19 1990 next 1991 edit 26 1992 set category 24 1993 next 1994 edit 27 1995 set category 25 1996 next 1997 edit 28 1998 set category 72 1999 next 2000 edit 29 2001 set category 75 2002 next 2003 edit 30 2004 set category 76 2005 next 2006 edit 31 2007 set category 26 2008 next 2009 edit 32 2010 set category 61 2011 next 2012 edit 33 2013 set category 86 2014 next 2015 edit 34 2016 set category 17 2017 next 2018 edit 35 2019 set category 18 2020 next 2021 edit 36 2022 set category 20 2023 next 2024 edit 37 2025 set category 23 2026 next 2027 edit 38 2028 set category 28 2029 next 2030 edit 39 2031 set category 29 2032 next 2033 edit 40 2034 set category 30 2035 next 2036 edit 41 2037 set category 33 2038 next 2039 edit 42 2040 set category 34 2041 next 2042 edit 43 2043 set category 35 2044 next 2045 edit 44 2046 set category 36 2047 next 2048 edit 45 2049 set category 37 2050 next 2051 edit 46 2052 set category 38 2053 next 2054 edit 47 2055 set category 39 2056 next 2057 edit 48 2058 set category 40 2059 next 2060 edit 49 2061 set category 42 2062 next 2063 edit 50 2064 set category 44 2065 next 2066 edit 51 2067 set category 46 2068 next 2069 edit 52 2070 set category 47 2071 next 2072 edit 53 2073 set category 48 2074 next 2075 edit 54 2076 set category 54 2077 next 2078 edit 55 2079 set category 55 2080 next 2081 edit 56 2082 set category 58 2083 next 2084 edit 57 2085 set category 68 2086 next 2087 edit 58 2088 set category 69 2089 next 2090 edit 59 2091 set category 70 2092 next 2093 edit 60 2094 set category 71 2095 next 2096 edit 61 2097 set category 77 2098 next 2099 edit 62 2100 set category 78 2101 next 2102 edit 63 2103 set category 79 2104 next 2105 edit 64 2106 set category 80 2107 next 2108 edit 65 2109 set category 82 2110 next 2111 edit 66 2112 set category 85 2113 next 2114 edit 67 2115 set category 87 2116 next 2117 edit 68 2118 set category 31 2119 next 2120 edit 69 2121 set category 41 2122 next 2123 edit 70 2124 set category 43 2125 next 2126 edit 71 2127 set category 49 2128 next 2129 edit 72 2130 set category 50 2131 next 2132 edit 73 2133 set category 51 2134 next 2135 edit 74 2136 set category 52 2137 next 2138 edit 75 2139 set category 53 2140 next 2141 edit 76 2142 set category 56 2143 next 2144 edit 77 2145 set category 81 2146 next 2147 edit 78 2148 set category 84 2149 next 2150 edit 79 2151 next 2152 end 2153 end 2154 next 2155 edit flow-monitor-all 2156 set comment "Monitor and log all visited URLs, flow-based." 2157 set web-content-log disable 2158 set web-filter-applet-log disable 2159 set web-ftgd-err-log disable 2160 set web-filter-jscript-log disable 2161 set web-filter-activex-log disable 2162 set web-filter-referer-log disable 2163 set web-filter-js-log disable 2164 set web-invalid-domain-log disable 2165 set inspection-mode flow-based 2166 set web-ftgd-quota-usage disable 2167 set web-filter-command-block-log disable 2168 set web-filter-vbs-log disable 2169 set web-filter-unknown-log disable 2170 set web-filter-cookie-log disable 2171 set log-all-url enable 2172 set web-filter-cookie-removal-log disable 2173 set web-url-log disable 2174 config ftgd-wf 2175 config filters 2176 edit 1 2177 set category 1 2178 next 2179 edit 2 2180 set category 3 2181 next 2182 edit 3 2183 set category 4 2184 next 2185 edit 4 2186 set category 5 2187 next 2188 edit 5 2189 set category 6 2190 next 2191 edit 6 2192 set category 12 2193 next 2194 edit 7 2195 set category 59 2196 next 2197 edit 8 2198 set category 62 2199 next 2200 edit 9 2201 set category 83 2202 next 2203 edit 10 2204 set category 2 2205 next 2206 edit 11 2207 set category 7 2208 next 2209 edit 12 2210 set category 8 2211 next 2212 edit 13 2213 set category 9 2214 next 2215 edit 14 2216 set category 11 2217 next 2218 edit 15 2219 set category 13 2220 next 2221 edit 16 2222 set category 14 2223 next 2224 edit 17 2225 set category 15 2226 next 2227 edit 18 2228 set category 16 2229 next 2230 edit 19 2231 set category 57 2232 next 2233 edit 20 2234 set category 63 2235 next 2236 edit 21 2237 set category 64 2238 next 2239 edit 22 2240 set category 65 2241 next 2242 edit 23 2243 set category 66 2244 next 2245 edit 24 2246 set category 67 2247 next 2248 edit 25 2249 set category 19 2250 next 2251 edit 26 2252 set category 24 2253 next 2254 edit 27 2255 set category 25 2256 next 2257 edit 28 2258 set category 72 2259 next 2260 edit 29 2261 set category 75 2262 next 2263 edit 30 2264 set category 76 2265 next 2266 edit 31 2267 set category 26 2268 next 2269 edit 32 2270 set category 61 2271 next 2272 edit 33 2273 set category 86 2274 next 2275 edit 34 2276 set category 17 2277 next 2278 edit 35 2279 set category 18 2280 next 2281 edit 36 2282 set category 20 2283 next 2284 edit 37 2285 set category 23 2286 next 2287 edit 38 2288 set category 28 2289 next 2290 edit 39 2291 set category 29 2292 next 2293 edit 40 2294 set category 30 2295 next 2296 edit 41 2297 set category 33 2298 next 2299 edit 42 2300 set category 34 2301 next 2302 edit 43 2303 set category 35 2304 next 2305 edit 44 2306 set category 36 2307 next 2308 edit 45 2309 set category 37 2310 next 2311 edit 46 2312 set category 38 2313 next 2314 edit 47 2315 set category 39 2316 next 2317 edit 48 2318 set category 40 2319 next 2320 edit 49 2321 set category 42 2322 next 2323 edit 50 2324 set category 44 2325 next 2326 edit 51 2327 set category 46 2328 next 2329 edit 52 2330 set category 47 2331 next 2332 edit 53 2333 set category 48 2334 next 2335 edit 54 2336 set category 54 2337 next 2338 edit 55 2339 set category 55 2340 next 2341 edit 56 2342 set category 58 2343 next 2344 edit 57 2345 set category 68 2346 next 2347 edit 58 2348 set category 69 2349 next 2350 edit 59 2351 set category 70 2352 next 2353 edit 60 2354 set category 71 2355 next 2356 edit 61 2357 set category 77 2358 next 2359 edit 62 2360 set category 78 2361 next 2362 edit 63 2363 set category 79 2364 next 2365 edit 64 2366 set category 80 2367 next 2368 edit 65 2369 set category 82 2370 next 2371 edit 66 2372 set category 85 2373 next 2374 edit 67 2375 set category 87 2376 next 2377 edit 68 2378 set category 31 2379 next 2380 edit 69 2381 set category 41 2382 next 2383 edit 70 2384 set category 43 2385 next 2386 edit 71 2387 set category 49 2388 next 2389 edit 72 2390 set category 50 2391 next 2392 edit 73 2393 set category 51 2394 next 2395 edit 74 2396 set category 52 2397 next 2398 edit 75 2399 set category 53 2400 next 2401 edit 76 2402 set category 56 2403 next 2404 edit 77 2405 set category 81 2406 next 2407 edit 78 2408 set category 84 2409 next 2410 edit 79 2411 next 2412 end 2413 end 2414 next 2415 edit block-security-risks 2416 set comment "Block security risks." 2417 config ftgd-wf 2418 set options rate-server-ip 2419 config filters 2420 edit 1 2421 set category 26 2422 set action block 2423 next 2424 edit 2 2425 set category 61 2426 set action block 2427 next 2428 edit 3 2429 set category 86 2430 set action block 2431 next 2432 edit 4 2433 set action warning 2434 next 2435 end 2436 end 2437 next 2438 end 2439 config webfilter override 2440 end 2441 config webfilter override-user 2442 end 2443 config webfilter ftgd-warning 2444 end 2445 config webfilter ftgd-local-rating 2446 end 2447 config webfilter search-engine 2448 edit google 2449 set url "^\\/((custom|search|images|videosearch|webhp)\\?)" 2450 set query "q=" 2451 set safesearch url 2452 set hostname ".*\\.google\\..*" 2453 set safesearch-str "&safe=active" 2454 next 2455 edit yahoo 2456 set url "^\\/search(\\/video|\\/images){0,1}(\\?|;)" 2457 set query "p=" 2458 set safesearch url 2459 set hostname ".*\\.yahoo\\..*" 2460 set safesearch-str "&vm=r" 2461 next 2462 edit bing 2463 set url "^(\\/images|\\/videos)?(\\/search|\\/async|\\/asyncv2)\\?" 2464 set query "q=" 2465 set safesearch url 2466 set hostname "www\\.bing\\.com" 2467 set safesearch-str "&adlt=strict" 2468 next 2469 edit yandex 2470 set url "^\\/((yand|images\\/|video\\/)(search)|search\\/)\\?" 2471 set query "text=" 2472 set safesearch url 2473 set hostname "yandex\\..*" 2474 set safesearch-str "&family=yes" 2475 next 2476 edit youtube 2477 set safesearch header 2478 set hostname ".*\\.youtube\\..*" 2479 next 2480 edit baidu 2481 set url "^\\/s?\\?" 2482 set query "wd=" 2483 set hostname ".*\\.baidu\\.com" 2484 next 2485 edit baidu2 2486 set url "^\\/(ns|q|m|i|v)\\?" 2487 set query "word=" 2488 set hostname ".*\\.baidu\\.com" 2489 next 2490 edit baidu3 2491 set url "^\\/f\\?" 2492 set query "kw=" 2493 set hostname "tieba\\.baidu\\.com" 2494 next 2495 end 2496 config antivirus profile 2497 edit default 2498 set comment "Scan files and block viruses." 2499 config http 2500 set options scan 2501 end 2502 config ftp 2503 set options scan 2504 end 2505 config imap 2506 set options scan 2507 end 2508 config pop3 2509 set options scan 2510 end 2511 config smtp 2512 set options scan 2513 end 2514 next 2515 end 2516 config spamfilter profile 2517 edit default 2518 set comment "Malware and phishing URL filtering." 2519 next 2520 end 2521 config wanopt settings 2522 set host-id "default-id" 2523 end 2524 config wanopt profile 2525 edit default 2526 set comments "Default WANopt profile." 2527 next 2528 end 2529 config firewall schedule recurring 2530 edit always 2531 set day sunday monday tuesday wednesday thursday friday saturday 2532 next 2533 edit none 2534 set day none 2535 next 2536 end 2537 config firewall profile-protocol-options 2538 edit default 2539 set comment "All default services." 2540 config http 2541 set ports 80 2542 end 2543 config ftp 2544 set ports 21 2545 set options splice 2546 end 2547 config imap 2548 set ports 143 2549 set options fragmail 2550 end 2551 config mapi 2552 set ports 135 2553 set options fragmail 2554 end 2555 config pop3 2556 set ports 110 2557 set options fragmail 2558 end 2559 config smtp 2560 set ports 25 2561 set options fragmail splice 2562 end 2563 config nntp 2564 set ports 119 2565 set options splice 2566 end 2567 config dns 2568 set ports 53 2569 end 2570 next 2571 end 2572 config firewall ssl-ssh-profile 2573 edit deep-inspection 2574 set comment "Deep inspection." 2575 config https 2576 set ports 443 2577 end 2578 config ftps 2579 set ports 990 2580 end 2581 config imaps 2582 set ports 993 2583 end 2584 config pop3s 2585 set ports 995 2586 end 2587 config smtps 2588 set ports 465 2589 end 2590 config ssh 2591 set ports 22 2592 end 2593 config ssl-exempt 2594 edit 1 2595 set fortiguard-category 31 2596 next 2597 edit 2 2598 set fortiguard-category 33 2599 next 2600 edit 3 2601 set fortiguard-category 87 2602 next 2603 edit 4 2604 set type address 2605 set address "apple" 2606 next 2607 edit 5 2608 set type address 2609 set address "appstore" 2610 next 2611 edit 6 2612 set type address 2613 set address "dropbox.com" 2614 next 2615 edit 7 2616 set type address 2617 set address "Gotomeeting" 2618 next 2619 edit 8 2620 set type address 2621 set address "icloud" 2622 next 2623 edit 9 2624 set type address 2625 set address "itunes" 2626 next 2627 edit 10 2628 set type address 2629 set address "android" 2630 next 2631 edit 11 2632 set type address 2633 set address "skype" 2634 next 2635 edit 12 2636 set type address 2637 set address "swscan.apple.com" 2638 next 2639 edit 13 2640 set type address 2641 set address "update.microsoft.com" 2642 next 2643 edit 14 2644 set type address 2645 set address "eease" 2646 next 2647 edit 15 2648 set type address 2649 set address "google-drive" 2650 next 2651 edit 16 2652 set type address 2653 set address "google-play" 2654 next 2655 edit 17 2656 set type address 2657 set address "google-play2" 2658 next 2659 edit 18 2660 set type address 2661 set address "google-play3" 2662 next 2663 edit 19 2664 set type address 2665 set address "microsoft" 2666 next 2667 edit 20 2668 set type address 2669 set address "adobe" 2670 next 2671 edit 21 2672 set type address 2673 set address "Adobe Login" 2674 next 2675 edit 22 2676 set type address 2677 set address "fortinet" 2678 next 2679 edit 23 2680 set type address 2681 set address "googleapis.com" 2682 next 2683 edit 24 2684 set type address 2685 set address "citrix" 2686 next 2687 edit 25 2688 set type address 2689 set address "verisign" 2690 next 2691 edit 26 2692 set type address 2693 set address "Windows update 2" 2694 next 2695 edit 27 2696 set type address 2697 set address "*.live.com" 2698 next 2699 edit 28 2700 set type address 2701 set address "auth.gfx.ms" 2702 next 2703 edit 29 2704 set type address 2705 set address "autoupdate.opera.com" 2706 next 2707 edit 30 2708 set type address 2709 set address "softwareupdate.vmware.com" 2710 next 2711 edit 31 2712 set type address 2713 set address "firefox update server" 2714 next 2715 end 2716 next 2717 edit certificate-inspection 2718 set comment "SSL handshake inspection." 2719 config https 2720 set status certificate-inspection 2721 set ports 443 2722 end 2723 config ftps 2724 set status disable 2725 set ports 990 2726 end 2727 config imaps 2728 set status disable 2729 set ports 993 2730 end 2731 config pop3s 2732 set status disable 2733 set ports 995 2734 end 2735 config smtps 2736 set status disable 2737 set ports 465 2738 end 2739 config ssh 2740 set status disable 2741 set ports 22 2742 end 2743 next 2744 end 2745 config firewall identity-based-route 2746 end 2747 config firewall policy 2748 end 2749 config firewall local-in-policy 2750 end 2751 config firewall policy6 2752 end 2753 config firewall local-in-policy6 2754 end 2755 config firewall ttl-policy 2756 end 2757 config firewall policy64 2758 end 2759 config firewall policy46 2760 end 2761 config firewall explicit-proxy-policy 2762 end 2763 config firewall interface-policy 2764 end 2765 config firewall interface-policy6 2766 end 2767 config firewall DoS-policy 2768 end 2769 config firewall DoS-policy6 2770 end 2771 config firewall sniffer 2772 end 2773 config endpoint-control profile 2774 edit default 2775 config forticlient-winmac-settings 2776 set forticlient-wf-profile "default" 2777 end 2778 config forticlient-android-settings 2779 end 2780 config forticlient-ios-settings 2781 end 2782 next 2783 end 2784 config wireless-controller wids-profile 2785 edit default 2786 set comment "Default WIDS profile." 2787 set deauth-broadcast enable 2788 set assoc-frame-flood enable 2789 set invalid-mac-oui enable 2790 set ap-scan enable 2791 set long-duration-attack enable 2792 set eapol-logoff-flood enable 2793 set eapol-succ-flood enable 2794 set eapol-start-flood enable 2795 set eapol-fail-flood enable 2796 set wireless-bridge enable 2797 set eapol-pre-succ-flood enable 2798 set auth-frame-flood enable 2799 set asleap-attack enable 2800 set eapol-pre-fail-flood enable 2801 set spoofed-deauth enable 2802 set weak-wep-iv enable 2803 set null-ssid-probe-resp enable 2804 next 2805 edit default-wids-apscan-enabled 2806 set ap-scan enable 2807 next 2808 end 2809 config wireless-controller wtp-profile 2810 edit FAP112B-default 2811 set ap-country US 2812 config platform 2813 set type 112B 2814 end 2815 config radio-1 2816 set band 802.11n 2817 end 2818 config radio-2 2819 set mode disabled 2820 end 2821 next 2822 edit FAP220B-default 2823 set ap-country US 2824 config radio-1 2825 set band 802.11n-5G 2826 end 2827 config radio-2 2828 set band 802.11n 2829 end 2830 next 2831 edit FAP223B-default 2832 set ap-country US 2833 config platform 2834 set type 223B 2835 end 2836 config radio-1 2837 set band 802.11n-5G 2838 end 2839 config radio-2 2840 set band 802.11n 2841 end 2842 next 2843 edit FAP210B-default 2844 set ap-country US 2845 config platform 2846 set type 210B 2847 end 2848 config radio-1 2849 set band 802.11n 2850 end 2851 config radio-2 2852 set mode disabled 2853 end 2854 next 2855 edit FAP222B-default 2856 set ap-country US 2857 config platform 2858 set type 222B 2859 end 2860 config radio-1 2861 set band 802.11n 2862 end 2863 config radio-2 2864 set band 802.11n-5G 2865 end 2866 next 2867 edit FAP320B-default 2868 set ap-country US 2869 config platform 2870 set type 320B 2871 end 2872 config radio-1 2873 set band 802.11n-5G 2874 end 2875 config radio-2 2876 set band 802.11n 2877 end 2878 next 2879 edit FAP11C-default 2880 set ap-country US 2881 config platform 2882 set type 11C 2883 end 2884 config radio-1 2885 set band 802.11n 2886 end 2887 config radio-2 2888 set mode disabled 2889 end 2890 next 2891 edit FAP14C-default 2892 set ap-country US 2893 config platform 2894 set type 14C 2895 end 2896 config radio-1 2897 set band 802.11n 2898 end 2899 config radio-2 2900 set mode disabled 2901 end 2902 next 2903 edit FAP28C-default 2904 set ap-country US 2905 config platform 2906 set type 28C 2907 end 2908 config radio-1 2909 set band 802.11n 2910 end 2911 config radio-2 2912 set mode disabled 2913 end 2914 next 2915 edit FAP320C-default 2916 set ap-country US 2917 config platform 2918 set type 320C 2919 end 2920 config radio-1 2921 set band 802.11n 2922 end 2923 config radio-2 2924 set band 802.11ac 2925 end 2926 next 2927 edit FAP221C-default 2928 set ap-country US 2929 config platform 2930 set type 221C 2931 end 2932 config radio-1 2933 set band 802.11n 2934 end 2935 config radio-2 2936 set band 802.11ac 2937 end 2938 next 2939 edit FAP25D-default 2940 set ap-country US 2941 config platform 2942 set type 25D 2943 end 2944 config radio-1 2945 set band 802.11n 2946 end 2947 config radio-2 2948 set mode disabled 2949 end 2950 next 2951 edit FAP222C-default 2952 set ap-country US 2953 config platform 2954 set type 222C 2955 end 2956 config radio-1 2957 set band 802.11n 2958 end 2959 config radio-2 2960 set band 802.11ac 2961 end 2962 next 2963 edit FAP224D-default 2964 set ap-country US 2965 config platform 2966 set type 224D 2967 end 2968 config radio-1 2969 set band 802.11n-5G 2970 end 2971 config radio-2 2972 set band 802.11n 2973 end 2974 next 2975 edit FK214B-default 2976 set ap-country US 2977 config platform 2978 set type 214B 2979 end 2980 config radio-1 2981 set band 802.11n 2982 end 2983 config radio-2 2984 set mode disabled 2985 end 2986 next 2987 edit FAP21D-default 2988 set ap-country US 2989 config platform 2990 set type 21D 2991 end 2992 config radio-1 2993 set band 802.11n 2994 end 2995 config radio-2 2996 set mode disabled 2997 end 2998 next 2999 edit FAP24D-default 3000 set ap-country US 3001 config platform 3002 set type 24D 3003 end 3004 config radio-1 3005 set band 802.11n 3006 end 3007 config radio-2 3008 set mode disabled 3009 end 3010 next 3011 edit FAP112D-default 3012 set ap-country US 3013 config platform 3014 set type 112D 3015 end 3016 config radio-1 3017 set band 802.11n 3018 end 3019 config radio-2 3020 set mode disabled 3021 end 3022 next 3023 edit FAP223C-default 3024 set ap-country US 3025 config platform 3026 set type 223C 3027 end 3028 config radio-1 3029 set band 802.11n 3030 end 3031 config radio-2 3032 set band 802.11ac 3033 end 3034 next 3035 edit FAP321C-default 3036 set ap-country US 3037 config platform 3038 set type 321C 3039 end 3040 config radio-1 3041 set band 802.11n 3042 end 3043 config radio-2 3044 set band 802.11ac 3045 end 3046 next 3047 end 3048 config log memory setting 3049 set status enable 3050 end 3051 config router rip 3052 config redistribute connected 3053 end 3054 config redistribute static 3055 end 3056 config redistribute ospf 3057 end 3058 config redistribute bgp 3059 end 3060 config redistribute isis 3061 end 3062 end 3063 config router ripng 3064 config redistribute connected 3065 end 3066 config redistribute static 3067 end 3068 config redistribute ospf 3069 end 3070 config redistribute bgp 3071 end 3072 config redistribute isis 3073 end 3074 end 3075 config router ospf 3076 config redistribute connected 3077 end 3078 config redistribute static 3079 end 3080 config redistribute rip 3081 end 3082 config redistribute bgp 3083 end 3084 config redistribute isis 3085 end 3086 end 3087 config router ospf6 3088 config redistribute connected 3089 end 3090 config redistribute static 3091 end 3092 config redistribute rip 3093 end 3094 config redistribute bgp 3095 end 3096 config redistribute isis 3097 end 3098 end 3099 config router bgp 3100 config redistribute connected 3101 end 3102 config redistribute rip 3103 end 3104 config redistribute ospf 3105 end 3106 config redistribute static 3107 end 3108 config redistribute isis 3109 end 3110 config redistribute6 connected 3111 end 3112 config redistribute6 rip 3113 end 3114 config redistribute6 ospf 3115 end 3116 config redistribute6 static 3117 end 3118 config redistribute6 isis 3119 end 3120 end 3121 config router isis 3122 config redistribute connected 3123 end 3124 config redistribute rip 3125 end 3126 config redistribute ospf 3127 end 3128 config redistribute bgp 3129 end 3130 config redistribute static 3131 end 3132 end 3133 config router multicast 3134 end 3135